Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e64d3a6 by Moritz Muehlenhoff at 2019-10-11T08:22:17Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO 
hash theft ...)
-       TODO: check
+       NOT-FOR-US: Tracker PDF-XChange Editor
 CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This 
field is  ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in 
Swagger UI b ...)
        TODO: check
 CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
-       TODO: check
+       NOT-FOR-US: laravel-bjyblog
 CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the 
Problem[sample_ ...)
-       TODO: check
+       NOT-FOR-US: Jiangnan Online Judge
 CVE-2019-17492
        RESERVED
 CVE-2019-17491 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the 
Problem[descrip ...)
-       TODO: check
+       NOT-FOR-US: Jiangnan Online Judge
 CVE-2019-17490 (app\modules\polygon\controllers\ProblemController in Jiangnan 
Online J ...)
-       TODO: check
+       NOT-FOR-US: Jiangnan Online Judge
 CVE-2019-17489 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the 
Problem[title]  ...)
-       TODO: check
+       NOT-FOR-US: Jiangnan Online Judge
 CVE-2019-17488 (b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP 
User-Agent  ...)
-       TODO: check
+       NOT-FOR-US: b3log Symphony
 CVE-2019-17487
        RESERVED
 CVE-2019-17486
@@ -197,7 +197,7 @@ CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 
4.0.4, persistent XSS
        - redmine 4.0.4-1
        NOTE: Fixed in 3.4.11 and 4.0.4
 CVE-2019-17426 (Automattic Mongoose through 5.7.4 allows attackers to bypass 
access co ...)
-       TODO: check
+       NOT-FOR-US: Automattic Mongoose (different from Cesenta Mongoose)
 CVE-2019-17425
        RESERVED
 CVE-2019-17424
@@ -286,7 +286,7 @@ CVE-2019-17388
 CVE-2019-17387
        RESERVED
 CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in 
edsanimat ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...)
        NOT-FOR-US: animate-it plugin for WordPress
 CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
@@ -895,7 +895,7 @@ CVE-2019-17094
 CVE-2019-17093
        RESERVED
 CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 
9.0.4 and 1 ...)
-       TODO: check
+       NOT-FOR-US: OpenProject
 CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, 
as used  ...)
        TODO: check
 CVE-2019-17090
@@ -6643,7 +6643,7 @@ CVE-2019-15052 (The HTTP client in Gradle before 5.6 
sends authentication creden
        NOTE: https://github.com/gradle/gradle/pull/10176
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
 CVE-2019-15051 (An issue was discovered in Softing uaGate (SI, MB, 840D) 
firmware thro ...)
-       TODO: check
+       NOT-FOR-US: Softing uaGate
 CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
        NOT-FOR-US: Bento4
 CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
@@ -10351,7 +10351,7 @@ CVE-2019-13931
 CVE-2019-13930
        RESERVED
 CVE-2019-13929 (A vulnerability has been identified in SIMATIC IT UADM (All 
versions & ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2019-13928
        RESERVED
 CVE-2019-13927
@@ -10367,7 +10367,7 @@ CVE-2019-13923 (A vulnerability has been identified in 
IE/WSN-PA Link WirelessHA
 CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect 
Server (A ...)
        NOT-FOR-US: Siemens
 CVE-2019-13921 (A vulnerability has been identified in SIMATIC WinAC RTX (F) 
2010 (All ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect 
Server (A ...)
        NOT-FOR-US: Siemens
 CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect 
Server (A ...)
@@ -17753,9 +17753,9 @@ CVE-2019-11530
 CVE-2019-11529
        RESERVED
 CVE-2019-11528 (An issue was discovered in Softing uaGate SI 1.60.01. A system 
default ...)
-       TODO: check
+       NOT-FOR-US: Softing uaGate
 CVE-2019-11527 (An issue was discovered in Softing uaGate SI 1.60.01. A CGI 
script is  ...)
-       TODO: check
+       NOT-FOR-US: Softing uaGate
 CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A 
maintenance sc ...)
        NOT-FOR-US: Softing uaGate
 CVE-2019-11525
@@ -19316,7 +19316,7 @@ CVE-2019-10938 (A vulnerability has been identified in 
Ethernet plug-in communic
 CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All 
version ...)
        NOT-FOR-US: SIMATIC TDC CP51M1
 CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation 
Kits for ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and 
earlier  ...)
        NOT-FOR-US: Siemens
 CVE-2019-10934
@@ -19342,7 +19342,7 @@ CVE-2019-10925 (A vulnerability has been identified in 
SIMATIC Ident MV420 famil
 CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All 
version ...)
        NOT-FOR-US: Siemens
 CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions 
< V2.8) ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and 
earlier  ...)
        NOT-FOR-US: Siemens
 CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All 
versions). Unenc ...)
@@ -19784,7 +19784,7 @@ CVE-2019-10759
 CVE-2019-10758
        RESERVED
 CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection 
attack. ...)
-       TODO: check
+       NOT-FOR-US: knex.js
 CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard 
versions ...)
        TODO: check
 CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found 
to make ...)
@@ -24152,19 +24152,19 @@ CVE-2019-9537
 CVE-2019-9536
        RESERVED
 CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with 
tmux's c ...)
-       TODO: check
+       NOT-FOR-US: iTerm2
 CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not 
validate its  ...)
-       TODO: check
+       NOT-FOR-US: Cobham EXPLORER
 CVE-2019-9533 (The root password of the Cobham EXPLORER 710 is the same for 
all versi ...)
-       TODO: check
+       NOT-FOR-US: Cobham EXPLORER
 CVE-2019-9532 (The web application portal of the Cobham EXPLORER 710, firmware 
versio ...)
-       TODO: check
+       NOT-FOR-US: Cobham EXPLORER
 CVE-2019-9531 (The web application portal of the Cobham EXPLORER 710, firmware 
versio ...)
-       TODO: check
+       NOT-FOR-US: Cobham EXPLORER
 CVE-2019-9530 (The web root directory of the Cobham EXPLORER 710, firmware 
version 1. ...)
-       TODO: check
+       NOT-FOR-US: Cobham EXPLORER
 CVE-2019-9529 (The web application portal of the Cobham EXPLORER 710, firmware 
versio ...)
-       TODO: check
+       NOT-FOR-US: Cobham EXPLORER
 CVE-2019-9528
        RESERVED
 CVE-2019-9527



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e64d3a648a9eae1b587ebc7e7a812eba31644ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e64d3a648a9eae1b587ebc7e7a812eba31644ff
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to