[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Dec 6 08:51:00 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7e3c2d4 by Salvatore Bonaccorso at 2018-12-06T08:50:35Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2018-19907 (A Server-Side Template Injection issue was discovered in Crafter CMS ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2018-19906
 	RESERVED
 CVE-2018-19905
@@ -17,19 +17,19 @@ CVE-2018-19900
 CVE-2018-19899
 	RESERVED
 CVE-2018-19898 (ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ...)
-	TODO: check
+	NOT-FOR-US: ThinkCMF
 CVE-2018-19897 (ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in ...)
-	TODO: check
+	NOT-FOR-US: ThinkCMF
 CVE-2018-19896 (ThinkCMF X2.2.2 has SQL Injection via the function delete() in ...)
-	TODO: check
+	NOT-FOR-US: ThinkCMF
 CVE-2018-19895 (ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in ...)
-	TODO: check
+	NOT-FOR-US: ThinkCMF
 CVE-2018-19894 (ThinkCMF X2.2.2 has SQL Injection via the functions check() and ...)
-	TODO: check
+	NOT-FOR-US: ThinkCMF
 CVE-2018-19893 (SearchController.php in PbootCMS 1.2.1 has SQL injection via the ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php ...)
-	TODO: check
+	NOT-FOR-US: DomainMOD
 CVE-2018-19891 (An invalid memory address dereference was discovered in the huffcode ...)
 	TODO: check
 CVE-2018-19890 (An invalid memory address dereference was discovered in the huffcode ...)
@@ -356,9 +356,9 @@ CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: .
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
 	NOTE: https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
 CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Tarantella Enterprise
 CVE-2018-19753 (Tarantella Enterprise before 3.11 allows Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: Tarantella Enterprise
 CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php ...)
 	NOT-FOR-US: DomainMOD
 CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php ...)
@@ -578,7 +578,7 @@ CVE-2018-19652
 CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer through 6.1.6 ...)
 	NOT-FOR-US: Interspire Email Marketer
 CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on ...)
-	TODO: check
+	NOT-FOR-US: Antiy-AVL ATool security management
 CVE-2019-1564
 	RESERVED
 CVE-2019-1563
@@ -5208,7 +5208,7 @@ CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discov
 CVE-2018-18992
 	RESERVED
 CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer ...)
-	TODO: check
+	NOT-FOR-US: SCADA WebServer
 CVE-2018-18990
 	RESERVED
 CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
@@ -10734,9 +10734,9 @@ CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Inco
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
 	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
 CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds SFTP/SCP server
 CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds SFTP/SCP server
 CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in ...)
 	- libbson <unfixed> (bug #913896)
 	[stretch] - libbson <no-dsa> (Minor issue)
@@ -13351,7 +13351,7 @@ CVE-2018-15775
 CVE-2018-15774
 	RESERVED
 CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for ...)
 	NOT-FOR-US: EMC RecoverPoint
 CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e3c2d4c5a74012605ce1d836938083be2915ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e3c2d4c5a74012605ce1d836938083be2915ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181206/3e96fcb4/attachment.html>

More information about the debian-security-tracker-commits mailing list