[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Apr 25 08:08:27 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4cea0d5 by Salvatore Bonaccorso at 2019-04-25T07:07:57Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -955,7 +955,7 @@ CVE-2019-11083
 CVE-2019-11082
 	RESERVED
 CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.2 and pos ...)
-	TODO: check
+	NOT-FOR-US: Dentsply Sirona Sidexis
 CVE-2019-11080
 	RESERVED
 CVE-2019-11079
@@ -1093,7 +1093,7 @@ CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions 7.
 CVE-2019-11033
 	RESERVED
 CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the Candida ...)
-	TODO: check
+	NOT-FOR-US: EasyToRecruit
 CVE-2019-11031
 	RESERVED
 CVE-2019-11030
@@ -2986,7 +2986,7 @@ CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build a
 CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a d ...)
 	NOT-FOR-US: GitHub Enterprise
 CVE-2019-10239 (Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently ...)
-	TODO: check
+	NOT-FOR-US: Robotronic RunAsSpc
 CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the file ...)
 	NOT-FOR-US: Sitemagic CMS
 CVE-2019-10237 (S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via th ...)
@@ -3557,7 +3557,7 @@ CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League Commo
 CVE-2019-10009
 	RESERVED
 CVE-2019-10008 (Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privile ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine ServiceDesk
 CVE-2019-10007
 	RESERVED
 CVE-2019-10006
@@ -3620,9 +3620,9 @@ CVE-2019-9953
 CVE-2019-9952
 	RESERVED
 CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2019-9949
 	RESERVED
 CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
@@ -4955,7 +4955,7 @@ CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenSt
 	[jessie] - neutron <not-affected> (Vulnerable code not present, all supported protocols are handled correctly)
 	NOTE: https://launchpad.net/bugs/1818385
 CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (i ...)
-	TODO: check
+	NOT-FOR-US: aquaverde Aquarius CMS
 CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
 	NOT-FOR-US: JFrog Artifactory
 CVE-2019-9732
@@ -4975,7 +4975,7 @@ CVE-2019-9726
 CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devi ...)
 	NOT-FOR-US: Korenix JetPort devices
 CVE-2019-9724 (aquaverde Aquarius CMS through 4.3.5 allows Information Exposure throu ...)
-	TODO: check
+	NOT-FOR-US: aquaverde Aquarius CMS
 CVE-2019-9723
 	RESERVED
 CVE-2019-9722
@@ -11195,13 +11195,13 @@ CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucke
 CVE-2019-7215
 	RESERVED
 CVE-2019-7214 (SmarterTools SmarterMail 16.x before build 6985 allows deserialization ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2019-7213 (SmarterTools SmarterMail 16.x before build 6985 allows directory trave ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2019-7212 (SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret k ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2019-7211 (SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaSc ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2019-7210
 	RESERVED
 CVE-2019-7209



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4cea0d5531b15578e6ce4702354dfe9cc4dc080

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4cea0d5531b15578e6ce4702354dfe9cc4dc080
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190425/3f71c762/attachment.html>

More information about the debian-security-tracker-commits mailing list