[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Aug 5 21:36:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
979cfe51 by Salvatore Bonaccorso at 2019-08-05T20:35:55Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -261,15 +261,15 @@ CVE-2017-XXXX [IPv6 mroute missing type check]
 CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary code on  ...)
 	NOT-FOR-US: Das Keyboard Q
 CVE-2019-14550 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2019-14549 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2019-14548 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the bod ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2019-14547 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2019-14546 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2019-14545
 	RESERVED
 CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for route ...)
@@ -329,7 +329,7 @@ CVE-2019-14527
 CVE-2019-14526
 	RESERVED
 CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0 through 2019. ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
 	- schism <unfixed> (bug #933808)
 	[jessie] - schism <no-dsa> (Minor issue)
@@ -1353,7 +1353,7 @@ CVE-2019-14350 (EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtrat
 CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtr ...)
 	NOT-FOR-US: EspoCRM
 CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to ...)
-	TODO: check
+	NOT-FOR-US: BearDev JoomSport plugin for WordPress
 CVE-2019-14347
 	RESERVED
 CVE-2019-14346
@@ -7525,7 +7525,7 @@ CVE-2019-12266
 CVE-2019-12265
 	RESERVED
 CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect  ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12263
 	RESERVED
 CVE-2019-12262
@@ -10327,7 +10327,7 @@ CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that b
 CVE-2019-11199 (Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded file ...)
 	- dolibarr <removed>
 CVE-2019-11198 (Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9. ...)
-	TODO: check
+	NOT-FOR-US: Sitecore CMS
 CVE-2019-11197
 	RESERVED
 CVE-2019-11196 (An authentication bypass vulnerability in all versions of ValuePLUS In ...)
@@ -10868,7 +10868,7 @@ CVE-2019-10996
 CVE-2019-10995
 	RESERVED
 CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...)
-	TODO: check
+	NOT-FOR-US: LAquis SCADA
 CVE-2019-10993 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointe ...)
 	NOT-FOR-US: WebAccess/SCADA
 CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
@@ -10896,7 +10896,7 @@ CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and pri
 CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulner ...)
 	NOT-FOR-US: AVEVA
 CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCADA 4.3. ...)
-	TODO: check
+	NOT-FOR-US: LAquis SCADA
 CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
 	NOT-FOR-US: SICK MSC800
 CVE-2019-10978
@@ -21944,7 +21944,7 @@ CVE-2019-7002
 CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
 	NOT-FOR-US: IP Office Contact Center
 CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura ...)
-	TODO: check
+	NOT-FOR-US: Web UI of Avaya Aura Conferencing
 CVE-2019-6999
 	RESERVED
 CVE-2019-6998
@@ -25741,7 +25741,7 @@ CVE-2019-5504
 CVE-2019-5503
 	RESERVED
 CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
-	TODO: check
+	NOT-FOR-US: Data ONTAP
 CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose  ...)
 	NOT-FOR-US: Data ONTAP
 CVE-2019-5500
@@ -26011,7 +26011,7 @@ CVE-2019-5403
 CVE-2019-5402
 	RESERVED
 CVE-2019-5401 (A potential security vulnerability has been identified in HP2910al-48G ...)
-	TODO: check
+	NOT-FOR-US: HP HP2910al-48G
 CVE-2019-5400
 	RESERVED
 CVE-2019-5399
@@ -29744,7 +29744,7 @@ CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a re
 CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
 	NOT-FOR-US: Dell
 CVE-2019-3717 (Select Dell Client Commercial and Consumer platforms contain an Improp ...)
-	TODO: check
+	NOT-FOR-US: Select Dell Client Commercial and Consumer platforms
 CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information exposure ...)
 	NOT-FOR-US: RSA
 CVE-2019-3715 (RSA Archer versions, prior to 6.5 SP1, contain an information exposure ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/979cfe516bbb0a60e0015dc9ea577aa5a03e63f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/979cfe516bbb0a60e0015dc9ea577aa5a03e63f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190805/9745f9ec/attachment.html>

More information about the debian-security-tracker-commits mailing list