[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Aug 6 21:39:36 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
848d51b0 by Salvatore Bonaccorso at 2019-08-06T20:37:56Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2019-14699
 CVE-2019-14698
 	RESERVED
 CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/ind ...)
-	TODO: check
+	NOT-FOR-US: Open-School
 CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...)
 	NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress
 CVE-2019-14694
@@ -552,7 +552,7 @@ CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior
 CVE-2019-14474
 	RESERVED
 CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
 CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...)
 	NOT-FOR-US: Zumo
 CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...)
@@ -1455,9 +1455,9 @@ CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of
 CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to ...)
 	NOT-FOR-US: BearDev JoomSport plugin for WordPress
 CVE-2019-14347 (Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unpriv ...)
-	TODO: check
+	NOT-FOR-US: Schben Adive
 CVE-2019-14346 (Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CS ...)
-	TODO: check
+	NOT-FOR-US: Schben Adive
 CVE-2019-14345
 	RESERVED
 CVE-2019-14344
@@ -5299,7 +5299,7 @@ CVE-2019-13145
 CVE-2019-13144
 	REJECTED
 CVE-2019-13143 (An HTTP parameter pollution issue was discovered on Shenzhen Dragon Br ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50
 CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe)  ...)
 	NOT-FOR-US: Razer Surround
 CVE-2019-13141
@@ -5880,7 +5880,7 @@ CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt(
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2019-12950 (An issue was discovered in TeamPass 2.1.27.35. From the sources/items. ...)
-	TODO: check
+	NOT-FOR-US: TeamPass
 CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...)
 	NOT-FOR-US: pfSense
 CVE-2019-12948 (A vulnerability in the web-based management interface of VVX, Trio, So ...)
@@ -24588,21 +24588,21 @@ CVE-2019-6003
 CVE-2019-6002 (Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 a ...)
 	NOT-FOR-US: Central Dogma
 CVE-2019-6001 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2019-6000 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2019-5997
 	RESERVED
 CVE-2019-5996
 	RESERVED
 CVE-2019-5995 (Missing authorization vulnerability exists in EOS series digital camer ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2019-5994 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2019-5993
 	RESERVED
 CVE-2019-5992



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/848d51b09de77c0f3f9145b904c99c09d8811489

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/848d51b09de77c0f3f9145b904c99c09d8811489
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190806/1fb8952a/attachment.html>

More information about the debian-security-tracker-commits mailing list