[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Jul 8 09:25:05 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ffa6c38 by Moritz Muehlenhoff at 2019-07-08T08:24:44Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows  ...)
-	TODO: check
+	NOT-FOR-US: Disputed issue for Windows installer for Python
 CVE-2019-13403
 	RESERVED
 CVE-2019-13402 (/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactoryd ...)
-	TODO: check
+	NOT-FOR-US: Dynacolor
 CVE-2019-13401 (Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi ...)
-	TODO: check
+	NOT-FOR-US: Dynacolor
 CVE-2019-13400 (Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store admin ...)
-	TODO: check
+	NOT-FOR-US: Dynacolor
 CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that ...)
-	TODO: check
+	NOT-FOR-US: Dynacolor
 CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute  ...)
-	TODO: check
+	NOT-FOR-US: Dynacolor
 CVE-2019-13397
 	RESERVED
 CVE-2019-13396
@@ -49,7 +49,7 @@ CVE-2019-13381
 CVE-2019-13380
 	RESERVED
 CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access  ...)
-	TODO: check
+	NOT-FOR-US: AVTECH Room Alert
 CVE-2019-13378
 	RESERVED
 CVE-2019-13377
@@ -83,7 +83,7 @@ CVE-2019-13364
 CVE-2019-13363
 	RESERVED
 CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...)
-	TODO: check
+	NOT-FOR-US: Codedoc
 CVE-2019-13361
 	RESERVED
 CVE-2019-13360
@@ -91,7 +91,7 @@ CVE-2019-13360
 CVE-2019-13359
 	RESERVED
 CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows  ...)
-	TODO: check
+	NOT-FOR-US: OpenCats
 CVE-2019-13357
 	RESERVED
 CVE-2019-13356
@@ -103,7 +103,7 @@ CVE-2019-13354
 CVE-2019-13353
 	RESERVED
 CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic  ...)
-	TODO: check
+	NOT-FOR-US: WolfVision Cynap
 CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as dist ...)
 	- jackd2 <unfixed> (bug #931488)
 	[jessie] - jackd2 <postponed> (Minor issue, hard to reproduce crash with theoretically possible file corruption, no sensitive data to leak)
@@ -513,7 +513,7 @@ CVE-2019-13185
 CVE-2019-13184
 	RESERVED
 CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as  ...)
-	TODO: check
+	NOT-FOR-US: Flarum
 CVE-2019-13182
 	RESERVED
 CVE-2019-13181
@@ -19585,7 +19585,7 @@ CVE-2019-5985
 CVE-2019-5984 (Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0. ...)
 	NOT-FOR-US: Custom CSS Pro
 CVE-2019-5983 (Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6  ...)
-	TODO: check
+	NOT-FOR-US: HTML5 Maps
 CVE-2019-5982 (Improper download file verification vulnerability in VAIO Update 7.3.0 ...)
 	NOT-FOR-US: VAIO Update
 CVE-2019-5981 (Improper authorization vulnerability in VAIO Update 7.3.0.03150 and ea ...)
@@ -19613,9 +19613,9 @@ CVE-2019-5971 (Cross-site request forgery (CSRF) vulnerability in Attendance Man
 CVE-2019-5970 (Cross-site scripting vulnerability in Attendance Manager 0.5.6 and ear ...)
 	NOT-FOR-US: Attendance Manager
 CVE-2019-5969 (Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote  ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2019-5968 (Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and ea ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2019-5967 (Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and ear ...)
 	NOT-FOR-US: Joruri CMS
 CVE-2019-5966 (Joruri Mail 2.1.4 and earlier does not properly manage sessions, which ...)
@@ -19623,7 +19623,7 @@ CVE-2019-5966 (Joruri Mail 2.1.4 and earlier does not properly manage sessions,
 CVE-2019-5965 (Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows re ...)
 	NOT-FOR-US: Joruri Mail
 CVE-2019-5964 (iDoors Reader 2.10.17 and earlier allows an attacker on the same netwo ...)
-	TODO: check
+	NOT-FOR-US: iDoors Reader
 CVE-2019-5963 (Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8  ...)
 	NOT-FOR-US: Zoho SalesIQ
 CVE-2019-5962 (Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier a ...)
@@ -19631,7 +19631,7 @@ CVE-2019-5962 (Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earl
 CVE-2019-5961 (The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does  ...)
 	NOT-FOR-US: Android App 'Tootdon for Mastodon'
 CVE-2019-5960 (Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 ...)
-	TODO: check
+	NOT-FOR-US: WP Open Graph
 CVE-2019-5959
 	RESERVED
 CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and examin ...)
@@ -44160,7 +44160,7 @@ CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote atta
 CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF v ...)
 	NOT-FOR-US: Elefant CMS
 CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log i ...)
-	TODO: check
+	NOT-FOR-US: SWIFT Alliance Web Platform
 CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...)
@@ -53671,7 +53671,7 @@ CVE-2018-12623
 CVE-2018-12622
 	RESERVED
 CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Op ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-12620
 	RESERVED
 CVE-2018-12619



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffa6c38e64959d0a611e8ec4e7b8bd0941d967d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffa6c38e64959d0a611e8ec4e7b8bd0941d967d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190708/a7600380/attachment.html>

More information about the debian-security-tracker-commits mailing list