[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jul 18 21:26:59 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e668124 by Salvatore Bonaccorso at 2019-07-18T20:24:30Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2019-13960 (** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be ...)
 	TODO: check
 CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reall ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-13958
 	RESERVED
 CVE-2019-13957
 	RESERVED
 CVE-2019-13956 (Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Discuz!ML
 CVE-2019-13955
 	RESERVED
 CVE-2019-13954
@@ -19,11 +19,11 @@ CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a
 CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack ...)
 	TODO: check
 CVE-2019-13950 (index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored ...)
-	TODO: check
+	NOT-FOR-US: SyGuestBook A5
 CVE-2019-13949 (SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demons ...)
-	TODO: check
+	NOT-FOR-US: SyGuestBook A5
 CVE-2019-13948 (SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData f ...)
-	TODO: check
+	NOT-FOR-US: SyGuestBook A5
 CVE-2019-13947
 	RESERVED
 CVE-2019-13946
@@ -627,9 +627,9 @@ CVE-2019-13648
 CVE-2018-20853
 	RESERVED
 CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS ...)
-	TODO: check
+	NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
 CVE-2016-10762 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV ...)
-	TODO: check
+	NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
 CVE-2019-13647 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
 	NOT-FOR-US: Firefly
 CVE-2019-13646 (Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack ...)
@@ -1710,7 +1710,7 @@ CVE-2014-1001
 CVE-2014-1000
 	RESERVED
 CVE-2019-13607 (The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Opera Mini application for iOS
 CVE-2019-13606
 	RESERVED
 CVE-2019-13605 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.8 ...)
@@ -1791,7 +1791,7 @@ CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookie
 CVE-2019-13576
 	RESERVED
 CVE-2019-13575 (A SQL injection vulnerability exists in WPEverest Everest Forms plugin ...)
-	TODO: check
+	NOT-FOR-US: WPEverest Everest Forms plugin for WordPress
 CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...)
 	{DSA-4481-1}
 	- ruby-mini-magick <unfixed> (bug #931932)
@@ -7031,7 +7031,7 @@ CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /uploa
 CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3 ...)
 	NOT-FOR-US: Kalki Kalkitech
 CVE-2019-11535 (Unsanitized user input in the web interface for Linksys WiFi extender  ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2019-11534
 	RESERVED
 CVE-2019-11533 (Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 a ...)
@@ -7844,7 +7844,7 @@ CVE-2019-11232 (EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak
 CVE-2019-11231 (An issue was discovered in GetSimple CMS through 3.3.15. insufficient  ...)
 	NOT-FOR-US: GetSimple CMS
 CVE-2019-11230 (In Avast Antivirus before 19.4, a local administrator can trick the pr ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2019-11229 (models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 m ...)
 	- gitea <removed>
 CVE-2019-11228 (repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does no ...)
@@ -11465,15 +11465,15 @@ CVE-2019-1010254
 CVE-2019-1010253
 	RESERVED
 CVE-2019-1010252 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2019-1010251 (Open Information Security Foundation Suricata prior to version 4.1.2 i ...)
 	TODO: check
 CVE-2019-1010250 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Ov ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. T ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2019-1010247
 	RESERVED
 CVE-2019-1010246 (MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affecte ...)
@@ -11745,7 +11745,7 @@ CVE-2019-1010114
 CVE-2019-1010113
 	RESERVED
 CVE-2019-1010112 (OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US: OECMS
 CVE-2019-1010111
 	RESERVED
 CVE-2019-1010110
@@ -13783,9 +13783,9 @@ CVE-2019-9233
 CVE-2019-9232
 	RESERVED
 CVE-2019-9231 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Mediant devices
 CVE-2019-9230 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Mediant devices
 CVE-2019-9229
 	RESERVED
 CVE-2019-9228
@@ -16324,7 +16324,7 @@ CVE-2019-8288
 CVE-2019-8287
 	RESERVED
 CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-b ...)
 	NOT-FOR-US: Kaspersky Lab Antivirus Engine
 CVE-2019-8284
@@ -27110,7 +27110,7 @@ CVE-2019-3743
 CVE-2019-3742
 	RESERVED
 CVE-2019-3741 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a  ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2019-3740
 	RESERVED
 CVE-2019-3739
@@ -27124,7 +27124,7 @@ CVE-2019-3736
 CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist ...)
 	NOT-FOR-US: Dell SupportAssist
 CVE-2019-3734 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2019-3733
 	RESERVED
 CVE-2019-3732
@@ -27412,7 +27412,7 @@ CVE-2019-3594
 CVE-2019-3593 (Exploitation of Privilege/Trust vulnerability in Microsoft Windows cli ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3592 (Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 H ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3591
 	RESERVED
 CVE-2019-3590



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e66812454c1da2d13716103e273293c3fd90e12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e66812454c1da2d13716103e273293c3fd90e12
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190718/66e5673a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list