[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jul 19 21:28:52 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
680b7642 by Salvatore Bonaccorso at 2019-07-19T20:28:27Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2019-13984 (Directus 7 API before 2.3.0 does not validate uploaded files. Regardle ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2019-13983 (Directus 7 API before 2.2.2 has insufficient anti-automation, as demon ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2019-13982 (interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 d ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2019-13981 (In Directus 7 API through 2.3.0, remote attackers can read image files ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2019-13980 (In Directus 7 API through 2.3.0, uploading of PHP files is blocked onl ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2019-13979 (In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php ...)
 	NOT-FOR-US: Ovidentia
 CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&id ...)
@@ -3424,7 +3424,7 @@ CVE-2019-12948
 CVE-2019-12947
 	RESERVED
 CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx an ...)
-	TODO: check
+	NOT-FOR-US: Elcom CMS
 CVE-2019-12945
 	REJECTED
 CVE-2019-12944
@@ -3737,9 +3737,9 @@ CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
 CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a he ...)
 	NOT-FOR-US: Embedthis GoAhead
 CVE-2019-12821 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
-	TODO: check
+	NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner
 CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
-	TODO: check
+	NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner
 CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1. ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -4662,7 +4662,7 @@ CVE-2019-12455 (** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup i
 CVE-2019-12454 (** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in  ...)
 	- linux <not-affected> (Vulnerable code not present, introduced in 5.1-rc1)
 CVE-2019-12453 (In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in t ...)
-	TODO: check
+	NOT-FOR-US: MicroStrategy Web
 CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when the -- ...)
 	NOT-FOR-US: Containous Traefik
 CVE-2019-12451
@@ -5395,7 +5395,7 @@ CVE-2019-12195 (TP-Link TL-WR840N v5 00000005 devices allow XSS via the network
 CVE-2019-12194
 	RESERVED
 CVE-2019-12193 (H3C H3Cloud OS all versions allows SQL injection via the ear/grid_even ...)
-	TODO: check
+	NOT-FOR-US: H3C H3Cloud OS
 CVE-2019-12192
 	RESERVED
 CVE-2019-12191
@@ -7057,9 +7057,9 @@ CVE-2019-11556
 CVE-2019-11554
 	RESERVED
 CVE-2019-11553 (Code42 for Enterprise through 6.8.4 has Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Code42 for Enterprise
 CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client version 6.7  ...)
-	TODO: check
+	NOT-FOR-US: Code42
 CVE-2019-11551
 	RESERVED
 CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before  ...)
@@ -11560,9 +11560,9 @@ CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Inje
 CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cr ...)
 	TODO: check
 CVE-2019-1010246 (MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affecte ...)
-	TODO: check
+	NOT-FOR-US: MailCleaner
 CVE-2019-1010245 (The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is  ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2019-1010244
 	RESERVED
 CVE-2019-1010243
@@ -11750,7 +11750,7 @@ CVE-2019-1010153
 CVE-2019-1010152
 	RESERVED
 CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell.  ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-1010150
 	RESERVED
 CVE-2019-1010149
@@ -11780,7 +11780,7 @@ CVE-2019-1010138
 CVE-2019-1010137
 	RESERVED
 CVE-2019-1010136 (ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access ...)
-	TODO: check
+	NOT-FOR-US: ChinaMobile GPN2.4P21-C-CN W2001EN-00
 CVE-2019-1010135
 	RESERVED
 CVE-2019-1010134
@@ -11826,7 +11826,7 @@ CVE-2019-1010115
 CVE-2019-1010114
 	RESERVED
 CVE-2019-1010113 (Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Premium Software CLEditor
 CVE-2019-1010112 (OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Fo ...)
 	NOT-FOR-US: OECMS
 CVE-2019-1010111
@@ -11844,15 +11844,15 @@ CVE-2019-1010106
 CVE-2019-1010105
 	RESERVED
 CVE-2019-1010104 (TechyTalk Quick Chat WordPress Plugin All up to the latest is affected ...)
-	TODO: check
+	NOT-FOR-US: TechyTalk Quick Chat WordPress Plugin All
 CVE-2019-1010103
 	RESERVED
 CVE-2019-1010102
 	RESERVED
 CVE-2019-1010101 (Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permiss ...)
-	TODO: check
+	NOT-FOR-US: Akeo Consulting Rufus
 CVE-2019-1010100 (Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order ...)
-	TODO: check
+	NOT-FOR-US: Akeo Consulting Rufus
 CVE-2019-1010099
 	RESERVED
 CVE-2019-1010098
@@ -11860,11 +11860,11 @@ CVE-2019-1010098
 CVE-2019-1010097
 	RESERVED
 CVE-2019-1010096 (domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cr ...)
-	TODO: check
+	NOT-FOR-US: domainmod
 CVE-2019-1010095 (domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cr ...)
-	TODO: check
+	NOT-FOR-US: domainmod
 CVE-2019-1010094 (domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...)
-	TODO: check
+	NOT-FOR-US: domainmod
 CVE-2019-1010093
 	RESERVED
 CVE-2019-1010092
@@ -11907,7 +11907,7 @@ CVE-2019-1010075
 CVE-2019-1010074
 	RESERVED
 CVE-2019-1010073 (BACnet Stack bacserv 0.9.1 and 0.8.5 is affected by: Buffer Overflow.  ...)
-	TODO: check
+	NOT-FOR-US: BACnet Stack bacserv
 CVE-2019-1010072
 	RESERVED
 CVE-2019-1010071
@@ -17053,7 +17053,7 @@ CVE-2019-7965
 CVE-2019-7964
 	RESERVED
 CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of boun ...)
-	TODO: check
+	NOT-FOR-US: Adobe Bridge CC
 CVE-2019-7962
 	RESERVED
 CVE-2019-7961
@@ -17067,13 +17067,13 @@ CVE-2019-7958
 CVE-2019-7957
 	RESERVED
 CVE-2019-7956 (Adobe Dreamweaver direct download installer versions 19.0 and below, 1 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7955 (Adobe Experience Manager version 6.4 and ealier have a Reflected Cross ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7954 (Adobe Experience Manager version 6.4 and ealier have a Stored Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7953 (Adobe Experience Manager version 6.4 and ealier have a Cross-Site Requ ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7952
 	RESERVED
 CVE-2019-7951
@@ -17097,7 +17097,7 @@ CVE-2019-7943
 CVE-2019-7942
 	RESERVED
 CVE-2019-7941 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7940
 	RESERVED
 CVE-2019-7939
@@ -17279,21 +17279,21 @@ CVE-2019-7852
 CVE-2019-7851
 	RESERVED
 CVE-2019-7850 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7849
 	RESERVED
 CVE-2019-7848 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7847 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7846 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7845 (Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and ear ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7844 (Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerabi ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7843 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7841 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
@@ -35877,7 +35877,7 @@ CVE-2019-1169
 CVE-2019-1168
 	RESERVED
 CVE-2019-1167 (A security feature bypass vulnerability exists in Windows Defender App ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1166
 	RESERVED
 CVE-2019-1165
@@ -43033,7 +43033,7 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "py
 	NOTE: https://github.com/pypa/virtualenv/issues/1207
 	NOTE: No real security impact. 3rd party requested CVE rejection
 CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: MDaemon Webmail
 CVE-2018-17791
 	RESERVED
 CVE-2018-17790



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/680b7642117854032df9edf4845eb5268a5e4c75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/680b7642117854032df9edf4845eb5268a5e4c75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190719/2a8201a2/attachment.html>

More information about the debian-security-tracker-commits mailing list