[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jun 3 21:56:07 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27588989 by Salvatore Bonaccorso at 2019-06-03T20:55:51Z
Process some NFUs

- - - - -
90b3011f by Salvatore Bonaccorso at 2019-06-03T20:55:51Z
Track new pydio/extplorer issues (itp'ed)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,11 +67,11 @@ CVE-2019-12568
 CVE-2019-12567
 	RESERVED
 CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS i ...)
-	TODO: check
+	NOT-FOR-US: WP Statistics plugin for WordPress
 CVE-2019-12565
 	RESERVED
 CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the d ...)
-	TODO: check
+	NOT-FOR-US: DouCo DouPHP
 CVE-2019-12563
 	RESERVED
 CVE-2019-12562
@@ -2197,7 +2197,7 @@ CVE-2019-11648
 CVE-2019-11647
 	RESERVED
 CVE-2019-11646 (Remote unauthorized command execution and unauthorized disclosure of i ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Service Manager
 CVE-2019-11645
 	RESERVED
 CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ...)
@@ -6149,7 +6149,7 @@ CVE-2019-10071
 CVE-2019-10070
 	RESERVED
 CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to the des ...)
-	TODO: check
+	NOT-FOR-US: Godot
 CVE-2019-10068 (An issue was discovered in Kentico before 12.0.15. Due to a failure to ...)
 	NOT-FOR-US: Kentico
 CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...)
@@ -6215,15 +6215,15 @@ CVE-2019-10050 (A buffer over-read issue was discovered in Suricata 4.1.x before
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2884
 	NOTE: https://github.com/OISF/suricata/commit/4609d5c80acda9adf02f8fb9a6aa8238495bfa13
 CVE-2019-10049 (It is possible for an attacker with regular user access to the web app ...)
-	TODO: check
+	- ajaxplorer <itp> (bug #668381)
 CVE-2019-10048 (The ImageMagick plugin that is installed by default in Pydio through 8 ...)
-	TODO: check
+	- ajaxplorer <itp> (bug #668381)
 CVE-2019-10047 (A stored XSS vulnerability exists in the web application of Pydio thro ...)
-	TODO: check
+	- ajaxplorer <itp> (bug #668381)
 CVE-2019-10046 (An unauthenticated attacker can obtain information about the Pydio 8.2 ...)
-	TODO: check
+	- ajaxplorer <itp> (bug #668381)
 CVE-2019-10045 (The "action" get_sess_id in the web application of Pydio through 8.2.2 ...)
-	TODO: check
+	- ajaxplorer <itp> (bug #668381)
 CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram applicatio ...)
 	- telegram-desktop <unfixed> (bug #927711)
 	NOTE: https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt
@@ -6238,7 +6238,7 @@ CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only checks the random token w
 CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
 	NOT-FOR-US: D-Link
 CVE-2019-10038 (Evernote 7.9 on macOS allows attackers to execute arbitrary programs b ...)
-	TODO: check
+	NOT-FOR-US: Evernote
 CVE-2019-10037
 	RESERVED
 CVE-2019-10036
@@ -7293,13 +7293,13 @@ CVE-2019-9876
 CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Sitecore  ...)
 	TODO: check
 CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...)
-	TODO: check
+	NOT-FOR-US: Sitecore CMS
 CVE-2019-9873
 	RESERVED
 CVE-2019-9872
 	RESERVED
 CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...)
-	TODO: check
+	NOT-FOR-US: Jector Smart TV FM-K75 devices
 CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...)
 	NOT-FOR-US: w8tcha oEmbed plugin for CKEditor
 CVE-2019-9869
@@ -8009,7 +8009,7 @@ CVE-2019-9655
 CVE-2019-9654
 	RESERVED
 CVE-2019-9653 (NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauth ...)
-	TODO: check
+	NOT-FOR-US: NUUO Network Video Recorder Firmware
 CVE-2019-9652 (There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit re ...)
 	NOT-FOR-US: SDCMS
 CVE-2019-9651 (An issue was discovered in SDCMS V1.7. In the \app\admin\controller\th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8cbad464685416eea837955b2bbd62dbc2a72018...90b3011fd9d61ce1f4d76ee0895cd1331cb6a0cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8cbad464685416eea837955b2bbd62dbc2a72018...90b3011fd9d61ce1f4d76ee0895cd1331cb6a0cf
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190603/5ba8a525/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list