[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jun 25 20:23:33 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee031014 by Salvatore Bonaccorso at 2019-06-25T19:23:00Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1484,7 +1484,7 @@ CVE-2019-12348
 CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers  ...)
 	NOT-FOR-US: pfSense
 CVE-2019-12346 (In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for Word ...)
-	TODO: check
+	NOT-FOR-US: miniOrange SAML SP Single Sign On plugin for WordPress
 CVE-2019-12345 (XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. ...)
 	NOT-FOR-US: Kiboko Hostel plugin for WordPress
 CVE-2019-12344
@@ -4216,7 +4216,7 @@ CVE-2019-11273
 CVE-2019-11272
 	RESERVED
 CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-11270
 	RESERVED
 CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
@@ -15302,7 +15302,7 @@ CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL poi
 CVE-2019-7232 (The ABB IDAL HTTP server is vulnerable to a buffer overflow when a lon ...)
 	NOT-FOR-US: ABB IDAL HTTP server
 CVE-2019-7231 (The ABB IDAL FTP server is vulnerable to a buffer overflow when a long ...)
-	TODO: check
+	NOT-FOR-US: ABB IDAL FTP server
 CVE-2019-7230 (The ABB IDAL FTP server mishandles format strings in a username during ...)
 	NOT-FOR-US: ABB IDAL FTP server
 CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to upgrade i ...)
@@ -23395,13 +23395,13 @@ CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerab
 CVE-2019-3791
 	REJECTED
 CVE-2019-3790 (The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x version ...)
-	TODO: check
+	NOT-FOR-US: Pivotal Ops Manager
 CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0, contains ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-3788 (Cloud Foundry UAA Release, versions prior to 71.0, allows clients to b ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-3787 (Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending & ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry UAA
 CVE-2019-3786 (Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0 ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-3785 (Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an e ...)
@@ -23505,7 +23505,7 @@ CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected
 CVE-2019-3736
 	RESERVED
 CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist ...)
-	TODO: check
+	NOT-FOR-US: Dell SupportAssist
 CVE-2019-3734
 	RESERVED
 CVE-2019-3733
@@ -29619,7 +29619,7 @@ CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime Infra
 CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco AsyncOS Soft ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1904 (A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1902
@@ -36055,7 +36055,7 @@ CVE-2018-18946
 CVE-2018-18945
 	RESERVED
 CVE-2018-18944 (Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow. ...)
-	TODO: check
+	NOT-FOR-US: Artha ~ The Open Thesaurus
 CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the Register New  ...)
 	NOT-FOR-US: baserCMS
 CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remot ...)
@@ -36189,7 +36189,7 @@ CVE-2018-18888 (An issue was discovered in laravelCMS through 2018-04-02. \app\H
 CVE-2018-18887 (S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type ...)
 	NOT-FOR-US: S-CMS
 CVE-2018-18886 (Helpy v2.1.0 has Stored XSS via the Ticket title. ...)
-	TODO: check
+	NOT-FOR-US: Helpy
 CVE-2018-18885
 	RESERVED
 CVE-2018-18884
@@ -40138,9 +40138,9 @@ CVE-2018-17401 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) applicat
 CVE-2018-17400 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
 	NOT-FOR-US: PhonePe wallet application
 CVE-2018-17399 (SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via th ...)
-	TODO: check
+	NOT-FOR-US: Jimtawl
 CVE-2018-17398 (SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via  ...)
-	TODO: check
+	NOT-FOR-US: AMGallery
 CVE-2018-17397 (SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for  ...)
 	NOT-FOR-US: AlphaIndex Dictionaries component for Joomla!
 CVE-2018-17396
@@ -188967,7 +188967,7 @@ CVE-2014-9702
 CVE-2014-9700
 	RESERVED
 CVE-2014-9699 (The MakerBot Replicator 5G printer runs an Apache HTTP Server with dir ...)
-	TODO: check
+	NOT-FOR-US: MakerBot Replicator 5G printer
 CVE-2014-9698
 	RESERVED
 CVE-2015-2313 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee031014db100e05d4f851b924c96dfdb377fa76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee031014db100e05d4f851b924c96dfdb377fa76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190625/e6a7e8b1/attachment.html>

More information about the debian-security-tracker-commits mailing list