[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 19 08:35:48 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
595d1733 by Salvatore Bonaccorso at 2019-03-19T08:35:02Z
Process NFUs

- - - - -
78d2bcc8 by Salvatore Bonaccorso at 2019-03-19T08:35:29Z
Add CVE-2019-6970/moodle

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1882,9 +1882,9 @@ CVE-2019-9096
 CVE-2019-9095
 	RESERVED
 CVE-2019-9094 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Humhub
 CVE-2019-9093 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Humhub
 CVE-2019-9092
 	RESERVED
 CVE-2019-9091
@@ -1908,7 +1908,7 @@ CVE-2019-9084
 	RESERVED
 	- hoteldruid 2.3.2-1
 CVE-2019-9083 (SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanage ...)
-	TODO: check
+	NOT-FOR-US: SQLiteManager
 CVE-2018-20795 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read  ...)
 	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20794 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
@@ -2402,7 +2402,7 @@ CVE-2019-8940
 CVE-2019-8939 (data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a  ...)
 	NOT-FOR-US: Tautulli
 CVE-2019-8938 (VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter ...)
-	TODO: check
+	NOT-FOR-US: VertrigoServ
 CVE-2019-8937
 	RESERVED
 CVE-2019-8936 [Crafted null dereference attack in authenticated mode 6 packet]
@@ -5749,23 +5749,23 @@ CVE-2019-7427
 CVE-2019-7426
 	RESERVED
 CVE-2019-7425 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7424 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7423 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7422 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7421 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
-	TODO: check
+	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
 CVE-2019-7420 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
-	TODO: check
+	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
 CVE-2019-7419 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
-	TODO: check
+	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
 CVE-2019-7418 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
-	TODO: check
+	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
 CVE-2019-7417 (XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple ...)
-	TODO: check
+	NOT-FOR-US: Ericsson Active Library Explorer (ALEX)
 CVE-2019-7416 (XSS and/or a Client Side URL Redirect exists in OpenText Documentum We ...)
 	TODO: check
 CVE-2019-7415
@@ -5829,7 +5829,7 @@ CVE-2019-7393
 CVE-2019-7392 (An improper authentication vulnerability in CA Privileged Access Manag ...)
 	NOT-FOR-US: CA Privileged Access Manager
 CVE-2019-7391 (ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cg ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL
 CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...)
 	NOT-FOR-US: D-Link
 CVE-2019-7389 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...)
@@ -5839,7 +5839,7 @@ CVE-2019-7388 (An issue was discovered in /bin/goahead on D-Link DIR-823G device
 CVE-2019-7387 (A local file inclusion vulnerability exists in the web interface of Sy ...)
 	NOT-FOR-US: Systrome
 CVE-2019-7386 (A Denial of Service issue has been discovered in the Gecko component o ...)
-	TODO: check
+	NOT-FOR-US: KaiOS on Nokia devices
 CVE-2019-7385 (An authenticated shell command injection issue has been discovered in  ...)
 	TODO: check
 CVE-2019-7384 (An authenticated shell command injection issue has been discovered in  ...)
@@ -6461,7 +6461,7 @@ CVE-2019-7163
 CVE-2019-7162
 	RESERVED
 CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Trav ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-7159
@@ -6939,13 +6939,13 @@ CVE-2019-6972
 CVE-2019-6971
 	RESERVED
 CVE-2019-6970 (Moodle 3.5.x before 3.5.4 allows SSRF. ...)
-	TODO: check
+	- moodle <removed>
 CVE-2019-6969
 	RESERVED
 CVE-2019-6968
 	RESERVED
 CVE-2019-6967 (AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. ...)
-	TODO: check
+	NOT-FOR-US: AirTies devices
 CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in ...)
 	NOT-FOR-US: Bento4
 CVE-2019-6965
@@ -7495,7 +7495,7 @@ CVE-2019-6726
 CVE-2019-6725
 	RESERVED
 CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Barracuda VPN Client
 CVE-2019-6723
 	RESERVED
 CVE-2019-6722
@@ -7548,7 +7548,7 @@ CVE-2019-6704
 CVE-2019-6703 (Incorrect access control in migla_ajax_functions.php in the Calmar Web ...)
 	NOT-FOR-US: Calmar Webmedia Total Donations plugin for WordPress
 CVE-2019-6702 (The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certifica ...)
-	TODO: check
+	NOT-FOR-US: MasterCard Qkr! app
 CVE-2019-6701
 	RESERVED
 CVE-2019-6700
@@ -8005,7 +8005,7 @@ CVE-2019-6494
 CVE-2019-6493
 	RESERVED
 CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
-	TODO: check
+	NOT-FOR-US: IObit Smart Defrag
 CVE-2019-6491
 	RESERVED
 CVE-2019-6490



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f394c15069119844e4e2c8260295ffe5724eb5b5...78d2bcc86ae238e832613703158bbd94efa20b93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f394c15069119844e4e2c8260295ffe5724eb5b5...78d2bcc86ae238e832613703158bbd94efa20b93
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190319/8af38209/attachment.html>

More information about the debian-security-tracker-commits mailing list