[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 25 20:29:09 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
049735f2 by Salvatore Bonaccorso at 2019-03-25T20:26:59Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2019-10043
RESERVED
CVE-2019-10042 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-10041 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-10038
RESERVED
CVE-2019-10037
@@ -53,7 +53,7 @@ CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the
CVE-2019-10017 (CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, ...)
NOT-FOR-US: CMS Made Simple
CVE-2019-10016 (GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words ...)
- TODO: check
+ NOT-FOR-US: GForge Advanced Server
CVE-2019-10015 (baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitra ...)
NOT-FOR-US: baigoStudio
CVE-2019-10014 (In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticate ...)
@@ -115,9 +115,9 @@ CVE-2019-9973
CVE-2019-10013
RESERVED
CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote at ...)
- TODO: check
+ NOT-FOR-US: Jenzabar
CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campu ...)
- TODO: check
+ NOT-FOR-US: Jenzabar
CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark ...)
NOT-FOR-US: PHP League CommonMark library
CVE-2019-10009
@@ -14692,7 +14692,7 @@ CVE-2019-4048
CVE-2019-4047
RESERVED
CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4045
RESERVED
CVE-2019-4044
@@ -16081,23 +16081,23 @@ CVE-2019-3486
CVE-2019-3485
RESERVED
CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger versions pr ...)
- TODO: check
+ NOT-FOR-US: ArcSight Logger
CVE-2019-3483 (Mitigates a potential information leakage issue in ArcSight Logger ver ...)
- TODO: check
+ NOT-FOR-US: ArcSight Logger
CVE-2019-3482 (Mitigates a directory traversal issue in ArcSight Logger versions prio ...)
- TODO: check
+ NOT-FOR-US: ArcSight Logger
CVE-2019-3481 (Mitigates a XML External Entity Parsing issue in ArcSight Logger versi ...)
- TODO: check
+ NOT-FOR-US: ArcSight Logger
CVE-2019-3480 (Mitigates a stored/reflected XSS issue in ArcSight Logger versions pri ...)
- TODO: check
+ NOT-FOR-US: ArcSight Logger
CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight Logger v ...)
- TODO: check
+ NOT-FOR-US: ArcSight Logger
CVE-2019-3478
RESERVED
CVE-2019-3477
RESERVED
CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, version ...)
- TODO: check
+ NOT-FOR-US: Micro Focus Data Protector
CVE-2019-3475 (A local privilege escalation vulnerability in the famtd component of M ...)
NOT-FOR-US: Micro Focus Filr
CVE-2019-3474 (A path traversal vulnerability in the web application component of Mic ...)
@@ -17436,9 +17436,9 @@ CVE-2019-3398
CVE-2019-3397
RESERVED
CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before versi ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data Center bef ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3394
RESERVED
CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerab ...)
@@ -43877,9 +43877,9 @@ CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation m
CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the Bibliography module ...)
NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
- TODO: check
+ NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12652 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
- TODO: check
+ NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12651 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
NOT-FOR-US: Adrenalin HRMS
CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting ...)
@@ -103960,7 +103960,7 @@ CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting
CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit devic ...)
NOT-FOR-US: Barco ClickShare Base Unit device
CVE-2017-9376 (ManageEngine ServiceDesk Plus before 9314 contains a local file inclus ...)
- TODO: check
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller emulato ...)
{DSA-3991-1}
- qemu 1:2.10.0-1 (bug #864219)
@@ -104002,7 +104002,7 @@ CVE-2017-9364 (Unrestricted File Upload exists in BigTree CMS through 4.2.18: if
CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 allows ...)
NOT-FOR-US: Soffid IAM console
CVE-2017-9362 (ManageEngine ServiceDesk Plus before 9312 contains an XML injection at ...)
- TODO: check
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/detail ...)
NOT-FOR-US: WebsiteBaker
CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/det ...)
@@ -185027,7 +185027,7 @@ CVE-2015-1016
CVE-2015-1015 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, an ...)
NOT-FOR-US: Omron CX-One
CVE-2015-1014 (A successful exploit of these vulnerabilities requires the local user ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure tha ...)
NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
CVE-2015-1012 (Wireless keys are stored in plain text on version 5 of the Hospira Lif ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/049735f29290e719e9004b32c1ed5f80e468473f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/049735f29290e719e9004b32c1ed5f80e468473f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190325/5a46a2c8/attachment.html>
More information about the debian-security-tracker-commits
mailing list