[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue May 7 21:53:46 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49805b7d by Salvatore Bonaccorso at 2019-05-07T20:53:12Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10492,9 +10492,9 @@ CVE-2019-7748 (_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php
 CVE-2019-7747 (DbNinja 3.2.7 allows session fixation via the data.php sessid paramete ...)
 	NOT-FOR-US: DbNinja
 CVE-2019-7746 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices
 CVE-2019-7745 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices
 CVE-2019-7744 (An issue was discovered in Joomla! before 3.9.3. Inadequate filtering  ...)
 	NOT-FOR-US: Joomla!
 CVE-2019-7743 (An issue was discovered in Joomla! before 3.9.3. The phar:// stream wr ...)
@@ -10641,7 +10641,7 @@ CVE-2019-7689
 CVE-2019-7688
 	RESERVED
 CVE-2019-7687 (cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices  ...)
-	TODO: check
+	NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices
 CVE-2018-20771 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
 	NOT-FOR-US: Xerox devices
 CVE-2018-20770 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
@@ -11019,7 +11019,7 @@ CVE-2019-7566 (CSZ CMS 1.1.8 has CSRF via admin/users/new/add. ...)
 CVE-2019-7565
 	RESERVED
 CVE-2019-7564 (An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Coship WM3300 WiFi Router devices
 CVE-2019-7563
 	RESERVED
 CVE-2019-7562
@@ -11392,9 +11392,9 @@ CVE-2019-7429 (PHP Scripts Mall Property Rental Software 2.1.4 has directory tra
 CVE-2019-7428
 	RESERVED
 CVE-2019-7427 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7426 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7425 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
 	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7424 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
@@ -21299,7 +21299,7 @@ CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a malformed
 CVE-2018-20504
 	RESERVED
 CVE-2018-20503 (Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.p ...)
-	TODO: check
+	NOT-FOR-US: Allied Telesis 8100L/8 devices
 CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ex ...)
 	NOT-FOR-US: Bento4
 CVE-2018-20501 [Missing authorization control merge requests]
@@ -30914,7 +30914,7 @@ CVE-2018-19458 (In PHP Proxy 3.0.3, any user can read files from the server with
 CVE-2018-19457 (Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which le ...)
 	NOT-FOR-US: Logicspice FAQ Script
 CVE-2018-19456 (The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: WP Backup+ (aka WPbackupplus) plugin for WordPress
 CVE-2018-19455
 	RESERVED
 CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the current ...)
@@ -44364,7 +44364,7 @@ CVE-2018-14487
 CVE-2018-14486 (DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via  ...)
 	NOT-FOR-US: DNN
 CVE-2018-14485 (BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog. ...)
-	TODO: check
+	NOT-FOR-US: BlogEngine.NET
 CVE-2018-14484
 	RESERVED
 CVE-2018-14483



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49805b7d152ddb7ffa5cb370cf0785b3736ed957

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49805b7d152ddb7ffa5cb370cf0785b3736ed957
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190507/eb554b30/attachment.html>

More information about the debian-security-tracker-commits mailing list