[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue May 14 22:48:57 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0127b330 by Salvatore Bonaccorso at 2019-05-14T21:48:02Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -501,11 +501,11 @@ CVE-2019-11847
 CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu ...)
 	NOT-FOR-US: Typesetter CMS
 CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XS ...)
-	TODO: check
+	NOT-FOR-US: dotCMS
 CVE-2019-11845 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2019-11843
 	RESERVED
 CVE-2019-11841
@@ -1755,7 +1755,7 @@ CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of dup
 CVE-2019-11337
 	RESERVED
 CVE-2019-11336 (Sony Bravia Smart TV devices allow remote attackers to retrieve the st ...)
-	TODO: check
+	NOT-FOR-US: Sony Bravia Smart TV devices
 CVE-2019-11335
 	RESERVED
 CVE-2019-11334
@@ -6746,7 +6746,7 @@ CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
 	NOTE: For a stable release, activating pam_systemd for non-interactive sessions will
 	NOTE: likely have all sorts of unexpected/unwanted side-effects.
 CVE-2019-9618 (The GraceMedia Media Player plugin 1.0 for WordPress allows Local File ...)
-	TODO: check
+	NOT-FOR-US: GraceMedia Media Player plugin for WordPress
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
 	NOT-FOR-US: OFCMS
 CVE-2019-9616 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
@@ -12650,9 +12650,9 @@ CVE-2019-7220
 CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa  ...)
 	- zarafa <itp> (bug #658433)
 CVE-2019-7218 (Citrix ShareFile through 19.1 allows a downgrade from two-factor authe ...)
-	TODO: check
+	NOT-FOR-US: Citrix ShareFile
 CVE-2019-7217 (Citrix ShareFile through 19.1 allows User Enumeration. It is possible  ...)
-	TODO: check
+	NOT-FOR-US: Citrix ShareFile
 CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi ...)
 	NOT-FOR-US: FileChucker
 CVE-2019-7215
@@ -20889,7 +20889,7 @@ CVE-2019-3686
 CVE-2019-3685
 	RESERVED
 CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...)
-	TODO: check
+	NOT-FOR-US: SUSE Manager
 CVE-2019-3683
 	RESERVED
 CVE-2019-3682
@@ -26991,7 +26991,7 @@ CVE-2019-1864
 CVE-2019-1863
 	RESERVED
 CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of Cisco IOS  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1861
 	RESERVED
 CVE-2019-1860
@@ -27442,7 +27442,7 @@ CVE-2019-1651 (A vulnerability in the vContainer of the Cisco SD-WAN Solution co
 CVE-2019-1650 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1649 (A vulnerability in the logic that handles access control to one of the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1648 (A vulnerability in the user group configuration of the Cisco SD-WAN So ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1647 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
@@ -39451,7 +39451,7 @@ CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak vulnerability in the funct
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3449a06f0122d4d9e68b4739417a3eaad0b24265
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1201
 CVE-2018-16639 (Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter duri ...)
-	TODO: check
+	NOT-FOR-US: Typesetter CMS
 CVE-2018-16638 (Evolution CMS 1.4.x allows XSS via the manager/ search parameter. ...)
 	NOT-FOR-US: Evolution CMS
 CVE-2018-16637 (Evolution CMS 1.4.x allows XSS via the page weblink title parameter to ...)
@@ -39477,9 +39477,9 @@ CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
 CVE-2018-16627 (panel/login in Kirby v2.5.12 allows Host header injection via the "for ...)
 	NOT-FOR-US: Kirby
 CVE-2018-16626 (index.php/Admin/Classes in Typesetter 5.1 allows XSS via the descripti ...)
-	TODO: check
+	NOT-FOR-US: Typesetter CMS
 CVE-2018-16625 (index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file  ...)
-	TODO: check
+	NOT-FOR-US: Typesetter CMS
 CVE-2018-16624 (panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a n ...)
 	NOT-FOR-US: Kirby
 CVE-2018-16623 (Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the ...)
@@ -40723,13 +40723,13 @@ CVE-2018-16140 (A buffer underwrite vulnerability in get_line() (read.c) in fig2
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e0c4b02429116b15ad1568c2c425f06b95b95830
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-16139 (Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008  ...)
-	TODO: check
+	NOT-FOR-US: BIBLIOsoft BIBLIOpac
 CVE-2018-16138 (An issue was discovered in the administration page in IPBRICK OS 6.3.  ...)
-	TODO: check
+	NOT-FOR-US: IPBRICK OS
 CVE-2018-16137 (An issue was discovered in the Web Management Console in IPBRICK OS 6. ...)
-	TODO: check
+	NOT-FOR-US: IPBRICK OS
 CVE-2018-16136 (An issue was discovered in the administrator interface in IPBRICK OS 6 ...)
-	TODO: check
+	NOT-FOR-US: IPBRICK OS
 CVE-2018-16135
 	RESERVED
 CVE-2018-16134 (Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. ...)
@@ -52483,7 +52483,7 @@ CVE-2018-11693 (An issue was discovered in LibSass through 3.5.4. An out-of-boun
 CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3 ...)
 	NOT-FOR-US: Canon devices
 CVE-2018-11691 (Emerson VE6046 09.0.12 devices have hardcoded admin credentials allowi ...)
-	TODO: check
+	NOT-FOR-US: Emerson devices
 CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for  ...)
 	NOT-FOR-US: Balbooa Gridbox extension for Joomla!
 CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0127b330840ffcee10ab137ee20a8367a81f0a83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0127b330840ffcee10ab137ee20a8367a81f0a83
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190514/18030858/attachment.html>

More information about the debian-security-tracker-commits mailing list