[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed May 22 21:37:39 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d234294 by Salvatore Bonaccorso at 2019-05-22T20:36:44Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2019-12281
 CVE-2019-12280
 	RESERVED
 CVE-2019-12279 (Nagios XI 5.6.1 allows SQL injection via the username parameter to log ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-12278
 	RESERVED
 CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as de ...)
-	TODO: check
+	NOT-FOR-US: Blogifier
 CVE-2019-12276
 	RESERVED
 CVE-2019-12275
@@ -35,7 +35,7 @@ CVE-2019-12272
 CVE-2019-12271
 	RESERVED
 CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...)
-	TODO: check
+	NOT-FOR-US: OpenText Brava!
 CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...)
 	- enigmail <unfixed> (bug #929363)
 	NOTE: https://sourceforge.net/p/enigmail/bugs/983/
@@ -269,7 +269,7 @@ CVE-2019-12169
 CVE-2019-12168 (Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code ...)
 	NOT-FOR-US: Four-Faith Wireless Mobile Router F3x24 devices
 CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1 ...)
-	TODO: check
+	NOT-FOR-US: Emerson Network Power Liebert Challenger
 CVE-2019-12166
 	RESERVED
 CVE-2019-12165
@@ -419,7 +419,7 @@ CVE-2019-12104
 CVE-2019-12103
 	RESERVED
 CVE-2019-12102 (Kentico 11 through 12 lets attackers upload and explore files without  ...)
-	TODO: check
+	NOT-FOR-US: Kentico
 CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain ...)
 	NOT-FOR-US: LibNyoci
 CVE-2019-12100
@@ -540,7 +540,7 @@ CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability through which the Nodejs
 CVE-2019-12045
 	RESERVED
 CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10. ...)
-	TODO: check
+	NOT-FOR-US: Citrix NetScaler Gateway
 CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...)
 	NOT-FOR-US: remarkable
 CVE-2019-12042
@@ -877,7 +877,7 @@ CVE-2019-11882
 CVE-2019-11881
 	RESERVED
 CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. This is  ...)
-	TODO: check
+	NOT-FOR-US: CommSy
 CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...)
 	TODO: check
 CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...)
@@ -1460,7 +1460,7 @@ CVE-2019-11636 (Zcash 2.x allows an inexpensive approach to "fill all transactio
 CVE-2019-11635
 	RESERVED
 CVE-2019-11634 (Citrix Workspace App before 1904 for Windows has Incorrect Access Cont ...)
-	TODO: check
+	NOT-FOR-US: Citrix Workspace App
 CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers becaus ...)
 	NOT-FOR-US: HoneyPress
 CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...)
@@ -1734,7 +1734,7 @@ CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.
 CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...)
 	NOT-FOR-US: osTicket
 CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3 ...)
-	TODO: check
+	NOT-FOR-US: Kalki Kalkitech
 CVE-2019-11535
 	RESERVED
 CVE-2019-11534
@@ -2512,7 +2512,7 @@ CVE-2019-11233
 CVE-2019-11232
 	RESERVED
 CVE-2019-11231 (An issue was discovered in GetSimple CMS through 3.3.15. insufficient  ...)
-	TODO: check
+	NOT-FOR-US: GetSimple CMS
 CVE-2019-11230
 	RESERVED
 CVE-2019-11229 (models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 m ...)
@@ -10271,9 +10271,9 @@ CVE-2019-8445
 CVE-2019-8444
 	RESERVED
 CVE-2019-8443 (The ViewUpgrades resource in Jira before version 7.13.4, from version  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-8442 (The CachingResourceDownloadRewriteRule class in Jira before version 7. ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-8441
 	RESERVED
 CVE-2019-8440 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...)
@@ -11587,11 +11587,11 @@ CVE-2019-7846
 CVE-2019-7845
 	RESERVED
 CVE-2019-7844 (Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7843
 	RESERVED
 CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-7841 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7840
@@ -17344,11 +17344,11 @@ CVE-2019-5629
 CVE-2019-5628
 	RESERVED
 CVE-2019-5627 (The iOS mobile application BlueCats Reveal before 5.14 stores the user ...)
-	TODO: check
+	NOT-FOR-US: iOS mobile application BlueCats Reveal
 CVE-2019-5626 (The Android mobile application BlueCats Reveal before 3.0.19 stores th ...)
-	TODO: check
+	NOT-FOR-US: Android mobile application BlueCats Reveal
 CVE-2019-5625 (The Android mobile application Halo Home before 1.11.0 stores OAuth au ...)
-	TODO: check
+	NOT-FOR-US: Android mobile application Halo Home
 CVE-2019-5624 (Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improp ...)
 	NOT-FOR-US: Rapid7 Metasploit Framework
 CVE-2019-5623
@@ -23434,11 +23434,11 @@ CVE-2019-3405
 CVE-2019-3404
 	RESERVED
 CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 a ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-3401 (The ManageFilters.jspa resource in Jira before version 7.13.3 and from ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-3400 (The labels gadget in Jira before version 7.13.2, and from version 8.0. ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-3399 (The BrowseProjects.jspa resource in Jira before version 7.13.2, and fr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d2342940f8b6b2d8cef0b9c23f3e96ac86e0ab4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d2342940f8b6b2d8cef0b9c23f3e96ac86e0ab4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190522/2a258253/attachment.html>

More information about the debian-security-tracker-commits mailing list