[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Nov 14 09:33:46 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97d67f83 by Moritz Muehlenhoff at 2019-11-14T09:33:26Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,17 +9,17 @@ CVE-2019-18956
 CVE-2019-18955
 	RESERVED
 CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...)
-	TODO: check
+	NOT-FOR-US: Pomelo
 CVE-2019-18953
 	RESERVED
 CVE-2019-18952 (SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: SibSoft Xfilesharing
 CVE-2019-18951 (SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directo ...)
-	TODO: check
+	NOT-FOR-US: SibSoft Xfilesharing
 CVE-2019-18950
 	RESERVED
 CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaSc ...)
-	TODO: check
+	NOT-FOR-US: SnowHaze
 CVE-2019-18948
 	RESERVED
 CVE-2019-18947
@@ -71,7 +71,7 @@ CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be acce
 CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By  ...)
 	NOT-FOR-US: Systematic IRIS WebForms
 CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...)
-	TODO: check
+	NOT-FOR-US: go-camo
 CVE-2019-18922
 	RESERVED
 CVE-2019-18921
@@ -162,9 +162,9 @@ CVE-2019-18886 [Prevent user enumeration using switch user functionality]
 CVE-2019-18885
 	RESERVED
 CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate Project Manage ...)
-	TODO: check
+	NOT-FOR-US: RISE
 CVE-2019-18883 (XSS exists in Lavalite CMS 5.7 via the admin/profile name or designati ...)
-	TODO: check
+	NOT-FOR-US: Lavalite CMS
 CVE-2019-18882 (WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.ja ...)
 	NOT-FOR-US: WSO2 IS
 CVE-2019-18881 (WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in t ...)
@@ -217,7 +217,7 @@ CVE-2019-18859
 CVE-2019-18858
 	RESERVED
 CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...)
-	TODO: check
+	NOT-FOR-US: darylldoyle svg-sanitizer
 CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer module t ...)
 	NOT-FOR-US: SVG Sanitizer module for Drupal
 CVE-2019-18855 (A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG ...)
@@ -247,7 +247,7 @@ CVE-2019-18846
 CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1  ...)
 	NOT-FOR-US: Patriot Viper RGB
 CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on assert cal ...)
-	TODO: check
+	NOT-FOR-US: ACRN
 CVE-2019-18843
 	RESERVED
 CVE-2019-18842
@@ -261,11 +261,11 @@ CVE-2019-18840 (In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks
 	NOTE: https://github.com/wolfSSL/wolfssl/issues/2555
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/52f28bd5149360f8e3bf8ca13d3fb9a77283df7c
 CVE-2019-18839 (FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. T ...)
-	TODO: check
+	NOT-FOR-US: FUDForum
 CVE-2019-18838
 	RESERVED
 CVE-2019-18837 (An issue was discovered in crun before 0.10.5. With a crafted image, i ...)
-	TODO: check
+	- crun <not-affected> (Fixed in initial upload)
 CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...)
@@ -391,7 +391,7 @@ CVE-2019-18795
 CVE-2019-18794
 	RESERVED
 CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...)
-	TODO: check
+	NOT-FOR-US: Parallels Plesk Panel
 CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter :  ...)
 	NOT-FOR-US: Progress Sitefinity CMS
 CVE-2019-18792
@@ -4008,7 +4008,7 @@ CVE-2019-18242
 CVE-2019-18241
 	RESERVED
 CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...)
-	TODO: check
+	NOT-FOR-US: Fuji
 CVE-2019-18239
 	RESERVED
 CVE-2019-18238



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97d67f834285a7b8107aa1c400d4ae0b68aa6853

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97d67f834285a7b8107aa1c400d4ae0b68aa6853
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191114/74016477/attachment.html>

More information about the debian-security-tracker-commits mailing list