[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Sep 3 14:22:10 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a460f7c by Salvatore Bonaccorso at 2019-09-03T13:21:17Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -291,7 +291,7 @@ CVE-2019-15747
 CVE-2019-15746
 	RESERVED
 CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...)
-	TODO: check
+	NOT-FOR-US: Eques elf smart plug
 CVE-2019-15744
 	RESERVED
 CVE-2019-15743
@@ -935,9 +935,9 @@ CVE-2019-15517 (jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f director
 CVE-2019-15516 (Cuberite before 2019-06-11 allows webadmin directory traversal via ... ...)
 	TODO: check
 CVE-2019-15515 (Discourse 2.3.2 sends the CSRF token in the query string. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2019-15514 (The Privacy > Phone Number feature in the Telegram app 5.10 for And ...)
-	TODO: check
+	NOT-FOR-US: Telegram app for Android and iOS
 CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...)
 	NOT-FOR-US: OpenWrt libuci
 CVE-2019-15512
@@ -963,7 +963,7 @@ CVE-2019-15503 (cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka Pro
 CVE-2019-15502 (The TeamSpeak client before 3.3.2 allows remote servers to trigger a c ...)
 	TODO: check
 CVE-2019-15501 (Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-20 ...)
-	TODO: check
+	NOT-FOR-US: L-Soft LISTSERV
 CVE-2019-15500
 	RESERVED
 CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...)
@@ -987,7 +987,7 @@ CVE-2019-15491 (openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. ...)
 CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. ...)
 	NOT-FOR-US: openITCOCKPIT
 CVE-2019-15489 (laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XS ...)
-	TODO: check
+	NOT-FOR-US: laracom (aka Laravel FREE E-Commerce Software)
 CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...)
 	TODO: check
 CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training  ...)
@@ -995,11 +995,11 @@ CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher tra
 CVE-2019-15486 (django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...)
 	TODO: check
 CVE-2019-15485 (Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2019-15484 (Bolt before 3.6.10 has XSS via an image's alt or title field. ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2019-15483 (Bolt before 3.6.10 has XSS via a title that is mishandled in the syste ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2019-15482 (selectize-plugin-a11y before 1.1.0 has XSS via the msg field. ...)
 	TODO: check
 CVE-2019-15481 (Kimai v2 before 1.1 has XSS via a timesheet description. ...)
@@ -2318,7 +2318,7 @@ CVE-2019-15057
 CVE-2019-15056
 	RESERVED
 CVE-2019-15055 (MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly  ...)
-	TODO: check
+	NOT-FOR-US: MikroTik RouterOS
 CVE-2019-15054
 	RESERVED
 CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Confluenc ...)
@@ -3336,7 +3336,7 @@ CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the o
 CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...)
 	NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress
 CVE-2019-14694 (A use-after-free flaw in the sandbox container implemented in cmdguard ...)
-	TODO: check
+	NOT-FOR-US: Comodo Antivirus
 CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
 	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a460f7c6582107798834ab7c88e110099ded631

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a460f7c6582107798834ab7c88e110099ded631
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190903/2f579943/attachment.html>

More information about the debian-security-tracker-commits mailing list