[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Sep 12 18:41:46 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb261482 by Salvatore Bonaccorso at 2019-09-12T17:41:23Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,13 +9,13 @@ CVE-2019-16252
 CVE-2019-16251
 	RESERVED
 CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for ...)
-	TODO: check
+	NOT-FOR-US: Ocean Extra plugin for WordPress
 CVE-2019-16249 (OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...)
 	TODO: check
 CVE-2019-16248 (The "delete for" feature in Telegram before 5.11 on Android does not d ...)
 	TODO: check
 CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommL ...)
-	TODO: check
+	NOT-FOR-US: Delta DCISoft
 CVE-2019-16246
 	RESERVED
 CVE-2019-16245
@@ -141,7 +141,7 @@ CVE-2019-16195
 CVE-2019-16194
 	RESERVED
 CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...)
-	TODO: check
+	NOT-FOR-US: ArcGIS Enterprise
 CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
 	NOT-FOR-US: DocCMS
 CVE-2019-16191
@@ -399,7 +399,7 @@ CVE-2019-16100 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote atta
 CVE-2019-16099 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON dat ...)
 	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
 CVE-2019-16098 (The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys ...)
-	TODO: check
+	NOT-FOR-US: Micro-Star MSI Afterburner
 CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users  ...)
 	NOT-FOR-US: Harbor
 CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
@@ -3541,13 +3541,13 @@ CVE-2019-15000
 CVE-2019-14999 (The Uninstall REST endpoint in Atlassian Universal Plugin Manager befo ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-14998 (The Webwork action Cross-Site Request Forgery (CSRF) protection implem ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-14997 (The AccessLogFilter class in Jira before version 8.4.0 allows remote a ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-14996 (The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-14995 (The /rest/api/1.0/render resource in Jira before version 8.4.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-14994
 	RESERVED
 CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...)
@@ -3693,7 +3693,7 @@ CVE-2019-14938
 CVE-2019-14937 (REDCap before 9.3.0 allows time-based SQL injection in the edit calend ...)
 	NOT-FOR-US: REDCap
 CVE-2019-14936 (Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Informat ...)
-	TODO: check
+	NOT-FOR-US: Easy!Appointments plugin for WordPress
 CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...)
 	NOT-FOR-US: 3CX Phone 15 on Windows
 CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...)
@@ -4332,9 +4332,9 @@ CVE-2019-14727 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an
 CVE-2019-14726 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-14725 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-14724 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-14723 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-14722 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
@@ -20870,7 +20870,7 @@ CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual App
 CVE-2019-9489 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-9488 (Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Prote ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2018-20799 (In pfSense 2.4.4_1, blocking of source IP addresses on the basis of fa ...)
 	NOT-FOR-US: pfSense
 CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes block dur ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb261482d3cab5009b6f9a1708df38e64436ddc0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb261482d3cab5009b6f9a1708df38e64436ddc0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190912/c84ddf8b/attachment.html>

More information about the debian-security-tracker-commits mailing list