[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jan 3 20:09:35 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82281dc1 by Salvatore Bonaccorso at 2020-01-03T21:09:11+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -234,7 +234,7 @@ CVE-2019-20330 (FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net
 	- jackson-databind <unfixed>
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2526
 CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL serv ...)
-	TODO: check
+	NOT-FOR-US: OpenLambda
 CVE-2019-20328
 	RESERVED
 CVE-2019-20327
@@ -14067,7 +14067,7 @@ CVE-2019-18570
 CVE-2019-18569
 	RESERVED
 CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...)
-	TODO: check
+	NOT-FOR-US: Avira Free Antivirus
 CVE-2019-18567
 	RESERVED
 CVE-2019-18566
@@ -39528,7 +39528,7 @@ CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vu
 CVE-2019-10230
 	RESERVED
 CVE-2019-10229 (An issue was discovered in MailStore Server (and Service Provider Edit ...)
-	TODO: check
+	NOT-FOR-US: MailStore
 CVE-2019-10228
 	RESERVED
 CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found comp ...)
@@ -47223,7 +47223,7 @@ CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user
 CVE-2019-7752
 	RESERVED
 CVE-2019-7751 (A directory traversal and local file inclusion vulnerability in FPProd ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2019-7750
 	RESERVED
 CVE-2019-7749
@@ -56393,7 +56393,7 @@ CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote att
 CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
 	NOT-FOR-US: Blink XT2
 CVE-2019-3984 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Blink XT2 Sync Module firmware
 CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
 	NOT-FOR-US: Blink XT2
 CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
@@ -64593,15 +64593,15 @@ CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting
 CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_col ...)
 	NOT-FOR-US: Metinfo
 CVE-2018-19834 (The quaker function of a smart contract implementation for BOMBBA (BOM ...)
-	TODO: check
+	NOT-FOR-US: BOMBBA (BOMB) (tradable Ethereum ERC20 token)
 CVE-2018-19833 (The owned function of a smart contract implementation for DDQ, an trad ...)
-	TODO: check
+	NOT-FOR-US: DDQ (tradable Ethereum ERC20 token)
 CVE-2018-19832 (The NETM() function of a smart contract implementation for NewIntelTec ...)
-	TODO: check
+	NOT-FOR-US: NewIntelTechMedia (NETM)
 CVE-2018-19831 (The ToOwner() function of a smart contract implementation for Cryptbon ...)
-	TODO: check
+	NOT-FOR-US: Cryptbond Network (CBN)
 CVE-2018-19830 (The UBSexToken() function of a smart contract implementation for Busin ...)
-	TODO: check
+	NOT-FOR-US: Business Alliance Financial Circle (BAFC)
 CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios ...)
 	NOT-FOR-US: Artica Integria IMS
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
@@ -81971,7 +81971,7 @@ CVE-2018-14478 (ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via t
 CVE-2018-14477
 	RESERVED
 CVE-2018-14476 (GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step  ...)
-	TODO: check
+	NOT-FOR-US: GeniXCMS
 CVE-2018-14475
 	RESERVED
 CVE-2018-14474 (views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the ne ...)
@@ -261602,7 +261602,7 @@ CVE-2013-4870 (SQL injection vulnerability in the News Search (news_search) exte
 CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and  ...)
 	NOT-FOR-US: Cisco
 CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure ...)
-	TODO: check
+	NOT-FOR-US: Karotz API
 CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module h ...)
 	NOT-FOR-US: Electronic Arts Karotz Smart Rabbit
 CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...)
@@ -264413,37 +264413,37 @@ CVE-2013-3948 (Apple iOS 6.1.3 does not follow redirects during determination of
 CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 ...)
 	NOT-FOR-US: AhnLab V3 Internet Security
 CVE-2013-3946 (Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 ...)
-	TODO: check
+	NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
 CVE-2013-3945 (The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a ...)
-	TODO: check
+	NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
 CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.3 ...)
-	TODO: check
+	NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
 CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...)
 	NOT-FOR-US: DotNetNukeDot
 CVE-2013-3942
 	RESERVED
 CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft W ...)
 	NOT-FOR-US: Microsoft
 CVE-2013-3939 (xnview.exe in XnView before 2.13 does not properly handle RLE strip le ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote attackers  ...)
 	NOT-FOR-US: XnView
 CVE-2013-3937 (Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows  ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2013-3936 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before  ...)
-	TODO: check
+	NOT-FOR-US: Opsview
 CVE-2013-3935 (Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4. ...)
-	TODO: check
+	NOT-FOR-US: Opsview
 CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as use ...)
 	NOT-FOR-US: Kingsoft Office 2013
 CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joom ...)
 	NOT-FOR-US: Joomla component com_joomshopping
 CVE-2013-3932 (SQL injection vulnerability in the Jomres (com_jomres) component befor ...)
-	TODO: check
+	NOT-FOR-US: Jomres (com_jomres) component for Joomla!
 CVE-2013-3931 (Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) co ...)
-	TODO: check
+	NOT-FOR-US: Jomres (com_jomres) component for Joomla!
 CVE-2013-3930 (Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows r ...)
 	NOT-FOR-US: Core FTP (client)
 CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
@@ -266002,9 +266002,9 @@ CVE-2013-3249 (Stack-based buffer overflow in the "Add from text file" feature i
 CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows lo ...)
 	NOT-FOR-US: Corel PDF Fusion
 CVE-2013-3247 (Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows  ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...)
 	- vlc 2.0.7-1 (unimportant)
 	NOTE: Harmless crasher
@@ -270856,7 +270856,7 @@ CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allo
 	- php5 5.4.4-14 (bug #702221)
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
 CVE-2013-1642 (Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer befo ...)
-	TODO: check
+	NOT-FOR-US: QuiXplorer
 CVE-2013-1641 (Directory traversal vulnerability in the zip download functionality in ...)
 	NOT-FOR-US: QuiXplorer
 CVE-2013-1640 (The (1) template and (2) inline_template functions in the master serve ...)
@@ -271580,7 +271580,7 @@ CVE-2013-1422
 CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar  ...)
 	- webcalendar <removed>
 CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...)
-	TODO: check
+	NOT-FOR-US: GetSimple CMS
 CVE-2013-1419
 	RESERVED
 CVE-2013-1418 (The setup_server_realm function in main.c in the Key Distribution Cent ...)
@@ -273460,7 +273460,7 @@ CVE-2013-0739
 CVE-2013-0738
 	RESERVED
 CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier a ...)
-	TODO: check
+	NOT-FOR-US: BoltWire
 CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ming ...)
 	NOT-FOR-US: mingle forum plugin for wp
 CVE-2013-0735 (Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82281dc13dba0ae167b7d4111b950bb97113ab3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82281dc13dba0ae167b7d4111b950bb97113ab3d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200103/b61c8e54/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list