[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jan 10 21:08:25 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
009ba117 by Salvatore Bonaccorso at 2020-01-10T22:07:31+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18198,7 +18198,7 @@ CVE-2019-18198 (In the Linux kernel before 5.3.4, a reference count usage error
 CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal u ...)
 	NOT-FOR-US: TerraMaster FS-210 devices
 CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escal ...)
-	TODO: check
+	NOT-FOR-US: TotalAV
 CVE-2019-18193
 	RESERVED
 CVE-2020-0500
@@ -30803,17 +30803,17 @@ CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LP
 CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
 	NOT-FOR-US: Ricoh
 CVE-2019-14306 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of ...)
-	TODO: check
+	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
 CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
 	NOT-FOR-US: Ricoh
 CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
 CVE-2019-14303
 	RESERVED
 CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...)
-	TODO: check
+	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
 CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of ...)
-	TODO: check
+	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
 CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing HTTP coo ...)
 	NOT-FOR-US: Ricoh
 CVE-2019-14299
@@ -245266,9 +245266,9 @@ CVE-2014-5095
 CVE-2014-5094 (Status2k allows remote attackers to obtain configuration information v ...)
 	NOT-FOR-US: Status2k
 CVE-2014-5093 (Status2k does not remove the install directory allowing credential res ...)
-	TODO: check
+	NOT-FOR-US: Status2k
 CVE-2014-5092 (Status2k allows Remote Command Execution in admin/options/editpl.php. ...)
-	TODO: check
+	NOT-FOR-US: Status2k
 CVE-2014-5091
 	RESERVED
 CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated adminis ...)
@@ -245552,11 +245552,11 @@ CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functio
 CVE-2014-4985
 	RESERVED
 CVE-2014-4984 (Déjà Vu Crescendo Sales CRM has remote SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: Deja Vu Crescendo Sales CRM
 CVE-2014-4983
 	RESERVED
 CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection  ...)
-	TODO: check
+	NOT-FOR-US: LPAR2RRD
 CVE-2014-4981
 	RESERVED
 CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...)
@@ -246657,7 +246657,7 @@ CVE-2014-4532 (Cross-site scripting (XSS) vulnerability in templates/printAdminU
 CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in the Game  ...)
 	NOT-FOR-US: WordPress plugin Game tabs
 CVE-2014-4530 (flog plugin 0.1 for WordPress has XSS ...)
-	TODO: check
+	NOT-FOR-US: flog plugin for WordPress
 CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Fla ...)
 	NOT-FOR-US: WordPress plugin Flash Photo Gallery
 CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-set ...)
@@ -249597,7 +249597,7 @@ CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1,
 CVE-2013-7381
 	RESERVED
 CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injectio ...)
-	TODO: check
+	NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin
 CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not p ...)
 	NOT-FOR-US: tomato module for Node.js
 CVE-2013-7378
@@ -285283,7 +285283,7 @@ CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel bef
 CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.php in  ...)
 	NOT-FOR-US: Wangkongbao not in Debian
 CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input  ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2012-4029
 	RESERVED
 CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data,  ...)
@@ -285845,11 +285845,11 @@ CVE-2012-3825 (Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
 	NOTE: leftover of CVE-2012-2392
 CVE-2012-3824 (In Arial Campaign Enterprise before 11.0.551, multiple pages are acces ...)
-	TODO: check
+	NOT-FOR-US: Arial Campaign Enterprise
 CVE-2012-3823 (Arial Campaign Enterprise before 11.0.551 stores passwords in clear te ...)
-	TODO: check
+	NOT-FOR-US: Arial Campaign Enterprise
 CVE-2012-3822 (Arial Campaign Enterprise before 11.0.551 has unauthorized access to t ...)
-	TODO: check
+	NOT-FOR-US: Arial Campaign Enterprise
 CVE-2012-3821
 	RESERVED
 CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Soft ...)
@@ -294973,7 +294973,7 @@ CVE-2011-5022 (SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allo
 CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular Expression Denia ...)
 	- php-ids <itp> (bug #488848)
 CVE-2011-5020 (An SQL Injection vulnerability exists in the ID parameter in Online TV ...)
-	TODO: check
+	NOT-FOR-US: Online TV Database
 CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpat ...)
 	- textpattern <unfixed> (low)
 	[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/009ba117067be88c281f3e48074e74dbdd1302b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/009ba117067be88c281f3e48074e74dbdd1302b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200110/33b40155/attachment.html>

More information about the debian-security-tracker-commits mailing list