[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Mon, 25 Mar 2019 13:29:27 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
049735f2 by Salvatore Bonaccorso at 2019-03-25T20:26:59Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2019-10043
        RESERVED
 CVE-2019-10042 (The D-Link DIR-816 A2 1.11 router only checks the random token 
when au ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-10041 (The D-Link DIR-816 A2 1.11 router only checks the random token 
when au ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only checks the random token 
when au ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token 
when au ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-10038
        RESERVED
 CVE-2019-10037
@@ -53,7 +53,7 @@ CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. 
There is an FPE in the
 CVE-2019-10017 (CMS Made Simple 2.2.10 has XSS via the moduleinterface.php 
Name field, ...)
        NOT-FOR-US: CMS Made Simple
 CVE-2019-10016 (GForge Advanced Server 6.4.4 allows XSS via the 
commonsearch.php words ...)
-       TODO: check
+       NOT-FOR-US: GForge Advanced Server
 CVE-2019-10015 (baigoStudio baigoSSO v3.0.1 allows remote attackers to execute 
arbitra ...)
        NOT-FOR-US: baigoStudio
 CVE-2019-10014 (In DedeCMS 5.7SP2, member/resetpassword.php allows remote 
authenticate ...)
@@ -115,9 +115,9 @@ CVE-2019-9973
 CVE-2019-10013
        RESERVED
 CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows 
remote at ...)
-       TODO: check
+       NOT-FOR-US: Jenzabar
 CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka 
Internet Campu ...)
-       TODO: check
+       NOT-FOR-US: Jenzabar
 CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League 
CommonMark  ...)
        NOT-FOR-US: PHP League CommonMark library
 CVE-2019-10009
@@ -14692,7 +14692,7 @@ CVE-2019-4048
 CVE-2019-4047
        RESERVED
 CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4045
        RESERVED
 CVE-2019-4044
@@ -16081,23 +16081,23 @@ CVE-2019-3486
 CVE-2019-3485
        RESERVED
 CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger 
versions pr ...)
-       TODO: check
+       NOT-FOR-US: ArcSight Logger
 CVE-2019-3483 (Mitigates a potential information leakage issue in ArcSight 
Logger ver ...)
-       TODO: check
+       NOT-FOR-US: ArcSight Logger
 CVE-2019-3482 (Mitigates a directory traversal issue in ArcSight Logger 
versions prio ...)
-       TODO: check
+       NOT-FOR-US: ArcSight Logger
 CVE-2019-3481 (Mitigates a XML External Entity Parsing issue in ArcSight 
Logger versi ...)
-       TODO: check
+       NOT-FOR-US: ArcSight Logger
 CVE-2019-3480 (Mitigates a stored/reflected XSS issue in ArcSight Logger 
versions pri ...)
-       TODO: check
+       NOT-FOR-US: ArcSight Logger
 CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight 
Logger v ...)
-       TODO: check
+       NOT-FOR-US: ArcSight Logger
 CVE-2019-3478
        RESERVED
 CVE-2019-3477
        RESERVED
 CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, 
version ...)
-       TODO: check
+       NOT-FOR-US: Micro Focus Data Protector
 CVE-2019-3475 (A local privilege escalation vulnerability in the famtd 
component of M ...)
        NOT-FOR-US: Micro Focus Filr
 CVE-2019-3474 (A path traversal vulnerability in the web application component 
of Mic ...)
@@ -17436,9 +17436,9 @@ CVE-2019-3398
 CVE-2019-3397
        RESERVED
 CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server 
before versi ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Confluence Server
 CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data 
Center bef ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Confluence Server
 CVE-2019-3394
        RESERVED
 CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) 
vulnerab ...)
@@ -43877,9 +43877,9 @@ CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) 
exists in the Circulation m
 CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the 
Bibliography module ...)
        NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) Vulnerability was 
discovered in ...)
-       TODO: check
+       NOT-FOR-US: Adrenalin HRMS Software
 CVE-2018-12652 (A Reflected Cross Site Scripting (XSS) Vulnerability was 
discovered in ...)
-       TODO: check
+       NOT-FOR-US: Adrenalin HRMS Software
 CVE-2018-12651 (A Reflected Cross Site Scripting (XSS) Vulnerability was 
discovered in ...)
        NOT-FOR-US: Adrenalin HRMS
 CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site 
Scripting ...)
@@ -103960,7 +103960,7 @@ CVE-2017-9378 (BigTree CMS through 4.2.18 does not 
prevent a user from deleting
 CVE-2017-9377 (A command injection was identified on Barco ClickShare Base 
Unit devic ...)
        NOT-FOR-US: Barco ClickShare Base Unit device
 CVE-2017-9376 (ManageEngine ServiceDesk Plus before 9314 contains a local file 
inclus ...)
-       TODO: check
+       NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller 
emulato ...)
        {DSA-3991-1}
        - qemu 1:2.10.0-1 (bug #864219)
@@ -104002,7 +104002,7 @@ CVE-2017-9364 (Unrestricted File Upload exists in 
BigTree CMS through 4.2.18: if
 CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 
allows ...)
        NOT-FOR-US: Soffid IAM console
 CVE-2017-9362 (ManageEngine ServiceDesk Plus before 9312 contains an XML 
injection at ...)
-       TODO: check
+       NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in 
/account/detail ...)
        NOT-FOR-US: WebsiteBaker
 CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in 
/account/det ...)
@@ -185027,7 +185027,7 @@ CVE-2015-1016
 CVE-2015-1015 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 
2.1, an ...)
        NOT-FOR-US: Omron CX-One
 CVE-2015-1014 (A successful exploit of these vulnerabilities requires the 
local user  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not 
ensure tha ...)
        NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
 CVE-2015-1012 (Wireless keys are stored in plain text on version 5 of the 
Hospira Lif ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/049735f29290e719e9004b32c1ed5f80e468473f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/049735f29290e719e9004b32c1ed5f80e468473f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to