[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 14 May 2019 14:49:20 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0127b330 by Salvatore Bonaccorso at 2019-05-14T21:48:02Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -501,11 +501,11 @@ CVE-2019-11847
 CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has 
index.php/Admin/Menu ...)
        NOT-FOR-US: Typesetter CMS
 CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 
allows XS ...)
-       TODO: check
+       NOT-FOR-US: dotCMS
 CVE-2019-11845 (An HTML Injection vulnerability has been discovered on the 
RICOH SP 45 ...)
-       TODO: check
+       NOT-FOR-US: RICOH
 CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the 
RICOH SP 45 ...)
-       TODO: check
+       NOT-FOR-US: RICOH
 CVE-2019-11843
        RESERVED
 CVE-2019-11841
@@ -1755,7 +1755,7 @@ CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 
mishandles detection of dup
 CVE-2019-11337
        RESERVED
 CVE-2019-11336 (Sony Bravia Smart TV devices allow remote attackers to 
retrieve the st ...)
-       TODO: check
+       NOT-FOR-US: Sony Bravia Smart TV devices
 CVE-2019-11335
        RESERVED
 CVE-2019-11334
@@ -6746,7 +6746,7 @@ CVE-2019-9619 [not enabled pam_systemd for 
non-interactive sessions]
        NOTE: For a stable release, activating pam_systemd for non-interactive 
sessions will
        NOTE: likely have all sorts of unexpected/unwanted side-effects.
 CVE-2019-9618 (The GraceMedia Media Player plugin 1.0 for WordPress allows 
Local File ...)
-       TODO: check
+       NOT-FOR-US: GraceMedia Media Player plugin for WordPress
 CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers 
can ex ...)
        NOT-FOR-US: OFCMS
 CVE-2019-9616 (An issue was discovered in OFCMS before 1.1.3. Remote attackers 
can ex ...)
@@ -12650,9 +12650,9 @@ CVE-2019-7220
 CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in 
Zarafa  ...)
        - zarafa <itp> (bug #658433)
 CVE-2019-7218 (Citrix ShareFile through 19.1 allows a downgrade from 
two-factor authe ...)
-       TODO: check
+       NOT-FOR-US: Citrix ShareFile
 CVE-2019-7217 (Citrix ShareFile through 19.1 allows User Enumeration. It is 
possible  ...)
-       TODO: check
+       NOT-FOR-US: Citrix ShareFile
 CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. 
filechucker.cgi ...)
        NOT-FOR-US: FileChucker
 CVE-2019-7215
@@ -20889,7 +20889,7 @@ CVE-2019-3686
 CVE-2019-3685
        RESERVED
 CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 
1b426ad5ed0a71 ...)
-       TODO: check
+       NOT-FOR-US: SUSE Manager
 CVE-2019-3683
        RESERVED
 CVE-2019-3682
@@ -26991,7 +26991,7 @@ CVE-2019-1864
 CVE-2019-1863
        RESERVED
 CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of 
Cisco IOS  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2019-1861
        RESERVED
 CVE-2019-1860
@@ -27442,7 +27442,7 @@ CVE-2019-1651 (A vulnerability in the vContainer of the 
Cisco SD-WAN Solution co
 CVE-2019-1650 (A vulnerability in the Cisco SD-WAN Solution could allow an 
authentica ...)
        NOT-FOR-US: Cisco
 CVE-2019-1649 (A vulnerability in the logic that handles access control to one 
of the ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2019-1648 (A vulnerability in the user group configuration of the Cisco 
SD-WAN So ...)
        NOT-FOR-US: Cisco
 CVE-2019-1647 (A vulnerability in the Cisco SD-WAN Solution could allow an 
authentica ...)
@@ -39451,7 +39451,7 @@ CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak 
vulnerability in the funct
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/3449a06f0122d4d9e68b4739417a3eaad0b24265
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1201
 CVE-2018-16639 (Typesetter 5.1 allows XSS via the index.php/Admin LABEL 
parameter duri ...)
-       TODO: check
+       NOT-FOR-US: Typesetter CMS
 CVE-2018-16638 (Evolution CMS 1.4.x allows XSS via the manager/ search 
parameter. ...)
        NOT-FOR-US: Evolution CMS
 CVE-2018-16637 (Evolution CMS 1.4.x allows XSS via the page weblink title 
parameter to ...)
@@ -39477,9 +39477,9 @@ CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS 
via a blog name. ...)
 CVE-2018-16627 (panel/login in Kirby v2.5.12 allows Host header injection via 
the "for ...)
        NOT-FOR-US: Kirby
 CVE-2018-16626 (index.php/Admin/Classes in Typesetter 5.1 allows XSS via the 
descripti ...)
-       TODO: check
+       NOT-FOR-US: Typesetter CMS
 CVE-2018-16625 (index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an 
SVG file  ...)
-       TODO: check
+       NOT-FOR-US: Typesetter CMS
 CVE-2018-16624 (panel/pages/home/edit in Kirby v2.5.12 allows XSS via the 
title of a n ...)
        NOT-FOR-US: Kirby
 CVE-2018-16623 (Kirby V2.5.12 is prone to a Persistent XSS attack via the 
Title of the ...)
@@ -40723,13 +40723,13 @@ CVE-2018-16140 (A buffer underwrite vulnerability in 
get_line() (read.c) in fig2
        NOTE: 
https://sourceforge.net/p/mcj/fig2dev/ci/e0c4b02429116b15ad1568c2c425f06b95b95830
        NOTE: Crash in CLI tool, no security impact
 CVE-2018-16139 (Cross-site scripting (XSS) vulnerability in BIBLIOsoft 
BIBLIOpac 2008  ...)
-       TODO: check
+       NOT-FOR-US: BIBLIOsoft BIBLIOpac
 CVE-2018-16138 (An issue was discovered in the administration page in IPBRICK 
OS 6.3.  ...)
-       TODO: check
+       NOT-FOR-US: IPBRICK OS
 CVE-2018-16137 (An issue was discovered in the Web Management Console in 
IPBRICK OS 6. ...)
-       TODO: check
+       NOT-FOR-US: IPBRICK OS
 CVE-2018-16136 (An issue was discovered in the administrator interface in 
IPBRICK OS 6 ...)
-       TODO: check
+       NOT-FOR-US: IPBRICK OS
 CVE-2018-16135
        RESERVED
 CVE-2018-16134 (Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. ...)
@@ -52483,7 +52483,7 @@ CVE-2018-11693 (An issue was discovered in LibSass 
through 3.5.4. An out-of-boun
 CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, 
LBP3370, LBP3 ...)
        NOT-FOR-US: Canon devices
 CVE-2018-11691 (Emerson VE6046 09.0.12 devices have hardcoded admin 
credentials allowi ...)
-       TODO: check
+       NOT-FOR-US: Emerson devices
 CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous 
versions for  ...)
        NOT-FOR-US: Balbooa Gridbox extension for Joomla!
 CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is 
vulnerable to cr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0127b330840ffcee10ab137ee20a8367a81f0a83

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0127b330840ffcee10ab137ee20a8367a81f0a83
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to