[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Wed, 22 May 2019 13:38:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9d234294 by Salvatore Bonaccorso at 2019-05-22T20:36:44Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2019-12281
 CVE-2019-12280
        RESERVED
 CVE-2019-12279 (Nagios XI 5.6.1 allows SQL injection via the username 
parameter to log ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2019-12278
        RESERVED
 CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict 
APIs, as de ...)
-       TODO: check
+       NOT-FOR-US: Blogifier
 CVE-2019-12276
        RESERVED
 CVE-2019-12275
@@ -35,7 +35,7 @@ CVE-2019-12272
 CVE-2019-12271
        RESERVED
 CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 
configur ...)
-       TODO: check
+       NOT-FOR-US: OpenText Brava!
 CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an 
inline PG ...)
        - enigmail <unfixed> (bug #929363)
        NOTE: https://sourceforge.net/p/enigmail/bugs/983/
@@ -269,7 +269,7 @@ CVE-2019-12169
 CVE-2019-12168 (Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow 
remote code ...)
        NOT-FOR-US: Four-Faith Wireless Mobile Router F3x24 devices
 CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert 
Challenger 5.1 ...)
-       TODO: check
+       NOT-FOR-US: Emerson Network Power Liebert Challenger
 CVE-2019-12166
        RESERVED
 CVE-2019-12165
@@ -419,7 +419,7 @@ CVE-2019-12104
 CVE-2019-12103
        RESERVED
 CVE-2019-12102 (Kentico 11 through 12 lets attackers upload and explore files 
without  ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles 
certain ...)
        NOT-FOR-US: LibNyoci
 CVE-2019-12100
@@ -540,7 +540,7 @@ CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability 
through which the Nodejs
 CVE-2019-12045
        RESERVED
 CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x 
before 10. ...)
-       TODO: check
+       NOT-FOR-US: Citrix NetScaler Gateway
 CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL 
filtering, wh ...)
        NOT-FOR-US: remarkable
 CVE-2019-12042
@@ -877,7 +877,7 @@ CVE-2019-11882
 CVE-2019-11881
        RESERVED
 CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. 
This is  ...)
-       TODO: check
+       NOT-FOR-US: CommSy
 CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory 
travers ...)
        TODO: check
 CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 
V4.02.R12.00035520.1 ...)
@@ -1460,7 +1460,7 @@ CVE-2019-11636 (Zcash 2.x allows an inexpensive approach 
to "fill all transactio
 CVE-2019-11635
        RESERVED
 CVE-2019-11634 (Citrix Workspace App before 1904 for Windows has Incorrect 
Access Cont ...)
-       TODO: check
+       NOT-FOR-US: Citrix Workspace App
 CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by 
attackers becaus ...)
        NOT-FOR-US: HoneyPress
 CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 
through 2019. ...)
@@ -1734,7 +1734,7 @@ CVE-2019-11538 (In Pulse Secure Pulse Connect Secure 
version 9.0RX before 9.0R3.
 CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, 
/upload/scp/ ...)
        NOT-FOR-US: osTicket
 CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 
2.24.0, 3 ...)
-       TODO: check
+       NOT-FOR-US: Kalki Kalkitech
 CVE-2019-11535
        RESERVED
 CVE-2019-11534
@@ -2512,7 +2512,7 @@ CVE-2019-11233
 CVE-2019-11232
        RESERVED
 CVE-2019-11231 (An issue was discovered in GetSimple CMS through 3.3.15. 
insufficient  ...)
-       TODO: check
+       NOT-FOR-US: GetSimple CMS
 CVE-2019-11230
        RESERVED
 CVE-2019-11229 (models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 
1.8-RC3 m ...)
@@ -10271,9 +10271,9 @@ CVE-2019-8445
 CVE-2019-8444
        RESERVED
 CVE-2019-8443 (The ViewUpgrades resource in Jira before version 7.13.4, from 
version  ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-8442 (The CachingResourceDownloadRewriteRule class in Jira before 
version 7. ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-8441
        RESERVED
 CVE-2019-8440 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS 
Vulner ...)
@@ -11587,11 +11587,11 @@ CVE-2019-7846
 CVE-2019-7845
        RESERVED
 CVE-2019-7844 (Adobe Media Encoder version 13.0.2 has an out-of-bounds read 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-7843
        RESERVED
 CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free 
vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-7841 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 
2019.010 ...)
        NOT-FOR-US: Adobe
 CVE-2019-7840
@@ -17344,11 +17344,11 @@ CVE-2019-5629
 CVE-2019-5628
        RESERVED
 CVE-2019-5627 (The iOS mobile application BlueCats Reveal before 5.14 stores 
the user ...)
-       TODO: check
+       NOT-FOR-US: iOS mobile application BlueCats Reveal
 CVE-2019-5626 (The Android mobile application BlueCats Reveal before 3.0.19 
stores th ...)
-       TODO: check
+       NOT-FOR-US: Android mobile application BlueCats Reveal
 CVE-2019-5625 (The Android mobile application Halo Home before 1.11.0 stores 
OAuth au ...)
-       TODO: check
+       NOT-FOR-US: Android mobile application Halo Home
 CVE-2019-5624 (Rapid7 Metasploit Framework suffers from an instance of CWE-22, 
Improp ...)
        NOT-FOR-US: Rapid7 Metasploit Framework
 CVE-2019-5623
@@ -23434,11 +23434,11 @@ CVE-2019-3405
 CVE-2019-3404
        RESERVED
 CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before 
version 7.13. ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 
7.13.3 a ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-3401 (The ManageFilters.jspa resource in Jira before version 7.13.3 
and from ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-3400 (The labels gadget in Jira before version 7.13.2, and from 
version 8.0. ...)
        NOT-FOR-US: Atlassian
 CVE-2019-3399 (The BrowseProjects.jspa resource in Jira before version 7.13.2, 
and fr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d2342940f8b6b2d8cef0b9c23f3e96ac86e0ab4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d2342940f8b6b2d8cef0b9c23f3e96ac86e0ab4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to