[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 03 Mar 2020 06:08:55 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1c8feffd by Salvatore Bonaccorso at 2020-03-03T15:07:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18212,9 +18212,9 @@ CVE-2019-19610
 CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to 
Remote Co ...)
        NOT-FOR-US: Strapi
 CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing 
component of  ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2019-19607 (A SQL injection vulnerability in the web conferencing 
component of Mit ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2019-19606
        RESERVED
 CVE-2019-19605
@@ -20346,9 +20346,9 @@ CVE-2019-19373 (An issue was discovered in Squiz Matrix 
CMS 5.5.0 prior to 5.5.0
 CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal 
vulnera ...)
        NOT-FOR-US: rConfig
 CVE-2019-19371 (A cross-site scripting (XSS) vulnerability in the web 
conferencing com ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2019-19370 (A cross-site scripting (XSS) vulnerability in the web 
conferencing com ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2019-19369
        RESERVED
 CVE-2019-19368 (A Reflected Cross Site Scripting was discovered in the Login 
page of R ...)
@@ -21980,7 +21980,7 @@ CVE-2019-18865
 CVE-2019-18864
        RESERVED
 CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 
128-bit k ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and 
allows loca ...)
        - mailutils <unfixed> (unimportant; bug #944265)
        NOTE: /usr/sbin/maidat not installed suid root on Debian
@@ -70508,7 +70508,7 @@ CVE-2018-20345 (Incorrect access control in StackStorm 
API (st2api) in StackStor
 CVE-2018-20344
        RESERVED
 CVE-2018-20343 (Multiple buffer overflow vulnerabilities have been found in 
Ken Silver ...)
-       TODO: check
+       NOT-FOR-US: Ken Silverman Build Engine
 CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a 
UART serial ...)
        NOT-FOR-US: Floureon IP Camera SP012
 CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption software before 8.3 has an 
Unquoted ...)
@@ -76327,7 +76327,7 @@ CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer 
Overflow in new_aubio_tempo.
 CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has 
/exports/export.php?datatoexport= X ...)
        - dolibarr <removed>
 CVE-2018-19798 (Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier 
allows uplo ...)
-       TODO: check
+       NOT-FOR-US: Fleetco Fleet Maintenance Management (FMM)
 CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function 
Sass::Sel ...)
        - libsass <unfixed>
        [buster] - libsass <no-dsa> (Minor issue)
@@ -78998,7 +78998,7 @@ CVE-2018-19601 (Rhymix CMS 1.9.8.1 allows SSRF via an 
index.php?module=admin&amp
 CVE-2018-19600 (Rhymix CMS 1.9.8.1 allows XSS via an 
index.php?module=admin&amp;act=di ...)
        NOT-FOR-US: Rhymix CMS
 CVE-2018-19599 (Monstra CMS 1.6 allows XSS via an uploaded SVG document to the 
admin/i ...)
-       TODO: check
+       NOT-FOR-US: Monstra CMS
 CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the 
/users U ...)
        NOT-FOR-US: Statamic
 CVE-2018-19597 (CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, 
a relat ...)
@@ -88729,9 +88729,9 @@ CVE-2018-16359 (Google gVisor before 2018-08-23, within 
the seccomp sandbox, per
 CVE-2018-16358 (A cross-site scripting (XSS) vulnerability in 
inc/core/class.dc.core.p ...)
        - dotclear <removed>
 CVE-2018-16357 (An issue was discovered in PbootCMS. There is a SQL injection 
via the  ...)
-       TODO: check
+       NOT-FOR-US: PbootCMS
 CVE-2018-16356 (An issue was discovered in PbootCMS. There is a SQL injection 
via the  ...)
-       TODO: check
+       NOT-FOR-US: PbootCMS
 CVE-2018-16355
        RESERVED
 CVE-2018-16354 (An issue was discovered in FHCRM through 2018-02-11. There is 
a SQL in ...)
@@ -117562,7 +117562,7 @@ CVE-2018-5953 (The swiotlb_print_info function in 
lib/swiotlb.c in the Linux ker
 CVE-2018-5952
        RESERVED
 CVE-2018-5951 (An issue was discovered in Mikrotik RouterOS. Crafting a packet 
that h ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik RouterOS
 CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the 
email_ftp_password_change setti ...)
        NOT-FOR-US: JBMC DirectAdmin
 CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in 
Mailman befo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8feffd88a20c1957a4c05227e71f90d7749559

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8feffd88a20c1957a4c05227e71f90d7749559
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to