[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Thu, 06 Dec 2018 00:52:05 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c7e3c2d4 by Salvatore Bonaccorso at 2018-12-06T08:50:35Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2018-19907 (A Server-Side Template Injection issue was discovered in 
Crafter CMS ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2018-19906
        RESERVED
 CVE-2018-19905
@@ -17,19 +17,19 @@ CVE-2018-19900
 CVE-2018-19899
        RESERVED
 CVE-2018-19898 (ThinkCMF X2.2.2 has SQL Injection via the method edit_post in 
...)
-       TODO: check
+       NOT-FOR-US: ThinkCMF
 CVE-2018-19897 (ThinkCMF X2.2.2 has SQL Injection via the function 
_listorders() in ...)
-       TODO: check
+       NOT-FOR-US: ThinkCMF
 CVE-2018-19896 (ThinkCMF X2.2.2 has SQL Injection via the function delete() in 
...)
-       TODO: check
+       NOT-FOR-US: ThinkCMF
 CVE-2018-19895 (ThinkCMF X2.2.2 has SQL Injection via the function edit_post() 
in ...)
-       TODO: check
+       NOT-FOR-US: ThinkCMF
 CVE-2018-19894 (ThinkCMF X2.2.2 has SQL Injection via the functions check() 
and ...)
-       TODO: check
+       NOT-FOR-US: ThinkCMF
 CVE-2018-19893 (SearchController.php in PbootCMS 1.2.1 has SQL injection via 
the ...)
-       TODO: check
+       NOT-FOR-US: PbootCMS
 CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the 
admin/dw/add-server.php ...)
-       TODO: check
+       NOT-FOR-US: DomainMOD
 CVE-2018-19891 (An invalid memory address dereference was discovered in the 
huffcode ...)
        TODO: check
 CVE-2018-19890 (An invalid memory address dereference was discovered in the 
huffcode ...)
@@ -356,9 +356,9 @@ CVE-2018-19755 (There is an illegal address access at 
asm/preproc.c (function: .
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
        NOTE: 
https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
 CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access 
Control. ...)
-       TODO: check
+       NOT-FOR-US: Tarantella Enterprise
 CVE-2018-19753 (Tarantella Enterprise before 3.11 allows Directory Traversal. 
...)
-       TODO: check
+       NOT-FOR-US: Tarantella Enterprise
 CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the 
assets/add/registrar.php ...)
        NOT-FOR-US: DomainMOD
 CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the 
admin/ssl-fields/add.php ...)
@@ -578,7 +578,7 @@ CVE-2018-19652
 CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer 
through 6.1.6 ...)
        NOT-FOR-US: Interspire Email Marketer
 CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on 
...)
-       TODO: check
+       NOT-FOR-US: Antiy-AVL ATool security management
 CVE-2019-1564
        RESERVED
 CVE-2019-1563
@@ -5208,7 +5208,7 @@ CVE-2018-18993 (Two stack-based buffer overflow 
vulnerabilities have been discov
 CVE-2018-18992
        RESERVED
 CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA 
WebServer ...)
-       TODO: check
+       NOT-FOR-US: SCADA WebServer
 CVE-2018-18990
        RESERVED
 CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 
and ...)
@@ -10734,9 +10734,9 @@ CVE-2018-16802 (An issue was discovered in Artifex 
Ghostscript before 9.25. Inco
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
        NOTE: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
 CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to 
XXE via ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds SFTP/SCP server
 CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the 
configuration ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds SFTP/SCP server
 CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as 
used in ...)
        - libbson <unfixed> (bug #913896)
        [stretch] - libbson <no-dsa> (Minor issue)
@@ -13351,7 +13351,7 @@ CVE-2018-15775
 CVE-2018-15774
        RESERVED
 CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption) 
v10.1.0 ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and 
RecoverPoint for ...)
        NOT-FOR-US: EMC RecoverPoint
 CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and 
RecoverPoint for ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e3c2d4c5a74012605ce1d836938083be2915ab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7e3c2d4c5a74012605ce1d836938083be2915ab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to