[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Mon, 11 Feb 2019 09:36:58 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
10aeb400 by Moritz Muehlenhoff at 2019-02-11T17:36:16Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2019-XXXX [borgbackup unspecified security issue]
 CVE-2019-7721 (lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files 
via the ...)
        NOT-FOR-US: nc-cms
 CVE-2019-7720 (taocms through 2014-05-24 allows eval injection by placing PHP 
code in ...)
-       TODO: check
+       NOT-FOR-US: taocms
 CVE-2019-7719 (Nibbleblog 4.0.5 allows eval injection by placing PHP code in 
the ...)
-       TODO: check
+       NOT-FOR-US: Nibbleblog
 CVE-2019-7718 (An issue was discovered in Metinfo 6.x. An attacker can 
leverage a race ...)
        NOT-FOR-US: Metinfo
 CVE-2019-7717
@@ -56,9 +56,9 @@ CVE-2019-7698 (An issue was discovered in ...)
 CVE-2019-7697 (An issue was discovered in Bento4 v1.5.1-627. There is an 
assertion ...)
        NOT-FOR-US: Bento4
 CVE-2018-20780 (Traq 3.7.1 allows admin/users/new CSRF to create an admin 
account (aka ...)
-       TODO: check
+       NOT-FOR-US: Traq
 CVE-2018-20779 (Traq 3.7.1 allows SQL Injection via a tickets?search= URI. ...)
-       TODO: check
+       NOT-FOR-US: Traq
 CVE-2018-20778 (admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by 
creating a ...)
        NOT-FOR-US: Frog CMS
 CVE-2018-20777 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body 
field. ...)
@@ -82,7 +82,7 @@ CVE-2019-7694
 CVE-2019-7693 (Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the ...)
        NOT-FOR-US: Axios Italia Axios RE devices
 CVE-2019-7692 (install/install.php in CIM 0.9.3 allows remote attackers to 
execute ...)
-       TODO: check
+       NOT-FOR-US: CIM
 CVE-2019-7691
        RESERVED
 CVE-2019-7690
@@ -472,7 +472,7 @@ CVE-2019-7537
 CVE-2019-7536
        RESERVED
 CVE-2019-7535 (index.php in Gurock TestRail 5.3.0.3603 returns potentially 
sensitive ...)
-       TODO: check
+       NOT-FOR-US: Gurock TestRail
 CVE-2019-7534
        RESERVED
 CVE-2019-7533
@@ -632,7 +632,7 @@ CVE-2018-20755 (MODX Revolution through v2.7.0-pl allows 
XSS via the User Photo
 CVE-2018-20754
        RESERVED
 CVE-2015-9282 (The Pie Chart Panel plugin through 2019-01-02 for Grafana is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Grafana plugin
 CVE-2019-XXXX [netmask: buffer overflow vulnerability]
        - netmask 2.4.4-1 (unimportant; bug #921565)
        [jessie] - netmask 2.3.12+deb8u1
@@ -34693,7 +34693,7 @@ CVE-2018-13794 (A heap-based buffer overflow exists in 
stbi__bmp_load_cont in ..
 CVE-2018-13793 (Multiple Cross Site Request Forgery (CSRF) vulnerabilities in 
the HTTP ...)
        NOT-FOR-US: ABBYY FlexiCapture
 CVE-2018-13792 (Multiple SQL injection vulnerabilities in the monitoring 
feature in the ...)
-       TODO: check
+       NOT-FOR-US: ABBYY FlexiCapture
 CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 
7 allows ...)
        NOT-FOR-US: ABBYY FlexiCapture
 CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in ...)
@@ -50355,7 +50355,7 @@ CVE-2018-7841
 CVE-2018-7840
        RESERVED
 CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT 
Monitor ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2018-7838
        RESERVED
 CVE-2018-7837 (An Improper Restriction of XML External Entity Reference 
('XXE') ...)
@@ -50399,7 +50399,7 @@ CVE-2018-7819
 CVE-2018-7818
        RESERVED
 CVE-2018-7817 (A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 
v5.1 ...)
-       TODO: check
+       NOT-FOR-US: Zolio
 CVE-2018-7816
        RESERVED
 CVE-2018-7815 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by 
...)
@@ -61864,7 +61864,7 @@ CVE-2018-3982 (An exploitable arbitrary write 
vulnerability exists in the Word .
 CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing 
...)
        NOT-FOR-US: Atlantis Word Processor
 CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing 
...)
-       TODO: check
+       NOT-FOR-US: Canvas Draw
 CVE-2018-3979
        RESERVED
 CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the 
Word ...)
@@ -61885,7 +61885,7 @@ CVE-2018-3975 (An exploitable uninitialized variable 
vulnerability exists in the
 CVE-2018-3974
        RESERVED
 CVE-2018-3973 (An exploitable out of bounds write exists in the CAL parsing 
...)
-       TODO: check
+       NOT-FOR-US: Canvas Draw
 CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin 
...)
        NOT-FOR-US: Epee library
 CVE-2018-3971 (An exploitable arbitrary write vulnerability exists in the 
0x2222CC ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10aeb4009c5db9d1c953d4d88c0ea21c1e64c1f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10aeb4009c5db9d1c953d4d88c0ea21c1e64c1f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to