[Git][security-tracker-team/security-tracker][master] NFUs

Thu, 14 Nov 2019 01:34:44 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
97d67f83 by Moritz Muehlenhoff at 2019-11-14T09:33:26Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,17 +9,17 @@ CVE-2019-18956
 CVE-2019-18955
        RESERVED
 CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. 
A malici ...)
-       TODO: check
+       NOT-FOR-US: Pomelo
 CVE-2019-18953
        RESERVED
 CVE-2019-18952 (SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi 
arbitrary fil ...)
-       TODO: check
+       NOT-FOR-US: SibSoft Xfilesharing
 CVE-2019-18951 (SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ 
directo ...)
-       TODO: check
+       NOT-FOR-US: SibSoft Xfilesharing
 CVE-2019-18950
        RESERVED
 CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a 
per-site JavaSc ...)
-       TODO: check
+       NOT-FOR-US: SnowHaze
 CVE-2019-18948
        RESERVED
 CVE-2019-18947
@@ -71,7 +71,7 @@ CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its 
functionalities can be acce
 CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory 
traversal. By  ...)
        NOT-FOR-US: Systematic IRIS WebForms
 CVE-2019-18923 (Insufficient content type validation of proxied resources in 
go-camo b ...)
-       TODO: check
+       NOT-FOR-US: go-camo
 CVE-2019-18922
        RESERVED
 CVE-2019-18921
@@ -162,9 +162,9 @@ CVE-2019-18886 [Prevent user enumeration using switch user 
functionality]
 CVE-2019-18885
        RESERVED
 CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate 
Project Manage ...)
-       TODO: check
+       NOT-FOR-US: RISE
 CVE-2019-18883 (XSS exists in Lavalite CMS 5.7 via the admin/profile name or 
designati ...)
-       TODO: check
+       NOT-FOR-US: Lavalite CMS
 CVE-2019-18882 (WSO2 IS as Key Manager 5.7.0 allows stored XSS in 
download-userinfo.ja ...)
        NOT-FOR-US: WSO2 IS
 CVE-2019-18881 (WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected 
XSS in t ...)
@@ -217,7 +217,7 @@ CVE-2019-18859
 CVE-2019-18858
        RESERVED
 CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and 
data val ...)
-       TODO: check
+       NOT-FOR-US: darylldoyle svg-sanitizer
 CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer 
module t ...)
        NOT-FOR-US: SVG Sanitizer module for Drupal
 CVE-2019-18855 (A Denial Of Service vulnerability exists in the safe-svg (aka 
Safe SVG ...)
@@ -247,7 +247,7 @@ CVE-2019-18846
 CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB 
before 1.1  ...)
        NOT-FOR-US: Patriot Viper RGB
 CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on 
assert cal ...)
-       TODO: check
+       NOT-FOR-US: ACRN
 CVE-2019-18843
        RESERVED
 CVE-2019-18842
@@ -261,11 +261,11 @@ CVE-2019-18840 (In wolfSSL 4.1.0 through 4.2.0c, there 
are missing sanity checks
        NOTE: https://github.com/wolfSSL/wolfssl/issues/2555
        NOTE: 
https://github.com/wolfSSL/wolfssl/commit/52f28bd5149360f8e3bf8ca13d3fb9a77283df7c
 CVE-2019-18839 (FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin 
parameter. T ...)
-       TODO: check
+       NOT-FOR-US: FUDForum
 CVE-2019-18838
        RESERVED
 CVE-2019-18837 (An issue was discovered in crun before 0.10.5. With a crafted 
image, i ...)
-       TODO: check
+       - crun <not-affected> (Fixed in initial upload)
 CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of 
resource loo ...)
        NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on 
some fede ...)
@@ -391,7 +391,7 @@ CVE-2019-18795
 CVE-2019-18794
        RESERVED
 CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in 
target/locales/tr-TR/help/inde ...)
-       TODO: check
+       NOT-FOR-US: Parallels Plesk Panel
 CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages 
Parameter :  ...)
        NOT-FOR-US: Progress Sitefinity CMS
 CVE-2019-18792
@@ -4008,7 +4008,7 @@ CVE-2019-18242
 CVE-2019-18241
        RESERVED
 CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based 
buffer o ...)
-       TODO: check
+       NOT-FOR-US: Fuji
 CVE-2019-18239
        RESERVED
 CVE-2019-18238



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/97d67f834285a7b8107aa1c400d4ae0b68aa6853

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/97d67f834285a7b8107aa1c400d4ae0b68aa6853
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to