[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Apr 1 21:20:30 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f10f2a8 by Salvatore Bonaccorso at 2019-04-01T20:19:45Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo thro
 CVE-2019-10685
 	RESERVED
 CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 74cms v5.0. ...)
-	TODO: check
+	NOT-FOR-US: 74cms
 CVE-2019-10683
 	RESERVED
 CVE-2019-10682
@@ -4359,7 +4359,7 @@ CVE-2019-9134
 CVE-2019-9133
 	RESERVED
 CVE-2019-9132 (Remote code execution vulnerability exists in KaKaoTalk PC messenger w ...)
-	TODO: check
+	NOT-FOR-US: KaKaoTalk PC messenger
 CVE-2019-9131
 	RESERVED
 CVE-2019-9130
@@ -10174,7 +10174,7 @@ CVE-2019-6717
 CVE-2019-6716 (An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket C ...)
 	NOT-FOR-US: LogonBox Nervepoint Access Manager
 CVE-2019-6715 (pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress al ...)
-	TODO: check
+	NOT-FOR-US: W3 Total Cache plugin for WordPress
 CVE-2019-6714 (An issue was discovered in BlogEngine.NET through 3.3.6.0. A path trav ...)
 	NOT-FOR-US: BlogEngine.NET
 CVE-2019-6713 (app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows ...)
@@ -13189,7 +13189,7 @@ CVE-2019-5525
 CVE-2019-5524
 	RESERVED
 CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 up ...)
-	TODO: check
+	NOT-FOR-US: VMware vCloud Director for Service Providers
 CVE-2019-5522
 	RESERVED
 CVE-2019-5521
@@ -23759,7 +23759,7 @@ CVE-2019-1574
 CVE-2019-1573
 	RESERVED
 CVE-2019-1572 (PAN-OS 9.0.0 may allow an unauthenticated remote user to access php fi ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2019-1571 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
 	TODO: check
 CVE-2019-1570 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
@@ -43920,39 +43920,39 @@ CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
 	NOTE: Fixed in 3.2.11
 CVE-2018-13299 (Relative path traversal vulnerability in Attachment Uploader in Synolo ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13298 (Channel accessible by non-endpoint vulnerability in privacy page in Sy ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13297 (Information exposure vulnerability in SYNO.SynologyDrive.Files in Syno ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13296 (Uncontrolled resource consumption vulnerability in TLS configuration i ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13295 (Information exposure vulnerability in SYNO.Personal.Application.Info i ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13294 (Information exposure vulnerability in SYNO.Personal.Profile in Synolog ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13293 (Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13292 (Information exposure vulnerability in /usr/syno/etc/mount.conf in Syno ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13291 (Information exposure vulnerability in /usr/syno/etc/mount.conf in Syno ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13290 (Information exposure vulnerability in SYNO.Core.ACL in Synology Router ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13289 (Information exposure vulnerability in SYNO.FolderSharing.List in Synol ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13288 (Information exposure vulnerability in SYNO.FolderSharing.List in Synol ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13287 (Incorrect default permissions vulnerability in synouser.conf in Synolo ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13286 (Incorrect default permissions vulnerability in synouser.conf in Synolo ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13285 (Command injection vulnerability in ftpd in Synology Router Manager (SR ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13284 (Command injection vulnerability in ftpd in Synology Diskstation Manage ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13283 (Lack of administrator control over security vulnerability in client.cg ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13282 (Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology P ...)
 	NOT-FOR-US: Synology Photo Station
 CVE-2018-13281 (Information exposure vulnerability in SYNO.Core.ACL in Synology DiskSt ...)
@@ -55842,7 +55842,7 @@ CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center i
 CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media Server befor ...)
 	NOT-FOR-US: Synology Media Server
 CVE-2018-8913 (Missing custom error page vulnerability in Synology Web Station before ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in S ...)
 	NOT-FOR-US: Synology Note Station
 CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview in Syno ...)
@@ -65439,7 +65439,7 @@ CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintai
 CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0. ...)
 	NOT-FOR-US: Aurea Jive Jive-n
 CVE-2018-5757 (An issue was discovered on AudioCodes 450HD IP Phone devices with firm ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes 450HD IP Phone devices
 CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
 	NOT-FOR-US: Open-Xchange
 CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine component in ...)
@@ -83340,9 +83340,9 @@ CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fu
 CVE-2017-16776 (Security researchers discovered an authentication bypass vulnerability ...)
 	NOT-FOR-US: Conserus Workflow Intelligence
 CVE-2017-16775 (Improper restriction of rendered UI layers or frames vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-16774 (Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotifica ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in Synology  ...)
 	NOT-FOR-US: Synology
 CVE-2017-16772 (Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUploa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f10f2a8c2bd2966f80219dc6f77a584f98fa6ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f10f2a8c2bd2966f80219dc6f77a584f98fa6ba
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190401/f84c7987/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list