[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Apr 1 22:49:35 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
813dcb86 by Moritz Muehlenhoff at 2019-04-01T21:49:07Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
-	TODO: check
+	NOT-FOR-US: Ctrip Apollo
 CVE-2019-10685
 	RESERVED
 CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 74cms v5.0. ...)
@@ -4134,11 +4134,11 @@ CVE-2019-9206
 CVE-2019-9205
 	RESERVED
 CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) before 2.2. ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated u ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...)
 	NOT-FOR-US: Phoenix Contact ILC
 CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...)
@@ -4252,13 +4252,13 @@ CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, proceed_n
 CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...)
 	NOT-FOR-US: WooCommerce
 CVE-2019-9167 (Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 al ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-9166 (Privilege escalation in Nagios XI before 5.5.11 allows local attackers ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-9163
 	RESERVED
 CVE-2019-9161
@@ -4820,11 +4820,11 @@ CVE-2019-8991
 CVE-2019-8990
 	RESERVED
 CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8988 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8987 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8986 (The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO Ja ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-8985 (On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices ...)
@@ -7573,15 +7573,15 @@ CVE-2019-7717
 CVE-2019-7716
 	RESERVED
 CVE-2019-7715 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
-	TODO: check
+	NOT-FOR-US: Interpeak
 CVE-2019-7714 (An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY R ...)
-	TODO: check
+	NOT-FOR-US: Interpeak
 CVE-2019-7713 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
-	TODO: check
+	NOT-FOR-US: Interpeak
 CVE-2019-7712 (An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IP ...)
-	TODO: check
+	NOT-FOR-US: Interpeak
 CVE-2019-7711 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
-	TODO: check
+	NOT-FOR-US: Interpeak
 CVE-2019-7710
 	RESERVED
 CVE-2019-7709
@@ -12204,13 +12204,13 @@ CVE-2019-5893 (Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/uti
 CVE-2019-5892 (bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0. ...)
 	- frr <not-affected> (Fixed before initial upload)
 CVE-2019-5891 (An issue was discovered in OverIT Geocall 6.3 before build 2:346977. A ...)
-	TODO: check
+	NOT-FOR-US: OverIT Geocall
 CVE-2019-5890 (An issue was discovered in OverIT Geocall 6.3 before build 2:346977. W ...)
-	TODO: check
+	NOT-FOR-US: OverIT Geocall
 CVE-2019-5889 (An log-management directory traversal issue was discovered in OverIT G ...)
-	TODO: check
+	NOT-FOR-US: OverIT Geocall
 CVE-2019-5888 (Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 bef ...)
-	TODO: check
+	NOT-FOR-US: OverIT Geocall
 CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of th ...)
 	NOT-FOR-US: ShopXO
 CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the application\install\co ...)
@@ -12884,7 +12884,7 @@ CVE-2019-5676
 CVE-2019-5675
 	RESERVED
 CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2019-5673
 	RESERVED
 CVE-2019-5672
@@ -18500,7 +18500,7 @@ CVE-2018-20380 (Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012,
 CVE-2018-20379 (Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices ...)
 	NOT-FOR-US: Technicolor devices
 CVE-2018-20378 (The L2CAP signaling channel implementation and SDP server implementati ...)
-	TODO: check
+	NOT-FOR-US: OpenSynergy Blue SDK
 CVE-2018-20377 (Orange Livebox 00.96.320S devices allow remote attackers to discover W ...)
 	NOT-FOR-US: Orange Livebox
 CVE-2018-20376 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
@@ -23765,11 +23765,11 @@ CVE-2019-1573
 CVE-2019-1572 (PAN-OS 9.0.0 may allow an unauthenticated remote user to access php fi ...)
 	NOT-FOR-US: PAN-OS
 CVE-2019-1571 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
-	TODO: check
+	NOT-FOR-US: Expedition Migration tool
 CVE-2019-1570 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
-	TODO: check
+	NOT-FOR-US: Expedition Migration tool
 CVE-2019-1569 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
-	TODO: check
+	NOT-FOR-US: Expedition Migration tool
 CVE-2019-1568
 	RESERVED
 CVE-2019-1567
@@ -27693,7 +27693,7 @@ CVE-2018-19468 (HuCart 5.7.4 has SQL injection in get_ip() in system/class/helpe
 CVE-2018-19467
 	RESERVED
 CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. Portainer stores ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2018-19465
 	RESERVED
 CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting. ...)
@@ -69938,7 +69938,7 @@ CVE-2018-4052
 CVE-2018-4051
 	RESERVED
 CVE-2018-4050 (An exploitable local privilege escalation vulnerability exists in the  ...)
-	TODO: check
+	NOT-FOR-US: GOG Galaxy's Games for MacOS
 CVE-2018-4049
 	RESERVED
 CVE-2018-4048
@@ -186600,7 +186600,7 @@ CVE-2015-1009 (Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and
 CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 al ...)
 	NOT-FOR-US: Emerson AMS Device Manager
 CVE-2015-1007 (A specially crafted configuration file could be used to cause a stack- ...)
-	TODO: check
+	NOT-FOR-US: Opto 22 PAC
 CVE-2015-1006
 	RESERVED
 CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE u ...)
@@ -196014,7 +196014,7 @@ CVE-2014-7201 (Multiple SQL injection vulnerabilities in the search function in
 CVE-2014-7200 (Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol ...)
 	NOT-FOR-US: JobControl extension for TYPO3
 CVE-2014-7198 (OMERO before 5.0.6 has multiple CSRF vulnerabilities because the frame ...)
-	TODO: check
+	NOT-FOR-US: OMERO
 CVE-2014-7197
 	RESERVED
 CVE-2014-7196



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/813dcb86fba9bc7ac28446aec75e7405fa1d64bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/813dcb86fba9bc7ac28446aec75e7405fa1d64bb
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190401/bdef7bd6/attachment.html>

More information about the debian-security-tracker-commits mailing list