[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Apr 5 21:19:22 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3980016f by Salvatore Bonaccorso at 2019-04-05T20:18:25Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,13 +9,13 @@ CVE-2019-10890
 CVE-2019-10889
 	RESERVED
 CVE-2019-10888 (A CSRF Issue that can add an admin user was discovered in UKcms v1.1.1 ...)
-	TODO: check
+	NOT-FOR-US: UKcms
 CVE-2019-10887 (A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) de ...)
-	TODO: check
+	NOT-FOR-US: Salicru SLC-20-cube3(5) devices
 CVE-2019-10886
 	RESERVED
 CVE-2019-10885 (An issue was discovered in Ivanti Workspace Control before 10.3.90.0.  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti Workspace Control
 CVE-2019-10884 (Uniqkey Password Manager 1.14 contains a vulnerability because it fail ...)
 	TODO: check
 CVE-2019-10883
@@ -27,7 +27,7 @@ CVE-2019-10881
 CVE-2019-10880
 	RESERVED
 CVE-2018-20816 (An XSS combined with CSRF vulnerability discovered in SalesAgility Sui ...)
-	TODO: check
+	NOT-FOR-US: SalesAgility SuiteCRM
 CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...)
 	- teeworlds <unfixed>
 	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
@@ -964,9 +964,9 @@ CVE-2019-10481
 CVE-2019-10480
 	RESERVED
 CVE-2019-10479 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...)
-	TODO: check
+	NOT-FOR-US: Glory RBW-100 devices
 CVE-2019-10478 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...)
-	TODO: check
+	NOT-FOR-US: Glory RBW-100 devices
 CVE-2019-10477 (The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 fo ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2019-10476
@@ -10061,7 +10061,7 @@ CVE-2019-7003
 CVE-2019-7002
 	RESERVED
 CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
-	TODO: check
+	NOT-FOR-US: IP Office Contact Center
 CVE-2019-7000
 	RESERVED
 CVE-2019-6999
@@ -11093,15 +11093,15 @@ CVE-2019-6556
 CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
 	NOT-FOR-US: Cscape
 CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2019-6553 (A vulnerability was found in Rockwell Automation RSLinx Classic versio ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2019-6552 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command  ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2019-6551 (Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior al ...)
 	NOT-FOR-US: Pangea Communications Internet FAX ATA
 CVE-2019-6550 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-ba ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a XML file ...)
 	NOT-FOR-US: PR100088 Modbus
 CVE-2019-6548
@@ -19716,7 +19716,7 @@ CVE-2018-20224
 CVE-2018-20223
 	RESERVED
 CVE-2018-20222 (XXE issue in Airsonic before 10.1.2 during parse. ...)
-	TODO: check
+	NOT-FOR-US: Airsonic
 CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are  ...)
 	NOT-FOR-US: Deltek
 CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
@@ -23799,9 +23799,9 @@ CVE-2019-1830
 CVE-2019-1829
 	RESERVED
 CVE-2019-1828 (A vulnerability in the web-based management interface of Cisco Small B ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1827 (A vulnerability in the Online Help web service of Cisco Small Business ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1826
 	RESERVED
 CVE-2019-1825
@@ -28842,7 +28842,7 @@ CVE-2018-19284
 CVE-2018-19283
 	RESERVED
 CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2018-19281 (Centreon 3.4.x allows SNMP trap SQL Injection. ...)
 	NOT-FOR-US: Centreon
 CVE-2018-19280 (Centreon 3.4.x has XSS via the resource name or macro expression of a  ...)
@@ -39782,7 +39782,7 @@ CVE-2018-15182 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstNa
 CVE-2018-15181 (JioFi 4G Hotspot M2S devices allow attackers to cause a denial of serv ...)
 	NOT-FOR-US: JioFi 4G Hotspot M2S devices
 CVE-2018-15180 (qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect vi ...)
-	TODO: check
+	NOT-FOR-US: QASymphony qTest Manager
 CVE-2018-15179
 	RESERVED
 CVE-2018-15178 (Open redirect vulnerability in Gogs before 0.12 allows remote attacker ...)
@@ -48595,7 +48595,7 @@ CVE-2018-11832 (In all android releases (Android for MSM, Firefox OS for MSM, QR
 CVE-2018-11831
 	RESERVED
 CVE-2018-11830 (Improper input validation in QCPE create function may lead to integer  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2018-11829
 	RESERVED
 CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3980016f0fe72e6b08763e70e0a194dd196d20a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3980016f0fe72e6b08763e70e0a194dd196d20a7
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190405/2ac615c8/attachment.html>


More information about the debian-security-tracker-commits mailing list