[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Apr 11 21:27:41 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4963bd6f by Moritz Muehlenhoff at 2019-04-11T20:27:09Z
NFUs
one historic boa issue
zaraf ITP issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -242,7 +242,7 @@ CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to prope
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
 CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard conformi ...)
-	TODO: check
+	NOT-FOR-US: Sequelize
 CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
 	TODO: check
 CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
@@ -2733,11 +2733,11 @@ CVE-2019-9978 (The social-warfare plugin before 3.5.3 for WordPress has stored X
 CVE-2019-9977 (The renderer process in the entertainment system on Tesla Model 3 vehi ...)
 	NOT-FOR-US: entertainment system on Tesla Model 3 vehicles
 CVE-2019-9976 (The Boa server configuration on DASAN H660RM devices with firmware 1.0 ...)
-	TODO: check
+	- boa <removed>
 CVE-2019-9975 (DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for  ...)
-	TODO: check
+	NOT-FOR-US: DASAN
 CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lac ...)
-	TODO: check
+	NOT-FOR-US: DASAN
 CVE-2019-9973
 	RESERVED
 CVE-2019-10013
@@ -4145,7 +4145,7 @@ CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenSt
 CVE-2019-9734
 	RESERVED
 CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
-	TODO: check
+	NOT-FOR-US: JFrog Artifactory
 CVE-2019-9732
 	RESERVED
 CVE-2019-9731
@@ -10368,7 +10368,7 @@ CVE-2019-7221 (The KVM implementation in the Linux kernel through 4.20.5 has a U
 CVE-2019-7220
 	RESERVED
 CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa  ...)
-	TODO: check
+	- zarafa <itp> (bug #658433)
 CVE-2019-7218
 	RESERVED
 CVE-2019-7217
@@ -11781,7 +11781,7 @@ CVE-2019-6612
 CVE-2019-6611
 	RESERVED
 CVE-2019-6610 (On versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6609
 	RESERVED
 CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14 ...)
@@ -12521,7 +12521,7 @@ CVE-2019-6320
 CVE-2019-6319
 	RESERVED
 CVE-2019-6318 (HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP L ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
 	NOT-FOR-US: ABB Relion 630 devices
 CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. ...)
@@ -14199,7 +14199,7 @@ CVE-2019-5716 (In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. T
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-01.html
 CVE-2019-5715 (All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versi ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2019-5714
 	RESERVED
 CVE-2019-5713
@@ -14283,9 +14283,9 @@ CVE-2019-5675
 CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
 	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2019-5673 (NVIDIA Tegra kernel driver contains a vulnerability in the ARM System  ...)
-	TODO: check
+	NOT-FOR-US: Nvidia Tegra
 CVE-2019-5672 (NVIDIA Linux for Tegra (L4T) contains a vulnerability where the Secure ...)
-	TODO: check
+	NOT-FOR-US: Nvidia Tegra
 CVE-2019-5671 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
 	NOT-FOR-US: Nvidia drivers on Windows
 CVE-2019-5670 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
@@ -15594,7 +15594,7 @@ CVE-2019-5026
 CVE-2019-5025
 	REJECTED
 CVE-2019-5024 (A restricted environment escape vulnerability exists in the "kiosk mod ...)
-	TODO: check
+	NOT-FOR-US: Capsule Technologies SmartLinx Neuron
 CVE-2019-5023
 	RESERVED
 CVE-2019-5022
@@ -17839,11 +17839,11 @@ CVE-2019-3918 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54
 CVE-2019-3917 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
 	NOT-FOR-US: Alcatel Lucent
 CVE-2019-3916 (Information disclosure vulnerability in Verizon Fios Quantum Gateway ( ...)
-	TODO: check
+	NOT-FOR-US: Verizon
 CVE-2019-3915 (Authentication Bypass by Capture-replay vulnerability in Verizon Fios  ...)
-	TODO: check
+	NOT-FOR-US: Verizon
 CVE-2019-3914 (Remote command injection vulnerability in Verizon Fios Quantum Gateway ...)
-	TODO: check
+	NOT-FOR-US: Verizon
 CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before 18.3.0- ...)
 	NOT-FOR-US: LabKey Server
 CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community Edition befo ...)
@@ -29628,7 +29628,7 @@ CVE-2018-19302
 CVE-2018-19301 (tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted us ...)
 	NOT-FOR-US: tp4a TELEPORT
 CVE-2018-19300 (On D-Link DAP-1530 (All A revisions) before firmware version 1.06b01,  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-19299
 	RESERVED
 CVE-2018-19298
@@ -32744,39 +32744,39 @@ CVE-2019-0046
 CVE-2019-0045
 	RESERVED
 CVE-2019-0044 (Receipt of a specific packet on the out-of-band management interface f ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0043 (In MPLS environments, receipt of a specific SNMP packet may cause the  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0042 (Juniper Identity Management Service (JIMS) for Windows versions prior  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0041 (On EX4300-MP Series devices with any lo0 filters applied, transit netw ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0040 (On Junos OS, rpcbind should only be listening to port 111 on the inter ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0039 (If REST API is enabled, the Junos OS login credentials are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0038 (Crafted packets destined to the management interface (fxp0) of an SRX3 ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0037 (In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environmen ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0036 (When configuring a stateless firewall filter in Junos OS, terms named  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0035 (When "set system ports console insecure" is enabled, root login is dis ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0034 (Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface s ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0033 (A firewall bypass vulnerability in the proxy ARP service of Juniper Ne ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0032 (A password management issue exists where the Organization authenticati ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0031 (Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0030 (Juniper ATP uses DES and a hardcoded salt for password hashing, allowi ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0029 (Juniper ATP Series Splunk credentials are logged in a file readable by ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0028 (On Junos devices with the BGP graceful restart helper mode enabled or  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0027 (A persistent cross-site scripting (XSS) vulnerability in the Snort Rul ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0026 (A persistent cross-site scripting (XSS) vulnerability in the Zone conf ...)
@@ -32794,7 +32794,7 @@ CVE-2019-0021 (On Juniper ATP, secret passphrase CLI inputs, such as "set mcm",
 CVE-2019-0020 (Juniper ATP ships with hard coded credentials in the Web Collector ins ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0019 (When BGP tracing is enabled an incoming BGP message may cause the Juno ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0018 (A persistent cross-site scripting (XSS) vulnerability in the file uplo ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0017 (The Junos Space application, which allows Device Image files to be upl ...)
@@ -32816,7 +32816,7 @@ CVE-2019-0010 (An SRX Series Service Gateway configured for Unified Threat Manag
 CVE-2019-0009 (On EX2300 and EX3400 series, high disk I/O operations may disrupt the  ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0008 (A certain sequence of valid BGP or IPv6 BFD packets may trigger a stac ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-0007 (The vMX Series software uses a predictable IP ID Sequence Number. This ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0006 (A certain crafted HTTP packet can trigger an uninitialized function po ...)
@@ -35120,7 +35120,7 @@ CVE-2018-17307
 CVE-2018-17306
 	RESERVED
 CVE-2018-17305 (UiPath Orchestrator through 2018.2.4 allows any authenticated user to  ...)
-	TODO: check
+	NOT-FOR-US: UiPath Orchestrator
 CVE-2018-17304
 	RESERVED
 CVE-2018-17303



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4963bd6f9ea3f574d7a2b4d25039e601c02d49e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4963bd6f9ea3f574d7a2b4d25039e601c02d49e4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190411/b4f57b4c/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list