[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Apr 26 12:39:56 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bd26802 by Moritz Muehlenhoff at 2019-04-26T11:39:32Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,17 +21,17 @@ CVE-2019-11545
 CVE-2019-11544
 	RESERVED
 CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11542 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11541 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11540 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and  ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11539 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...)
 	NOT-FOR-US: osTicket
 CVE-2019-11536
@@ -105,7 +105,7 @@ CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/605/
 CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
-	TODO: check
+	NOT-FOR-US: Zotonic
 CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard against sy ...)
 	- snapd <unfixed>
 	NOTE: https://github.com/snapcore/snapd/pull/6642
@@ -143,9 +143,9 @@ CVE-2019-11491
 CVE-2019-11490 (An issue was discovered in Npcap 0.992. Sending a malformed .pcap file ...)
 	TODO: check
 CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interface in ...)
-	TODO: check
+	NOT-FOR-US: SimplyBook.me Enterprise
 CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...)
-	TODO: check
+	NOT-FOR-US: SimplyBook.me Enterprise
 CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount reference co ...)
 	- linux <unfixed>
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
@@ -352,7 +352,7 @@ CVE-2019-11412 (An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can c
 CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() an ...)
 	NOT-FOR-US: MuJS
 CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC controll ...)
-	TODO: check
+	NOT-FOR-US: OpenPLC
 CVE-2019-11410
 	RESERVED
 CVE-2019-11409
@@ -2157,7 +2157,7 @@ CVE-2019-10690
 CVE-2019-10689
 	RESERVED
 CVE-2019-10688 (VVX products using UCS software version 5.8.0 and earlier with Better  ...)
-	TODO: check
+	NOT-FOR-US: VVX products using UCS
 CVE-2019-10687
 	RESERVED
 CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
@@ -6590,15 +6590,15 @@ CVE-2019-9141
 CVE-2019-9140
 	RESERVED
 CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
-	TODO: check
+	NOT-FOR-US: DaviewIndy
 CVE-2019-9138 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
-	TODO: check
+	NOT-FOR-US: DaviewIndy
 CVE-2019-9137 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
-	TODO: check
+	NOT-FOR-US: DaviewIndy
 CVE-2019-9136 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...)
-	TODO: check
+	NOT-FOR-US: DaviewIndy
 CVE-2019-9135 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...)
-	TODO: check
+	NOT-FOR-US: DaviewIndy
 CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have a Stack ...)
 	NOT-FOR-US: Architectural Information System
 CVE-2019-9133 (When processing subtitles format media file, KMPlayer version 2018.12. ...)
@@ -7056,15 +7056,15 @@ CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Manag
 CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set  ...)
 	NOT-FOR-US: Signiant
 CVE-2019-8995 (The workspace client, openspace client, and app development client of  ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8994 (The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM,  ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8993 (The administrative web server component of TIBCO Software Inc.'s TIBCO ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8992 (The administrative server component of TIBCO Software Inc.'s TIBCO Act ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8991 (The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveM ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-8990 (The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatr ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
@@ -19261,7 +19261,7 @@ CVE-2019-3803 (Pivotal Concourse, all versions prior to 4.2.2, puts the user acc
 CVE-2019-3802
 	RESERVED
 CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-3800
 	RESERVED
 CVE-2019-3799
@@ -19278,7 +19278,7 @@ CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.
 CVE-2019-3794
 	RESERVED
 CVE-2019-3793 (Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, vers ...)
-	TODO: check
+	NOT-FOR-US: Pivotal
 CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerable to ...)
 	NOT-FOR-US: Pivotal
 CVE-2019-3791
@@ -19286,13 +19286,13 @@ CVE-2019-3791
 CVE-2019-3790
 	RESERVED
 CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0, contains ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-3788 (Cloud Foundry UAA Release, versions prior to 71.0, allows clients to b ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-3787
 	RESERVED
 CVE-2019-3786 (Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0 ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-3785 (Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an e ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-3784 (Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure s ...)
@@ -19422,9 +19422,9 @@ CVE-2019-3723
 CVE-2019-3722
 	RESERVED
 CVE-2019-3721 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2019-3720 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote  ...)
 	NOT-FOR-US: Dell
 CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
@@ -30249,7 +30249,7 @@ CVE-2018-19445
 CVE-2018-19444
 	RESERVED
 CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
-	TODO: check
+	NOT-FOR-US: Neato Botvac Connected
 CVE-2018-19441
 	RESERVED
 CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
@@ -32159,9 +32159,9 @@ CVE-2018-18826 (There exists a heap-based buffer overflow in vc1_decode_p_mb_int
 CVE-2018-18825 (Pagoda Linux panel V6.0 has XSS via the verification code associated w ...)
 	NOT-FOR-US: Pagoda Linux panel
 CVE-2018-18824 (WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_ma ...)
-	TODO: check
+	NOT-FOR-US: WolfCMS
 CVE-2018-18823 (WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_man ...)
-	TODO: check
+	NOT-FOR-US: WolfCMS
 CVE-2018-18822 (Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pagere ...)
 	NOT-FOR-US: Grapixel New Media
 CVE-2018-18821
@@ -33396,9 +33396,9 @@ CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (W
 CVE-2018-18368
 	RESERVED
 CVE-2018-18367 (Symantec Endpoint Protection Manager (SEPM) prior to and including 12. ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2018-18366 (Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior  ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2018-18365 (Norton Password Manager may be susceptible to an address spoofing issu ...)
 	NOT-FOR-US: Norton Password Manager
 CVE-2018-18364 (Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be s ...)
@@ -33621,9 +33621,9 @@ CVE-2018-18288
 CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discov ...)
 	NOT-FOR-US: ASUS RT-AC58U devices
 CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)
-	TODO: check
+	NOT-FOR-US: CMG Suite
 CVE-2018-18285 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)
-	TODO: check
+	NOT-FOR-US: CMG Suite
 CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...)
 	{DSA-4336-1 DLA-1552-1}
 	- ghostscript 9.25~dfsg-3 (bug #911175)
@@ -33699,7 +33699,7 @@ CVE-2018-18253 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CAL
 CVE-2018-18252 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunEle ...)
 	NOT-FOR-US: CapMon Access Manager
 CVE-2018-18251 (Deltek Vision 7.x before 7.6 permits the execution of any attacker sup ...)
-	TODO: check
+	NOT-FOR-US: Deltek Vision
 CVE-2019-0085
 	RESERVED
 CVE-2019-0084
@@ -36523,7 +36523,7 @@ CVE-2018-17171
 CVE-2018-17170
 	RESERVED
 CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4  ...)
-	TODO: check
+	NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
 	NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored  ...)
@@ -37932,7 +37932,7 @@ CVE-2018-16662
 CVE-2018-16661
 	RESERVED
 CVE-2018-16660 (A command injection vulnerability in PWS in Imperva SecureSphere 13.0. ...)
-	TODO: check
+	NOT-FOR-US: Imperva SecureSphere
 CVE-2018-16659 (An issue was discovered in Rausoft ID.prove 2.95. The login page allow ...)
 	NOT-FOR-US: Rausoft ID.prove
 CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
@@ -39090,15 +39090,15 @@ CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml conf
 CVE-2018-16221
 	RESERVED
 CVE-2018-16220 (Cross Site Scripting in different input fields (domain field and perso ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes 405HD VoIP phone
 CVE-2018-16219 (A missing password verification in the web interface in AudioCodes 405 ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes 405HD VoIP phone
 CVE-2018-16218
 	RESERVED
 CVE-2018-16217
 	RESERVED
 CVE-2018-16216 (A command injection (missing input validation, escaping) in the monito ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes 405HD VoIP phone
 CVE-2018-16215
 	RESERVED
 CVE-2018-16214
@@ -42068,35 +42068,35 @@ CVE-2018-15005 (The ZTE ZMAX Champ Android device with a build fingerprint of ZT
 CVE-2018-15004 (The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/ ...)
 	NOT-FOR-US: Coolpad
 CVE-2018-15003 (The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:us ...)
-	TODO: check
+	NOT-FOR-US: Coolpad
 CVE-2018-15002 (The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2 ...)
 	NOT-FOR-US: Vivo V7 device
 CVE-2018-15001 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
 	NOT-FOR-US: Vivo V7 device
 CVE-2018-15000 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
-	TODO: check
+	NOT-FOR-US: Vivo V7 device
 CVE-2018-14999 (The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bir ...)
-	TODO: check
+	NOT-FOR-US: Leagoo P1 Android device
 CVE-2018-14998 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
 	NOT-FOR-US: Leagoo P1 Android device
 CVE-2018-14997 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
-	TODO: check
+	NOT-FOR-US: Leagoo P1 Android device
 CVE-2018-14996 (The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CP ...)
-	TODO: check
+	NOT-FOR-US: Oppo F5
 CVE-2018-14995 (The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z ...)
 	NOT-FOR-US: ZTE
 CVE-2018-14994 (The Essential Phone Android device with a build fingerprint of essenti ...)
-	TODO: check
+	NOT-FOR-US: Essential Phone
 CVE-2018-14993 (The ASUS Zenfone V Live Android device with a build fingerprint of asu ...)
-	TODO: check
+	NOT-FOR-US: ASUS ZenFone 3 Max Android device
 CVE-2018-14992 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
 	NOT-FOR-US: ASUS ZenFone 3 Max Android device
 CVE-2018-14991 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
-	TODO: check
+	NOT-FOR-US: Coolpad Defiant
 CVE-2018-14990 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
-	TODO: check
+	NOT-FOR-US: Coolpad Defiant
 CVE-2018-14989 (The Plum Compass Android device with a build fingerprint of PLUM/c179_ ...)
-	TODO: check
+	NOT-FOR-US: Plum Compass
 CVE-2018-14988 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
 	NOT-FOR-US: MXQ TV Box
 CVE-2018-14987 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
@@ -42108,13 +42108,13 @@ CVE-2018-14985 (The Leagoo Z5C Android device with a build fingerprint of sp7731
 CVE-2018-14984 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
 	NOT-FOR-US: Leagoo Z5C Android device
 CVE-2018-14983 (The Sony Xperia L1 Android device with a build fingerprint of Sony/G33 ...)
-	TODO: check
+	NOT-FOR-US: Sony Xperia
 CVE-2018-14982 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
 	NOT-FOR-US: LG devices specific issue
 CVE-2018-14981 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
 	NOT-FOR-US: LG devices specific issue
 CVE-2018-14980 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
-	TODO: check
+	NOT-FOR-US: ASUS ZenFone 3 Max Android device
 CVE-2018-14979 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
 	NOT-FOR-US: ASUS ZenFone 3 Max Android device
 CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/use ...)
@@ -43416,11 +43416,11 @@ CVE-2018-14561
 CVE-2018-14560
 	RESERVED
 CVE-2018-14559 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
-	TODO: check
+	NOT-FOR-US: Tenda AC7 devices
 CVE-2018-14558 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
 	NOT-FOR-US: Tenda AC7 devices
 CVE-2018-14557 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
-	TODO: check
+	NOT-FOR-US: Tenda AC7 devices
 CVE-2018-14556
 	RESERVED
 CVE-2018-14555
@@ -46152,7 +46152,7 @@ CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerab
 CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability  ...)
 	NOT-FOR-US: SeaCMS
 CVE-2018-13443 (EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted was ...)
-	TODO: check
+	NOT-FOR-US: EOS.IO jit-wasm
 CVE-2018-13442
 	RESERVED
 CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL po ...)
@@ -49480,7 +49480,7 @@ CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible
 CVE-2018-12245 (Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a ...)
 	NOT-FOR-US: Symantec Endpoint Protection
 CVE-2018-12244 (SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 ...)
-	TODO: check
+	NOT-FOR-US: SEP
 CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)
 	NOT-FOR-US: Symantec
 CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bd26802e5d5327bfeba325d26c1c0df264479a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bd26802e5d5327bfeba325d26c1c0df264479a9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190426/a8d28d1d/attachment.html>


More information about the debian-security-tracker-commits mailing list