[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Aug 8 21:53:41 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5b56307 by Salvatore Bonaccorso at 2019-08-08T20:52:58Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2019-14774
 CVE-2019-14773
 	RESERVED
 CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: verdaccio
 CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the  ...)
 	- backdrop <itp> (bug #914257)
 CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some me ...)
@@ -55,7 +55,7 @@ CVE-2019-14756
 CVE-2019-14755
 	RESERVED
 CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
-	TODO: check
+	NOT-FOR-US: Open-School
 CVE-2018-20962
 	RESERVED
 CVE-2019-14753
@@ -112,7 +112,7 @@ CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoa
 	- adplug <unfixed>
 	NOTE: https://github.com/adplug/adplug/issues/88
 CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
-	TODO: check
+	NOT-FOR-US: ZenTao CMS
 CVE-2019-14730
 	RESERVED
 CVE-2019-14729
@@ -186,7 +186,7 @@ CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builde
 CVE-2019-14694
 	RESERVED
 CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
 	- adplug <unfixed>
 	NOTE: https://github.com/adplug/adplug/issues/87
@@ -290,7 +290,7 @@ CVE-2017-18485
 CVE-2017-18484
 	RESERVED
 CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2016-10863
 	RESERVED
 CVE-2019-14661
@@ -1620,7 +1620,7 @@ CVE-2019-14355
 CVE-2019-14354
 	RESERVED
 CVE-2019-14353 (On Trezor One devices before 1.8.2, a side channel for the row-based O ...)
-	TODO: check
+	NOT-FOR-US: Trezor One devices
 CVE-2019-14352 (** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also known as  ...)
 	NOT-FOR-US: Joget Workflow
 CVE-2019-14351 (EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malic ...)
@@ -1656,7 +1656,7 @@ CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.
 CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
 	NOT-FOR-US: D-Link
 CVE-2019-14335 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP  ...)
 	NOT-FOR-US: D-Link
 CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
@@ -2013,7 +2013,7 @@ CVE-2019-14223
 CVE-2019-14222
 	RESERVED
 CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...)
-	TODO: check
+	NOT-FOR-US: 1CRM On-Premise Software
 CVE-2019-14220
 	RESERVED
 CVE-2019-14219
@@ -5666,7 +5666,7 @@ CVE-2019-13103 (A crafted self-referential DOS partition table will cause all Da
 CVE-2019-13102
 	RESERVED
 CVE-2019-13101 (An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-13100 (The Send Anywhere application 9.4.18 for Android stores confidential i ...)
 	NOT-FOR-US: Send Anywhere application for Android
 CVE-2019-13099 (The Momo application 2.1.9 for Android stores confidential information ...)
@@ -5933,7 +5933,7 @@ CVE-2019-12996
 CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
 	NOT-FOR-US: Istio
 CVE-2019-12994 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12993
 	RESERVED
 CVE-2019-12992 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
@@ -6058,7 +6058,7 @@ CVE-2019-12961 (LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection i
 CVE-2019-12960 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in func ...)
 	NOT-FOR-US: LiveZilla Server
 CVE-2019-12959 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in F ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 	NOTE: CVE-2017-14976 in poppler



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5b5630795fb980464ee2d5959cf50282f160377

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5b5630795fb980464ee2d5959cf50282f160377
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190808/a7a32c7f/attachment.html>

More information about the debian-security-tracker-commits mailing list