[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Aug 14 13:32:04 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c29eb453 by Salvatore Bonaccorso at 2019-08-14T12:31:39Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2019-15030
 CVE-2019-15029
 	RESERVED
 CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2019-15027
 	RESERVED
 CVE-2019-15026
@@ -153,11 +153,11 @@ CVE-2019-14988
 CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...)
 	NOT-FOR-US: Adive Framework
 CVE-2019-14986 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installe ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
 CVE-2019-14985 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remot ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
 CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn inst ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
 CVE-2019-14983
 	RESERVED
 CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...)
@@ -1294,7 +1294,7 @@ CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is
 	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1576
 	NOTE: Negligible security impact
 CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR before  ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...)
 	NOT-FOR-US: OpenEMR
 CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...)
@@ -1335,7 +1335,7 @@ CVE-2019-14518
 CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javascript: string. ...)
 	NOT-FOR-US: pandao Editor.md
 CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...)
-	TODO: check
+	NOT-FOR-US: mAadhaar application for Android
 CVE-2019-14515
 	RESERVED
 CVE-2019-14514
@@ -2325,7 +2325,7 @@ CVE-2019-14361
 CVE-2019-14360
 	RESERVED
 CVE-2019-14359 (** DISPUTED ** On BC Vault devices, a side channel for the row-based S ...)
-	TODO: check
+	NOT-FOR-US: BC Vault devices
 CVE-2019-14358
 	RESERVED
 CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...)
@@ -5425,7 +5425,7 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS)
 CVE-2019-13463
 	RESERVED
 CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: Lansweeper
 CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
 	NOT-FOR-US: PrestaShop
 CVE-2019-13460
@@ -5543,17 +5543,17 @@ CVE-2019-13422
 CVE-2019-13421
 	RESERVED
 CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
-	TODO: check
+	NOT-FOR-US: Search Guard
 CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
@@ -7195,7 +7195,7 @@ CVE-2019-12810
 CVE-2019-12809
 	RESERVED
 CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...)
-	TODO: check
+	NOT-FOR-US: ALTOOLS update service
 CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...)
 	TODO: check
 CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...)
@@ -8003,7 +8003,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d
 CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...)
 	NOT-FOR-US: BACnet Protocol Stack
 CVE-2019-12479 (An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vuln ...)
-	TODO: check
+	NOT-FOR-US: 20|20 Storage
 CVE-2019-12478
 	RESERVED
 CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
@@ -11399,7 +11399,7 @@ CVE-2019-11209
 CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-11205 (The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...)
@@ -12077,9 +12077,9 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag
 CVE-2019-10944
 	RESERVED
 CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions),  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-10941
 	RESERVED
 CVE-2019-10940
@@ -12105,11 +12105,11 @@ CVE-2019-10931 (A vulnerability has been identified in SIPROTEC 5 device types 6
 CVE-2019-10930 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85,  ...)
 	NOT-FOR-US: Siemens
 CVE-2019-10929 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). An auth ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-10927 (A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANC ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-10926 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
 	NOT-FOR-US: Siemens
 CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
@@ -19512,7 +19512,7 @@ CVE-2019-8450
 CVE-2019-8449
 	RESERVED
 CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-8447
 	RESERVED
 CVE-2019-8446
@@ -27425,7 +27425,7 @@ CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(
 CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5299 (Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL0 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5298 (There is an improper authentication vulnerability in some Huawei AP pr ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5297 (Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T ...)
@@ -27463,7 +27463,7 @@ CVE-2019-5282
 CVE-2019-5281 (There is an information leak vulnerability in some Huawei phones, vers ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5279
 	RESERVED
 CVE-2019-5278



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c29eb453a56b69b349f94af36419e47495e52385

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c29eb453a56b69b349f94af36419e47495e52385
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190814/f028e912/attachment.html>

More information about the debian-security-tracker-commits mailing list