[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Dec 26 21:33:22 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30f75ae0 by Salvatore Bonaccorso at 2019-12-26T21:32:57Z
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5816,7 +5816,7 @@ CVE-2019-19400
 CVE-2019-19399
 	RESERVED
 CVE-2019-19398 (M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-19397 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
 	NOT-FOR-US: Huawei
 CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, allows a ...)
@@ -42491,7 +42491,7 @@ CVE-2019-8295
 CVE-2019-8294
 	RESERVED
 CVE-2019-8293 (Due to a logic error in the code, upload-image-with-ajax v1.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: upload-image-with-ajax
 CVE-2019-8292 (Online Store System v1.0 delete_product.php doesn't check to see if a  ...)
 	NOT-FOR-US: Online Store System
 CVE-2019-8291 (Online Store System v1.0 delete_file.php doesn't check to see if a use ...)
@@ -42570,7 +42570,7 @@ CVE-2019-8257
 CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...)
 	TODO: check
 CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
 	NOT-FOR-US: Adobe
 CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
@@ -47610,7 +47610,7 @@ CVE-2019-6237 (Multiple memory corruption issues were addressed with improved me
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
 CVE-2019-6236 (A race condition existed during the installation of iCloud for Windows ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-6235 (A memory corruption issue was addressed with improved validation. This ...)
 	NOT-FOR-US: Apple
 CVE-2019-6234 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -47620,7 +47620,7 @@ CVE-2019-6233 (A memory corruption issue was addressed with improved memory hand
 	- webkit2gtk 2.22.4-1 (unimportant)
 	NOTE: Not covered by security support
 CVE-2019-6232 (A race condition existed during the installation of iTunes for Windows ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-6231 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2019-6230 (A memory initialization issue was addressed with improved memory handl ...)
@@ -47643,7 +47643,7 @@ CVE-2019-6224 (A buffer overflow issue was addressed with improved memory handli
 CVE-2019-6223 (A logic issue existed in the handling of Group FaceTime calls. The iss ...)
 	NOT-FOR-US: Apple
 CVE-2019-6222 (A consistency issue was addressed with improved state handling. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-6221 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2019-6220 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -47677,13 +47677,13 @@ CVE-2019-6209 (An out-of-bounds read issue existed that led to the disclosure of
 CVE-2019-6208 (A memory initialization issue was addressed with improved memory handl ...)
 	NOT-FOR-US: Apple
 CVE-2019-6207 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-6206 (An issue existed with autofill resuming after it was canceled. The iss ...)
 	NOT-FOR-US: autofill in iOS
 CVE-2019-6205 (A memory corruption issue was addressed with improved lock state check ...)
 	NOT-FOR-US: Apple
 CVE-2019-6204 (A logic issue was addressed with improved validation. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-6203
 	RESERVED
 CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -47800,7 +47800,7 @@ CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo Dy
 CVE-2019-6148
 	RESERVED
 CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower than 6 ...)
-	TODO: check
+	NOT-FOR-US: Forcepoint NGFW Security Management Center
 CVE-2019-6146
 	RESERVED
 CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...)
@@ -48110,17 +48110,17 @@ CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26
 CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior to Ver ...)
 	NOT-FOR-US: a-blog cms
 CVE-2019-6032 (The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates f ...)
-	TODO: check
+	NOT-FOR-US: NTV News24
 CVE-2019-6031 (Cross-site scripting vulnerability in KINZA for Windows version 5.9.2  ...)
-	TODO: check
+	NOT-FOR-US: KINZA for Windows
 CVE-2019-6030 (Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0 ...)
-	TODO: check
+	NOT-FOR-US: Custom Body Class
 CVE-2019-6029 (Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earl ...)
-	TODO: check
+	NOT-FOR-US: Custom Body Class
 CVE-2019-6028
 	RESERVED
 CVE-2019-6027 (Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1. ...)
-	TODO: check
+	NOT-FOR-US: WP Spell Check Wordpress Plugin
 CVE-2019-6026 (Privilege escalation vulnerability in Multiple MOTEX products (LanScop ...)
 	NOT-FOR-US: MOTEX
 CVE-2019-6025 (Open redirect vulnerability in Movable Type series Movable Type 7 r.46 ...)
@@ -48134,11 +48134,11 @@ CVE-2019-6022 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8
 CVE-2019-6021 (Open redirect vulnerability in Library Information Management System L ...)
 	NOT-FOR-US: Library Information Management System LIMEDIO
 CVE-2019-6020 (Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2019-6019 (Untrusted search path vulnerability in STAMP Workbench installer all v ...)
-	TODO: check
+	NOT-FOR-US: STAMP Workbench installer
 CVE-2019-6018 (Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (Ne ...)
-	TODO: check
+	NOT-FOR-US: NetCommons
 CVE-2019-6017 (REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier ...)
 	NOT-FOR-US: REMISE Payment Module
 CVE-2019-6016 (Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.1 ...)
@@ -48150,15 +48150,15 @@ CVE-2019-6014 (DBA-1510P firmware 1.70b009 and earlier allows an attacker to exe
 CVE-2019-6013 (DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers ...)
 	NOT-FOR-US: DBA-1510P firmware
 CVE-2019-6012 (SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 an ...)
-	TODO: check
+	NOT-FOR-US: wpDataTables Lite
 CVE-2019-6011 (Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 ...)
-	TODO: check
+	NOT-FOR-US: wpDataTables Lite
 CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to the vers ...)
 	NOT-FOR-US: LINE(Android)
 CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows rem ...)
 	NOT-FOR-US: SHIRASAGI
 CVE-2019-6008 (An unquoted search path vulnerability in Multiple Yokogawa products fo ...)
-	TODO: check
+	NOT-FOR-US: Yokogawa
 CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows  ...)
 	NOT-FOR-US: apng-drawable
 CVE-2019-6006
@@ -49082,7 +49082,7 @@ CVE-2019-5704
 CVE-2019-5703
 	RESERVED
 CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vu ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
 	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...)
@@ -50458,23 +50458,23 @@ CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the ig
 CVE-2019-5082
 	RESERVED
 CVE-2019-5081 (An exploitable heap buffer overflow vulnerability exists in the iochec ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5080 (An exploitable denial-of-service vulnerability exists in the iocheckd  ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5079 (An exploitable heap buffer overflow vulnerability exists in the iochec ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5078 (An exploitable denial of service vulnerability exists in the iocheckd  ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5077 (An exploitable denial-of-service vulnerability exists in the iocheckd  ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2019-5075 (An exploitable stack buffer overflow vulnerability exists in the comma ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5074 (An exploitable stack buffer overflow vulnerability exists in the ioche ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5073 (An exploitable information exposure vulnerability exists in the iochec ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5072 (An exploitable command injection vulnerability exists in the /goform/W ...)
 	NOT-FOR-US: Tenda
 CVE-2019-5071 (An exploitable command injection vulnerability exists in the /goform/W ...)
@@ -52727,15 +52727,15 @@ CVE-2019-3998
 CVE-2019-3997
 	RESERVED
 CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy  ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-3995 (ELOG 3.1.4-57bea22 and below is affected by a denial of service vulner ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-3994 (ELOG 3.1.4-57bea22 and below is affected by a denial of service vulner ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-3993 (ELOG 3.1.4-57bea22 and below is affected by an information disclosure  ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-3992 (ELOG 3.1.4-57bea22 and below is affected by an information disclosure  ...)
-	TODO: check
+	NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-3991
 	RESERVED
 CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the  ...)
@@ -120662,7 +120662,7 @@ CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. ..
 CVE-2017-16779
 	RESERVED
 CVE-2017-16778 (An access control weakness in the DTMF tone receiver of Fermax Outdoor ...)
-	TODO: check
+	NOT-FOR-US: Fermax Outdoor Panel
 CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion)  ...)
 	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-16776 (Security researchers discovered an authentication bypass vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30f75ae06297e411872f9d03c3513843e78537ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30f75ae06297e411872f9d03c3513843e78537ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191226/464f1116/attachment.html>

More information about the debian-security-tracker-commits mailing list