[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sun Feb 17 20:55:54 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c216b74a by Moritz Muehlenhoff at 2019-02-17T20:55:33Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2019-8413 (On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or ...)
-	TODO: check
+	NOT-FOR-US: FeiFeiCms
 CVE-2019-8411 (admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-8410
 	RESERVED
 CVE-2019-8409
 	RESERVED
 CVE-2019-8408 (OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by ...)
-	TODO: check
+	NOT-FOR-US: OneFileCMS
 CVE-2019-8407 (HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ ...)
-	TODO: check
+	NOT-FOR-US: HongCMS
 CVE-2019-8406
 	RESERVED
 CVE-2019-8405
@@ -23,13 +23,13 @@ CVE-2019-8403
 CVE-2019-8402
 	RESERVED
 CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ...)
 	TODO: check
 CVE-2019-8401
 	RESERVED
 CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the ...)
-	TODO: check
+	NOT-FOR-US: ORY Hydra
 CVE-2019-8399
 	RESERVED
 CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an out ...)
@@ -49,7 +49,7 @@ CVE-2019-8395 (An Insecure Direct Object Reference (IDOR) vulnerability exists i
 CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2019-8393 (Hotels_Server through 2018-11-05 has SQL Injection via the API because ...)
-	TODO: check
+	NOT-FOR-US: Hotels_Server
 CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with firmware ...)
 	NOT-FOR-US: D-Link
 CVE-2019-8391
@@ -57,7 +57,7 @@ CVE-2019-8391
 CVE-2019-8390
 	RESERVED
 CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer feature ...)
-	TODO: check
+	NOT-FOR-US: Musicloud
 CVE-2019-8388
 	RESERVED
 CVE-2019-8387
@@ -69,7 +69,7 @@ CVE-2019-8385
 CVE-2019-8384
 	RESERVED
 CVE-2019-8383 (An issue was discovered in AdvanceCOMP before 2.1. An invalid memory ...)
-	TODO: check
+	NOT-FOR-US: AdvanceCOMP
 CVE-2019-8382 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference ...)
 	NOT-FOR-US: Bento4
 CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory access ...)
@@ -77,7 +77,7 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory acc
 CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference ...)
 	NOT-FOR-US: Bento4
 CVE-2019-8379 (An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer ...)
-	TODO: check
+	NOT-FOR-US: AdvanceCOMP
 CVE-2019-8378 (An issue was discovered in Bento4 1.5.1-628. A heap-based buffer ...)
 	NOT-FOR-US: Bento4
 CVE-2019-8377 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...)
@@ -109,17 +109,17 @@ CVE-2019-8365
 CVE-2019-8364
 	RESERVED
 CVE-2019-8363 (Verydows 2.0 has XSS via the index.php?c=main a parameter, as ...)
-	TODO: check
+	NOT-FOR-US: Verydows
 CVE-2019-8362 (DedeCMS through V5.7SP2 allows arbitrary file upload in ...)
 	NOT-FOR-US: DedeCMS
 CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the Search ...)
 	NOT-FOR-US: PHP Scripts Mall Responsive Video News Script
 CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: Themerig Find a Place CMS Directory
 CVE-2019-8359
 	RESERVED
 CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory ...)
-	TODO: check
+	NOT-FOR-US: Hiawatha
 CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...)
 	- sox <unfixed>
 	NOTE: https://sourceforge.net/p/sox/bugs/318
@@ -149,7 +149,7 @@ CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP account
 CVE-2019-8346
 	RESERVED
 CVE-2019-8345 (The Help feature in the ES File Explorer File Manager application ...)
-	TODO: check
+	NOT-FOR-US: ES File Explorer File Manager
 CVE-2019-8344
 	RESERVED
 CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in ...)
@@ -20880,7 +20880,7 @@ CVE-2019-0267 (SAP Manufacturing Integration and Intelligence, versions 15.0, 15
 CVE-2019-0266 (Under certain conditions SAP HANA Extended Application Services, ...)
 	NOT-FOR-US: SAP
 CVE-2019-0265 (SLD Registration of ABAP Platform allows an attacker to prevent ...)
-	TODO: check
+	NOT-FOR-US: ABAP Platform
 CVE-2019-0264
 	RESERVED
 CVE-2019-0263



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c216b74a73e9298cca3363e59b3bbfe6c09018dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c216b74a73e9298cca3363e59b3bbfe6c09018dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190217/96121b54/attachment.html>

More information about the debian-security-tracker-commits mailing list