[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Feb 22 13:37:13 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9824502d by Moritz Muehlenhoff at 2019-02-22T13:36:49Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-9002 (An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through ...)
-	TODO: check
+	NOT-FOR-US: Tiny Issue
 CVE-2019-9001
 	RESERVED
 CVE-2019-9000
@@ -11,7 +11,7 @@ CVE-2019-8998
 CVE-2019-8997
 	RESERVED
 CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set ...)
-	TODO: check
+	NOT-FOR-US: Signiant
 CVE-2019-8995
 	RESERVED
 CVE-2019-8994
@@ -35,11 +35,11 @@ CVE-2019-8986
 CVE-2019-8985 (On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based ...)
 	NOT-FOR-US: Netis devices
 CVE-2019-8984 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). ...)
-	TODO: check
+	NOT-FOR-US: MDaemon Webmail
 CVE-2019-8983 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). ...)
-	TODO: check
+	NOT-FOR-US: MDaemon Webmail
 CVE-2019-8982 (com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 ...)
-	TODO: check
+	NOT-FOR-US: WaveMaker Studio
 CVE-2019-8981
 	RESERVED
 CVE-2018-20783 (In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x ...)
@@ -58,7 +58,7 @@ CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in th
 	NOTE: https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/
 	NOTE: https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/
 CVE-2019-8979 (Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when ...)
-	TODO: check
+	- libkohana2-php <removed>
 CVE-2019-8978
 	RESERVED
 CVE-2019-8977
@@ -134,15 +134,15 @@ CVE-2019-8952
 CVE-2019-8951
 	RESERVED
 CVE-2019-1003028 (A server-side request forgery vulnerability exists in Jenkins JMS ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-1003027 (A server-side request forgery vulnerability exists in Jenkins ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-1003026 (A server-side request forgery vulnerability exists in Jenkins ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-1003025 (A exposure of sensitive information vulnerability exists in Jenkins ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-1003024 (A sandbox bypass vulnerability exists in Jenkins Script Security ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices ...)
 	NOT-FOR-US: DASAN
 CVE-2019-8949
@@ -7686,7 +7686,7 @@ CVE-2019-5729
 CVE-2019-5728
 	RESERVED
 CVE-2019-5727 (Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2019-5726
 	RESERVED
 CVE-2019-5725 (qibosoft through V7 allows remote attackers to read arbitrary files via ...)
@@ -11394,7 +11394,7 @@ CVE-2019-3926
 CVE-2019-3925
 	RESERVED
 CVE-2019-3924 (MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is ...)
-	TODO: check
+	NOT-FOR-US: MikroTik
 CVE-2019-3923 (Nessus versions 8.2.1 and earlier were found to contain a stored XSS ...)
 	NOT-FOR-US: Nessus
 CVE-2019-3922
@@ -16270,7 +16270,7 @@ CVE-2019-2396 (Vulnerability in the Oracle CRM Technical Foundation component of
 CVE-2019-2395 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2018-20146 (An issue was discovered in Liquidware ProfileUnity before 6.8.0 with ...)
-	TODO: check
+	NOT-FOR-US: Liquidware ProfileUnity
 CVE-2018-20153 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could ...)
 	{DLA-1673-1}
 	- wordpress 5.0.1+dfsg1-1 (bug #916403)
@@ -16379,7 +16379,7 @@ CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the o
 	NOTE: https://github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4
 	NOTE: https://github.com/eclipse/mosquitto/issues/1073
 CVE-2018-20122 (The web interface on FASTGate Fastweb devices with firmware through ...)
-	TODO: check
+	NOT-FOR-US: FASTGate Fastweb
 CVE-2018-20121
 	RESERVED
 CVE-2018-20120
@@ -18293,11 +18293,11 @@ CVE-2019-1702
 CVE-2019-1701
 	RESERVED
 CVE-2019-1700 (A vulnerability in field-programmable gate array (FPGA) ingress buffer ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1699
 	RESERVED
 CVE-2019-1698 (A vulnerability in the web-based user interface of Cisco Internet of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1697
 	RESERVED
 CVE-2019-1696
@@ -18311,7 +18311,7 @@ CVE-2019-1693
 CVE-2019-1692
 	RESERVED
 CVE-2019-1691 (A vulnerability in the detection engine of Cisco Firepower Threat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1690
 	RESERVED
 CVE-2019-1689
@@ -18323,15 +18323,15 @@ CVE-2019-1687
 CVE-2019-1686
 	RESERVED
 CVE-2019-1685 (A vulnerability in the Security Assertion Markup Language (SAML) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1684 (A vulnerability in the Cisco Discovery Protocol or Link Layer ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1683
 	RESERVED
 CVE-2019-1682
 	RESERVED
 CVE-2019-1681 (A vulnerability in the TFTP service of Cisco Network Convergence ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1680 (A vulnerability in Cisco Webex Business Suite could allow an ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1679 (A vulnerability in the web interface of Cisco TelePresence Conductor, ...)
@@ -18359,23 +18359,23 @@ CVE-2019-1669 (A vulnerability in the data acquisition (DAQ) component of Cisco
 CVE-2019-1668 (A vulnerability in the chat feed feature of Cisco SocialMiner could ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1667 (A vulnerability in the Graphite interface of Cisco HyperFlex software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1666 (A vulnerability in the Graphite service of Cisco HyperFlex software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1665 (A vulnerability in the web-based management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1664 (A vulnerability in the hxterm service of Cisco HyperFlex Software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1663
 	RESERVED
 CVE-2019-1662 (A vulnerability in the Quality of Voice Reporting (QOVR) service of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1661 (A vulnerability in the web-based management interface of Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1660 (A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1659 (A vulnerability in the Identity Services Engine (ISE) integration ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1658 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1657 (A vulnerability in Cisco AMP Threat Grid could allow an authenticated, ...)
@@ -33400,7 +33400,7 @@ CVE-2018-15382 (A vulnerability in Cisco HyperFlex Software could allow an ...)
 CVE-2018-15381 (A Java deserialization vulnerability in Cisco Unity Express (CUE) ...)
 	NOT-FOR-US: Cisco
 CVE-2018-15380 (A vulnerability in the cluster service manager of Cisco HyperFlex ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-15379 (A vulnerability in which the HTTP web server for Cisco Prime ...)
 	NOT-FOR-US: Cisco
 CVE-2018-15378 (A vulnerability in ClamAV versions prior to 0.100.2 could allow an ...)
@@ -56835,7 +56835,7 @@ CVE-2018-6689 (Authentication Bypass vulnerability in McAfee Data Loss Preventio
 CVE-2018-6688
 	RESERVED
 CVE-2018-6687 (Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2018-6686 (Authentication Bypass vulnerability in TPM autoboot in McAfee Drive ...)
 	NOT-FOR-US: McAfee
 CVE-2018-6685



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9824502d9caac2a530b8951c92de23ecce153249

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9824502d9caac2a530b8951c92de23ecce153249
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190222/1e77522b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list