[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Feb 26 08:21:10 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2413890e by Moritz Muehlenhoff at 2019-02-26T08:20:43Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2019-9183
 	RESERVED
 CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a ...)
-	TODO: check
+	NOT-FOR-US: ZZZCMS
 CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...)
-	TODO: check
+	NOT-FOR-US: SchoolCMS
 CVE-2019-9180
 	RESERVED
 CVE-2019-9179
@@ -29,7 +29,7 @@ CVE-2019-9170
 CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
 	TODO: check
 CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce
 CVE-2019-9167
 	RESERVED
 CVE-2019-9166
@@ -85,7 +85,7 @@ CVE-2019-9148
 CVE-2019-9147
 	RESERVED
 CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a ...)
-	TODO: check
+	NOT-FOR-US: Jamf Self Service
 CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability ...)
 	NOT-FOR-US: Hsycms
 CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...)
@@ -159,9 +159,9 @@ CVE-2019-9113 (Ming (aka libming) 0.4.8 has a NULL pointer dereference in the fu
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/171
 CVE-2019-9112 (The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver
 CVE-2019-9111 (The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver
 CVE-2019-9110 (XSS exists in WUZHI CMS 4.1.0 via ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2019-9109 (XSS exists in WUZHI CMS 4.1.0 via ...)
@@ -219,19 +219,19 @@ CVE-2019-9084
 CVE-2019-9083
 	RESERVED
 CVE-2018-20795 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20794 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20793 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20792 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20791 (tecrail Responsive FileManager 9.13.4 allows XSS via a media file ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20790 (tecrail Responsive FileManager 9.13.4 allows remote attackers to delete ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20789 (tecrail Responsive FileManager 9.13.4 allows remote attackers to delete ...)
-	TODO: check
+	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20788 (drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels ...)
 	TODO: check
 CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi ...)
@@ -239,7 +239,7 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xi
 CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a ...)
-	TODO: check
+	NOT-FOR-US: Laravel Framework
 CVE-2019-9080
 	RESERVED
 CVE-2019-9079
@@ -345,7 +345,7 @@ CVE-2019-9049 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF ...)
 CVE-2019-9048 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2019-9047 (GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter ...)
-	TODO: check
+	NOT-FOR-US: GoRose
 CVE-2019-9046
 	RESERVED
 CVE-2019-9045
@@ -402,11 +402,11 @@ CVE-2019-9026 (An issue was discovered in libmatio.a in matio (aka MAT File I/O
 	- libmatio <undetermined>
 	NOTE: https://github.com/tbeu/matio/issues/103
 CVE-2018-20785 (Secure boot bypass and memory extraction can be achieved on Neato ...)
-	TODO: check
+	NOT-FOR-US: Neato
 CVE-2014-10079 (In Vembu StoreGrid 4.4.x, the front page of the server web interface ...)
-	TODO: check
+	NOT-FOR-US: Vembu StoreGrid
 CVE-2014-10078 (Vembu StoreGrid 4.4.x has XSS in ...)
-	TODO: check
+	NOT-FOR-US: Vembu StoreGrid
 CVE-2019-9019 (The British Airways Entertainment System, as installed on Boeing ...)
 	NOT-FOR-US: British Airways Entertainment System
 CVE-2019-9025 (An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte ...)
@@ -491,7 +491,7 @@ CVE-2019-9006
 CVE-2019-9005
 	RESERVED
 CVE-2019-9004 (In Eclipse Wakaama (formerly liblwm2m) 1.0, ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Wakaama
 CVE-2019-9003 (In the Linux kernel before 4.20.5, attackers can trigger a ...)
 	- linux 4.19.20-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -6855,9 +6855,9 @@ CVE-2019-6268
 CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for ...)
 	NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
 CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is ...)
-	TODO: check
+	NOT-FOR-US: Cordaware bestinformed
 CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware bestinformed ...)
-	TODO: check
+	NOT-FOR-US: Cordaware bestinformed
 CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...)
 	NOT-FOR-US: Joomla!
 CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...)
@@ -17046,7 +17046,7 @@ CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...)
 	NOT-FOR-US: doorGets
 CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An ...)
-	TODO: check
+	NOT-FOR-US: Gurock TestRail
 CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php ...)
 	NOT-FOR-US: NoneCms
 CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...)
@@ -17124,7 +17124,7 @@ CVE-2018-20035
 CVE-2018-20034
 	RESERVED
 CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon ...)
-	TODO: check
+	NOT-FOR-US: FlexNet Publisher
 CVE-2018-20032
 	RESERVED
 CVE-2018-20031
@@ -18838,7 +18838,7 @@ CVE-2019-1691 (A vulnerability in the detection engine of Cisco Firepower Threat
 CVE-2019-1690
 	RESERVED
 CVE-2019-1689 (A vulnerability in the client application for iOS of Cisco Webex Teams ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1688 (A vulnerability in the management web interface of Cisco Network ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1687
@@ -18850,7 +18850,7 @@ CVE-2019-1685 (A vulnerability in the Security Assertion Markup Language (SAML)
 CVE-2019-1684 (A vulnerability in the Cisco Discovery Protocol or Link Layer ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1683 (A vulnerability in the certificate handling component of the Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1682
 	RESERVED
 CVE-2019-1681 (A vulnerability in the TFTP service of Cisco Network Convergence ...)
@@ -25247,7 +25247,7 @@ CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remo
 CVE-2018-18693
 	RESERVED
 CVE-2018-18692 (A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft ...)
-	TODO: check
+	NOT-FOR-US: SEMCO
 CVE-2018-18691
 	RESERVED
 CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set ...)
@@ -37808,11 +37808,11 @@ CVE-2018-13916
 CVE-2018-13915
 	RESERVED
 CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-13913 (Improper validation of array index can lead to unauthorized access ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-13911
 	RESERVED
 CVE-2018-13910



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2413890e4d9a156320153c1a60907b5b8628448f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2413890e4d9a156320153c1a60907b5b8628448f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190226/5137f564/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list