[Git][security-tracker-team/security-tracker][master] Process NFUs

Tue Jul 9 21:18:03 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5ca4d67 by Salvatore Bonaccorso at 2019-07-09T20:17:39Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2019-13463
 CVE-2019-13462
 	RESERVED
 CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2019-13460
 	RESERVED
 CVE-2019-13459
@@ -138,7 +138,7 @@ CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS ke
 CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute  ...)
 	NOT-FOR-US: Dynacolor
 CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2019-13396
 	RESERVED
 CVE-2019-13395
@@ -429,7 +429,7 @@ CVE-2019-13282 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggere
 CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DC ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2019-13279
 	RESERVED
 CVE-2019-13278
@@ -749,7 +749,7 @@ CVE-2019-13144
 CVE-2019-13143
 	RESERVED
 CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe)  ...)
-	TODO: check
+	NOT-FOR-US: Razer Surround
 CVE-2019-13141
 	RESERVED
 CVE-2019-13140
@@ -959,7 +959,7 @@ CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3
 CVE-2019-13071
 	RESERVED
 CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel Business Edition
 CVE-2019-13069
 	RESERVED
 CVE-2019-13068 (public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows ...)
@@ -1723,7 +1723,7 @@ CVE-2019-12784
 CVE-2019-12783
 	RESERVED
 CVE-2019-12782 (An authorization bypass vulnerability in pinboard updates in ThoughtSp ...)
-	TODO: check
+	NOT-FOR-US: ThoughtSpot
 CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
 	{DSA-4476-1 DLA-1842-1}
 	- python-django 1:1.11.22-1 (bug #931316)
@@ -1821,9 +1821,9 @@ CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
 CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization  ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2019-12746
 	RESERVED
 CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site S ...)
@@ -3687,7 +3687,7 @@ CVE-2019-11993
 CVE-2019-11992
 	RESERVED
 CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP)  ...)
-	TODO: check
+	NOT-FOR-US: HPE 3PAR Service Processor
 CVE-2019-11990
 	RESERVED
 CVE-2019-11989
@@ -3893,9 +3893,9 @@ CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access Control. ...)
 	- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
 CVE-2019-11890 (Sony Bravia Smart TV devices allow remote attackers to cause a denial  ...)
-	TODO: check
+	NOT-FOR-US: Sony Bravia Smart TV devices
 CVE-2019-11889 (Sony BRAVIA Smart TV devices allow remote attackers to cause a denial  ...)
-	TODO: check
+	NOT-FOR-US: Sony BRAVIA Smart TV devices
 CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with a nil en ...)
 	- golang-1.12 <not-affected> (Only affects Go on Windows)
 	- golang-1.11 <not-affected> (Only affects Go on Windows)
@@ -12513,7 +12513,7 @@ CVE-2019-8922
 CVE-2019-8921
 	RESERVED
 CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. ...)
-	TODO: check
+	NOT-FOR-US: XAMPP
 CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through 2.2.13 f ...)
 	NOT-FOR-US: Seafile Android Client
 CVE-2019-8918
@@ -24148,9 +24148,9 @@ CVE-2019-3952
 CVE-2019-3951
 	RESERVED
 CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded ...)
-	TODO: check
+	NOT-FOR-US: Arlo Basestation firmware
 CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a  ...)
-	TODO: check
+	NOT-FOR-US: Arlo Basestation firmware
 CVE-2019-3948
 	RESERVED
 CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credentials in  ...)
@@ -45920,7 +45920,7 @@ CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow
 CVE-2018-15739
 	RESERVED
 CVE-2018-15738 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla AntiMalware
 CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
 	NOT-FOR-US: STOPzilla
 CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5ca4d67e46a76bbce3ddc706503b6b666c11620

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5ca4d67e46a76bbce3ddc706503b6b666c11620
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190709/80313770/attachment.html>
