[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jul 10 21:31:21 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ab47b17 by Salvatore Bonaccorso at 2019-07-10T20:30:58Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2019-13480
 CVE-2019-13479
 	RESERVED
 CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...)
-	TODO: check
+	NOT-FOR-US: Helpy
 CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-13477
@@ -469,13 +469,13 @@ CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be triggered
 CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
 	NOT-FOR-US: TRENDnet
 CVE-2019-13279 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2019-13278 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows a ...)
 	NOT-FOR-US: TRENDnet TEW-827DRU
 CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before  ...)
 	NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress
 CVE-2019-13274
@@ -994,7 +994,7 @@ CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3
 	- zoneminder <unfixed>
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
 CVE-2019-13071 (CSRF in the Agent/Center component of CyberPower PowerPanel Business E ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel Business Edition
 CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...)
 	NOT-FOR-US: CyberPower PowerPanel Business Edition
 CVE-2019-13069
@@ -4634,7 +4634,7 @@ CVE-2019-11652
 CVE-2019-11651
 	RESERVED
 CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Advanced Authentication Framework
 CVE-2019-11649 (Cross-Site Scripting vulnerability in Micro Focus Fortify Software Sec ...)
 	NOT-FOR-US: Micro Focus Fortify software security center server
 CVE-2019-11648 (An information leakage exists in Micro Focus NetIQ Self Service Passwo ...)
@@ -7309,7 +7309,7 @@ CVE-2019-10654 (The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as us
 	NOTE: https://github.com/ckolivas/lrzip/issues/108
 	NOTE: Crash in CLI tool, no security impact
 CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Hsycms
 CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...)
 	NOT-FOR-US: flatCore
 CVE-2019-10651
@@ -8591,13 +8591,13 @@ CVE-2019-10124
 CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which ...)
 	NOT-FOR-US: Advanced InfoData Systems (AIS)
 CVE-2019-10122 (eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43 ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
 CVE-2019-10121 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
 CVE-2019-10120 (On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3 ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
 CVE-2019-10119 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
 CVE-2019-10118 (Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and ...)
 	NOT-FOR-US: Snipe-IT
 CVE-2019-10117 (An Open Redirect issue was discovered in GitLab Community and Enterpri ...)
@@ -21676,7 +21676,7 @@ CVE-2019-5223
 CVE-2019-5222
 	RESERVED
 CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...)
 	TODO: check
 CVE-2019-5219 (There is a double free vulnerability on certain drivers of Huawei Mate ...)
@@ -31169,7 +31169,7 @@ CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Pr
 CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco Prime S ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive Securit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication Server (VCS) ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1871
@@ -35348,23 +35348,23 @@ CVE-2019-0328
 CVE-2019-0327
 	RESERVED
 CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Ent ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary author ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0324
 	RESERVED
 CVE-2019-0323
 	RESERVED
 CVE-2019-0322 (SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0321 (ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, d ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0320
 	RESERVED
 CVE-2019-0319 (The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0318 (Under certain conditions SAP NetWeaver Application Server for Java (St ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0317
 	RESERVED
 CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITO ...)
@@ -35438,7 +35438,7 @@ CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in vers
 CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...)
 	NOT-FOR-US: SAP
 CVE-2019-0281 (SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6. ...)
 	NOT-FOR-US: SAP
 CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...)
@@ -48151,7 +48151,7 @@ CVE-2018-14833 (Intuit Lacerte 2017 has Incorrect Access Control. ...)
 CVE-2018-14832
 	RESERVED
 CVE-2018-14831 (An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote a ...)
-	TODO: check
+	NOT-FOR-US: DamiCMS
 CVE-2018-14830
 	RESERVED
 CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vu ...)
@@ -49286,11 +49286,11 @@ CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJ
 CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
 	NOT-FOR-US: Tenda D152 ADSL routers
 CVE-2018-14496 (Vivotek FD8136 devices allow remote memory corruption and remote code  ...)
-	TODO: check
+	NOT-FOR-US: Vivotek FD8136 devices
 CVE-2018-14495 (Vivotek FD8136 devices allow Remote Command Injection, aka "another co ...)
-	TODO: check
+	NOT-FOR-US: Vivotek FD8136 devices
 CVE-2018-14494 (Vivotek FD8136 devices allow Remote Command Injection, related to Busy ...)
-	TODO: check
+	NOT-FOR-US: Vivotek FD8136 devices
 CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Au ...)
 	NOT-FOR-US: Open-Audit Community
 CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN,  ...)
@@ -53907,19 +53907,19 @@ CVE-2018-12630 (NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the se
 CVE-2018-12629
 	RESERVED
 CVE-2018-12628 (An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users. ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-12627 (An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-12626 (An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS vi ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-12625 (An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-12624 (An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XS ...)
 	NOT-FOR-US: Eventum
 CVE-2018-12623 (An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS vi ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-12622 (An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has X ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Op ...)
 	NOT-FOR-US: Eventum
 CVE-2018-12620
@@ -56544,7 +56544,7 @@ CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/im
 CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or  ...)
 	NOT-FOR-US: Ximdex
 CVE-2018-11734 (In e107 v2.1.7, output without filtering results in XSS. ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2018-11733
 	RESERVED
 CVE-2018-11732



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ab47b177455ac10aa55c1c1f1ab5e1040c90626

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ab47b177455ac10aa55c1c1f1ab5e1040c90626
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190710/94142f9d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list