[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jul 11 21:25:26 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d57c9d2f by Salvatore Bonaccorso at 2019-07-11T20:25:11Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2019-13566
 CVE-2019-13565
 	RESERVED
 CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 1.5. ...)
-	TODO: check
+	NOT-FOR-US: Ping Identity Agentless Integration Kit
 CVE-2019-13563 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the enti ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-13562 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstra ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-13559
 	RESERVED
 CVE-2019-13558
@@ -119,11 +119,11 @@ CVE-2019-13509
 CVE-2019-13508
 	RESERVED
 CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: hidea.com AZ Admin
 CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandle ...)
 	TODO: check
 CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...)
-	TODO: check
+	NOT-FOR-US: Appointment Hour Booking plugin for WordPress
 CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...)
 	TODO: check
 CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...)
@@ -2371,11 +2371,11 @@ CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows S
 CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2019-12597 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12596 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12595 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
 	{DSA-4478-1 DLA-1845-1}
 	- dosbox <unfixed> (bug #931222)
@@ -2488,13 +2488,13 @@ CVE-2019-12542 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.
 CVE-2019-12541 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk
 CVE-2019-12540 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Th ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine ServiceDesk
 CVE-2019-12539 (An issue was discovered in the Purchase component of Zoho ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2019-12538 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk
 CVE-2019-12537 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12536
 	RESERVED
 CVE-2019-12535
@@ -6345,7 +6345,7 @@ CVE-2019-11064
 CVE-2019-11063
 	RESERVED
 CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...)
-	TODO: check
+	NOT-FOR-US: SUNNET WMPro for eLearning system
 CVE-2019-11061
 	RESERVED
 CVE-2019-11060
@@ -7498,7 +7498,7 @@ CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL injection
 CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...)
 	NOT-FOR-US: flatCore
 CVE-2019-10651 (An issue was discovered in the Core Server in Ivanti Endpoint Manager  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in ...)
 	{DSA-4436-1 DLA-1785-1}
 	- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #926091)
@@ -10792,7 +10792,7 @@ CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...)
 	NOTE: https://github.com/checkstyle/checkstyle/pull/6476
 	NOTE: https://github.com/checkstyle/checkstyle/commit/180b4fe37a2249d4489d584505f2b7b3ab162ec6
 CVE-2019-9657 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a d ...)
-	TODO: check
+	NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices
 CVE-2019-9656 (An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dere ...)
 	- libofx <unfixed> (unimportant; bug #924350)
 	NOTE: https://github.com/libofx/libofx/issues/22
@@ -35038,7 +35038,7 @@ CVE-2018-19590
 CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
 	NOT-FOR-US: Utimaco CryptoServer HSM
 CVE-2018-19588 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices
 CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
@@ -35522,13 +35522,13 @@ CVE-2019-0332
 CVE-2019-0331
 	RESERVED
 CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0328 (ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0327 (SAP NetWeaver for Java Application Server - Web Container, (engineapi, ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Ent ...)
 	NOT-FOR-US: SAP
 CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary author ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57c9d2f86ac1aa20dab168621b30c5ecd39c1f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57c9d2f86ac1aa20dab168621b30c5ecd39c1f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190711/88500d6e/attachment.html>

More information about the debian-security-tracker-commits mailing list