[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jun 7 22:17:55 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f94a6ac7 by Salvatore Bonaccorso at 2019-06-07T21:16:00Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2019-12778
 	RESERVED
 CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
-	TODO: check
+	NOT-FOR-US: ENTTEC
 CVE-2019-12776 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
-	TODO: check
+	NOT-FOR-US: ENTTEC
 CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
-	TODO: check
+	NOT-FOR-US: ENTTEC
 CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...)
-	TODO: check
+	NOT-FOR-US: ENTTEC
 CVE-2019-12773
 	RESERVED
 CVE-2019-12772
 	RESERVED
 CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...)
-	TODO: check
+	NOT-FOR-US: ThinStation
 CVE-2019-12770
 	RESERVED
 CVE-2019-12769
@@ -29,7 +29,7 @@ CVE-2019-12765
 CVE-2019-12764
 	RESERVED
 CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android stores po ...)
-	TODO: check
+	NOT-FOR-US: Security Camera CZ application for Android
 CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
 	NOT-FOR-US: Xiaomi Mi 5s Plus devices
 CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
@@ -369,13 +369,13 @@ CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/power
 	NOTE: This is a potential null pointer dereference that looks like it can
 	NOTE: only be invoked by root or the hypervisor.  Probably no security impact.
 CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Inj ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2019-12597
 	RESERVED
 CVE-2019-12596
@@ -628,7 +628,7 @@ CVE-2019-12479
 CVE-2019-12478
 	RESERVED
 CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
-	TODO: check
+	NOT-FOR-US: Supra Smart Cloud TV
 CVE-2019-12476
 	RESERVED
 CVE-2019-12475
@@ -12036,9 +12036,9 @@ CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a h
 CVE-2019-8284
 	RESERVED
 CVE-2019-8283 (Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7 ...)
-	TODO: check
+	NOT-FOR-US: Gemalto Admin Control Center
 CVE-2019-8282 (Gemalto Admin Control Center, all versions prior to 7.92, uses clearte ...)
-	TODO: check
+	NOT-FOR-US: Gemalto Admin Control Center
 CVE-2019-8281
 	RESERVED
 CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...)
@@ -21858,15 +21858,15 @@ CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Stan
 CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4070 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4069 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not p ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4068 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4067 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not r ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4066 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allo ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4065
 	RESERVED
 CVE-2019-4064
@@ -23428,7 +23428,7 @@ CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight Log
 CVE-2019-3478
 	RESERVED
 CVE-2019-3477 (Micro Focus Solution Business Manager versions prior to 11.4.2 is susc ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Solution Business Manager
 CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, version ...)
 	NOT-FOR-US: Micro Focus Data Protector
 CVE-2019-3475 (A local privilege escalation vulnerability in the famtd component of M ...)
@@ -27338,7 +27338,7 @@ CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the Page title, Meta descriptio
 CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Vari ...)
 	NOT-FOR-US: FUEL CMS
 CVE-2018-20135 (Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostnam ...)
-	TODO: check
+	NOT-FOR-US: Samsung Galaxy Apps
 CVE-2018-20134
 	RESERVED
 CVE-2018-20133 (ymlref allows code injection. ...)
@@ -28667,7 +28667,7 @@ CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers
 CVE-2018-19979
 	RESERVED
 CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE configuration in ...)
-	TODO: check
+	NOT-FOR-US: Auerswald COMfort
 CVE-2018-19977 (A command injection (missing input validation, escaping) in the ftp up ...)
 	NOT-FOR-US: Auerswald COMfort
 CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule is expose ...)
@@ -33609,15 +33609,15 @@ CVE-2018-19467
 CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. Portainer stores ...)
 	NOT-FOR-US: Portainer
 CVE-2018-19465 (Maccms through 8.0 allows XSS via the site_keywords field to index.php ...)
-	TODO: check
+	NOT-FOR-US: Maccms
 CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting. ...)
 	NOT-FOR-US: Discuz!
 CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through  ...)
 	NOT-FOR-US: Z-BlogPHP
 CVE-2018-19462 (admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: EmpireCMS
 CVE-2018-19461 (admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL ...)
-	TODO: check
+	NOT-FOR-US: EmpireCMS
 CVE-2018-19460
 	RESERVED
 CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List ...)
@@ -33675,7 +33675,7 @@ CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file
 CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IReader_Co ...)
 	TODO: check
 CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-19450
 	RESERVED
 CVE-2018-19449
@@ -71422,7 +71422,7 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and
 CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
 	NOT-FOR-US: Zoho
 CVE-2018-5798 (This CVE relates to an unspecified cross site scripting vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Cloudera Manager
 CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
 	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
 CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
@@ -73008,9 +73008,9 @@ CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to
 CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
 	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5265 (Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attacke ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti EdgeOS
 CVE-2018-5264 (Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote att ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti UniFi 52 devices
 CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0. ...)
 	NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
 CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f94a6ac77eb8e432b83deb978ab69983439ca969

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f94a6ac77eb8e432b83deb978ab69983439ca969
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190607/08492904/attachment.html>


More information about the debian-security-tracker-commits mailing list