[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 7 22:17:55 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f94a6ac7 by Salvatore Bonaccorso at 2019-06-07T21:16:00Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2019-12778
RESERVED
CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
- TODO: check
+ NOT-FOR-US: ENTTEC
CVE-2019-12776 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
- TODO: check
+ NOT-FOR-US: ENTTEC
CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
- TODO: check
+ NOT-FOR-US: ENTTEC
CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...)
- TODO: check
+ NOT-FOR-US: ENTTEC
CVE-2019-12773
RESERVED
CVE-2019-12772
RESERVED
CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...)
- TODO: check
+ NOT-FOR-US: ThinStation
CVE-2019-12770
RESERVED
CVE-2019-12769
@@ -29,7 +29,7 @@ CVE-2019-12765
CVE-2019-12764
RESERVED
CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android stores po ...)
- TODO: check
+ NOT-FOR-US: Security Camera CZ application for Android
CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
@@ -369,13 +369,13 @@ CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/power
NOTE: This is a potential null pointer dereference that looks like it can
NOTE: only be invoked by root or the hypervisor. Probably no security impact.
CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Inj ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2019-12597
RESERVED
CVE-2019-12596
@@ -628,7 +628,7 @@ CVE-2019-12479
CVE-2019-12478
RESERVED
CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
- TODO: check
+ NOT-FOR-US: Supra Smart Cloud TV
CVE-2019-12476
RESERVED
CVE-2019-12475
@@ -12036,9 +12036,9 @@ CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a h
CVE-2019-8284
RESERVED
CVE-2019-8283 (Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7 ...)
- TODO: check
+ NOT-FOR-US: Gemalto Admin Control Center
CVE-2019-8282 (Gemalto Admin Control Center, all versions prior to 7.92, uses clearte ...)
- TODO: check
+ NOT-FOR-US: Gemalto Admin Control Center
CVE-2019-8281
RESERVED
CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...)
@@ -21858,15 +21858,15 @@ CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Stan
CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard ...)
NOT-FOR-US: IBM
CVE-2019-4070 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4069 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not p ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4068 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4067 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not r ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4066 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4065
RESERVED
CVE-2019-4064
@@ -23428,7 +23428,7 @@ CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight Log
CVE-2019-3478
RESERVED
CVE-2019-3477 (Micro Focus Solution Business Manager versions prior to 11.4.2 is susc ...)
- TODO: check
+ NOT-FOR-US: Micro Focus Solution Business Manager
CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, version ...)
NOT-FOR-US: Micro Focus Data Protector
CVE-2019-3475 (A local privilege escalation vulnerability in the famtd component of M ...)
@@ -27338,7 +27338,7 @@ CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the Page title, Meta descriptio
CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Vari ...)
NOT-FOR-US: FUEL CMS
CVE-2018-20135 (Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostnam ...)
- TODO: check
+ NOT-FOR-US: Samsung Galaxy Apps
CVE-2018-20134
RESERVED
CVE-2018-20133 (ymlref allows code injection. ...)
@@ -28667,7 +28667,7 @@ CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers
CVE-2018-19979
RESERVED
CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE configuration in ...)
- TODO: check
+ NOT-FOR-US: Auerswald COMfort
CVE-2018-19977 (A command injection (missing input validation, escaping) in the ftp up ...)
NOT-FOR-US: Auerswald COMfort
CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule is expose ...)
@@ -33609,15 +33609,15 @@ CVE-2018-19467
CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. Portainer stores ...)
NOT-FOR-US: Portainer
CVE-2018-19465 (Maccms through 8.0 allows XSS via the site_keywords field to index.php ...)
- TODO: check
+ NOT-FOR-US: Maccms
CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting. ...)
NOT-FOR-US: Discuz!
CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through ...)
NOT-FOR-US: Z-BlogPHP
CVE-2018-19462 (admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: EmpireCMS
CVE-2018-19461 (admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL ...)
- TODO: check
+ NOT-FOR-US: EmpireCMS
CVE-2018-19460
RESERVED
CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List ...)
@@ -33675,7 +33675,7 @@ CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file
CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IReader_Co ...)
TODO: check
CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader
CVE-2018-19450
RESERVED
CVE-2018-19449
@@ -71422,7 +71422,7 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and
CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
NOT-FOR-US: Zoho
CVE-2018-5798 (This CVE relates to an unspecified cross site scripting vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cloudera Manager
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
@@ -73008,9 +73008,9 @@ CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to
CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5265 (Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attacke ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti EdgeOS
CVE-2018-5264 (Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote att ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti UniFi 52 devices
CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0. ...)
NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f94a6ac77eb8e432b83deb978ab69983439ca969
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f94a6ac77eb8e432b83deb978ab69983439ca969
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190607/08492904/attachment.html>
More information about the debian-security-tracker-commits
mailing list