[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jun 8 09:46:25 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dec6ed0 by Salvatore Bonaccorso at 2019-06-08T08:45:51Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -564,11 +564,11 @@ CVE-2019-12508
 CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative Path) thr ...)
 	NOT-FOR-US: Relative Path PHP library
 CVE-2019-12506 (Due to unencrypted and unauthenticated data communication, the wireles ...)
-	TODO: check
+	NOT-FOR-US: Logitech
 CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the wireles ...)
-	TODO: check
+	NOT-FOR-US: Inateck
 CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the wireles ...)
-	TODO: check
+	NOT-FOR-US: Inateck
 CVE-2019-12503
 	RESERVED
 CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...)
@@ -4674,7 +4674,7 @@ CVE-2019-10885 (An issue was discovered in Ivanti Workspace Control before 10.3.
 CVE-2019-10884 (Uniqkey Password Manager 1.14 contains a vulnerability because it fail ...)
 	NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10883 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center  ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2019-10882
 	RESERVED
 CVE-2019-10881
@@ -8452,13 +8452,13 @@ CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 a
 CVE-2019-9674
 	RESERVED
 CVE-2019-9673 (Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript e ...)
-	TODO: check
+	NOT-FOR-US: Freenet
 CVE-2019-9672
 	RESERVED
 CVE-2019-9671
 	RESERVED
 CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before  ...)
-	TODO: check
+	NOT-FOR-US: Synacor Zimbra Collaboration Suite
 CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...)
 	NOT-FOR-US: Wordfence plugin for WordPress
 CVE-2019-9668
@@ -8835,7 +8835,7 @@ CVE-2019-1002100 (In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.1
 	NOTE: https://github.com/kubernetes/kubernetes/issues/74534
 	NOTE: https://github.com/kubernetes/kubernetes/pull/74000
 CVE-2019-9548 (Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33  ...)
-	TODO: check
+	NOT-FOR-US: Citrix Application Delivery Management
 CVE-2019-9547 (In Storage Performance Development Kit (SPDK) before 19.01, a maliciou ...)
 	NOT-FOR-US: Storage Performance Development Kit (SPDK)
 CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege esca ...)
@@ -15777,9 +15777,9 @@ CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary c
 CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: GameServiceReceiver update mechanism as used in Samsung Galaxy S9
 CVE-2019-6741 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2019-6740 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2019-6739 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Malwarebytes Antimalware
 CVE-2019-6738 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -16212,11 +16212,11 @@ CVE-2019-6534 (The uncontrolled search path element vulnerability in Gemalto Sen
 CVE-2019-6533 (Registers used to store Modbus values can be read and written from the ...)
 	NOT-FOR-US: PR100088 Modbus
 CVE-2019-6532 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created  ...)
-	TODO: check
+	NOT-FOR-US: Panasonic
 CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request from the  ...)
 	NOT-FOR-US: Kunbus
 CVE-2019-6530 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created  ...)
-	TODO: check
+	NOT-FOR-US: Panasonic
 CVE-2019-6529
 	RESERVED
 CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit fa ...)
@@ -22098,11 +22098,11 @@ CVE-2019-3959
 CVE-2019-3958
 	RESERVED
 CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
-	TODO: check
+	NOT-FOR-US: Dameware Remote Mini Control
 CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
-	TODO: check
+	NOT-FOR-US: Dameware Remote Mini Control
 CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...)
-	TODO: check
+	NOT-FOR-US: Dameware Remote Mini Control
 CVE-2019-3954
 	RESERVED
 CVE-2019-3953
@@ -27491,7 +27491,7 @@ CVE-2018-20093
 CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory trav ...)
 	NOT-FOR-US: PTC ThingWorx Platform
 CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...)
-	TODO: check
+	NOT-FOR-US: Cloudera Data Science Workbench
 CVE-2018-20090
 	RESERVED
 CVE-2018-20089
@@ -28631,7 +28631,7 @@ CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the range_
 CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstr ...)
 	NOT-FOR-US: Apereo Bedework bw-webdav
 CVE-2018-19999 (The local management interface in SolarWinds Serv-U FTP Server 15.1.6. ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...)
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
@@ -33692,7 +33692,7 @@ CVE-2018-19454
 CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
 	NOT-FOR-US: Kentico CMS
 CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IReader_Co ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2018-19450
@@ -36130,7 +36130,7 @@ CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x8
 	[jessie] - xen <not-affected> (Only affects 4.9 and later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
 CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 befo ...)
-	TODO: check
+	NOT-FOR-US: Synacor Zimbra Collaboration Suite
 CVE-2018-18630
 	RESERVED
 CVE-2018-18629 (An issue was discovered in the Keybase command-line client before 2.8. ...)
@@ -57445,33 +57445,33 @@ CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), a
 CVE-2018-10704
 	RESERVED
 CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10701 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10700 (An issue was discovered on Moxa AWK-3121 1.19 devices. It provides fun ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10699 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10698 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device enab ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10697 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10696 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10695 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ale ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10694 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10693 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides pin ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10692 (An issue was discovered on Moxa AWK-3121 1.14 devices. The session coo ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10691 (An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended  ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10690 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device by d ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel a ...)
 	- blktrace 1.2.0-1 (low; bug #897695)
 	[stretch] - blktrace 1.1.0-2+deb9u1
@@ -70017,7 +70017,7 @@ CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vu
 CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via ...)
 	NOT-FOR-US: Citrix NetScaler VPX
 CVE-2018-6185 (In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ...)
-	TODO: check
+	NOT-FOR-US: Cloudera Navigator Key Trustee KMS
 CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next r ...)
 	NOT-FOR-US: ZEIT Next.js
 CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dec6ed0ff9c70c43dfc8ad4eae826db90c112f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dec6ed0ff9c70c43dfc8ad4eae826db90c112f2
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190608/5d806c2a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list