[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jun 17 21:39:33 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a0ccc13 by Salvatore Bonaccorso at 2019-06-17T20:38:49Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -197,7 +197,7 @@ CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer over-read
 	[jessie] - radare2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/radare/radare2/issues/14211
 CVE-2019-12789 (An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, ...)
-	TODO: check
+	NOT-FOR-US: Actiontec devices
 CVE-2019-12788 (An issue was discovered in Photodex ProShow Producer v9.0.3797 (an app ...)
 	NOT-FOR-US: Photodex ProShow Producer
 CVE-2019-12787 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...)
@@ -709,9 +709,9 @@ CVE-2019-12552
 CVE-2019-12551
 	RESERVED
 CVE-2019-12550 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...)
-	TODO: check
+	NOT-FOR-US: WAGO devices
 CVE-2019-12549 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...)
-	TODO: check
+	NOT-FOR-US: WAGO devices
 CVE-2019-12548 (Bludit before 3.9.0 allows remote code execution for an authenticated  ...)
 	NOT-FOR-US: bludit
 CVE-2019-12547
@@ -871,7 +871,7 @@ CVE-2019-12478
 CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
 	NOT-FOR-US: Supra Smart Cloud TV
 CVE-2019-12476 (An authentication bypass vulnerability in the password reset functiona ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-12475
 	RESERVED
 CVE-2019-12474
@@ -1699,7 +1699,7 @@ CVE-2019-12183
 CVE-2019-12182
 	RESERVED
 CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-12180
 	RESERVED
 CVE-2019-12179
@@ -3616,13 +3616,13 @@ CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixe
 CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC controll ...)
 	NOT-FOR-US: OpenPLC
 CVE-2019-11410 (app/backup/index.php in the Backup Module in FreePBX 4.4.3 suffers fro ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FreePBX 4. ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel module i ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in FreeP ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, o ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2019-11405 (OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses  ...)
@@ -13927,7 +13927,7 @@ CVE-2019-7581 (The parseSWF_ACTIONRECORD function in util/parser.c in libming th
 CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP c ...)
 	NOT-FOR-US: ThinkCMF
 CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
 	{DLA-1714-1 DLA-1713-1}
 	- libsdl1.2 <unfixed> (bug #924609)
@@ -14756,7 +14756,7 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free bec
 CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The us ...)
 	NOT-FOR-US: CSS-TRICKS Chat2
 CVE-2019-7315 (Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices  ...)
-	TODO: check
+	NOT-FOR-US: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices
 CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the termination o ...)
 	{DSA-4408-1 DLA-1690-1}
 	[experimental] - liblivemedia 2019.02.03-1
@@ -15145,7 +15145,7 @@ CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory
 CVE-2019-7159
 	RESERVED
 CVE-2019-7158 (OX App Suite 7.10.0 and earlier has Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange App Suite
 CVE-2019-7157
 	RESERVED
 CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows divi ...)
@@ -17150,15 +17150,15 @@ CVE-2019-6329
 CVE-2019-6328
 	RESERVED
 CVE-2019-6327 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-6326 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-6325 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-6324 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-6323 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-6322 (HP has identified a security vulnerability with some versions of Works ...)
 	NOT-FOR-US: HP
 CVE-2019-6321 (HP has identified a security vulnerability with some versions of Works ...)
@@ -24474,15 +24474,15 @@ CVE-2018-20474
 CVE-2018-20473
 	RESERVED
 CVE-2018-20472 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The  ...)
-	TODO: check
+	NOT-FOR-US: Tyto Sahi Pro
 CVE-2018-20471
 	RESERVED
 CVE-2018-20470 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A di ...)
-	TODO: check
+	NOT-FOR-US: Tyto Sahi Pro
 CVE-2018-20469 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A pa ...)
-	TODO: check
+	NOT-FOR-US: Tyto Sahi Pro
 CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A we ...)
-	TODO: check
+	NOT-FOR-US: Tyto Sahi Pro
 CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...)
 	- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
 	[stretch] - imagemagick <ignored> (Minor issue)
@@ -58976,7 +58976,7 @@ CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 15
 CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a ...)
 	NOT-FOR-US: SolarWinds Serv-U
 CVE-2018-10239 (A privilege escalation vulnerability in the "support access" feature o ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in B ...)
 	NOT-FOR-US: skarg BACnet Protocol Stack
 CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before 2 ...)
@@ -111960,11 +111960,11 @@ CVE-2017-9392
 CVE-2017-9391
 	RESERVED
 CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera devices
 CVE-2017-9389
 	RESERVED
 CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera devices
 CVE-2017-9387
 	RESERVED
 CVE-2017-9386
@@ -111972,13 +111972,13 @@ CVE-2017-9386
 CVE-2017-9385
 	RESERVED
 CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera devices
 CVE-2017-9383
 	RESERVED
 CVE-2017-9382
 	RESERVED
 CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera devices
 CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of  ...)
 	NOT-FOR-US: OpenEMR
 CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear p ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0ccc13dd63a66e4c1fd555087cb5d084099626

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0ccc13dd63a66e4c1fd555087cb5d084099626
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190617/c67bca21/attachment.html>

More information about the debian-security-tracker-commits mailing list