[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jun 19 09:40:16 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66ce8c52 by Salvatore Bonaccorso at 2019-06-19T08:39:41Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1860,7 +1860,7 @@ CVE-2019-12135 (An unspecified vulnerability in the application server in PaperC
 CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
 	NOT-FOR-US: Workday
 CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2019-12132
 	RESERVED
 CVE-2019-12131
@@ -6981,7 +6981,7 @@ CVE-2019-10087
 CVE-2019-10086
 	RESERVED
 CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...)
-	TODO: check
+	NOT-FOR-US: Apache Allura
 CVE-2019-10084
 	RESERVED
 CVE-2019-10083
@@ -20360,9 +20360,9 @@ CVE-2019-5018 (An exploitable use after free vulnerability exists in the window
 	[jessie] - sqlite3 <not-affected> (windowfuncs introduced in 3.25.0)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
 CVE-2019-5017 (An exploitable information disclosure vulnerability exists in the KCod ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2019-5016 (An exploitable arbitrary memory read vulnerability exists in the KCode ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS X vers ...)
 	NOT-FOR-US: Apple
 CVE-2019-5014 (An exploitable improper access control vulnerability exists in the blu ...)
@@ -22519,9 +22519,9 @@ CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains
 CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...)
 	NOT-FOR-US: Dameware Remote Mini Control
 CVE-2019-3954 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2019-3953 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2019-3952
 	RESERVED
 CVE-2019-3951
@@ -34122,19 +34122,19 @@ CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IRea
 CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2018-19450 (A command injection can occur for specially crafted PDF files in Foxit ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19449 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19448 (In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialize ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19447 (A stack-based buffer overflow can occur for specially crafted PDF file ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19446 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19445 (A command injection can occur for specially crafted PDF files in Foxit ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader_Conte ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader SDK
 CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
 	NOT-FOR-US: Neato Botvac Connected
 CVE-2018-19441
@@ -35946,17 +35946,17 @@ CVE-2018-18882 (A stored cross-site scripting (XSS) issue was discovered in Cont
 CVE-2018-18881 (A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M- ...)
 	NOT-FOR-US: ControlByWeb
 CVE-2018-18880 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a net ...)
-	TODO: check
+	NOT-FOR-US: Columbia Weather MicroServer
 CVE-2018-18879 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
-	TODO: check
+	NOT-FOR-US: Columbia Weather MicroServer
 CVE-2018-18878 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the B ...)
-	TODO: check
+	NOT-FOR-US: Columbia Weather MicroServer
 CVE-2018-18877 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
-	TODO: check
+	NOT-FOR-US: Columbia Weather MicroServer
 CVE-2018-18876 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a rea ...)
-	TODO: check
+	NOT-FOR-US: Columbia Weather MicroServer
 CVE-2018-18875 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a sto ...)
-	TODO: check
+	NOT-FOR-US: Columbia Weather MicroServer
 CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: nc-cms
 CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer dere ...)
@@ -112011,27 +112011,27 @@ CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity Govern
 CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote a ...)
 	NOT-FOR-US: CA Identity Manager
 CVE-2017-9392 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9391 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
 	NOT-FOR-US: Vera devices
 CVE-2017-9389 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
 	NOT-FOR-US: Vera devices
 CVE-2017-9387 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9386 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9385 (An issue was discovered on Vera Veralite 1.7.481 devices. The device h ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
 	NOT-FOR-US: Vera devices
 CVE-2017-9383 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9382 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
-	TODO: check
+	NOT-FOR-US: Vera
 CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
 	NOT-FOR-US: Vera devices
 CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66ce8c5236a522f48243fe7034ba514770cf5c21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66ce8c5236a522f48243fe7034ba514770cf5c21
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190619/d39bd4d4/attachment.html>

More information about the debian-security-tracker-commits mailing list