[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jun 25 08:43:36 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b2818f5 by Salvatore Bonaccorso at 2019-06-25T07:43:09Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML names
 	NOTE: https://github.com/libexpat/libexpat/pull/262
 	NOTE: https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
 CVE-2019-12937 (apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: gsudo in ToaruOS
 CVE-2019-12936 (BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for ...)
 	NOT-FOR-US: BlueStacks App Player
 CVE-2019-12934
@@ -1507,7 +1507,7 @@ CVE-2019-12325
 CVE-2019-12324
 	RESERVED
 CVE-2019-12323 (The HC.Server service in Hosting Controller HC10 10.14 allows an Inval ...)
-	TODO: check
+	NOT-FOR-US: Hosting Controller HC10
 CVE-2019-12322
 	RESERVED
 CVE-2019-12321
@@ -1612,7 +1612,7 @@ CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-rea
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c
 CVE-2019-12292 (Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Citrix AppDNA
 CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...)
 	NOT-FOR-US: HashiCorp Consul
 CVE-2019-12290
@@ -7361,7 +7361,7 @@ CVE-2019-10030
 CVE-2019-10029
 	RESERVED
 CVE-2019-10028 (Denial of Service (DOS) in Dial Reference Source Code Used before June ...)
-	TODO: check
+	NOT-FOR-US: Dial Reference Source Code Repo
 CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field  ...)
 	NOT-FOR-US: PHPCMS
 CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
@@ -7505,9 +7505,9 @@ CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.
 CVE-2019-9959
 	RESERVED
 CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 u ...)
-	TODO: check
+	NOT-FOR-US: Quadbase EspressReport ES (ERES)
 CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allow ...)
-	TODO: check
+	NOT-FOR-US: Quadbase EspressReport ES (ERES)
 CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in ...)
 	{DSA-4436-1 DLA-1785-1}
 	- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #925395)
@@ -15273,13 +15273,13 @@ CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL poi
 	NOTE: https://github.com/uvoteam/libdoc/issues/6
 	NOTE: Crash in CLI tool, no security impact
 CVE-2019-7232 (The ABB IDAL HTTP server is vulnerable to a buffer overflow when a lon ...)
-	TODO: check
+	NOT-FOR-US: ABB IDAL HTTP server
 CVE-2019-7231
 	RESERVED
 CVE-2019-7230 (The ABB IDAL FTP server mishandles format strings in a username during ...)
-	TODO: check
+	NOT-FOR-US: ABB IDAL FTP server
 CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to upgrade i ...)
-	TODO: check
+	NOT-FOR-US: ABB CP635 HMI
 CVE-2019-7228
 	RESERVED
 CVE-2019-7227
@@ -35521,7 +35521,7 @@ CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain in
 CVE-2018-19147
 	RESERVED
 CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by ...)
-	TODO: check
+	NOT-FOR-US: Concrete5
 CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS vulnerability i ...)
 	NOT-FOR-US: S-CMS
 CVE-2018-19144
@@ -40740,11 +40740,11 @@ CVE-2018-17150
 CVE-2018-17149
 	RESERVED
 CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to credential di ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2018-17147
 	RESERVED
 CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4  ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2018-17145
 	RESERVED
 CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x be ...)
@@ -44516,23 +44516,23 @@ CVE-2018-15739
 CVE-2018-15738
 	RESERVED
 CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15735 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15734 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15733 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15732 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15731 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15730 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15729 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
-	TODO: check
+	NOT-FOR-US: STOPzilla
 CVE-2018-15728 (An issue was discovered in Couchbase Server. Authenticated users can s ...)
 	NOT-FOR-US: Couchbase
 CVE-2018-15727 (Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows aut ...)
@@ -78115,7 +78115,7 @@ CVE-2017-1000411 (OpenFlow Plugin and OpenDayLight Controller versions Nitrogen,
 CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attackers to e ...)
 	NOT-FOR-US: Handy Password
 CVE-2017-17945 (The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing  ...)
-	TODO: check
+	NOT-FOR-US: ASUS HiVivo
 CVE-2017-17944 (The ASUS Vivobaby application before 1.1.09 for Android has Missing SS ...)
 	NOT-FOR-US: ASUS Vivobaby application
 CVE-2017-17943



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2818f5e9d680554dffabdc5eea707a95c74254

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2818f5e9d680554dffabdc5eea707a95c74254
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190625/15f32de3/attachment.html>

More information about the debian-security-tracker-commits mailing list