[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jun 29 18:47:01 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc6faeb9 by Salvatore Bonaccorso at 2019-06-29T17:46:13Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72,7 +72,7 @@ CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privilege
 CVE-2019-12996
 	RESERVED
 CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2019-12994
 	RESERVED
 CVE-2019-12993
@@ -147,7 +147,7 @@ CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugi
 CVE-2019-12967
 	RESERVED
 CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution during a J ...)
-	TODO: check
+	NOT-FOR-US: FeHelper
 CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...)
 	TODO: check
 CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...)
@@ -8740,7 +8740,7 @@ CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for D
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66
 CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD)  ...)
-	TODO: check
+	NOT-FOR-US: AMD Secure Encrypted Virtualization (SEV)
 CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set L ...)
 	NOT-FOR-US: Fujitsu Wireless Keyboard Set LX901 GK900 devices
 CVE-2019-9834 (The Netdata web application through 1.13.0 allows remote attackers to  ...)
@@ -10947,7 +10947,7 @@ CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_t
 CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via th ...)
 	NOT-FOR-US: S-CMS
 CVE-2019-9039 (The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Serve ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Sync Gateway
 CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
 	- libmatio 1.5.13-2 (low; bug #924185)
 	[stretch] - libmatio <no-dsa> (Minor issue)
@@ -23886,7 +23886,7 @@ CVE-2019-3634
 CVE-2019-3633
 	RESERVED
 CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security Manage ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3631 (Command Injection vulnerability in McAfee Enterprise Security Manager  ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3630 (Command Injection vulnerability in McAfee Enterprise Security Manager  ...)
@@ -36183,7 +36183,7 @@ CVE-2018-18960 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3,
 CVE-2018-18959 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51 ...)
 	NOT-FOR-US: Epson
 CVE-2018-18958 (OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffe ...)
 	NOT-FOR-US: libIEC61850
 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x b ...)
@@ -39867,7 +39867,7 @@ CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status
 CVE-2018-17561
 	RESERVED
 CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1. ...)
-	TODO: check
+	NOT-FOR-US: Grouptime Teamwire Client
 CVE-2018-17559
 	RESERVED
 CVE-2018-17558
@@ -40871,7 +40871,7 @@ CVE-2018-17172 (The web application on Xerox AltaLink B80xx before 100.008.028.0
 CVE-2018-17171
 	RESERVED
 CVE-2018-17170 (Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allo ...)
-	TODO: check
+	NOT-FOR-US: Grouptime Teamwire Desktop Client
 CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4  ...)
 	NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
@@ -44372,7 +44372,7 @@ CVE-2018-15869 (An Amazon Web Services (AWS) developer who does not specify the
 	NOTE: https://github.com/hashicorp/packer/issues/6584
 	NOTE: https://github.com/aws/aws-cli/issues/3629
 CVE-2018-15868 (SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: ChronoScan
 CVE-2018-15867
 	RESERVED
 CVE-2018-15866
@@ -45242,11 +45242,11 @@ CVE-2018-15559 (The editor in Xiuno BBS 4.0.4 allows stored XSS. ...)
 CVE-2018-15558
 	RESERVED
 CVE-2018-15557 (An issue was discovered in the Quantenna WiFi Controller on Telus Acti ...)
-	TODO: check
+	NOT-FOR-US: Telus Actiontec WEB6000Q devices
 CVE-2018-15556 (The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 a ...)
-	TODO: check
+	NOT-FOR-US: Telus Actiontec WEB6000Q devices
 CVE-2018-15555 (On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login  ...)
-	TODO: check
+	NOT-FOR-US: Telus Actiontec WEB6000Q devices
 CVE-2018-15554
 	RESERVED
 CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allo ...)
@@ -45317,9 +45317,9 @@ CVE-2018-15522
 CVE-2018-15521
 	RESERVED
 CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). ...)
-	TODO: check
+	NOT-FOR-US: Lexmark devices
 CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). ...)
-	TODO: check
+	NOT-FOR-US: Lexmark devices
 CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...)
 	{DSA-4374-1 DLA-1786-1 DLA-1627-1}
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
@@ -46613,13 +46613,13 @@ CVE-2018-14921
 CVE-2018-14920
 	RESERVED
 CVE-2018-14919 (LOYTEC LGATE-902 6.3.2 devices allow XSS. ...)
-	TODO: check
+	NOT-FOR-US: LOYTEC LGATE-902 devices
 CVE-2018-14918 (LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: LOYTEC LGATE-902 devices
 CVE-2018-14917
 	REJECTED
 CVE-2018-14916 (LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. ...)
-	TODO: check
+	NOT-FOR-US: LOYTEC LGATE-902 devices
 CVE-2018-14915
 	REJECTED
 CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a Buffer Overflo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc6faeb9e1c800d553df325fd5590030c521749f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc6faeb9e1c800d553df325fd5590030c521749f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190629/8cdff848/attachment.html>

More information about the debian-security-tracker-commits mailing list