[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed May 1 21:21:10 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f25a930 by Salvatore Bonaccorso at 2019-05-01T20:20:37Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2019-11643
 CVE-2019-11642
 	RESERVED
 CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerpri ...)
-	TODO: check
+	NOT-FOR-US: Anomali Agave
 CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...)
 	TODO: check
 CVE-2019-11639 (An issue was discovered in GNU recutils 1.8. There is a stack-based bu ...)
@@ -21,9 +21,9 @@ CVE-2019-11635
 CVE-2019-11634
 	RESERVED
 CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers becaus ...)
-	TODO: check
+	NOT-FOR-US: HoneyPress
 CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2015-9287
 	RESERVED
 CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated administrators to execute arb ...)
@@ -1662,11 +1662,11 @@ CVE-2019-10956
 CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable ...)
 	NOT-FOR-US: Programmable Logic Controllers of various vendors
 CVE-2019-10952 (An attacker could send a crafted HTTP/HTTPS request to render the web  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
@@ -5676,7 +5676,7 @@ CVE-2019-9623 (Feng Office 3.7.0.5 allows remote attackers to execute arbitrary
 CVE-2019-9622 (eBrigade through 4.5 allows Arbitrary File Download via ../ directory  ...)
 	NOT-FOR-US: eBrigade
 CVE-2019-9621 (Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 pa ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2019-9620
 	RESERVED
 CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
@@ -13085,7 +13085,7 @@ CVE-2019-6564
 CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5  ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the softwa ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and EDS, wh ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6560
@@ -18388,7 +18388,7 @@ CVE-2019-4260
 CVE-2019-4259
 	RESERVED
 CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4257
 	RESERVED
 CVE-2019-4256
@@ -42504,9 +42504,9 @@ CVE-2018-14933 (upgrade_handle.php on NUUO NVRmini devices allows Remote Command
 CVE-2018-14932
 	RESERVED
 CVE-2018-14931 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
-	TODO: check
+	NOT-FOR-US: Polaris FT Intellect Core Banking
 CVE-2018-14930 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
-	TODO: check
+	NOT-FOR-US: Polaris FT Intellect Core Banking
 CVE-2018-14929 (Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonst ...)
 	NOT-FOR-US: Metara
 CVE-2018-14928 (/contingency/servlet/ServletFileDownload executes as root and provides ...)
@@ -42655,9 +42655,9 @@ CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp
 	- flif <removed>
 	NOTE: https://github.com/FLIF-hub/FLIF/issues/520
 CVE-2018-14875 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
-	TODO: check
+	NOT-FOR-US: Polaris FT Intellect Core Banking
 CVE-2018-14874 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
-	TODO: check
+	NOT-FOR-US: Polaris FT Intellect Core Banking
 CVE-2018-14873 (An issue was discovered in Rincewind 0.1. There is a cross-site script ...)
 	NOT-FOR-US: Rincewind
 CVE-2018-14872 (An issue was discovered in Rincewind 0.1. A reinstall vulnerability ex ...)
@@ -78956,7 +78956,7 @@ CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated us
 CVE-2018-1934
 	RESERVED
 CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site s ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability ...)
 	NOT-FOR-US: IBM
 CVE-2018-1931
@@ -79606,7 +79606,7 @@ CVE-2018-1610 (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 thro
 CVE-2018-1609
 	RESERVED
 CVE-2018-1608 (IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weak ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
 	NOT-FOR-US: IBM
 CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle Mana ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f25a930451a88f504813ce4b00e4b47406cd271

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f25a930451a88f504813ce4b00e4b47406cd271
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190501/a9121349/attachment.html>

More information about the debian-security-tracker-commits mailing list