[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed May 1 21:21:10 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2f25a930 by Salvatore Bonaccorso at 2019-05-01T20:20:37Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2019-11643
CVE-2019-11642
RESERVED
CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerpri ...)
- TODO: check
+ NOT-FOR-US: Anomali Agave
CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...)
TODO: check
CVE-2019-11639 (An issue was discovered in GNU recutils 1.8. There is a stack-based bu ...)
@@ -21,9 +21,9 @@ CVE-2019-11635
CVE-2019-11634
RESERVED
CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers becaus ...)
- TODO: check
+ NOT-FOR-US: HoneyPress
CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2015-9287
RESERVED
CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated administrators to execute arb ...)
@@ -1662,11 +1662,11 @@ CVE-2019-10956
CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...)
NOT-FOR-US: Rockwell Automation
CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable ...)
NOT-FOR-US: Programmable Logic Controllers of various vendors
CVE-2019-10952 (An attacker could send a crafted HTTP/HTTPS request to render the web ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
NOT-FOR-US: Delta Electronics
CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
@@ -5676,7 +5676,7 @@ CVE-2019-9623 (Feng Office 3.7.0.5 allows remote attackers to execute arbitrary
CVE-2019-9622 (eBrigade through 4.5 allows Arbitrary File Download via ../ directory ...)
NOT-FOR-US: eBrigade
CVE-2019-9621 (Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 pa ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2019-9620
RESERVED
CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
@@ -13085,7 +13085,7 @@ CVE-2019-6564
CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5 ...)
NOT-FOR-US: Moxa
CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the softwa ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and EDS, wh ...)
NOT-FOR-US: Moxa
CVE-2019-6560
@@ -18388,7 +18388,7 @@ CVE-2019-4260
CVE-2019-4259
RESERVED
CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4257
RESERVED
CVE-2019-4256
@@ -42504,9 +42504,9 @@ CVE-2018-14933 (upgrade_handle.php on NUUO NVRmini devices allows Remote Command
CVE-2018-14932
RESERVED
CVE-2018-14931 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
- TODO: check
+ NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14930 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
- TODO: check
+ NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14929 (Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonst ...)
NOT-FOR-US: Metara
CVE-2018-14928 (/contingency/servlet/ServletFileDownload executes as root and provides ...)
@@ -42655,9 +42655,9 @@ CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp
- flif <removed>
NOTE: https://github.com/FLIF-hub/FLIF/issues/520
CVE-2018-14875 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
- TODO: check
+ NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14874 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
- TODO: check
+ NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14873 (An issue was discovered in Rincewind 0.1. There is a cross-site script ...)
NOT-FOR-US: Rincewind
CVE-2018-14872 (An issue was discovered in Rincewind 0.1. A reinstall vulnerability ex ...)
@@ -78956,7 +78956,7 @@ CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated us
CVE-2018-1934
RESERVED
CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability ...)
NOT-FOR-US: IBM
CVE-2018-1931
@@ -79606,7 +79606,7 @@ CVE-2018-1610 (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 thro
CVE-2018-1609
RESERVED
CVE-2018-1608 (IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weak ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
NOT-FOR-US: IBM
CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle Mana ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f25a930451a88f504813ce4b00e4b47406cd271
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f25a930451a88f504813ce4b00e4b47406cd271
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190501/a9121349/attachment.html>
More information about the debian-security-tracker-commits
mailing list