[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu May 9 21:27:15 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46734a47 by Moritz Muehlenhoff at 2019-05-09T20:26:56Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,13 +11,13 @@ CVE-2019-11841
 CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
 	TODO: check
 CVE-2019-11839 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in  ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2019-11838 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in  ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2019-11837 (njs through 0.3.1, used in NGINX, has a segmentation fault in String.p ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2019-11836 (The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android ...)
-	TODO: check
+	NOT-FOR-US: Rediffmail
 CVE-2019-11842 (An issue was discovered in Matrix Sydent before 1.0.3 and Synapse befo ...)
 	- matrix-synapse 0.99.2-5
 	NOTE: https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a/
@@ -660,13 +660,13 @@ CVE-2019-11566
 CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog plugin  ...)
 	NOT-FOR-US: Print My Blog plugin for WordPress
 CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows rem ...)
-	TODO: check
+	NOT-FOR-US: HumHub
 CVE-2019-11563
 	RESERVED
 CVE-2019-11562
 	RESERVED
 CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...)
-	TODO: check
+	NOT-FOR-US: Chuango
 CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...)
 	NOT-FOR-US: hisilicon
 CVE-2019-11559
@@ -686,7 +686,7 @@ CVE-2019-11552
 CVE-2019-11551
 	RESERVED
 CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly]
 	RESERVED
 	- gitlab 11.8.9+dfsg-1 (bug #928221)
@@ -1198,7 +1198,7 @@ CVE-2019-11355
 CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...)
 	NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows
 CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker  ...)
-	TODO: check
+	NOT-FOR-US: EnGenius EWS660AP
 CVE-2019-11352
 	RESERVED
 CVE-2019-11351 (TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt ...)
@@ -6480,7 +6480,7 @@ CVE-2019-9507
 CVE-2019-9506
 	RESERVED
 CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and includi ...)
-	TODO: check
+	NOT-FOR-US: PrinterLogic Print Management
 CVE-2019-9504
 	RESERVED
 CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
@@ -9313,7 +9313,7 @@ CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 c
 CVE-2019-8350
 	RESERVED
 CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 all ...)
-	TODO: check
+	NOT-FOR-US: HTMLy
 CVE-2019-8348
 	RESERVED
 CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via ...)
@@ -12182,7 +12182,7 @@ CVE-2019-7183
 CVE-2019-7182
 	RESERVED
 CVE-2019-7181 (Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and ea ...)
-	TODO: check
+	NOT-FOR-US: myQNAPcloud Connect
 CVE-2019-7180
 	RESERVED
 CVE-2019-7179
@@ -13606,11 +13606,11 @@ CVE-2019-6568 (A vulnerability has been identified in CP1604 (All versions), CP1
 CVE-2019-6567
 	RESERVED
 CVE-2019-6566 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...)
-	TODO: check
+	NOT-FOR-US: GE Communicator
 CVE-2019-6565 (Moxa IKS and EDS fails to properly validate user input, giving unauthe ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6564 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...)
-	TODO: check
+	NOT-FOR-US: GE Communicator
 CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5  ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the softwa ...)
@@ -13642,15 +13642,15 @@ CVE-2019-6550 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple sta
 CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a XML file ...)
 	NOT-FOR-US: PR100088 Modbus
 CVE-2019-6548 (GE Communicator, all versions prior to 4.0.517, contains two backdoor  ...)
-	TODO: check
+	NOT-FOR-US: GE Communicator
 CVE-2019-6547 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
 	NOT-FOR-US: Delta Industrial Automation CNCSoft
 CVE-2019-6546 (GE Communicator, all versions prior to 4.0.517, allows an attacker to  ...)
-	TODO: check
+	NOT-FOR-US: GE Communicator
 CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
 	NOT-FOR-US: AVEVA
 CVE-2019-6544 (GE Communicator, all versions prior to 4.0.517, has a service running  ...)
-	TODO: check
+	NOT-FOR-US: GE Communicator
 CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
 	NOT-FOR-US: AVEVA
 CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior t ...)
@@ -19297,9 +19297,9 @@ CVE-2019-4074 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1
 CVE-2019-4073 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
 	NOT-FOR-US: IBM
 CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4070
 	RESERVED
 CVE-2019-4069



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46734a47369dd6bdca034d23dfca47d4a14cf7e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46734a47369dd6bdca034d23dfca47d4a14cf7e6
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190509/97fbdd83/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list