[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri May 10 22:43:01 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38741432 by Salvatore Bonaccorso at 2019-05-10T21:42:43Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2019-11880
 CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...)
 	TODO: check
 CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...)
-	TODO: check
+	NOT-FOR-US: XiongMai Besder IP20H1 cameras
 CVE-2019-11877
 	RESERVED
 CVE-2019-11876
@@ -740,7 +740,7 @@ CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog p
 CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows rem ...)
 	NOT-FOR-US: HumHub
 CVE-2019-11563 (Shenzhen Sricctv DeviceViewer for XP has a Buffer Overflow via the use ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Sricctv DeviceViewer for XP
 CVE-2019-11562
 	RESERVED
 CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...)
@@ -1869,7 +1869,7 @@ CVE-2019-11084 (GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly an
 CVE-2019-11083
 	RESERVED
 CVE-2019-11082 (core/api/datasets/internal/actions/Explode.java in the Dataset API in  ...)
-	TODO: check
+	NOT-FOR-US: DKPro Core
 CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.2 and pos ...)
 	NOT-FOR-US: Dentsply Sirona Sidexis
 CVE-2019-11080
@@ -19120,7 +19120,7 @@ CVE-2019-4206
 CVE-2019-4205
 	RESERVED
 CVE-2019-4204 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to  ...)
@@ -26505,7 +26505,7 @@ CVE-2019-1869
 CVE-2019-1868
 	RESERVED
 CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services Controller ( ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1866
 	RESERVED
 CVE-2019-1865
@@ -64581,9 +64581,9 @@ CVE-2018-7122
 CVE-2018-7121
 	RESERVED
 CVE-2018-7120 (A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Chan ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7119 (A Local Disclosure of Sensitive Information vulnerability was identifi ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7118 (A local access restriction bypass vulnerability was identified in HPE  ...)
 	NOT-FOR-US: HPE Service Pack for ProLiant (SPP) Bundled Software
 CVE-2018-7117 (A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerab ...)
@@ -64653,11 +64653,11 @@ CVE-2018-7086
 CVE-2018-7085
 	RESERVED
 CVE-2018-7084 (A command injection vulnerability is present that permits an unauthent ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave behind ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7081
 	RESERVED
 CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
@@ -64693,7 +64693,7 @@ CVE-2018-7066 (An unauthenticated remote command execution exists in Aruba Clear
 CVE-2018-7065 (An authenticated SQL injection vulnerability in Aruba ClearPass Policy ...)
 	NOT-FOR-US: Aruba
 CVE-2018-7064 (A reflected cross-site scripting (XSS) vulnerability is present in an  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write o ...)
 	NOT-FOR-US: Aruba
 CVE-2018-7062
@@ -79517,7 +79517,7 @@ CVE-2018-1992 (The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloade
 CVE-2018-1991
 	RESERVED
 CVE-2018-1990 (IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could all ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1989
 	RESERVED
 CVE-2018-1988
@@ -79917,7 +79917,7 @@ CVE-2018-1792 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.
 CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service ...)
 	NOT-FOR-US: IBM
 CVE-2018-1790 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to ...)
 	NOT-FOR-US: IBM
 CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitiv ...)
@@ -99087,7 +99087,7 @@ CVE-2017-12791 (Directory traversal vulnerability in minion id validation in Sal
 CVE-2017-12790 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The  ...)
 	NOT-FOR-US: Metinfo
 CVE-2017-12789 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The  ...)
-	TODO: check
+	NOT-FOR-US: Metinfo
 CVE-2017-12788 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
 	NOT-FOR-US: Metinfo
 CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, includ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3874143247513c1ea8a6fdffed8f70cac08b8a3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3874143247513c1ea8a6fdffed8f70cac08b8a3d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190510/190068a8/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list