[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed May 15 21:39:35 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f85b871 by Salvatore Bonaccorso at 2019-05-15T20:38:11Z
Process some NFUs

- - - - -
1488902d by Salvatore Bonaccorso at 2019-05-15T20:39:20Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2030,7 +2030,7 @@ CVE-2019-11226
 CVE-2019-11225
 	RESERVED
 CVE-2019-11224 (HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. ...)
-	TODO: check
+	NOT-FOR-US: HARMAN AMX MVP5150 devices
 CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy plugin t ...)
 	NOT-FOR-US: SupportCandy plugin for WordPress
 CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
@@ -8608,7 +8608,7 @@ CVE-2019-8925
 CVE-2019-8924
 	RESERVED
 CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...)
-	TODO: check
+	NOT-FOR-US: XAMPP
 CVE-2019-8922
 	RESERVED
 CVE-2019-8921
@@ -16910,7 +16910,7 @@ CVE-2019-5528
 CVE-2019-5527
 	RESERVED
 CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2019-5525
 	RESERVED
 CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6 ...)
@@ -20822,13 +20822,13 @@ CVE-2019-3729
 CVE-2019-3728
 	RESERVED
 CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs ...)
-	TODO: check
+	NOT-FOR-US: Dell EMC RecoverPoint
 CVE-2019-3726
 	RESERVED
 CVE-2019-3725 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security An ...)
-	TODO: check
+	NOT-FOR-US: RSA Netwitness Platform
 CVE-2019-3724 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security An ...)
-	TODO: check
+	NOT-FOR-US: RSA Netwitness Platform
 CVE-2019-3723
 	RESERVED
 CVE-2019-3722
@@ -21076,7 +21076,7 @@ CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (le
 CVE-2019-3603
 	RESERVED
 CVE-2019-3602 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3601
 	RESERVED
 CVE-2019-3600
@@ -21108,7 +21108,7 @@ CVE-2019-3588
 CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint Securi ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3585
 	RESERVED
 CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in Mc ...)
@@ -27229,7 +27229,7 @@ CVE-2019-1769
 CVE-2019-1768
 	RESERVED
 CVE-2019-1767 (Multiple vulnerabilities in the implementation of a specific CLI comma ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1766 (A vulnerability in the web-based management interface of Session Initi ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1765 (A vulnerability in the web-based management interface of Session Initi ...)
@@ -27293,25 +27293,25 @@ CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement (
 CVE-2019-1736
 	RESERVED
 CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1734
 	RESERVED
 CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX- ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1731 (A vulnerability in the SSH CLI key management functionality of Cisco N ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1730 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1729 (A vulnerability in the CLI implementation of a specific command used f ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1728 (A vulnerability in the Secure Configuration Validation functionality o ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1727 (A vulnerability in the Python scripting subsystem of Cisco NX-OS Softw ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1726 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1725 (A vulnerability in the local management CLI implementation for specifi ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1724 (A vulnerability in the session management functionality of the web-bas ...)
@@ -27329,7 +27329,7 @@ CVE-2019-1719 (A vulnerability in the web-based guest portal of Cisco Identity S
 CVE-2019-1718 (A vulnerability in the web interface of Cisco Identity Services Engine ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1717 (A vulnerability in the web-based management interface of Cisco Video S ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1716 (A vulnerability in the web-based management interface of Session Initi ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1715 (A vulnerability in the Deterministic Random Bit Generator (DRBG), also ...)
@@ -58740,7 +58740,7 @@ CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote
 CVE-2016-10720
 	RESERVED
 CVE-2016-10719 (TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by t ...)
 	NOT-FOR-US: Coremail XT3.0
 CVE-2018-9329
@@ -59880,7 +59880,7 @@ CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in
 CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmware EU  ...)
 	NOT-FOR-US: D-Link
 CVE-2018-8940 (ClientServiceConfigController.cs in Enghouse Cloud Contact Center Plat ...)
-	TODO: check
+	NOT-FOR-US: Enghouse Cloud Contact Center Platform
 CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold bef ...)
 	NOT-FOR-US: Ipswitch
 CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswi ...)
@@ -74030,19 +74030,19 @@ CVE-2018-4031
 CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function of the  ...)
 	NOT-FOR-US: CUJO Smart Firewall
 CVE-2018-4029 (An exploitable code execution vulnerability exists in the HTTP request ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4028 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4027 (An exploitable denial-of-service vulnerability exists in the XML_Uploa ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4026 (An exploitable denial-of-service vulnerability exists in the XML_GetSc ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4025 (An exploitable denial-of-service vulnerability exists in the XML_GetRa ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4024 (An exploitable denial-of-service vulnerability exists in the thumbnail ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4023 (An exploitable code execution vulnerability exists in the XML_UploadFi ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v2 ...)
 	- mkvtoolnix 28.2.0-1
 	[stretch] - mkvtoolnix <not-affected> (Vulnerable code introduced later)
@@ -74056,15 +74056,15 @@ CVE-2018-4020 (An exploitable command injection vulnerability exists in the way
 CVE-2018-4019 (An exploitable command injection vulnerability exists in the way Netga ...)
 	NOT-FOR-US: pfSense
 CVE-2018-4018 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
-	TODO: check
+	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
 CVE-2018-4017 (An exploitable vulnerability exists in the Wi-Fi Access Point feature  ...)
-	TODO: check
+	NOT-FOR-US: Roav A1 Dashcam
 CVE-2018-4016 (An exploitable code execution vulnerability exists in the URL-parsing  ...)
-	TODO: check
+	NOT-FOR-US: Roav A1 Dashcam
 CVE-2018-4015 (An exploitable vulnerability exists in the HTTP client functionality o ...)
 	NOT-FOR-US: Webroot BrightCloud SDK
 CVE-2018-4014 (An exploitable code execution vulnerability exists in Wi-Fi Command 99 ...)
-	TODO: check
+	NOT-FOR-US: Roav A1 Dashcam
 CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP packet- ...)
 	{DSA-4343-1 DLA-1582-1}
 	- liblivemedia 2018.10.17-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/10ee5f5ab11e7fcf9e863f32896f8b7543397ec9...1488902d8c4cd0b3eadb27ca06ffc725264fcde6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/10ee5f5ab11e7fcf9e863f32896f8b7543397ec9...1488902d8c4cd0b3eadb27ca06ffc725264fcde6
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190515/6cd6f317/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list