[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Nov 23 08:24:16 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
219a624f by Salvatore Bonaccorso at 2019-11-23T08:23:47Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -727,9 +727,9 @@ CVE-2019-18912
 CVE-2019-18911
 	RESERVED
 CVE-2019-18910 (The Citrix Receiver wrapper function does not safely handle user suppl ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2019-18909 (The VPN software within HP ThinPro does not safely handle user supplie ...)
-	TODO: check
+	NOT-FOR-US: HP ThinPro
 CVE-2019-18908
 	RESERVED
 CVE-2019-18907
@@ -10432,9 +10432,9 @@ CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID pa
 CVE-2019-16287 (An attacker may be able to leverage the application filter bypass vuln ...)
 	TODO: check
 CVE-2019-16286 (An attacker may be able to bypass the OS application filter meant to r ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-16285 (If a local user has been configured and logged in, an unauthenticated  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP  ...)
 	NOT-FOR-US: HP
 CVE-2019-16283
@@ -32142,7 +32142,7 @@ CVE-2019-9538
 CVE-2019-9537
 	RESERVED
 CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a non-NULL poin ...)
-	TODO: check
+	NOT-FOR-US: Apple iPhone 3GS
 CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
 	NOT-FOR-US: iTerm2
 CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not validate its  ...)
@@ -42755,7 +42755,7 @@ CVE-2019-5511 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) runni
 CVE-2019-5510
 	RESERVED
 CVE-2019-5509 (ONTAP Select Deploy administration utility versions 2.11.2 through 2.1 ...)
-	TODO: check
+	NOT-FOR-US: ONTAP Select Deploy administration utility
 CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vul ...)
 	NOT-FOR-US: Clustered Data ONTAP
 CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...)
@@ -43732,9 +43732,9 @@ CVE-2019-5074
 CVE-2019-5073
 	RESERVED
 CVE-2019-5072 (An exploitable command injection vulnerability exists in the /goform/W ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2019-5071 (An exploitable command injection vulnerability exists in the /goform/W ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...)
 	NOT-FOR-US: eFront LMS
 CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
@@ -46963,7 +46963,7 @@ CVE-2019-3656
 CVE-2019-3655
 	RESERVED
 CVE-2019-3654 (Authentication Bypass vulnerability in the Microsoft Windows client in ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3653 (Improper access control vulnerability in Configuration tool in McAfee  ...)
 	NOT-FOR-US: McAfee Endpoint Security (ENS)
 CVE-2019-3652 (Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Securit ...)
@@ -47551,9 +47551,9 @@ CVE-2019-3430
 CVE-2019-3429
 	RESERVED
 CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
@@ -210095,7 +210095,7 @@ CVE-2015-3142 (The kernel-invoked coredump processor in Automatic Bug Reporting
 CVE-2015-3141 (Multiple cross-site request forgery (CSRF) vulnerabilities in Synametr ...)
 	NOT-FOR-US: Synametrics Technologies Xeams
 CVE-2015-3140 (Multiple cross-site request forgery (CSRF) vulnerabilities in Synametr ...)
-	TODO: check
+	NOT-FOR-US: Synametrics
 CVE-2015-3139
 	RESERVED
 CVE-2015-3138 (print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a  ...)
@@ -247849,7 +247849,7 @@ CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite
 CVE-2013-6240
 	RESERVED
 CVE-2013-6239 (Cross-site scripting (XSS) vulnerability in the photo gallery model in ...)
-	TODO: check
+	NOT-FOR-US: Exis Contexis
 CVE-2013-6238
 	RESERVED
 CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...)
@@ -279148,7 +279148,7 @@ CVE-2002-2483
 CVE-2012-1002 (SQL injection vulnerability in author/edit.php in OpenConf 4.x before  ...)
 	NOT-FOR-US: OpenConf
 CVE-2012-1001 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2. ...)
-	TODO: check
+	NOT-FOR-US: Chyrp
 CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 an ...)
 	NOT-FOR-US: LEPTON
 CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON before 1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/219a624fbae582a71f7048f6007b1a7eddcac7b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/219a624fbae582a71f7048f6007b1a7eddcac7b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191123/a306f271/attachment.html>

More information about the debian-security-tracker-commits mailing list