[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Oct 9 12:54:36 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
594ef57a by Moritz Muehlenhoff at 2019-10-09T11:54:21Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4106,17 +4106,17 @@ CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service co
 	NOTE: https://github.com/nmap/nmap/issues/1227
 	NOTE: Crash in CLI tool, no security impact
 CVE-2019-15751 (An unrestricted file upload vulnerability in SITOS six Build v6.2.1 al ...)
-	TODO: check
+	NOT-FOR-US: SITOS
 CVE-2019-15750 (A Cross-Site Scripting (XSS) vulnerability in the blog function in SIT ...)
-	TODO: check
+	NOT-FOR-US: SITOS
 CVE-2019-15749 (SITOS six Build v6.2.1 allows a user to change their password and reco ...)
-	TODO: check
+	NOT-FOR-US: SITOS
 CVE-2019-15748 (SITOS six Build v6.2.1 permits unauthorised users to upload and import ...)
-	TODO: check
+	NOT-FOR-US: SITOS
 CVE-2019-15747 (SITOS six Build v6.2.1 allows a user with the user role of Seminar Coo ...)
-	TODO: check
+	NOT-FOR-US: SITOS
 CVE-2019-15746 (SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP comm ...)
-	TODO: check
+	NOT-FOR-US: SITOS
 CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...)
 	NOT-FOR-US: Eques elf smart plug
 CVE-2019-15744
@@ -7517,9 +7517,9 @@ CVE-2019-14659
 CVE-2019-14658
 	RESERVED
 CVE-2019-14657 (Yealink phones through 2019-08-04 have an issue with OpenVPN file uplo ...)
-	TODO: check
+	NOT-FOR-US: Yealink
 CVE-2019-14656 (Yealink phones through 2019-08-04 do not properly check user roles in  ...)
-	TODO: check
+	NOT-FOR-US: Yealink
 CVE-2019-14655
 	REJECTED
 CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...)
@@ -12414,7 +12414,7 @@ CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote attacker can obtain the p
 CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic authentication can b ...)
 	NOT-FOR-US: WESEEK GROWI
 CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attack ...)
-	TODO: check
+	NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell
 CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has  ...)
 	NOT-FOR-US: SalesAgility SuiteCRM
 CVE-2019-13334
@@ -13023,7 +13023,7 @@ CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
 CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checki ...)
-	TODO: check
+	NOT-FOR-US: Amazon FreeRTOS
 CVE-2019-13119
 	RESERVED
 CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of  ...)
@@ -13910,9 +13910,9 @@ CVE-2019-12814 (A Polymorphic Typing issue was discovered in FasterXML jackson-d
 CVE-2019-12813 (An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Re ...)
 	NOT-FOR-US: Digital Persona U.are.U 4500 Fingerprint Reader
 CVE-2019-12812 (MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: MyBuilder
 CVE-2019-12811 (ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to  ...)
-	TODO: check
+	NOT-FOR-US: MyBuilder
 CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...)
 	NOT-FOR-US: ALSee
 CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...)
@@ -18894,7 +18894,7 @@ CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41
 CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions manufactured befor ...)
 	NOT-FOR-US: Rockwell Automation PanelView
 CVE-2019-10969 (Moxa EDR 810, all versions 5.1 and prior, allows an authenticated atta ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-10968 (Philips Holter 2010 Plus, all versions. A vulnerability has been ident ...)
 	NOT-FOR-US: Philips Holter 2010 Plus
 CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based  ...)
@@ -18906,7 +18906,7 @@ CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-b
 CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps,  ...)
 	NOT-FOR-US: Medtronic
 CVE-2019-10963 (Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated at ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1. ...)
 	NOT-FOR-US: BD Alaris Gateway
 CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
@@ -37448,7 +37448,7 @@ CVE-2019-3982
 CVE-2019-3981
 	RESERVED
 CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports s ...)
-	TODO: check
+	NOT-FOR-US: Solarwinds
 CVE-2019-3979
 	RESERVED
 CVE-2019-3978
@@ -38202,7 +38202,7 @@ CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2
 CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do ...)
 	NOT-FOR-US: EMC
 CVE-2019-3745 (The vulnerability is limited to the installers of Dell Encryption Ente ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...)
 	NOT-FOR-US: Dell/Alienware Digital Delivery
 CVE-2019-3743



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/594ef57ad8fc7c42395df83a30aa51f740c98b71

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/594ef57ad8fc7c42395df83a30aa51f740c98b71
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191009/fce8d1c1/attachment.html>


More information about the debian-security-tracker-commits mailing list