[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 16 10:09:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
960c40ef by Salvatore Bonaccorso at 2019-10-16T09:09:08Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,9 +15,9 @@ CVE-2019-17615
CVE-2019-17614
RESERVED
CVE-2019-17613 (qibosoft 7 allows remote code execution because do/jf.php makes eval c ...)
- TODO: check
+ NOT-FOR-US: qibosoft
CVE-2019-17612 (An issue was discovered in 74CMS v5.2.8. There is a SQL Injection gene ...)
- TODO: check
+ NOT-FOR-US: 74CMS
CVE-2019-17611
RESERVED
CVE-2019-17610
@@ -37,15 +37,15 @@ CVE-2019-17604
CVE-2019-17603
RESERVED
CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2019-17601 (In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP ...)
- TODO: check
+ NOT-FOR-US: MiniShare
CVE-2016-11016 (NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2016-11015 (NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2016-11014 (NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2019-17600 (Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrat ...)
NOT-FOR-US: Intelbras IWR 1000N devices
CVE-2019-17599
@@ -689,15 +689,15 @@ CVE-2019-17400
CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows path tr ...)
NOT-FOR-US: Shack Forms Pro extension for Joomla!
CVE-2019-17398 (In the Dark Horse Comics application 1.3.21 for Android, token informa ...)
- TODO: check
+ NOT-FOR-US: Dark Horse Comics application
CVE-2019-17397 (In the DoorDash application through 11.5.2 for Android, the username a ...)
NOT-FOR-US: DoorDash application
CVE-2019-17396 (In the PowerSchool Mobile application 1.1.8 for Android, the username ...)
- TODO: check
+ NOT-FOR-US: PowerSchool Mobile application
CVE-2019-17395 (In the Rapid Gator application 0.7.1 for Android, the username and pas ...)
- TODO: check
+ NOT-FOR-US: Rapid Gator application
CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, the use ...)
- TODO: check
+ NOT-FOR-US: Seesaw Parent and Family application
CVE-2019-17393
RESERVED
CVE-2019-17392
@@ -784,9 +784,9 @@ CVE-2019-17358
CVE-2019-17357
RESERVED
CVE-2019-17356 (The Infinite Design application 3.4.12 for Android sends a username an ...)
- TODO: check
+ NOT-FOR-US: Infinite Design application
CVE-2019-17355 (In the Orbitz application 19.31.1 for Android, the username and passwo ...)
- TODO: check
+ NOT-FOR-US: Orbitz application
CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C ...)
NOT-FOR-US: Zyxel
CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware version 20 ...)
@@ -8097,7 +8097,7 @@ CVE-2019-14739
CVE-2019-14738
RESERVED
CVE-2019-14737 (Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. ...)
- TODO: check
+ NOT-FOR-US: Ubisoft Uplay
CVE-2019-14736
RESERVED
CVE-2019-14735
@@ -10144,11 +10144,11 @@ CVE-2019-14229
CVE-2019-14228 (Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based ...)
NOT-FOR-US: Xavier PHP Management Panel
CVE-2019-14227 (OX App Suite 7.10.1 and 7.10.2 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2019-14226 (OX App Suite through 7.10.2 has Insecure Permissions. ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2019-14225 (OX App Suite 7.10.1 and 7.10.2 allows SSRF. ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2019-14224 (An issue was discovered in Alfresco Community Edition 5.2 201707. By l ...)
NOT-FOR-US: Alfresco
CVE-2019-14223 (An issue was discovered in Alfresco Community Edition versions below 5 ...)
@@ -13083,7 +13083,7 @@ CVE-2019-13394
CVE-2019-13393
RESERVED
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
- TODO: check
+ NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
- imagemagick <unfixed> (bug #931633)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
@@ -14379,13 +14379,13 @@ CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via EventSearchByState.a
CVE-2019-12945
REJECTED
CVE-2019-12944 (Glue Smart Lock 2.7.8 devices do not properly block guest access in ce ...)
- TODO: check
+ NOT-FOR-US: Glue Smart Lock devices
CVE-2019-12943 (TTLock devices do not properly restrict password-reset attempts, leadi ...)
NOT-FOR-US: TTLock devices
CVE-2019-12942 (TTLock devices do not properly block guest access in certain situation ...)
NOT-FOR-US: TTLock devices
CVE-2019-12941 (AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacke ...)
- TODO: check
+ NOT-FOR-US: AutoPi Wi-Fi/NB and 4G/LTE devices
CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (me ...)
NOT-FOR-US: LiveZilla
CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in serv ...)
@@ -24010,7 +24010,7 @@ CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused b
NOT-FOR-US: libwebm
NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2019-9745 (CloudCTI HIP Integrator Recognition Configuration Tool allows privileg ...)
- TODO: check
+ NOT-FOR-US: CloudCTI HIP Integrator Recognition Configuration Tool
CVE-2019-9744 (An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN ...)
NOT-FOR-US: PHOENIX
CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211- ...)
@@ -39008,7 +39008,7 @@ CVE-2019-3769
CVE-2019-3768
RESERVED
CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...)
- TODO: check
+ NOT-FOR-US: Dell ImageAssist
CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...)
NOT-FOR-US: EMC
CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...)
@@ -39978,7 +39978,7 @@ CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of servi
CVE-2018-20583 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark ...)
NOT-FOR-US: PHP League CommonMark library
CVE-2018-20582 (The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suff ...)
- TODO: check
+ NOT-FOR-US: GREE+ (aka com.gree.greeplus) application
CVE-2018-20581
RESERVED
CVE-2018-20580 (The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 al ...)
@@ -111486,7 +111486,7 @@ CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal)
CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access arbi ...)
- restlet <itp> (bug #596472)
CVE-2017-14948 (Certain D-Link products are affected by: Buffer Overflow. This affects ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitra ...)
NOT-FOR-US: GSView (different from gv)
CVE-2017-14946 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/960c40ef24ed6398b7721c1d91ec3aa04120415f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/960c40ef24ed6398b7721c1d91ec3aa04120415f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191016/0183355e/attachment.html>
More information about the debian-security-tracker-commits
mailing list