[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04c393bb by Moritz Muehlenhoff at 2019-10-31T21:03:51Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url  ...)
-	TODO: check
+	NOT-FOR-US: ClickHouse
 CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2019-18655
 	RESERVED
 CVE-2019-18654
@@ -598,9 +598,9 @@ CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to informa
 	- openafs 1.8.5-1 (bug #943587)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
 CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has be ...)
-	TODO: check
+	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2019-18464 (In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2019-18463
 	RESERVED
 	[experimental] - gitlab 12.2.9-1
@@ -852,25 +852,25 @@ CVE-2019-18371 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.2
 CVE-2019-18370 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
 	NOT-FOR-US: Xiaomi
 CVE-2019-18369 (In JetBrains YouTrack before 2019.2.55152, removing tags from the issu ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18368 (In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escal ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18367 (In JetBrains TeamCity before 2019.1.2, a non-destructive operation cou ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18366 (In JetBrains TeamCity before 2019.1.2, secure values could be exposed  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18365 (In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18364 (In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization c ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18363 (In JetBrains TeamCity before 2019.1.2, access could be gained to the h ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18362 (JetBrains MPS before 2019.2.2 exposed listening ports to the network. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privilege esca ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
 	- mp3gain <removed>
 CVE-2019-18358
@@ -7069,7 +7069,7 @@ CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.
 CVE-2019-16252
 	RESERVED
 CVE-2019-16251 (plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework thro ...)
-	TODO: check
+	NOT-FOR-US: YIT Plugin Framework
 CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for ...)
 	NOT-FOR-US: Ocean Extra plugin for WordPress
 CVE-2019-16249 (OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...)
@@ -13306,7 +13306,7 @@ CVE-2019-14358
 CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...)
 	NOT-FOR-US: Mooltipass Mini devices
 CVE-2019-14356 (** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the ...)
-	TODO: check
+	NOT-FOR-US: Coldcard
 CVE-2019-14355 (** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the r ...)
 	NOT-FOR-US: ShapeShift KeepKey devices
 CVE-2019-14354 (On Ledger Nano S and Nano X devices, a side channel for the row-based  ...)
@@ -18818,7 +18818,7 @@ CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerabil
 CVE-2019-12613
 	REJECTED
 CVE-2019-12612 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender BOX firmware
 CVE-2019-12611 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...)
 	NOT-FOR-US: Bitdefender BOX firmware
 CVE-2019-12610
@@ -19370,7 +19370,7 @@ CVE-2019-12419
 CVE-2019-12418
 	RESERVED
 CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow  ...)
-	TODO: check
+	NOT-FOR-US: Apache Airflow
 CVE-2019-12416
 	RESERVED
 CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...)
@@ -43596,11 +43596,11 @@ CVE-2019-3423
 CVE-2019-3422
 	RESERVED
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2019-3420
 	RESERVED
 CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04c393bb7af886877b348f98a68c45357da76506

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04c393bb7af886877b348f98a68c45357da76506
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191031/f2c93904/attachment.html>