[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Feb 21 10:35:00 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d45575b2 by Salvatore Bonaccorso at 2020-02-21T11:33:17+01:00
Process some NFUs

- - - - -
0e4e851c by Salvatore Bonaccorso at 2020-02-21T11:33:18+01:00
Add CVE-2014-8739/libjs-jquery-file-upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30220,17 +30220,17 @@ CVE-2019-16304
 CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0 and JHipst ...)
 	NOT-FOR-US: JHipster
 CVE-2019-16302 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2019-16301 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2019-16300 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2019-16299 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2019-16298 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2019-16297 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2019-16296
 	RESERVED
 CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...)
@@ -46854,7 +46854,7 @@ CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XS
 CVE-2019-11192
 	RESERVED
 CVE-2019-11189 (Authentication Bypass by Spoofing in org.onosproject.acl (access contr ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
@@ -61237,7 +61237,7 @@ CVE-2019-6197
 CVE-2019-6196
 	RESERVED
 CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in  ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...)
@@ -73390,7 +73390,7 @@ CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure
 CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1950 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an un ...)
@@ -85147,7 +85147,7 @@ CVE-2018-16996
 CVE-2018-16995
 	RESERVED
 CVE-2018-16994 (An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL ...)
-	TODO: check
+	NOT-FOR-US: PHOENIX CONTACT AXL
 CVE-2018-16993
 	RESERVED
 CVE-2018-16992
@@ -120972,7 +120972,7 @@ CVE-2018-3989 (An exploitable kernel memory disclosure vulnerability exists in t
 CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private information whe ...)
 	NOT-FOR-US: Signal Messenger
 CVE-2018-3987 (An exploitable information disclosure vulnerability exists in the 'Sec ...)
-	TODO: check
+	NOT-FOR-US: Rakuten Viber on Android
 CVE-2018-3986 (An exploitable information disclosure vulnerability exists in the "Sec ...)
 	NOT-FOR-US: Telegram Android
 CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap binary  ...)
@@ -237137,17 +237137,17 @@ CVE-2014-9619 (Unrestricted file upload vulnerability in webadmin/ajaxfilemanage
 CVE-2014-9618 (The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x befo ...)
 	NOT-FOR-US: Netsweeper
 CVE-2014-9617 (Open redirect vulnerability in remotereporter/load_logfiles.php in Net ...)
-	TODO: check
+	NOT-FOR-US: Netsweeper
 CVE-2014-9616 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 a ...)
 	NOT-FOR-US: Netsweeper
 CVE-2014-9615 (Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows re ...)
-	TODO: check
+	NOT-FOR-US: Netsweeper
 CVE-2014-9614 (The Web Panel in Netsweeper before 4.0.5 has a default password of bra ...)
-	TODO: check
+	NOT-FOR-US: Netsweeper
 CVE-2014-9613 (Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10  ...)
-	TODO: check
+	NOT-FOR-US: Netsweeper
 CVE-2014-9612 (SQL injection vulnerability in remotereporter/load_logfiles.php in Net ...)
-	TODO: check
+	NOT-FOR-US: Netsweeper
 CVE-2014-9611 (Netsweeper before 4.0.5 allows remote attackers to bypass authenticati ...)
 	NOT-FOR-US: Netsweeper
 CVE-2014-9610 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 a ...)
@@ -242598,7 +242598,8 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s
 CVE-2014-8740
 	RESERVED
 CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...)
-	TODO: check
+	- libjs-jquery-file-upload <undetermined>
+	TODO: check, might be considered only as specific use in WordPress and Joomla?
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...)
 	NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b74ebbc2bfd46def03c495391307c0baa079b32...0e4e851c30689a093912b2caf7fcf0726c546523

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b74ebbc2bfd46def03c495391307c0baa079b32...0e4e851c30689a093912b2caf7fcf0726c546523
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200221/e71c26aa/attachment.html>


More information about the debian-security-tracker-commits mailing list