[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jan 30 20:36:36 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f97c3823 by Salvatore Bonaccorso at 2020-01-30T21:36:03+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6995,7 +6995,7 @@ CVE-2020-5235
 CVE-2020-5234
 	RESERVED
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
-	TODO: check
+	NOT-FOR-US: OAuth2 Proxy
 CVE-2020-5232
 	RESERVED
 CVE-2020-5231
@@ -10311,7 +10311,7 @@ CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_h
 	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/313
 CVE-2019-20050 (Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference  ...)
 	- linux 5.2.6-1
 	[buster] - linux 4.19.67-1
@@ -25320,7 +25320,7 @@ CVE-2019-17275
 CVE-2019-17274
 	RESERVED
 CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...)
-	TODO: check
+	NOT-FOR-US: E-Series SANtricity OS Controller Software
 CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...)
 	NOT-FOR-US: ONTAP
 CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...)
@@ -54854,11 +54854,11 @@ CVE-2019-7658
 CVE-2019-7657
 	RESERVED
 CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...)
-	TODO: check
+	NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...)
-	TODO: check
+	NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...)
-	TODO: check
+	NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...)
 	NOT-FOR-US: TheHive Project UnshortenLink analyzer
 CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...)
@@ -244001,11 +244001,11 @@ CVE-2014-7305
 CVE-2014-7304
 	RESERVED
 CVE-2014-7303 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
-	TODO: check
+	NOT-FOR-US: SGI Tempo
 CVE-2014-7302 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
-	TODO: check
+	NOT-FOR-US: SGI Tempo
 CVE-2014-7301 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
-	TODO: check
+	NOT-FOR-US: SGI Tempo
 CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS 6.3. ...)
 	NOT-FOR-US: Aruba ArubaOS
 CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify  ...)
@@ -252562,7 +252562,7 @@ CVE-2014-3721
 CVE-2014-3720
 	RESERVED
 CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.c ...)
-	TODO: check
+	NOT-FOR-US: Ex Libris ALEPH 500 (Integrated library management system)
 CVE-2014-3713
 	RESERVED
 CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory c ...)
@@ -273140,9 +273140,9 @@ CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP Ne
 CVE-2013-3318
 	REJECTED
 CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify acces ...)
 	NOT-FOR-US: TIBCO
 CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) I ...)
@@ -278171,7 +278171,7 @@ CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packa
 CVE-2013-1632
 	RESERVED
 CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user execut ...)
-	TODO: check
+	NOT-FOR-US: Verax NMS
 CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repos ...)
 	NOT-FOR-US: pyshop
 CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...)
@@ -278242,11 +278242,11 @@ CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.0
 CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware  ...)
 	NOT-FOR-US: MayGion IP Cameras
 CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficient val ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...)
 	NOT-FOR-US: D-Link
 CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...)
@@ -279063,11 +279063,11 @@ CVE-2013-1354
 CVE-2013-1353
 	RESERVED
 CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...)
-	TODO: check
+	NOT-FOR-US: Verax NMS
 CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...)
-	TODO: check
+	NOT-FOR-US: Verax NMS
 CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: Verax NMS
 CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 al ...)
 	NOT-FOR-US: openSIS
 CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...)
@@ -280770,7 +280770,7 @@ CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 1
 CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath func ...)
 	NOT-FOR-US: ERDAS ER Viewer
 CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...)
-	TODO: check
+	NOT-FOR-US: ERDAS ER Viewer
 CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...)
 	NOT-FOR-US: Wordpress plugin ecommerce Shop Styling
 CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...)
@@ -282115,7 +282115,7 @@ CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-g
 	- dbus-glib 0.100.1-1 (bug #700638; high)
 	[squeeze] - dbus-glib 0.88-2.1+squeeze1
 CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disc ...)
-	TODO: check
+	NOT-FOR-US: NextGEN Gallery Plugin for WordPress
 CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux k ...)
 	- linux <not-affected> (Introduced in 3.4, fixed in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97c382316af31dcf4e721f326ebf1b1fb3a4d3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97c382316af31dcf4e721f326ebf1b1fb3a4d3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200130/66493c9c/attachment.html>


More information about the debian-security-tracker-commits mailing list