[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Mar 2 21:42:42 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
988bf499 by Moritz Muehlenhoff at 2020-03-02T22:42:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45205,7 +45205,7 @@ CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /a
 CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...)
 	NOT-FOR-US: Boostnote
 CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 serie ...)
-	TODO: check
+	NOT-FOR-US: Safescan Timemoto
 CVE-2019-12182
 	RESERVED
 CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
@@ -60355,7 +60355,7 @@ CVE-2019-7009
 CVE-2019-7008
 	RESERVED
 CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya Equino ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...)
 	NOT-FOR-US: Avaya
 CVE-2019-7005
@@ -66861,7 +66861,7 @@ CVE-2019-4303 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scrip
 CVE-2019-4302
 	RESERVED
 CVE-2019-4301 (BigFix Self-Service Application (SSA) is vulnerable to arbitrary code  ...)
-	TODO: check
+	NOT-FOR-US: BigFix Self-Service Application
 CVE-2019-4300
 	RESERVED
 CVE-2019-4299 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
@@ -86186,7 +86186,7 @@ CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not white
 CVE-2018-17059
 	RESERVED
 CVE-2018-17058 (An issue was discovered in JABA XPress Online Shop through 2018-09-14. ...)
-	TODO: check
+	NOT-FOR-US: JABA
 CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can trigger  ...)
 	- tcpdf 6.2.26+dfsg-1 (bug #908866)
 	[stretch] - tcpdf <no-dsa> (Minor issue)
@@ -89558,9 +89558,9 @@ CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in FFmpeg
 CVE-2018-15821
 	RESERVED
 CVE-2018-15820 (EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GD ...)
-	TODO: check
+	NOT-FOR-US: EasyIO
 CVE-2018-15819 (EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Contro ...)
-	TODO: check
+	NOT-FOR-US: EasyIO
 CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker ...)
 	NOT-FOR-US: Repute ARForms
 CVE-2018-15817 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
@@ -93397,7 +93397,7 @@ CVE-2018-14386
 CVE-2018-14385
 	RESERVED
 CVE-2018-14384 (The Website Manager module in SEO Panel 3.13.0 and earlier is affected ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows  ...)
 	NOT-FOR-US: Transition Technologies "The Scheduler" app for Jira
 CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
@@ -98143,7 +98143,7 @@ CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Ope
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108189
 	NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce
 CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...)
-	TODO: check
+	NOT-FOR-US: obs-service-tar_scm
 CVE-2018-12475
 	RESERVED
 CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...)
@@ -148302,7 +148302,7 @@ CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance S
 CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because o ...)
 	- electron <itp> (bug #842420)
 CVE-2017-12580 (An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploi ...)
-	TODO: check
+	NOT-FOR-US: IDM UltraEdit
 CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion ...)
 	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-12578
@@ -224179,7 +224179,7 @@ CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy be
 CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote at ...)
 	NOT-FOR-US: Anchor CMS
 CVE-2015-5686 (Parts of the Puppet Enterprise Console 3.x were found to be susceptibl ...)
-	TODO: check
+	NOT-FOR-US: Puppet Enterprise Console
 CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstra ...)
 	{DLA-312-1}
 	- libtorrent-rasterbar 1.0.6-1 (bug #797046)
@@ -225049,7 +225049,7 @@ CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series servi
 CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...)
 	NOT-FOR-US: Juniper
 CVE-2015-5361 (Background For regular, unencrypted FTP traffic, the FTP ALG can inspe ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...)
 	NOT-FOR-US: Juniper
 CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D3 ...)
@@ -240026,7 +240026,7 @@ CVE-2014-9532
 CVE-2014-9531
 	RESERVED
 CVE-2014-9530 (A vulnerability exists in nw.js before 0.11.3 when calling nw methods  ...)
-	TODO: check
+	NOT-FOR-US: nw.js
 CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in protected/m ...)
 	NOT-FOR-US: HumHub
 CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cau ...)
@@ -246221,7 +246221,7 @@ CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android
 CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...)
 	NOT-FOR-US: libstagefright in Android
 CVE-2014-7914 (btif/src/btif_dm.c in Android before 5.1 does not properly enforce the ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
 	{DLA-506-1}
 	- dhcpcd5 7.0.8-0.1 (unimportant; bug #846938)
@@ -257871,7 +257871,7 @@ CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack
 CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking  ...)
 	NOT-FOR-US: WordPress plugin Booking System
 CVE-2014-3208 (A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (ps ...)
-	TODO: check
+	NOT-FOR-US: askpop3d
 CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary co ...)
 	NOT-FOR-US: Seagate
 CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a h ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/988bf4995cb61440e0c9b4239f17845fd81692cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/988bf4995cb61440e0c9b4239f17845fd81692cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200302/1f0a9a1c/attachment.html>

More information about the debian-security-tracker-commits mailing list