[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2413890e by Moritz Muehlenhoff at 2019-02-26T08:20:43Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2019-9183
        RESERVED
 CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a ...)
-       TODO: check
+       NOT-FOR-US: ZZZCMS
 CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload 
feature ...)
-       TODO: check
+       NOT-FOR-US: SchoolCMS
 CVE-2019-9180
        RESERVED
 CVE-2019-9179
@@ -29,7 +29,7 @@ CVE-2019-9170
 CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
        TODO: check
 CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. 
...)
-       TODO: check
+       NOT-FOR-US: WooCommerce
 CVE-2019-9167
        RESERVED
 CVE-2019-9166
@@ -85,7 +85,7 @@ CVE-2019-9148
 CVE-2019-9147
        RESERVED
 CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to 
obtain a ...)
-       TODO: check
+       NOT-FOR-US: Jamf Self Service
 CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS 
vulnerability ...)
        NOT-FOR-US: Hsycms
 CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite 
recursion at ...)
@@ -159,9 +159,9 @@ CVE-2019-9113 (Ming (aka libming) 0.4.8 has a NULL pointer 
dereference in the fu
        - ming <removed>
        NOTE: https://github.com/libming/libming/issues/171
 CVE-2019-9112 (The msm gpu driver for custom Linux kernels on the Xiaomi 
perseus-p-oss ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver
 CVE-2019-9111 (The msm gpu driver for custom Linux kernels on the Xiaomi 
perseus-p-oss ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver
 CVE-2019-9110 (XSS exists in WUZHI CMS 4.1.0 via ...)
        NOT-FOR-US: WUZHI CMS
 CVE-2019-9109 (XSS exists in WUZHI CMS 4.1.0 via ...)
@@ -219,19 +219,19 @@ CVE-2019-9084
 CVE-2019-9083
        RESERVED
 CVE-2018-20795 (tecrail Responsive FileManager 9.13.4 allows remote attackers 
to read ...)
-       TODO: check
+       NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20794 (tecrail Responsive FileManager 9.13.4 allows remote attackers 
to write ...)
-       TODO: check
+       NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20793 (tecrail Responsive FileManager 9.13.4 allows remote attackers 
to write ...)
-       TODO: check
+       NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20792 (tecrail Responsive FileManager 9.13.4 allows remote attackers 
to read ...)
-       TODO: check
+       NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20791 (tecrail Responsive FileManager 9.13.4 allows XSS via a media 
file ...)
-       TODO: check
+       NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20790 (tecrail Responsive FileManager 9.13.4 allows remote attackers 
to delete ...)
-       TODO: check
+       NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20789 (tecrail Responsive FileManager 9.13.4 allows remote attackers 
to delete ...)
-       TODO: check
+       NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-20788 (drivers/leds/leds-aw2023.c in the led driver for custom Linux 
kernels ...)
        TODO: check
 CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the 
Xiaomi ...)
@@ -239,7 +239,7 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for custom 
Linux kernels on the Xi
 CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and 
other ...)
        NOT-FOR-US: ThinkPHP
 CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a ...)
-       TODO: check
+       NOT-FOR-US: Laravel Framework
 CVE-2019-9080
        RESERVED
 CVE-2019-9079
@@ -345,7 +345,7 @@ CVE-2019-9049 (An issue was discovered in Pluck 4.7.9-dev1. 
There is a CSRF ...)
 CVE-2019-9048 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF 
...)
        NOT-FOR-US: Pluck CMS
 CVE-2019-9047 (GoRose v1.0.4 has SQL Injection when the order_by or group_by 
parameter ...)
-       TODO: check
+       NOT-FOR-US: GoRose
 CVE-2019-9046
        RESERVED
 CVE-2019-9045
@@ -402,11 +402,11 @@ CVE-2019-9026 (An issue was discovered in libmatio.a in 
matio (aka MAT File I/O
        - libmatio <undetermined>
        NOTE: https://github.com/tbeu/matio/issues/103
 CVE-2018-20785 (Secure boot bypass and memory extraction can be achieved on 
Neato ...)
-       TODO: check
+       NOT-FOR-US: Neato
 CVE-2014-10079 (In Vembu StoreGrid 4.4.x, the front page of the server web 
interface ...)
-       TODO: check
+       NOT-FOR-US: Vembu StoreGrid
 CVE-2014-10078 (Vembu StoreGrid 4.4.x has XSS in ...)
-       TODO: check
+       NOT-FOR-US: Vembu StoreGrid
 CVE-2019-9019 (The British Airways Entertainment System, as installed on 
Boeing ...)
        NOT-FOR-US: British Airways Entertainment System
 CVE-2019-9025 (An issue was discovered in PHP 7.3.x before 7.3.1. An invalid 
multibyte ...)
@@ -491,7 +491,7 @@ CVE-2019-9006
 CVE-2019-9005
        RESERVED
 CVE-2019-9004 (In Eclipse Wakaama (formerly liblwm2m) 1.0, ...)
-       TODO: check
+       NOT-FOR-US: Eclipse Wakaama
 CVE-2019-9003 (In the Linux kernel before 4.20.5, attackers can trigger a ...)
        - linux 4.19.20-1
        [stretch] - linux <not-affected> (Vulnerable code not present)
@@ -6855,9 +6855,9 @@ CVE-2019-6268
 CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for 
...)
        NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
 CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 
is ...)
-       TODO: check
+       NOT-FOR-US: Cordaware bestinformed
 CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware 
bestinformed ...)
-       TODO: check
+       NOT-FOR-US: Cordaware bestinformed
 CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate 
escaping in ...)
        NOT-FOR-US: Joomla!
 CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate 
checks of ...)
@@ -17046,7 +17046,7 @@ CVE-2018-20065 (Handling of URI action in PDFium in 
Google Chrome prior to ...)
 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary 
files via ...)
        NOT-FOR-US: doorGets
 CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An ...)
-       TODO: check
+       NOT-FOR-US: Gurock TestRail
 CVE-2018-20062 (An issue was discovered in NoneCms V1.3. 
thinkphp/library/think/App.php ...)
        NOT-FOR-US: NoneCms
 CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x 
through ...)
@@ -17124,7 +17124,7 @@ CVE-2018-20035
 CVE-2018-20034
        RESERVED
 CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor 
daemon ...)
-       TODO: check
+       NOT-FOR-US: FlexNet Publisher
 CVE-2018-20032
        RESERVED
 CVE-2018-20031
@@ -18838,7 +18838,7 @@ CVE-2019-1691 (A vulnerability in the detection engine 
of Cisco Firepower Threat
 CVE-2019-1690
        RESERVED
 CVE-2019-1689 (A vulnerability in the client application for iOS of Cisco 
Webex Teams ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2019-1688 (A vulnerability in the management web interface of Cisco 
Network ...)
        NOT-FOR-US: Cisco
 CVE-2019-1687
@@ -18850,7 +18850,7 @@ CVE-2019-1685 (A vulnerability in the Security 
Assertion Markup Language (SAML)
 CVE-2019-1684 (A vulnerability in the Cisco Discovery Protocol or Link Layer 
...)
        NOT-FOR-US: Cisco
 CVE-2019-1683 (A vulnerability in the certificate handling component of the 
Cisco ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2019-1682
        RESERVED
 CVE-2019-1681 (A vulnerability in the TFTP service of Cisco Network 
Convergence ...)
@@ -25247,7 +25247,7 @@ CVE-2018-18694 (admin/index.php?id=filesmanager in 
Monstra CMS 3.0.4 allows remo
 CVE-2018-18693
        RESERVED
 CVE-2018-18692 (A reflected Cross-Site scripting (XSS) vulnerability in SEMCO 
Semcosoft ...)
-       TODO: check
+       NOT-FOR-US: SEMCO
 CVE-2018-18691
        RESERVED
 CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set 
...)
@@ -37808,11 +37808,11 @@ CVE-2018-13916
 CVE-2018-13915
        RESERVED
 CVE-2018-13914 (Lack of input validation for data received from user space can 
lead to ...)
-       TODO: check
+       NOT-FOR-US: CodeAurora components for Android
 CVE-2018-13913 (Improper validation of array index can lead to unauthorized 
access ...)
-       TODO: check
+       NOT-FOR-US: CodeAurora components for Android
 CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel 
address in ...)
-       TODO: check
+       NOT-FOR-US: CodeAurora components for Android
 CVE-2018-13911
        RESERVED
 CVE-2018-13910



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2413890e4d9a156320153c1a60907b5b8628448f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2413890e4d9a156320153c1a60907b5b8628448f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits