[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso Wed, 27 Mar 2019 13:35:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4a7bc341 by Salvatore Bonaccorso at 2019-03-27T20:34:39Z
Process NFUs

- - - - -
7aab800a by Salvatore Bonaccorso at 2019-03-27T20:34:40Z
Add CVE-2019-1023{1,2,3}/glpi

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2019-10239
        RESERVED
 CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via 
the file ...)
-       TODO: check
+       NOT-FOR-US: Sitemagic CMS
 CVE-2019-10237 (S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin 
user via th ...)
-       TODO: check
+       NOT-FOR-US: S-CMS PHP
 CVE-2019-10236
        RESERVED
 CVE-2019-10235
@@ -11,11 +11,17 @@ CVE-2019-10235
 CVE-2019-10234
        RESERVED
 CVE-2019-10233 (Teclib GLPI before 9.4.1.1 is affected by a timing attack 
associated w ...)
-       TODO: check
+       - glpi <removed> (unimportant)
+       NOTE: https://github.com/glpi-project/glpi/pull/5562
+       NOTE: Only supported behind an authenticated HTTP zone
 CVE-2019-10232 (Teclib GLPI through 9.3.3 has SQL injection via the "cycle" 
parameter  ...)
-       TODO: check
+       - glpi <removed> (unimportant)
+       NOTE: 
https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
+       NOTE: Only supported behind an authenticated HTTP zone
 CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling 
vulnerab ...)
-       TODO: check
+       - glpi <removed> (unimportant)
+       NOTE: https://github.com/glpi-project/glpi/pull/5520
+       NOTE: Only supported behind an authenticated HTTP zone
 CVE-2019-10230
        RESERVED
 CVE-2019-10229
@@ -283,7 +289,7 @@ CVE-2019-10101
 CVE-2019-10100
        RESERVED
 CVE-2019-1000031 (A disk space or quota exhaustion issue exists in 
article2pdf_getfile.p ...)
-       TODO: check
+       NOT-FOR-US: article2pdf Wordpress plugin
 CVE-2018-20815
        RESERVED
 CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other 
products, rich ...)
@@ -881,7 +887,7 @@ CVE-2019-1010259
 CVE-2019-1010258
        RESERVED
 CVE-2019-1010257 (An Information Disclosure / Data Modification issue exists 
in article2 ...)
-       TODO: check
+       NOT-FOR-US: article2pdf Wordpress plugin
 CVE-2019-1010256
        RESERVED
 CVE-2019-1010255
@@ -1453,13 +1459,13 @@ CVE-2019-9865
 CVE-2019-9864
        RESERVED
 CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in 
the ABUS  ...)
-       TODO: check
+       NOT-FOR-US: ABUS
 CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system 
FUAA5000 ...)
-       TODO: check
+       NOT-FOR-US: ABUS
 CVE-2019-9861
        RESERVED
 CVE-2019-9860 (Due to unencrypted signal communication and predictability of 
rolling  ...)
-       TODO: check
+       NOT-FOR-US: ABUS
 CVE-2019-9859
        RESERVED
 CVE-2019-9858
@@ -11128,9 +11134,9 @@ CVE-2019-5929
 CVE-2019-5928
        RESERVED
 CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 
3.2.0 an ...)
-       TODO: check
+       NOT-FOR-US: 'an' App for iOS
 CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior 
to 6.5  ...)
-       TODO: check
+       NOT-FOR-US: KinagaCMS
 CVE-2019-5925 (Cross-site scripting vulnerability in Dradis Community Edition 
Dradis  ...)
        NOT-FOR-US: Dradis
 CVE-2019-5924 (Cross-site request forgery (CSRF) vulnerability in Smart Forms 
2.6.15  ...)
@@ -28121,7 +28127,7 @@ CVE-2018-19018 (An access of uninitialized pointer 
vulnerability in CX-Superviso
 CVE-2018-19017 (Several use after free vulnerabilities have been identified in 
CX-Supe ...)
        NOT-FOR-US: CX-Supervisor
 CVE-2018-19016 (Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB 
(includes ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2018-19015 (An attacker could inject commands to launch programs and 
create, write ...)
        NOT-FOR-US: CX-Supervisor
 CVE-2018-19014 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, 
all ver ...)
@@ -28165,7 +28171,7 @@ CVE-2018-18996 (LCDS Laquis SCADA prior to version 
4.1.0.4150 allows taking in u
 CVE-2018-18995 (Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and 
GATE-E2 all  ...)
        NOT-FOR-US: ABB GATE-E2
 CVE-2018-18994 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of 
bounds  ...)
-       TODO: check
+       NOT-FOR-US: LCDS Laquis SCADA
 CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been 
discovered i ...)
        NOT-FOR-US: CX-One
 CVE-2018-18992 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in 
user in ...)
@@ -35483,7 +35489,7 @@ CVE-2018-16209
 CVE-2018-16208
        RESERVED
 CVE-2018-16207 (PowerAct Pro Master Agent for Windows Version 5.13 and earlier 
allows  ...)
-       TODO: check
+       NOT-FOR-US: PowerAct Pro Master Agent for Windows
 CVE-2018-16206 (Cross-site scripting vulnerability in WordPress plugin 
spam-byebye 2.2 ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier 
allows  ...)
@@ -36519,15 +36525,15 @@ CVE-2018-15819
 CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An 
attacker ...)
        NOT-FOR-US: Repute ARForms
 CVE-2018-15817 (FastStone Image Viewer 6.5 has a Read Access Violation on 
Block Data M ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2018-15816 (FastStone Image Viewer 6.5 has a Read Access Violation on 
Block Data M ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2018-15815 (FastStone Image Viewer 6.5 has an Exception Handler Chain 
Corrupted is ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting 
at image0 ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting 
at image0 ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2018-15812
        RESERVED
 CVE-2018-15811
@@ -63862,15 +63868,15 @@ CVE-2018-5929
 CVE-2018-5928
        RESERVED
 CVE-2018-5927 (HP Support Assistant before 8.7.50.3 allows an unauthorized 
person wit ...)
-       TODO: check
+       NOT-FOR-US: HP Support Assistant
 CVE-2018-5926 (A potential vulnerability has been identified in HP Remote 
Graphics So ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2018-5925 (A security vulnerability has been identified with certain HP 
Inkjet pr ...)
        NOT-FOR-US: HP Inkjet printers
 CVE-2018-5924 (A security vulnerability has been identified with certain HP 
Inkjet pr ...)
        NOT-FOR-US: HP Inkjet printers
 CVE-2018-5923 (In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet 
Managed ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2018-5922
        RESERVED
 CVE-2018-5921 (A potential security vulnerability has been identified with 
certain HP ...)
@@ -125487,7 +125493,7 @@ CVE-2017-2754
 CVE-2017-2753
        RESERVED
 CVE-2017-2752 (A potential security vulnerability caused by incomplete 
obfuscation of ...)
-       TODO: check
+       NOT-FOR-US: Tommy Hilfiger TH24/7 Android app
 CVE-2017-2751 (A BIOS password extraction vulnerability has been reported on 
certain  ...)
        NOT-FOR-US: firmware on HP notebooks
 CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential 
execut ...)
@@ -125495,7 +125501,7 @@ CVE-2017-2750 (Insufficient Solution DLL Signature 
Validation allows potential e
 CVE-2017-2749
        RESERVED
 CVE-2017-2748 (A potential security vulnerability caused by the use of 
insecure (http ...)
-       TODO: check
+       NOT-FOR-US: Isaac Mizrahi Smartwatch mobile app
 CVE-2017-2747 (HP has identified a potential security vulnerability before 
IG_11_00_0 ...)
        NOT-FOR-US: HP printers
 CVE-2017-2746 (Potential security vulnerabilities have been identified with HP 
JetAdv ...)
@@ -176084,15 +176090,15 @@ CVE-2015-3958 (Hospira LifeCare PCA Infusion System 
5.0 and earlier, and possibl
 CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private 
keys an ...)
        NOT-FOR-US: Hospira LifeCare
 CVE-2015-3956 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum 
A+3 Infus ...)
-       TODO: check
+       NOT-FOR-US: Hospira
 CVE-2015-3955 (Stack-based buffer overflow in Hospira LifeCare PCA Infusion 
System 5. ...)
        NOT-FOR-US: Hospira LifeCare
 CVE-2015-3954 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum 
A+3 Infus ...)
-       TODO: check
+       NOT-FOR-US: Hospira
 CVE-2015-3953 (Hard-coded accounts may be used to access Hospira Plum A+ 
Infusion Sys ...)
-       TODO: check
+       NOT-FOR-US: Hospira
 CVE-2015-3952 (Wireless keys are stored in plain text on Hospira Plum A+ 
Infusion Sys ...)
-       TODO: check
+       NOT-FOR-US: Hospira
 CVE-2015-3951 (RLE Nova-Wind Turbine HMI devices store cleartext credentials, 
which a ...)
        NOT-FOR-US: RLE Nova-Wind Turbines
 CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR 
OS on  ...)
@@ -185500,7 +185506,7 @@ CVE-2015-1014 (A successful exploit of these 
vulnerabilities requires the local
 CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not 
ensure tha ...)
        NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
 CVE-2015-1012 (Wireless keys are stored in plain text on version 5 of the 
Hospira Lif ...)
-       TODO: check
+       NOT-FOR-US: Hospira
 CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded 
credenti ...)
        NOT-FOR-US: Hospira LifeCare
 CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier 
does n ...)
@@ -188667,11 +188673,11 @@ CVE-2014-9191 (The CodeWrights HART Device Type 
Manager (DTM) library in Emerson
 CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware 
InTouch A ...)
        NOT-FOR-US: Schneider Electric
 CVE-2014-9189 (Multiple stack-based buffer overflow vulnerabilities were found 
in Hon ...)
-       TODO: check
+       NOT-FOR-US: Honeywell Experion PKS
 CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in 
Schneider Elec ...)
        NOT-FOR-US: Schneider Electric ProClima
 CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in 
Honeywell ...)
-       TODO: check
+       NOT-FOR-US: Honeywell Experion PKS
 CVE-2014-9186
        RESERVED
 CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 
1.05 a ...)
@@ -197237,7 +197243,7 @@ CVE-2014-6229 (The HashContext class in 
hphp/runtime/ext/ext_hash.cpp in Faceboo
 CVE-2014-6228 (Integer overflow in the string_chunk_split function in 
hphp/runtime/ba ...)
        NOT-FOR-US: Facebook HipHop Virtual Machine
 CVE-2010-5305 (The potential exists for exposure of the product's password 
used to re ...)
-       TODO: check
+       NOT-FOR-US: Rockwell
 CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 
3.22 al ...)
        {DSA-3019-1 DLA-46-1}
        - procmail 3.22-22 (bug #760443)
@@ -198897,13 +198903,13 @@ CVE-2014-5436
 CVE-2014-5435
        RESERVED
 CVE-2014-5434 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 
35700BAX) wi ...)
-       TODO: check
+       NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
 CVE-2014-5433 (An unauthenticated remote attacker may be able to execute 
commands to  ...)
-       TODO: check
+       NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
 CVE-2014-5432 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 
35700BAX) wi ...)
-       TODO: check
+       NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
 CVE-2014-5431 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 
35700BAX) wi ...)
-       TODO: check
+       NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
 CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x 
before 5.6 ...)
        NOT-FOR-US: ABB RobotStudio
 CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 
141 and  ...)
@@ -198963,7 +198969,7 @@ CVE-2014-5403 (Hospira MedNet before 6.1 uses 
hardcoded cryptographic keys for p
 CVE-2014-5402
        REJECTED
 CVE-2014-5401 (Hospira MedNet software version 5.8 and prior uses vulnerable 
versions ...)
-       TODO: check
+       NOT-FOR-US: Hospira
 CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places 
clearte ...)
        NOT-FOR-US: Hospira MedNet
 CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware 
Informati ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/16ed31f7b4a0349ead68b6d7002d630dd8d9ea75...7aab800a599cf472b1bdf5d7fd4d2e46bc522c60

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/16ed31f7b4a0349ead68b6d7002d630dd8d9ea75...7aab800a599cf472b1bdf5d7fd4d2e46bc522c60
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Reply via email to