[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 01 Apr 2019 13:21:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6f10f2a8 by Salvatore Bonaccorso at 2019-04-01T20:19:45Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2019-10686 (An SSRF vulnerability was found in an API from 
Ctrip Apollo thro
 CVE-2019-10685
        RESERVED
 CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 
74cms v5.0. ...)
-       TODO: check
+       NOT-FOR-US: 74cms
 CVE-2019-10683
        RESERVED
 CVE-2019-10682
@@ -4359,7 +4359,7 @@ CVE-2019-9134
 CVE-2019-9133
        RESERVED
 CVE-2019-9132 (Remote code execution vulnerability exists in KaKaoTalk PC 
messenger w ...)
-       TODO: check
+       NOT-FOR-US: KaKaoTalk PC messenger
 CVE-2019-9131
        RESERVED
 CVE-2019-9130
@@ -10174,7 +10174,7 @@ CVE-2019-6717
 CVE-2019-6716 (An unauthenticated Insecure Direct Object Reference (IDOR) in 
Wicket C ...)
        NOT-FOR-US: LogonBox Nervepoint Access Manager
 CVE-2019-6715 (pub/sns.php in the W3 Total Cache plugin before 0.9.4 for 
WordPress al ...)
-       TODO: check
+       NOT-FOR-US: W3 Total Cache plugin for WordPress
 CVE-2019-6714 (An issue was discovered in BlogEngine.NET through 3.3.6.0. A 
path trav ...)
        NOT-FOR-US: BlogEngine.NET
 CVE-2019-6713 (app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 
allows ...)
@@ -13189,7 +13189,7 @@ CVE-2019-5525
 CVE-2019-5524
        RESERVED
 CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to 
9.5.0.3 up ...)
-       TODO: check
+       NOT-FOR-US: VMware vCloud Director for Service Providers
 CVE-2019-5522
        RESERVED
 CVE-2019-5521
@@ -23759,7 +23759,7 @@ CVE-2019-1574
 CVE-2019-1573
        RESERVED
 CVE-2019-1572 (PAN-OS 9.0.0 may allow an unauthenticated remote user to access 
php fi ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2019-1571 (The Expedition Migration tool 1.1.8 and earlier may allow an 
authentic ...)
        TODO: check
 CVE-2019-1570 (The Expedition Migration tool 1.1.8 and earlier may allow an 
authentic ...)
@@ -43920,39 +43920,39 @@ CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument 
(AVCodecParameters) passed
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
        NOTE: Fixed in 3.2.11
 CVE-2018-13299 (Relative path traversal vulnerability in Attachment Uploader 
in Synolo ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13298 (Channel accessible by non-endpoint vulnerability in privacy 
page in Sy ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13297 (Information exposure vulnerability in SYNO.SynologyDrive.Files 
in Syno ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13296 (Uncontrolled resource consumption vulnerability in TLS 
configuration i ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13295 (Information exposure vulnerability in 
SYNO.Personal.Application.Info i ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13294 (Information exposure vulnerability in SYNO.Personal.Profile in 
Synolog ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13293 (Cross-site scripting (XSS) vulnerability in Control Panel SSO 
Settings ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13292 (Information exposure vulnerability in /usr/syno/etc/mount.conf 
in Syno ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13291 (Information exposure vulnerability in /usr/syno/etc/mount.conf 
in Syno ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13290 (Information exposure vulnerability in SYNO.Core.ACL in 
Synology Router ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13289 (Information exposure vulnerability in SYNO.FolderSharing.List 
in Synol ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13288 (Information exposure vulnerability in SYNO.FolderSharing.List 
in Synol ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13287 (Incorrect default permissions vulnerability in synouser.conf 
in Synolo ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13286 (Incorrect default permissions vulnerability in synouser.conf 
in Synolo ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13285 (Command injection vulnerability in ftpd in Synology Router 
Manager (SR ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13284 (Command injection vulnerability in ftpd in Synology 
Diskstation Manage ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13283 (Lack of administrator control over security vulnerability in 
client.cg ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-13282 (Session fixation vulnerability in SYNO.PhotoStation.Auth in 
Synology P ...)
        NOT-FOR-US: Synology Photo Station
 CVE-2018-13281 (Information exposure vulnerability in SYNO.Core.ACL in 
Synology DiskSt ...)
@@ -55842,7 +55842,7 @@ CVE-2018-8915 (Cross-site scripting (XSS) vulnerability 
in Notification Center i
 CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media 
Server befor ...)
        NOT-FOR-US: Synology Media Server
 CVE-2018-8913 (Missing custom error page vulnerability in Synology Web Station 
before ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in 
SYNO.NoteStation.Note in S ...)
        NOT-FOR-US: Synology Note Station
 CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview 
in Syno ...)
@@ -65439,7 +65439,7 @@ CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 
does not properly maintai
 CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive 
Jive-n 9.0. ...)
        NOT-FOR-US: Aurea Jive Jive-n
 CVE-2018-5757 (An issue was discovered on AudioCodes 450HD IP Phone devices 
with firm ...)
-       TODO: check
+       NOT-FOR-US: AudioCodes 450HD IP Phone devices
 CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before 
7.6.3-rev36, ...)
        NOT-FOR-US: Open-Xchange
 CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine 
component in ...)
@@ -83340,9 +83340,9 @@ CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion 
plugin (aka vagrant-vmware-fu
 CVE-2017-16776 (Security researchers discovered an authentication bypass 
vulnerability ...)
        NOT-FOR-US: Conserus Workflow Intelligence
 CVE-2017-16775 (Improper restriction of rendered UI layers or frames 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2017-16774 (Cross-site scripting (XSS) vulnerability in 
SYNO.Core.PersonalNotifica ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in 
Synology  ...)
        NOT-FOR-US: Synology
 CVE-2017-16772 (Improper input validation vulnerability in 
SYNOPHOTO_Flickr_MultiUploa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f10f2a8c2bd2966f80219dc6f77a584f98fa6ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f10f2a8c2bd2966f80219dc6f77a584f98fa6ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to