[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 13 May 2019 13:31:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e9cc08fa by Salvatore Bonaccorso at 2019-05-13T20:29:47Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,7 +71,7 @@ CVE-2019-12049
 CVE-2019-12048
        RESERVED
 CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability through which the 
Nodejs module ...)
-       TODO: check
+       NOT-FOR-US: Gridea
 CVE-2019-12045
        RESERVED
 CVE-2019-12044
@@ -399,7 +399,7 @@ CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka 
yellow-pencil-visual
 CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 
0.9.97.21 for ...)
        NOT-FOR-US: AMP for WP plugin for WordPress
 CVE-2019-11885 (eyeDisk implements the unlock feature by sending a cleartext 
password. ...)
-       TODO: check
+       NOT-FOR-US: eyeDisk
 CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c 
in the Li ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
@@ -832,7 +832,7 @@ CVE-2019-11682 (A buffer overflow in the SMTP response 
service in MailCarrier 2.
 CVE-2019-11681
        RESERVED
 CVE-2019-11680 (KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by 
uploading a ...)
-       TODO: check
+       NOT-FOR-US: KonaKart
 CVE-2019-11679
        RESERVED
 CVE-2019-11678 (The "default reports" feature in Zoho ManageEngine Firewall 
Analyzer b ...)
@@ -1514,7 +1514,7 @@ CVE-2019-11431
 CVE-2019-11430
        RESERVED
 CVE-2019-11429 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 
(Free/Open So ...)
-       TODO: check
+       NOT-FOR-US: CentOS-WebPanel.com
 CVE-2019-11428 (I, Librarian 4.10 has XSS via the export.php export_files 
parameter. ...)
        - i-librarian <itp> (bug #649291)
 CVE-2019-11427 (An XSS issue was discovered in app/search/search.app.php in 
idreamsoft ...)
@@ -6379,9 +6379,9 @@ CVE-2019-9729 (In Shanda MapleStory Online V160, the 
SdoKeyCrypt.sys driver allo
 CVE-2019-9728
        RESERVED
 CVE-2019-9727 (Unauthenticated password hash disclosure in the User.getUserPWD 
method ...)
-       TODO: check
+       NOT-FOR-US: eQ-3 AG Homematic CCU3
 CVE-2019-9726 (Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic 
CCU3 3. ...)
-       TODO: check
+       NOT-FOR-US: eQ-3 AG Homematic CCU3
 CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 
5601f devi ...)
        NOT-FOR-US: Korenix JetPort devices
 CVE-2019-9724 (aquaverde Aquarius CMS through 4.3.5 allows Information 
Exposure throu ...)
@@ -9815,7 +9815,7 @@ CVE-2019-8352
 CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 
certif ...)
        NOT-FOR-US: Heimdal Thor Agent
 CVE-2019-8350 (The Simple - Better Banking application 2.45.0 through 2.45.3 
(fixed i ...)
-       TODO: check
+       NOT-FOR-US: Simple - Better Banking application for Android
 CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 
2.7.4 all ...)
        NOT-FOR-US: HTMLy
 CVE-2019-8348
@@ -9833,7 +9833,7 @@ CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there 
is a use-after-free in
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556
        NOTE: Crash in CLI tool, no security impact
 CVE-2019-8342 (A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 
3.1.0. ...)
-       TODO: check
+       NOT-FOR-US: Foxit Reader
 CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string 
function is pr ...)
        - jinja2 <unfixed> (unimportant)
        NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution
@@ -11249,7 +11249,7 @@ CVE-2019-7692 (install/install.php in CIM 0.9.3 allows 
remote attackers to execu
 CVE-2019-7691
        RESERVED
 CVE-2019-7690 (In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH 
privat ...)
-       TODO: check
+       NOT-FOR-US: MobaTek MobaXterm
 CVE-2019-7689
        RESERVED
 CVE-2019-7688
@@ -12038,11 +12038,11 @@ CVE-2019-7413 (In the Parallax Scroll (aka 
adamrob-parallax-scroll) plugin befor
 CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress 
mishandles san ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop 
Launcher ...)
-       TODO: check
+       NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
 CVE-2019-7410
        RESERVED
 CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in 
ProfileDesign C ...)
-       TODO: check
+       NOT-FOR-US: ProfileDesign CMS
 CVE-2019-7408
        RESERVED
 CVE-2019-7407
@@ -12052,7 +12052,7 @@ CVE-2019-7406
 CVE-2019-7405
        RESERVED
 CVE-2019-7404 (An issue was discovered on LG GAMP-7100, GAPM-7200, and 
GAPM-8000 rout ...)
-       TODO: check
+       NOT-FOR-US: LG routers
 CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote 
attackers t ...)
        NOT-FOR-US: PHPMyWind
 CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in 
includ ...)
@@ -19444,7 +19444,7 @@ CVE-2019-4261
 CVE-2019-4260
        RESERVED
 CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum 
Scale 4.1 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard 
Edition is vu ...)
        NOT-FOR-US: IBM
 CVE-2019-4257
@@ -20815,7 +20815,7 @@ CVE-2019-3704 (VNX Control Station in Dell EMC VNX2 OE 
for File versions prior t
 CVE-2019-3703
        RESERVED
 CVE-2019-3702 (A Remote Code Execution issue in the DNS Query Web UI in 
Lifesize Icon ...)
-       TODO: check
+       NOT-FOR-US: Lifesize
 CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in 
the Linux ...)
        {DLA-1771-1 DLA-1731-1}
        - linux 4.19.20-1 (unimportant)
@@ -26580,15 +26580,15 @@ CVE-2018-19992 (A stored cross-site scripting (XSS) 
vulnerability in Dolibarr 8.
 CVE-2018-19991 (VeryNginx 0.3.3 allows remote attackers to bypass the Web 
Application  ...)
        NOT-FOR-US: VeryNginx
 CVE-2018-19990 (In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2018-19989 (In the /HNAP1/SetQoSSettings message, the uplink parameter is 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2018-19988 (In the /HNAP1/SetClientInfoDemo message, the AudioMute and 
AudioEnable ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2018-19987 (D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L 
Rev.B 2 ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2018-19986 (In the /HNAP1/SetRouterSettings message, the RemotePort 
parameter is v ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2018-19985 (The function hso_get_config_data in drivers/net/usb/hso.c in 
the Linux ...)
        {DLA-1771-1 DLA-1731-1}
        - linux 4.19.13-1
@@ -33078,7 +33078,7 @@ CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 
5.3.3 allows remote authenti
 CVE-2018-19038
        RESERVED
 CVE-2018-19037 (On Virgin Media wireless router 3.0 hub devices, the web 
interface is  ...)
-       TODO: check
+       NOT-FOR-US: Virgin Media wireless router
 CVE-2018-19036 (An issue was discovered in several Bosch IP cameras for 
firmware versi ...)
        NOT-FOR-US: Bosch
 CVE-2018-19035
@@ -33444,7 +33444,7 @@ CVE-2018-18873 (An issue was discovered in JasPer 
2.0.14. There is a NULL pointe
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/184
 CVE-2018-18872 (The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress 
has Stor ...)
-       TODO: check
+       NOT-FOR-US: Kieran O'Shea Calendar plugin for WordPress
 CVE-2018-18871 (Missing password verification in the web interface on Gigaset 
Maxwell  ...)
        NOT-FOR-US: Gigaset
 CVE-2018-18870
@@ -39443,9 +39443,9 @@ CVE-2018-16626 (index.php/Admin/Classes in Typesetter 
5.1 allows XSS via the des
 CVE-2018-16625 (index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an 
SVG file  ...)
        TODO: check
 CVE-2018-16624 (panel/pages/home/edit in Kirby v2.5.12 allows XSS via the 
title of a n ...)
-       TODO: check
+       NOT-FOR-US: Kirby
 CVE-2018-16623 (Kirby V2.5.12 is prone to a Persistent XSS attack via the 
Title of the ...)
-       TODO: check
+       NOT-FOR-US: Kirby
 CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in 
/api/content/ad ...)
        NOT-FOR-US: DoraCMS
 CVE-2018-16621 (Sonatype Nexus Repository Manager before 3.14 allows Java 
Expression L ...)
@@ -42320,7 +42320,7 @@ CVE-2018-15532 (SynTP.sys in Synaptics Touchpad drivers 
before 2018-06-06 allows
 CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in 
bull/javam ...)
        NOT-FOR-US: JavaMelody
 CVE-2018-15530 (Cross-site scripting (XSS) in the web interface of the Xerox 
ColorQube ...)
-       TODO: check
+       NOT-FOR-US: Xerox
 CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny 
"Monito ...)
        NOT-FOR-US: Mutiny appliance
 CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System 
Solutions SSO ...)
@@ -44202,15 +44202,15 @@ CVE-2018-14716 (A Server Side Template Injection 
(SSTI) was discovered in the SE
 CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the 
smart contra ...)
        NOT-FOR-US: smart contract implementations for Cryptogs
 CVE-2018-14714 (System command injection in appGet.cgi on ASUS RT-AC3200 
version 3.0.0 ...)
-       TODO: check
+       NOT-FOR-US: ASUS RT-AC3200
 CVE-2018-14713 (Format string vulnerability in appGet.cgi on ASUS RT-AC3200 
version 3. ...)
-       TODO: check
+       NOT-FOR-US: ASUS RT-AC3200
 CVE-2018-14712 (Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 
3.0.0.4.382.50 ...)
-       TODO: check
+       NOT-FOR-US: ASUS RT-AC3200
 CVE-2018-14711 (Missing cross-site request forgery protection in appGet.cgi on 
ASUS RT ...)
-       TODO: check
+       NOT-FOR-US: ASUS RT-AC3200
 CVE-2018-14710 (Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 
3.0.0.4.3 ...)
-       TODO: check
+       NOT-FOR-US: ASUS RT-AC3200
 CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS 
version ...)
        NOT-FOR-US: Dashboard API on Drobo 5N2 NAS
 CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on 
Drobo 5N ...)
@@ -50737,25 +50737,25 @@ CVE-2018-12306 (Directory Traversal in File Explorer 
in ASUSTOR ADM version 3.1.
 CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 
3.1.1 all ...)
        NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12304 (Cross-site scripting in Application Manager in Seagate NAS OS 
version  ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12303 (Cross-site scripting in filebrowser in Seagate NAS OS version 
4.3.15.1 ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12302 (Missing HTTPOnly flag on session cookies in the Seagate NAS OS 
version ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12301 (Unvalidated URL in Download Manager in Seagate NAS OS version 
4.3.15.1 ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12300 (Arbitrary Redirect in echo-server.html in Seagate NAS OS 
version 4.3.1 ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12299 (Cross-site scripting in filebrowser in Seagate NAS OS version 
4.3.15.1 ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12298 (Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12297 (Cross-site scripting in API error pages in Seagate NAS OS 
version 4.3. ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12296 (Insufficient access control in 
/api/external/7.0/system.System.get_inf ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12295 (SQL injection in folderViewSpecific.psp in Seagate NAS OS 
version 4.3. ...)
-       TODO: check
+       NOT-FOR-US: Seagate NAS OS
 CVE-2018-12294 (WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in 
WebKit, as  ...)
        - webkit2gtk 2.20.2-1 (unimportant)
        NOTE: Not covered by security support
@@ -99622,7 +99622,7 @@ CVE-2017-12759 (Ynet Interactive - 
http://demo.ynetinteractive.com/soa/ SOA Scho
 CVE-2017-12758 (https://www.joomlaextensions.co.in/ Joomla! Component 
Appointment 1.1  ...)
        NOT-FOR-US: Joomla! Component Appointment
 CVE-2017-12757 (Certain Ambit Technologies Pvt. Ltd products are affected by: 
SQL Inje ...)
-       TODO: check
+       NOT-FOR-US: Ambit
 CVE-2017-12756 (Command inject in transfer from another server in extplorer 
2.1.9 and  ...)
        {DLA-1063-1}
        - extplorer <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9cc08faeb7320e8460d361480d442b6e78a25ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9cc08faeb7320e8460d361480d442b6e78a25ae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to