[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Fri, 07 Jun 2019 14:18:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f94a6ac7 by Salvatore Bonaccorso at 2019-06-07T21:16:00Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2019-12778
        RESERVED
 CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, 
Pixelato ...)
-       TODO: check
+       NOT-FOR-US: ENTTEC
 CVE-2019-12776 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, 
Pixelato ...)
-       TODO: check
+       NOT-FOR-US: ENTTEC
 CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, 
Pixelato ...)
-       TODO: check
+       NOT-FOR-US: ENTTEC
 CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in 
the web ...)
-       TODO: check
+       NOT-FOR-US: ENTTEC
 CVE-2019-12773
        RESERVED
 CVE-2019-12772
        RESERVED
 CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via 
shell m ...)
-       TODO: check
+       NOT-FOR-US: ThinStation
 CVE-2019-12770
        RESERVED
 CVE-2019-12769
@@ -29,7 +29,7 @@ CVE-2019-12765
 CVE-2019-12764
        RESERVED
 CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android 
stores po ...)
-       TODO: check
+       NOT-FOR-US: Security Camera CZ application for Android
 CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger 
touchscreen anoma ...)
        NOT-FOR-US: Xiaomi Mi 5s Plus devices
 CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via 
crafted ...)
@@ -369,13 +369,13 @@ CVE-2019-12614 (An issue was discovered in 
dlpar_parse_cc_property in arch/power
        NOTE: This is a potential null pointer dereference that looks like it 
can
        NOTE: only be invoked by root or the hypervisor.  Probably no security 
impact.
 CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 
7.11.x before ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 
7.11.x before ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows 
SQL Inj ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 
7.11.x before ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2019-12597
        RESERVED
 CVE-2019-12596
@@ -628,7 +628,7 @@ CVE-2019-12479
 CVE-2019-12478
        RESERVED
 CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the 
openLiveURL f ...)
-       TODO: check
+       NOT-FOR-US: Supra Smart Cloud TV
 CVE-2019-12476
        RESERVED
 CVE-2019-12475
@@ -12036,9 +12036,9 @@ CVE-2019-8285 (Kaspersky Lab Antivirus Engine version 
before 04.apr.2019 has a h
 CVE-2019-8284
        RESERVED
 CVE-2019-8283 (Hasplm cookie in Gemalto Admin Control Center, all versions 
prior to 7 ...)
-       TODO: check
+       NOT-FOR-US: Gemalto Admin Control Center
 CVE-2019-8282 (Gemalto Admin Control Center, all versions prior to 7.92, uses 
clearte ...)
-       TODO: check
+       NOT-FOR-US: Gemalto Admin Control Center
 CVE-2019-8281
        RESERVED
 CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability 
in VNC c ...)
@@ -21858,15 +21858,15 @@ CVE-2019-4072 (IBM Tivoli Storage Productivity Center 
(IBM Spectrum Control Stan
 CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control 
Standard  ...)
        NOT-FOR-US: IBM
 CVE-2019-4070 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4069 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 
does not p ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4068 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4067 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 
does not r ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4066 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 
could allo ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4065
        RESERVED
 CVE-2019-4064
@@ -23428,7 +23428,7 @@ CVE-2019-3479 (Mitigates a potential remote code 
execution issue in ArcSight Log
 CVE-2019-3478
        RESERVED
 CVE-2019-3477 (Micro Focus Solution Business Manager versions prior to 11.4.2 
is susc ...)
-       TODO: check
+       NOT-FOR-US: Micro Focus Solution Business Manager
 CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, 
version ...)
        NOT-FOR-US: Micro Focus Data Protector
 CVE-2019-3475 (A local privilege escalation vulnerability in the famtd 
component of M ...)
@@ -27338,7 +27338,7 @@ CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the 
Page title, Meta descriptio
 CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the 
Layout Vari ...)
        NOT-FOR-US: FUEL CMS
 CVE-2018-20135 (Samsung Galaxy Apps before 4.4.01.7 allows modification of the 
hostnam ...)
-       TODO: check
+       NOT-FOR-US: Samsung Galaxy Apps
 CVE-2018-20134
        RESERVED
 CVE-2018-20133 (ymlref allows code injection. ...)
@@ -28667,7 +28667,7 @@ CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 
devices allow attackers
 CVE-2018-19979
        RESERVED
 CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE 
configuration in ...)
-       TODO: check
+       NOT-FOR-US: Auerswald COMfort
 CVE-2018-19977 (A command injection (missing input validation, escaping) in 
the ftp up ...)
        NOT-FOR-US: Auerswald COMfort
 CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule 
is expose ...)
@@ -33609,15 +33609,15 @@ CVE-2018-19467
 CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. 
Portainer stores ...)
        NOT-FOR-US: Portainer
 CVE-2018-19465 (Maccms through 8.0 allows XSS via the site_keywords field to 
index.php ...)
-       TODO: check
+       NOT-FOR-US: Maccms
 CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because 
admincp/admincp_setting. ...)
        NOT-FOR-US: Discuz!
 CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP 
through  ...)
        NOT-FOR-US: Z-BlogPHP
 CVE-2018-19462 (admin\db\DoSql.php in EmpireCMS through 7.5 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: EmpireCMS
 CVE-2018-19461 (admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via 
crafted SQL ...)
-       TODO: check
+       NOT-FOR-US: EmpireCMS
 CVE-2018-19460
        RESERVED
 CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black 
Domain List ...)
@@ -33675,7 +33675,7 @@ CVE-2018-19453 (Kentico CMS before 11.0.45 allows 
unrestricted upload of a file
 CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in 
IReader_Co ...)
        TODO: check
 CVE-2018-19451 (A command injection can occur for specially crafted PDF files 
in Foxit ...)
-       TODO: check
+       NOT-FOR-US: Foxit Reader
 CVE-2018-19450
        RESERVED
 CVE-2018-19449
@@ -71422,7 +71422,7 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 
and earlier, 1.7.10 and
 CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue 
allows ...)
        NOT-FOR-US: Zoho
 CVE-2018-5798 (This CVE relates to an unspecified cross site scripting 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Cloudera Manager
 CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless 
WiNG 5.x b ...)
        NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
 CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless 
WiNG 5.x b ...)
@@ -73008,9 +73008,9 @@ CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices 
allow remote attackers to
 CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers 
to obta ...)
        NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5265 (Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Ubiquiti EdgeOS
 CVE-2018-5264 (Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow 
remote att ...)
-       TODO: check
+       NOT-FOR-US: Ubiquiti UniFi 52 devices
 CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension 
before 4.0. ...)
        NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
 CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and 
earlier  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f94a6ac77eb8e432b83deb978ab69983439ca969

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f94a6ac77eb8e432b83deb978ab69983439ca969
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to