[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Sat, 29 Jun 2019 10:47:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fc6faeb9 by Salvatore Bonaccorso at 2019-06-29T17:46:13Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72,7 +72,7 @@ CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can 
escalate privilege
 CVE-2019-12996
        RESERVED
 CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading 
to "Epoch ...)
-       TODO: check
+       NOT-FOR-US: Istio
 CVE-2019-12994
        RESERVED
 CVE-2019-12993
@@ -147,7 +147,7 @@ CVE-2019-12968 (A vulnerability was found in the Sonic Robo 
Blast 2 (SRB2) plugi
 CVE-2019-12967
        RESERVED
 CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution 
during a J ...)
-       TODO: check
+       NOT-FOR-US: FeHelper
 CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in 
the functi ...)
        TODO: check
 CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp, 
pi_next_rlcp, pi ...)
@@ -8740,7 +8740,7 @@ CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID 
Connect extension for D
        NOTE: 
https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
        NOTE: 
https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66
 CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices 
(AMD)  ...)
-       TODO: check
+       NOT-FOR-US: AMD Secure Encrypted Virtualization (SEV)
 CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless 
Keyboard Set L ...)
        NOT-FOR-US: Fujitsu Wireless Keyboard Set LX901 GK900 devices
 CVE-2019-9834 (The Netdata web application through 1.13.0 allows remote 
attackers to  ...)
@@ -10947,7 +10947,7 @@ CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp 
V1.6.1. In the inc/zzz_t
 CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user 
via th ...)
        NOT-FOR-US: S-CMS
 CVE-2019-9039 (The Couchbase Sync Gateway 2.1.2 in combination with a 
Couchbase Serve ...)
-       TODO: check
+       NOT-FOR-US: Couchbase Sync Gateway
 CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File 
I/O Libra ...)
        - libmatio 1.5.13-2 (low; bug #924185)
        [stretch] - libmatio <no-dsa> (Minor issue)
@@ -23886,7 +23886,7 @@ CVE-2019-3634
 CVE-2019-3633
        RESERVED
 CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security 
Manage ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3631 (Command Injection vulnerability in McAfee Enterprise Security 
Manager  ...)
        NOT-FOR-US: McAfee
 CVE-2019-3630 (Command Injection vulnerability in McAfee Enterprise Security 
Manager  ...)
@@ -36183,7 +36183,7 @@ CVE-2018-18960 (An issue was discovered on Epson 
WorkForce WF-2861 10.48 LQ22I3,
 CVE-2018-18959 (An issue was discovered on Epson WorkForce WF-2861 10.48 
LQ22I3, 10.51 ...)
        NOT-FOR-US: Epson
 CVE-2018-18958 (OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. 
...)
-       TODO: check
+       NOT-FOR-US: OPNsense
 CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a 
stack-based buffe ...)
        NOT-FOR-US: libIEC61850
 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in 
Suricata 4.x b ...)
@@ -39867,7 +39867,7 @@ CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has 
SQL Injection via a status
 CVE-2018-17561
        RESERVED
 CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 
prior to 1. ...)
-       TODO: check
+       NOT-FOR-US: Grouptime Teamwire Client
 CVE-2018-17559
        RESERVED
 CVE-2018-17558
@@ -40871,7 +40871,7 @@ CVE-2018-17172 (The web application on Xerox AltaLink 
B80xx before 100.008.028.0
 CVE-2018-17171
        RESERVED
 CVE-2018-17170 (Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on 
Windows allo ...)
-       TODO: check
+       NOT-FOR-US: Grouptime Teamwire Desktop Client
 CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn 
version 4.1.4  ...)
        NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site 
Request Forger ...)
@@ -44372,7 +44372,7 @@ CVE-2018-15869 (An Amazon Web Services (AWS) developer 
who does not specify the
        NOTE: https://github.com/hashicorp/packer/issues/6584
        NOTE: https://github.com/aws/aws-cli/issues/3629
 CVE-2018-15868 (SQL injection vulnerability in ChronoScan version 1.5.4.3 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: ChronoScan
 CVE-2018-15867
        RESERVED
 CVE-2018-15866
@@ -45242,11 +45242,11 @@ CVE-2018-15559 (The editor in Xiuno BBS 4.0.4 allows 
stored XSS. ...)
 CVE-2018-15558
        RESERVED
 CVE-2018-15557 (An issue was discovered in the Quantenna WiFi Controller on 
Telus Acti ...)
-       TODO: check
+       NOT-FOR-US: Telus Actiontec WEB6000Q devices
 CVE-2018-15556 (The Quantenna WiFi Controller on Telus Actiontec WEB6000Q 
v1.1.02.22 a ...)
-       TODO: check
+       NOT-FOR-US: Telus Actiontec WEB6000Q devices
 CVE-2018-15555 (On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker 
can login  ...)
-       TODO: check
+       NOT-FOR-US: Telus Actiontec WEB6000Q devices
 CVE-2018-15554
        RESERVED
 CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 
devices allo ...)
@@ -45317,9 +45317,9 @@ CVE-2018-15522
 CVE-2018-15521
        RESERVED
 CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). 
...)
-       TODO: check
+       NOT-FOR-US: Lexmark devices
 CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). 
...)
-       TODO: check
+       NOT-FOR-US: Lexmark devices
 CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or 
corruption dur ...)
        {DSA-4374-1 DLA-1786-1 DLA-1627-1}
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
@@ -46613,13 +46613,13 @@ CVE-2018-14921
 CVE-2018-14920
        RESERVED
 CVE-2018-14919 (LOYTEC LGATE-902 6.3.2 devices allow XSS. ...)
-       TODO: check
+       NOT-FOR-US: LOYTEC LGATE-902 devices
 CVE-2018-14918 (LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. ...)
-       TODO: check
+       NOT-FOR-US: LOYTEC LGATE-902 devices
 CVE-2018-14917
        REJECTED
 CVE-2018-14916 (LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. 
...)
-       TODO: check
+       NOT-FOR-US: LOYTEC LGATE-902 devices
 CVE-2018-14915
        REJECTED
 CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a 
Buffer Overflo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc6faeb9e1c800d553df325fd5590030c521749f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc6faeb9e1c800d553df325fd5590030c521749f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to