Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5ca4d67 by Salvatore Bonaccorso at 2019-07-09T20:17:39Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2019-13463
CVE-2019-13462
RESERVED
CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and
id_addre ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2019-13460
RESERVED
CVE-2019-13459
@@ -138,7 +138,7 @@ CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a
hard-coded SSL/TLS ke
CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to
execute ...)
NOT-FOR-US: Dynacolor
CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2019-13396
RESERVED
CVE-2019-13395
@@ -429,7 +429,7 @@ CVE-2019-13282 (In Xpdf 4.01.01, a heap-based buffer
over-read could be triggere
CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be
triggered in DC ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03
contains ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2019-13279
RESERVED
CVE-2019-13278
@@ -749,7 +749,7 @@ CVE-2019-13144
CVE-2019-13143
RESERVED
CVE-2019-13142 (The RzSurroundVADStreamingService
(RzSurroundVADStreamingService.exe) ...)
- TODO: check
+ NOT-FOR-US: Razer Surround
CVE-2019-13141
RESERVED
CVE-2019-13140
@@ -959,7 +959,7 @@ CVE-2019-13072 (Stored XSS in the Filters page (Name field)
in ZoneMinder 1.32.3
CVE-2019-13071
RESERVED
CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of
CyberPower ...)
- TODO: check
+ NOT-FOR-US: CyberPower PowerPanel Business Edition
CVE-2019-13069
RESERVED
CVE-2019-13068 (public/app/features/panel/panel_ctrl.ts in Grafana before
6.2.5 allows ...)
@@ -1723,7 +1723,7 @@ CVE-2019-12784
CVE-2019-12783
RESERVED
CVE-2019-12782 (An authorization bypass vulnerability in pinboard updates in
ThoughtSp ...)
- TODO: check
+ NOT-FOR-US: ThoughtSpot
CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1
before 2.1. ...)
{DSA-4476-1 DLA-1842-1}
- python-django 1:1.11.22-1 (bug #931316)
@@ -1821,9 +1821,9 @@ CVE-2019-12749 (dbus before 1.10.28, 1.12.x before
1.12.16, and 1.13.x before 1.
NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
NOTE:
https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows
Deserialization ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2019-12746
RESERVED
CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored
Cross-Site S ...)
@@ -3687,7 +3687,7 @@ CVE-2019-11993
CVE-2019-11992
RESERVED
CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service
Processor (SP) ...)
- TODO: check
+ NOT-FOR-US: HPE 3PAR Service Processor
CVE-2019-11990
RESERVED
CVE-2019-11989
@@ -3893,9 +3893,9 @@ CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access
Control. ...)
- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
CVE-2019-11890 (Sony Bravia Smart TV devices allow remote attackers to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: Sony Bravia Smart TV devices
CVE-2019-11889 (Sony BRAVIA Smart TV devices allow remote attackers to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: Sony BRAVIA Smart TV devices
CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with
a nil en ...)
- golang-1.12 <not-affected> (Only affects Go on Windows)
- golang-1.11 <not-affected> (Only affects Go on Windows)
@@ -12513,7 +12513,7 @@ CVE-2019-8922
CVE-2019-8921
RESERVED
CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to
CVE-2008-3569. ...)
- TODO: check
+ NOT-FOR-US: XAMPP
CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through
2.2.13 f ...)
NOT-FOR-US: Seafile Android Client
CVE-2019-8918
@@ -24148,9 +24148,9 @@ CVE-2019-3952
CVE-2019-3951
RESERVED
CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a
hardcoded ...)
- TODO: check
+ NOT-FOR-US: Arlo Basestation firmware
CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware
contain a ...)
- TODO: check
+ NOT-FOR-US: Arlo Basestation firmware
CVE-2019-3948
RESERVED
CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database
credentials in ...)
@@ -45920,7 +45920,7 @@ CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7
has XSS on the "Workflow
CVE-2018-15739
RESERVED
CVE-2018-15738 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
- TODO: check
+ NOT-FOR-US: STOPzilla AntiMalware
CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
NOT-FOR-US: STOPzilla
CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5ca4d67e46a76bbce3ddc706503b6b666c11620
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5ca4d67e46a76bbce3ddc706503b6b666c11620
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
