[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 11 Jul 2019 13:25:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d57c9d2f by Salvatore Bonaccorso at 2019-07-11T20:25:11Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2019-13566
 CVE-2019-13565
        RESERVED
 CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 
1.5. ...)
-       TODO: check
+       NOT-FOR-US: Ping Identity Agentless Integration Kit
 CVE-2019-13563 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for 
the enti ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-13562 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as 
demonstra ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-13559
        RESERVED
 CVE-2019-13558
@@ -119,11 +119,11 @@ CVE-2019-13509
 CVE-2019-13508
        RESERVED
 CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. 
...)
-       TODO: check
+       NOT-FOR-US: hidea.com AZ Admin
 CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, 
mishandle ...)
        TODO: check
 CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress 
allows XSS vi ...)
-       TODO: check
+       NOT-FOR-US: Appointment Hour Booking plugin for WordPress
 CVE-2019-13504 (There is an out-of-bounds read in 
Exiv2::MrwImage::readMetadata in mrw ...)
        TODO: check
 CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based 
buffer o ...)
@@ -2371,11 +2371,11 @@ CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 
7.11.x before 7.11.5 allows S
 CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 
7.11.x before ...)
        NOT-FOR-US: SuiteCRM
 CVE-2019-12597 (An issue was discovered in Zoho ManageEngine AssetExplorer. 
There is X ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12596 (An issue was discovered in Zoho ManageEngine AssetExplorer. 
There is X ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12595 (An issue was discovered in Zoho ManageEngine AssetExplorer. 
There is X ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
        {DSA-4478-1 DLA-1845-1}
        - dosbox <unfixed> (bug #931222)
@@ -2488,13 +2488,13 @@ CVE-2019-12542 (An issue was discovered in Zoho 
ManageEngine ServiceDesk Plus 9.
 CVE-2019-12541 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 
9.3. The ...)
        NOT-FOR-US: Zoho ManageEngine ServiceDesk
 CVE-2019-12540 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 
10.5. Th ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine ServiceDesk
 CVE-2019-12539 (An issue was discovered in the Purchase component of Zoho 
ManageEngine ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2019-12538 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 
9.3. The ...)
        NOT-FOR-US: Zoho ManageEngine ServiceDesk
 CVE-2019-12537 (An issue was discovered in Zoho ManageEngine AssetExplorer. 
There is X ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12536
        RESERVED
 CVE-2019-12535
@@ -6345,7 +6345,7 @@ CVE-2019-11064
 CVE-2019-11063
        RESERVED
 CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS 
Command Inj ...)
-       TODO: check
+       NOT-FOR-US: SUNNET WMPro for eLearning system
 CVE-2019-11061
        RESERVED
 CVE-2019-11060
@@ -7498,7 +7498,7 @@ CVE-2019-10653 (An issue was discovered in Hsycms V1.1. 
There is a SQL injection
 CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows 
remote a ...)
        NOT-FOR-US: flatCore
 CVE-2019-10651 (An issue was discovered in the Core Server in Ivanti Endpoint 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer 
over-read in ...)
        {DSA-4436-1 DLA-1785-1}
        - imagemagick 8:6.9.10.23+dfsg-2.1 (bug #926091)
@@ -10792,7 +10792,7 @@ CVE-2019-9658 (Checkstyle before 8.18 loads external 
DTDs by default. ...)
        NOTE: https://github.com/checkstyle/checkstyle/pull/6476
        NOTE: 
https://github.com/checkstyle/checkstyle/commit/180b4fe37a2249d4489d584505f2b7b3ab162ec6
 CVE-2019-9657 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access 
Control, a d ...)
-       TODO: check
+       NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices
 CVE-2019-9656 (An issue was discovered in LibOFX 0.9.14. There is a NULL 
pointer dere ...)
        - libofx <unfixed> (unimportant; bug #924350)
        NOTE: https://github.com/libofx/libofx/issues/22
@@ -35038,7 +35038,7 @@ CVE-2018-19590
 CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 
R2 provid ...)
        NOT-FOR-US: Utimaco CryptoServer HSM
 CVE-2018-19588 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access 
Control. ...)
-       TODO: check
+       NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices
 CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c 
mg_mqtt_a ...)
        NOT-FOR-US: Cesanta Mongoose
        NOTE: smplayer embeds a copy, which is unused in any released version 
and disabled since 18.5.0~ds1-1
@@ -35522,13 +35522,13 @@ CVE-2019-0332
 CVE-2019-0331
        RESERVED
 CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the 
OSCommand C ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently 
encode use ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0328 (ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 
7.4, 7.5) ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0327 (SAP NetWeaver for Java Application Server - Web Container, 
(engineapi, ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI 
Workspace) (Ent ...)
        NOT-FOR-US: SAP
 CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary 
author ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57c9d2f86ac1aa20dab168621b30c5ecd39c1f7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57c9d2f86ac1aa20dab168621b30c5ecd39c1f7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to