[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Fri, 25 Oct 2019 14:18:03 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d3808b34 by Moritz Muehlenhoff at 2019-10-25T21:16:31Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3963,21 +3963,21 @@ CVE-2019-17147
 CVE-2019-17146
        RESERVED
 CVE-2019-17145 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17144 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17143 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17142 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17141 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17140 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17139 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17138 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2019-17137
        RESERVED
 CVE-2019-17136
@@ -6249,7 +6249,7 @@ CVE-2019-16267
 CVE-2019-16266
        RESERVED
 CVE-2019-16265 (3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer 
Overflow. ...)
-       TODO: check
+       NOT-FOR-US: 3S-Smart CODESYS
 CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema 
Integrado d ...)
        NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema 
Integrado de Gestion Academica (GESAC)
 CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not 
properly vali ...)
@@ -12274,7 +12274,7 @@ CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a 
directory traversal, allo
        NOTE: 
https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f
        NOTE: 
https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4
 CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does 
not proper ...)
-       TODO: check
+       NOT-FOR-US: Repetier-Server
 CVE-2019-14450
        RESERVED
 CVE-2019-14449
@@ -15552,7 +15552,7 @@ CVE-2019-13555
 CVE-2019-13554
        RESERVED
 CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon 
Carel pCOWeb ...)
-       TODO: check
+       NOT-FOR-US: Rittal Chiller SK 3232-Series
 CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command 
injection vuln ...)
        NOT-FOR-US: WebAccess
 CVE-2019-13551
@@ -15560,13 +15560,13 @@ CVE-2019-13551
 CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper 
authorization vuln ...)
        NOT-FOR-US: WebAccess
 CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon 
Carel pCOWeb ...)
-       TODO: check
+       NOT-FOR-US: Rittal Chiller SK 3232-Series
 CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows 
an atta ...)
        NOT-FOR-US: CODESYS
 CVE-2019-13547
        RESERVED
 CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a 
vulnerability withi ...)
-       TODO: check
+       NOT-FOR-US: IntelliSpace Perinatal
 CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper 
validation of dat ...)
        NOT-FOR-US: Horner Automation Cscape
 CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple 
out-of-b ...)
@@ -15608,7 +15608,7 @@ CVE-2019-13527 (In Rockwell Automation Arena Simulation 
Software Cat. 9502-Ax, V
 CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 
4.6.0.0  ...)
        NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
 CVE-2019-13525 (In IP-AK2 Access Control Panel Version 1.04.07 and prior, the 
integrat ...)
-       TODO: check
+       NOT-FOR-US: IP-AK2 Access Control Panel
 CVE-2019-13524
        RESERVED
 CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the 
integrat ...)
@@ -19679,7 +19679,7 @@ CVE-2019-12019
 CVE-2019-12018
        RESERVED
 CVE-2019-12017 (A remote code execution vulnerability exists in MapR CLDB 
code, specif ...)
-       TODO: check
+       NOT-FOR-US: MapR
 CVE-2019-12016
        RESERVED
 CVE-2019-12015
@@ -31081,7 +31081,7 @@ CVE-2019-8236 (Creative Cloud Desktop Application 
version 4.6.1 and earlier vers
 CVE-2019-8235
        RESERVED
 CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a 
cross-site r ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8233
        RESERVED
 CVE-2019-8232
@@ -31373,21 +31373,21 @@ CVE-2019-8090
 CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a 
reflected cross ...)
        NOT-FOR-US: Adobe
 CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a 
command ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8087 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a 
xml ext ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8086 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a 
xml ext ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8085 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a 
reflect ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8084 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a 
reflect ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8083 (Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross 
site s ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8082 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml 
external ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8081 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an 
authen ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored 
cross site ...)
        NOT-FOR-US: Adobe
 CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a s ...)
@@ -37979,7 +37979,7 @@ CVE-2019-5510
 CVE-2019-5509
        RESERVED
 CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible 
to a vul ...)
-       TODO: check
+       NOT-FOR-US: Clustered Data ONTAP
 CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible 
to a v ...)
        NOT-FOR-US: SnapManager for Oracle
 CVE-2019-5506 (Clustered Data ONTAP versions 9.0 and higher do not enforce 
hostname v ...)
@@ -38833,11 +38833,11 @@ CVE-2019-5131
 CVE-2019-5130
        RESERVED
 CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A 
successfu ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube Encoder
 CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A 
successfu ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube Encoder
 CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A 
successfu ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube Encoder
 CVE-2019-5126
        RESERVED
 CVE-2019-5125
@@ -38845,25 +38845,25 @@ CVE-2019-5125
 CVE-2019-5124
        RESERVED
 CVE-2019-5123 (Specially crafted web requests can cause SQL injections in 
YouPHPTube  ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part 
of YouP ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5121 (SQL injection vulnerabilities exists in the authenticated part 
of YouP ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5120 (An exploitable SQL injection vulnerability exists in the 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5119 (An exploitable SQL injection vulnerability exist in the 
authenticated  ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5118
        RESERVED
 CVE-2019-5117 (Exploitable SQL injection vulnerabilities exists in the 
authenticated  ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5116 (An exploitable SQL injection vulnerability exists in the 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5115
        RESERVED
 CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: YouPHPTube
 CVE-2019-5113
        RESERVED
 CVE-2019-5112
@@ -40266,7 +40266,7 @@ CVE-2019-4463
 CVE-2019-4462
        RESERVED
 CVE-2019-4461 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 
2.5.0.9 is  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could 
allow a ...)
        NOT-FOR-US: IBM
 CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 
2.5 throu ...)
@@ -40388,19 +40388,19 @@ CVE-2019-4402 (IBM API Connect 2018.1 through 
2018.4.1.6 developer portal could
 CVE-2019-4401
        RESERVED
 CVE-2019-4400 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 
2.5.0.9 cou ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4399 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 
2.5.0.9 use ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 
2.5 throu ...)
        NOT-FOR-US: IBM
 CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 
2.5 throu ...)
        NOT-FOR-US: IBM
 CVE-2019-4396 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 
2.5.0.9 is  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 
2.5.0.9 cou ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 
2.5.0.9 con ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4393
        RESERVED
 CVE-2019-4392
@@ -41116,7 +41116,7 @@ CVE-2019-4038 (IBM Security Identity Manager 6.0 and 
7.0 could allow an attacker
 CVE-2019-4037
        RESERVED
 CVE-2019-4036 (IBM Security Access Manager Appliance could allow 
unauthenticated atta ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4035 (IBM Content Navigator 3.0CD could allow attackers to direct web 
traffi ...)
        NOT-FOR-US: IBM
 CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to 
execute arbi ...)
@@ -181690,15 +181690,15 @@ CVE-2016-2362 (Fonality (previously trixbox Pro) 
12.6 through 14.1i before 2016-
 CVE-2016-2361
        RESERVED
 CVE-2016-2360 (Milesight IP security cameras through 2016-11-14 have a default 
root p ...)
-       TODO: check
+       NOT-FOR-US: Milesight IP security cameras
 CVE-2016-2359 (Milesight IP security cameras through 2016-11-14 allow remote 
attacker ...)
-       TODO: check
+       NOT-FOR-US: Milesight IP security cameras
 CVE-2016-2358 (Milesight IP security cameras through 2016-11-14 have a default 
set of ...)
-       TODO: check
+       NOT-FOR-US: Milesight IP security cameras
 CVE-2016-2357 (Milesight IP security cameras through 2016-11-14 have a 
hardcoded SSL  ...)
-       TODO: check
+       NOT-FOR-US: Milesight IP security cameras
 CVE-2016-2356 (Milesight IP security cameras through 2016-11-14 have a buffer 
overflo ...)
-       TODO: check
+       NOT-FOR-US: Milesight IP security cameras
 CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 
3.3.2 all ...)
        NOT-FOR-US: dotCMS
 CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors 
BlueDriver befor ...)
@@ -246342,11 +246342,11 @@ CVE-2013-4859
 CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 
allows remo ...)
        NOT-FOR-US: Microsoft Windows Movie Maker
 CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. 
...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2013-4856 (D-Link DIR-865L has Information Disclosure. ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2013-4855 (D-Link DIR-865L has SMB Symlink Traversal due to 
misconfiguration in t ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 
9.8.x bef ...)
        {DSA-2728-1}
        - bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936)
@@ -246372,7 +246372,7 @@ CVE-2013-4850
 CVE-2013-4849
        RESERVED
 CVE-2013-4848 (TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF 
vulnerabilities. ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2013-4847
        RESERVED
 CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage 
(SMH) befor ...)
@@ -246806,7 +246806,7 @@ CVE-2013-4660 (The JS-YAML module before 2.0.5 for 
Node.js parses input without
 CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to 
execute ar ...)
        NOT-FOR-US: Broadcom ACSD
 CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic 
links to be ...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2013-4657
        RESERVED
 CVE-2013-4656



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3808b342c99f2d174ec3b45f0c77b54dcee7673

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3808b342c99f2d174ec3b45f0c77b54dcee7673
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to