[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 30 Jan 2020 12:37:17 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f97c3823 by Salvatore Bonaccorso at 2020-01-30T21:36:03+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6995,7 +6995,7 @@ CVE-2020-5235
 CVE-2020-5234
        RESERVED
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. 
Authentica ...)
-       TODO: check
+       NOT-FOR-US: OAuth2 Proxy
 CVE-2020-5232
        RESERVED
 CVE-2020-5231
@@ -10311,7 +10311,7 @@ CVE-2019-20051 (A floating-point exception was 
discovered in PackLinuxElf::elf_h
        - upx-ucl <unfixed> (unimportant)
        NOTE: https://github.com/upx/upx/issues/313
 CVE-2019-20050 (Pandora FMS &#8804; 7.42 suffers from a remote code execution 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer 
dereference  ...)
        - linux 5.2.6-1
        [buster] - linux 4.19.67-1
@@ -25320,7 +25320,7 @@ CVE-2019-17275
 CVE-2019-17274
        RESERVED
 CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is 
suscepti ...)
-       TODO: check
+       NOT-FOR-US: E-Series SANtricity OS Controller Software
 CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are 
suscept ...)
        NOT-FOR-US: ONTAP
 CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the 
ajax/api/hook/getHookList ...)
@@ -54854,11 +54854,11 @@ CVE-2019-7658
 CVE-2019-7657
        RESERVED
 CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 
4.7.7 a ...)
-       TODO: check
+       NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple 
authentic ...)
-       TODO: check
+       NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple 
CSRF vuln ...)
-       TODO: check
+       NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in 
Cortex- ...)
        NOT-FOR-US: TheHive Project UnshortenLink analyzer
 CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 
allows an at ...)
@@ -244001,11 +244001,11 @@ CVE-2014-7305
 CVE-2014-7304
        RESERVED
 CVE-2014-7303 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions 
for cer ...)
-       TODO: check
+       NOT-FOR-US: SGI Tempo
 CVE-2014-7302 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions 
for cer ...)
-       TODO: check
+       NOT-FOR-US: SGI Tempo
 CVE-2014-7301 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions 
for cer ...)
-       TODO: check
+       NOT-FOR-US: SGI Tempo
 CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in 
ArubaOS 6.3. ...)
        NOT-FOR-US: Aruba ArubaOS
 CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and 
Centrify  ...)
@@ -252562,7 +252562,7 @@ CVE-2014-3721
 CVE-2014-3720
        RESERVED
 CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in 
cgi-bin/tag_m.c ...)
-       TODO: check
+       NOT-FOR-US: Ex Libris ALEPH 500 (Integrated library management system)
 CVE-2014-3713
        RESERVED
 CVE-2014-3712 (Katello allows remote attackers to cause a denial of service 
(memory c ...)
@@ -273140,9 +273140,9 @@ CVE-2013-3319 (The GetComputerSystem method in the 
HostControl service in SAP Ne
 CVE-2013-3318
        REJECTED
 CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an 
Authentica ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an 
Authentica ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly 
verify acces ...)
        NOT-FOR-US: TIBCO
 CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to 
obtain (1) I ...)
@@ -278171,7 +278171,7 @@ CVE-2013-1633 (easy_install in setuptools before 0.7 
uses HTTP to retrieve packa
 CVE-2013-1632
        RESERVED
 CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user 
execut ...)
-       TODO: check
+       NOT-FOR-US: Verax NMS
 CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the 
PyPI repos ...)
        NOT-FOR-US: pyshop
 CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI 
repository ...)
@@ -278242,11 +278242,11 @@ CVE-2013-1605 (Buffer overflow in MayGion IP 
Cameras with firmware before 2013.0
 CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with 
firmware  ...)
        NOT-FOR-US: MayGion IP Cameras
 CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, 
TESCO  ...)
-       TODO: check
+       NOT-FOR-US: D-LINK
 CVE-2013-1602 (An Information Disclosure vulnerability exists due to 
insufficient val ...)
-       TODO: check
+       NOT-FOR-US: D-LINK
 CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure 
to res ...)
-       TODO: check
+       NOT-FOR-US: D-LINK
 CVE-2013-1600 (An Authentication Bypass vulnerability exists in 
upnp/asf-mp4.asf when ...)
        NOT-FOR-US: D-Link
 CVE-2013-1599 (A Command Injection vulnerability exists in the 
/var/www/cgi-bin/rtpd. ...)
@@ -279063,11 +279063,11 @@ CVE-2013-1354
 CVE-2013-1353
        RESERVED
 CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is 
hardcoded in a ...)
-       TODO: check
+       NOT-FOR-US: Verax NMS
 CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted 
passwo ...)
-       TODO: check
+       NOT-FOR-US: Verax NMS
 CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass 
vulnerabilities ...)
-       TODO: check
+       NOT-FOR-US: Verax NMS
 CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 
5.2 al ...)
        NOT-FOR-US: openSIS
 CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote 
attacke ...)
@@ -280770,7 +280770,7 @@ CVE-2013-0727 (Multiple untrusted search path 
vulnerabilities in Global Mapper 1
 CVE-2013-0726 (Stack-based buffer overflow in the 
ERM_convert_to_correct_webpath func ...)
        NOT-FOR-US: ERDAS ER Viewer
 CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries 
arbitrary c ...)
-       TODO: check
+       NOT-FOR-US: ERDAS ER Viewer
 CVE-2013-0724 (PHP remote file inclusion vulnerability in 
includes/generate-pdf.php i ...)
        NOT-FOR-US: Wordpress plugin ecommerce Shop Styling
 CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft 
Spreadsh ...)
@@ -282115,7 +282115,7 @@ CVE-2013-0292 (The dbus_g_proxy_manager_filter 
function in dbus-gproxy in Dbus-g
        - dbus-glib 0.100.1-1 (bug #700638; high)
        [squeeze] - dbus-glib 0.88-2.1+squeeze1
 CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a 
Path Disc ...)
-       TODO: check
+       NOT-FOR-US: NextGEN Gallery Plugin for WordPress
 CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the 
Linux k ...)
        - linux <not-affected> (Introduced in 3.4, fixed in 3.8)
        - linux-2.6 <not-affected> (Introduced in 3.4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97c382316af31dcf4e721f326ebf1b1fb3a4d3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f97c382316af31dcf4e721f326ebf1b1fb3a4d3c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to