[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 06 Jun 2019 13:29:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
80a11a79 by Salvatore Bonaccorso at 2019-06-06T20:28:21Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,7 +62,7 @@ CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim 
before 0.3.6 allows
        NOTE: vim patches: https://github.com/vim/vim/commit/5357552
        NOTE: neovim pull request: https://github.com/neovim/neovim/pull/10082
 CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: Chartkick Ruby gem
 CVE-2019-12731
        RESERVED
 CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 
does not ...)
@@ -1072,7 +1072,7 @@ CVE-2019-12305
 CVE-2019-12304
        RESERVED
 CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject 
additional fluen ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2019-12302
        RESERVED
 CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and 
Ubuntu suffer ...)
@@ -1107,7 +1107,7 @@ CVE-2019-12293 (In Poppler through 0.76.1, there is a 
heap-based buffer over-rea
 CVE-2019-12292
        RESERVED
 CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access 
Control. Key ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Consul
 CVE-2019-12290
        RESERVED
 CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 
100T (C782 ...)
@@ -1143,7 +1143,7 @@ CVE-2019-12275
 CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is 
vulnerable to  ...)
        - hazelcast <itp> (bug #745640)
 CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if 
allowed to de ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2019-12273
        RESERVED
 CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints 
admin/status/realtime/band ...)
@@ -1499,7 +1499,7 @@ CVE-2019-12137 (Typora 0.9.9.24.6 on macOS allows 
directory traversal, for execu
 CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named 
mermaid, a ...)
        NOT-FOR-US: Boostnote
 CVE-2019-12135 (An unspecified vulnerability in the application server in 
PaperCut MF  ...)
-       TODO: check
+       NOT-FOR-US: PaperCut
 CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) 
exists  ...)
        TODO: check
 CVE-2019-12133
@@ -4042,7 +4042,7 @@ CVE-2019-11082 
(core/api/datasets/internal/actions/Explode.java in the Dataset A
 CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.2 
and pos ...)
        NOT-FOR-US: Dentsply Sirona Sidexis
 CVE-2019-11080 (Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable 
to remo ...)
-       TODO: check
+       NOT-FOR-US: Sitecore Experience Platform
 CVE-2019-11079
        RESERVED
 CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user 
via the uc ...)
@@ -9691,11 +9691,11 @@ CVE-2019-9160 (WAC on the Sangfor Sundray WLAN 
Controller version 3.7.4.2 and ea
 CVE-2019-9159
        RESERVED
 CVE-2019-9158 (Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access 
Control ...)
-       TODO: check
+       NOT-FOR-US: Gemalto DS3 Authentication Server
 CVE-2019-9157 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File 
Disclos ...)
-       TODO: check
+       NOT-FOR-US: Gemalto DS3 Authentication Server
 CVE-2019-9156 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command 
Injecti ...)
-       TODO: check
+       NOT-FOR-US: Gemalto DS3 Authentication Server
 CVE-2019-9192 (** DISPUTED ** In the GNU C Library (aka glibc or libc6) 
through 2.29, ...)
        - glibc <unfixed> (unimportant)
        - eglibc <removed> (unimportant)
@@ -11687,7 +11687,7 @@ CVE-2019-8387 (MASTER IPCAMERA01 3.3.4.2103 devices 
allow Remote Command Executi
 CVE-2019-8386
        RESERVED
 CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 
1.9.0.35 ...)
-       TODO: check
+       NOT-FOR-US: Thomson Reuters Desktop Extensions
 CVE-2019-8384
        RESERVED
 CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid 
memory  ...)
@@ -13274,7 +13274,7 @@ CVE-2019-7673 (An issue was discovered on MOBOTIX S14 
MX-V4.2.1.61 devices. Admi
 CVE-2019-7672 (Prima Systems FlexAir devices have Hard-coded Credentials. ...)
        TODO: check
 CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS. 
...)
-       TODO: check
+       NOT-FOR-US: Prima Systems FlexAir devices
 CVE-2019-7670
        RESERVED
 CVE-2019-7669
@@ -13629,11 +13629,11 @@ CVE-2019-7556
 CVE-2019-7555
        RESERVED
 CVE-2019-7554 (An issue was discovered in PHP Scripts Mall API Based Travel 
Booking 3 ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Mall API Based Travel Booking
 CVE-2019-7553 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 
has Stor ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
 CVE-2019-7552 (An issue was discovered in PHP Scripts Mall Investment MLM 
Software 2. ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Mall Investment MLM Software
 CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x 
before 3.4 ...)
        NOT-FOR-US: Cantemo Portal
 CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can 
enumerate whe ...)
@@ -14358,7 +14358,7 @@ CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 
allows CRLF injection in
 CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for 
Window ...)
        NOT-FOR-US: PRIMX Zed Enterprise
 CVE-2019-7311 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 
devices. A  ...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an 
integer si ...)
        {DLA-1706-1}
        - poppler 0.71.0-4 (bug #921215)
@@ -15131,7 +15131,7 @@ CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77: 
Improper Neutralization
        - rssh 2.3.4-9 (bug #919623)
        NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/
 CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a stack-based buffer 
overflow, caus ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote 
attackers  ...)
        - openjpeg2 <unfixed> (low; bug #922648)
        [buster] - openjpeg2 <ignored> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80a11a797d59f7e37231506f3bd7b85d45ab192a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80a11a797d59f7e37231506f3bd7b85d45ab192a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to