[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 25 Jun 2019 00:44:01 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7b2818f5 by Salvatore Bonaccorso at 2019-06-25T07:43:09Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input 
including XML names
        NOTE: https://github.com/libexpat/libexpat/pull/262
        NOTE: 
https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
 CVE-2019-12937 (apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: gsudo in ToaruOS
 CVE-2019-12936 (BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS 
Rebinding for ...)
        NOT-FOR-US: BlueStacks App Player
 CVE-2019-12934
@@ -1507,7 +1507,7 @@ CVE-2019-12325
 CVE-2019-12324
        RESERVED
 CVE-2019-12323 (The HC.Server service in Hosting Controller HC10 10.14 allows 
an Inval ...)
-       TODO: check
+       NOT-FOR-US: Hosting Controller HC10
 CVE-2019-12322
        RESERVED
 CVE-2019-12321
@@ -1612,7 +1612,7 @@ CVE-2019-12293 (In Poppler through 0.76.1, there is a 
heap-based buffer over-rea
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c
 CVE-2019-12292 (Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access 
Control. ...)
-       TODO: check
+       NOT-FOR-US: Citrix AppDNA
 CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access 
Control. Key ...)
        NOT-FOR-US: HashiCorp Consul
 CVE-2019-12290
@@ -7361,7 +7361,7 @@ CVE-2019-10030
 CVE-2019-10029
        RESERVED
 CVE-2019-10028 (Denial of Service (DOS) in Dial Reference Source Code Used 
before June ...)
-       TODO: check
+       NOT-FOR-US: Dial Reference Source Code Repo
 CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka 
E-mail) field  ...)
        NOT-FOR-US: PHPCMS
 CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in 
the functi ...)
@@ -7505,9 +7505,9 @@ CVE-2019-9960 (The downloadZip function in 
application/controllers/admin/export.
 CVE-2019-9959
        RESERVED
 CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES) 
v7.0 u ...)
-       TODO: check
+       NOT-FOR-US: Quadbase EspressReport ES (ERES)
 CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 
7 allow ...)
-       TODO: check
+       NOT-FOR-US: Quadbase EspressReport ES (ERES)
 CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer 
overflow in ...)
        {DSA-4436-1 DLA-1785-1}
        - imagemagick 8:6.9.10.23+dfsg-2.1 (bug #925395)
@@ -15273,13 +15273,13 @@ CVE-2019-7233 (In libdoc through 2019-01-28, doc2text 
in catdoc.c has a NULL poi
        NOTE: https://github.com/uvoteam/libdoc/issues/6
        NOTE: Crash in CLI tool, no security impact
 CVE-2019-7232 (The ABB IDAL HTTP server is vulnerable to a buffer overflow 
when a lon ...)
-       TODO: check
+       NOT-FOR-US: ABB IDAL HTTP server
 CVE-2019-7231
        RESERVED
 CVE-2019-7230 (The ABB IDAL FTP server mishandles format strings in a username 
during ...)
-       TODO: check
+       NOT-FOR-US: ABB IDAL FTP server
 CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to 
upgrade i ...)
-       TODO: check
+       NOT-FOR-US: ABB CP635 HMI
 CVE-2019-7228
        RESERVED
 CVE-2019-7227
@@ -35521,7 +35521,7 @@ CVE-2018-19148 (Caddy through 0.11.0 sends incorrect 
certificates for certain in
 CVE-2018-19147
        RESERVED
 CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows 
uploads (by ...)
-       TODO: check
+       NOT-FOR-US: Concrete5
 CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS 
vulnerability i ...)
        NOT-FOR-US: S-CMS
 CVE-2018-19144
@@ -40740,11 +40740,11 @@ CVE-2018-17150
 CVE-2018-17149
        RESERVED
 CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to 
credential di ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2018-17147
        RESERVED
 CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI 
before 5.5.4  ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2018-17145
        RESERVED
 CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 
0.16.x be ...)
@@ -44516,23 +44516,23 @@ CVE-2018-15739
 CVE-2018-15738
        RESERVED
 CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15735 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15734 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15733 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15732 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15731 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15730 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15729 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The 
driver  ...)
-       TODO: check
+       NOT-FOR-US: STOPzilla
 CVE-2018-15728 (An issue was discovered in Couchbase Server. Authenticated 
users can s ...)
        NOT-FOR-US: Couchbase
 CVE-2018-15727 (Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 
allows aut ...)
@@ -78115,7 +78115,7 @@ CVE-2017-1000411 (OpenFlow Plugin and OpenDayLight 
Controller versions Nitrogen,
 CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote 
attackers to e ...)
        NOT-FOR-US: Handy Password
 CVE-2017-17945 (The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has 
Missing  ...)
-       TODO: check
+       NOT-FOR-US: ASUS HiVivo
 CVE-2017-17944 (The ASUS Vivobaby application before 1.1.09 for Android has 
Missing SS ...)
        NOT-FOR-US: ASUS Vivobaby application
 CVE-2017-17943



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2818f5e9d680554dffabdc5eea707a95c74254

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2818f5e9d680554dffabdc5eea707a95c74254
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to