[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 26 Nov 2019 12:35:56 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8faf8e23 by Salvatore Bonaccorso at 2019-11-26T20:34:40Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -396,7 +396,7 @@ CVE-2019-19131
 CVE-2019-19130
        RESERVED
 CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic 
Aurora 8.3.11 ...)
-       TODO: check
+       NOT-FOR-US: Afterlogic
 CVE-2019-19128
        RESERVED
 CVE-2019-19127
@@ -7878,7 +7878,7 @@ CVE-2019-17394 (In the Seesaw Parent and Family 
application 6.2.5 for Android, t
 CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to 
the Vend ...)
        NOT-FOR-US: Tomedo Server
 CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak Password Recovery 
Mechanism for a  ...)
-       TODO: check
+       NOT-FOR-US: Progress Sitefinity
 CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 
2016-06-0 ...)
        NOT-FOR-US: Espressif ESP32
 CVE-2019-17390
@@ -10291,11 +10291,11 @@ CVE-2019-16390
 CVE-2019-16389
        RESERVED
 CVE-2019-16388 (PEGA Platform 8.3.0 is vulnerable to Information disclosure 
via a dire ...)
-       TODO: check
+       NOT-FOR-US: PEGA Platform
 CVE-2019-16387 (PEGA Platform 8.3.0 is vulnerable to a direct 
prweb/sso/random_token/! ...)
-       TODO: check
+       NOT-FOR-US: PEGA Platform
 CVE-2019-16386 (PEGA Platform 7.x and 8.x is vulnerable to Information 
disclosure via  ...)
-       TODO: check
+       NOT-FOR-US: PEGA Platform
 CVE-2019-16385
        RESERVED
 CVE-2019-16384
@@ -10833,11 +10833,11 @@ CVE-2019-16245
 CVE-2019-16244
        RESERVED
 CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an 
undocument ...)
-       TODO: check
+       NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
 CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an 
engineerin ...)
-       TODO: check
+       NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
 CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN 
authentication can ...)
-       TODO: check
+       NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
 CVE-2019-16240
        RESERVED
 CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer 
Overflow ...)
@@ -12415,13 +12415,13 @@ CVE-2019-15690
 CVE-2019-15689
        RESERVED
 CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky 
Total Sec ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky 
Total Sec ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2019-15686 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky 
Total Sec ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2019-15685 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky 
Total Sec ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome 
prior to  ...)
        NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome
 CVE-2019-15683 (TurboVNC server code contains stack buffer overflow 
vulnerability in c ...)
@@ -16841,7 +16841,7 @@ CVE-2019-14451 (RepetierServer.exe in Repetier-Server 
0.8 through 0.91 does not
 CVE-2019-14450 (A directory traversal vulnerability was discovered in 
RepetierServer.e ...)
        NOT-FOR-US: Repetier-Server
 CVE-2019-14449 (An issue was discovered in Cloudera Manager 5.x before 5.16.2, 
6.0.x b ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2019-14448
        RESERVED
 CVE-2019-14447
@@ -22970,7 +22970,7 @@ CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 
6.0.0-196 allows an attacke
 CVE-2019-12490
        RESERVED
 CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 
0.00.81_FW_200_Aske ...)
-       TODO: check
+       NOT-FOR-US: Fastweb Askey RTV1907VW devices
 CVE-2019-12488
        RESERVED
 CVE-2019-12487
@@ -38251,7 +38251,7 @@ CVE-2018-20751 (An issue was discovered in crop_page in 
PoDoFo 0.9.6. For a craf
        NOTE: https://sourceforge.net/p/podofo/tickets/33/
        NOTE: https://sourceforge.net/p/podofo/code/1954
 CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. 
When usin ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2019-7318
        RESERVED
 CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a 
use-after- ...)
@@ -39792,7 +39792,7 @@ CVE-2019-6677
 CVE-2019-6676
        RESERVED
 CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client 
Certific ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2019-6674
        RESERVED
 CVE-2019-6673
@@ -51759,7 +51759,7 @@ CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is 
vulnerable to a director
 CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data 
Science Work ...)
        NOT-FOR-US: Cloudera Data Science Workbench
 CVE-2018-20090 (An issue was discovered in Cloudera Data Science Workbench 
(CDSW) 1.4. ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2018-20089
        RESERVED
 CVE-2018-20088
@@ -62723,7 +62723,7 @@ CVE-2018-17862
 CVE-2018-17861
        RESERVED
 CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be 
revoked.Th ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate 
checks in ...)
        NOT-FOR-US: Joomla!
 CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. 
com_installer action ...)
@@ -142644,7 +142644,7 @@ CVE-2016-1000348
 CVE-2016-1000268
        REJECTED
 CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 
5.10.x be ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site 
Request For ...)
        NOT-FOR-US: D-Link
 CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to 
cause a de ...)
@@ -164284,7 +164284,7 @@ CVE-2016-9274 (Untrusted search path vulnerability in 
Git 1.x for Windows allows
 CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 
2.4.0, wit ...)
        NOT-FOR-US: Exponent CMS
 CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 
5.9.x bef ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2016-9270
        RESERVED
 CVE-2016-9269 (Remote Command Execution in 
com.trend.iwss.gui.servlet.ManagePatches i ...)
@@ -173532,7 +173532,7 @@ CVE-2016-6356 (A vulnerability in the email message 
filtering feature of Cisco A
 CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 
5.2.5,  ...)
        NOT-FOR-US: Cisco
 CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized 
document acces ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote 
attackers to co ...)
        - resteasy <unfixed> (low; bug #837170)
        [jessie] - resteasy <no-dsa> (Minor issue)
@@ -175825,7 +175825,7 @@ CVE-2016-5725 (Directory traversal vulnerability in 
JCraft JSch before 0.1.54 on
        [jessie] - jsch <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/
 CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information 
in Diagn ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local 
users to ...)
        NOT-FOR-US: Huawei
 CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 
18800 V3 ...)
@@ -180001,7 +180001,7 @@ CVE-2016-4579 (Libksba before 1.3.4 allows remote 
attackers to cause a denial of
        [jessie] - libksba 1.3.2-1+deb8u1
        NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
 CVE-2016-4572 (In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER 
commands do  ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN 
decoder ( ...)
        - libksba 1.3.4-3
        [jessie] - libksba <not-affected> (Incomplete fix not applied)
@@ -183905,7 +183905,7 @@ CVE-2016-3194 (Cross-site scripting (XSS) 
vulnerability in the address added pag
 CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance 
web-applicat ...)
        NOT-FOR-US: Fortinet
 CVE-2016-3192 (Cloudera Manager 5.x before 5.7.1 places Sensitive Data in 
cleartext R ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in 
cairo-image-compositor.c ...)
        - cairo 1.14.2-2
        [jessie] - cairo 1.14.0-2.1+deb8u1
@@ -184044,7 +184044,7 @@ CVE-2016-3132 (Double free vulnerability in the 
SplDoublyLinkedList::offsetSet f
        NOTE: https://bugs.php.net/bug.php?id=71735
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
 CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via 
direct inter ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2016-3130 (An information disclosure vulnerability in the Core and 
Management Con ...)
        NOT-FOR-US: BlackBerry
 CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good 
Enterpri ...)
@@ -196881,7 +196881,7 @@ CVE-2015-7833 (The usbvision driver in the Linux 
kernel package 3.10.0-123.20.1.
 CVE-2015-7832
        RESERVED
 CVE-2015-7831 (In Cloudera Hue, there is privilege escalation by a read-only 
user whe ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 
11.0.13,  ...)
        NOT-FOR-US: Adobe
 CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require 
authentication ...)
@@ -200672,7 +200672,7 @@ CVE-2015-6498 (Alcatel-Lucent Home Device Manager 
before 4.1.10, 4.2.x before 4.
 CVE-2015-6497
        RESERVED
 CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 
Diagno ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation 
Mango  ...)
        NOT-FOR-US: Infinite Automation Mango Automation
 CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite 
Automation ...)
@@ -206369,7 +206369,7 @@ CVE-2015-2967 (Cross-site scripting (XSS) 
vulnerability in settings.php in Cacti
        NOTE: http://jvn.jp/en/jp/JVN78187936/
        NOTE: Fixed upstream in 0.8.8d
 CVE-2015-4457 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Cloudera Ma ...)
-       TODO: check
+       NOT-FOR-US: Cloudera
 CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call 
QNetworkReply::igno ...)
        {DSA-3363-1}
        - owncloud-client 1.8.4+dfsg-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8faf8e23805151f8719b25cf18135165140ada7e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8faf8e23805151f8719b25cf18135165140ada7e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to