[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 08 Aug 2019 13:54:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c5b56307 by Salvatore Bonaccorso at 2019-08-08T20:52:58Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2019-14774
 CVE-2019-14773
        RESERVED
 CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: verdaccio
 CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 
allows the  ...)
        - backdrop <itp> (bug #914257)
 CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, 
some me ...)
@@ -55,7 +55,7 @@ CVE-2019-14756
 CVE-2019-14755
        RESERVED
 CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL 
Injection via t ...)
-       TODO: check
+       NOT-FOR-US: Open-School
 CVE-2018-20962
        RESERVED
 CVE-2019-14753
@@ -112,7 +112,7 @@ CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer 
overflows in Ca2mLoa
        - adplug <unfixed>
        NOTE: https://github.com/adplug/adplug/issues/88
 CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS 
(stored) vul ...)
-       TODO: check
+       NOT-FOR-US: ZenTao CMS
 CVE-2019-14730
        RESERVED
 CVE-2019-14729
@@ -186,7 +186,7 @@ CVE-2019-14695 (A SQL injection vulnerability exists in the 
Sygnoos Popup Builde
 CVE-2019-14694
        RESERVED
 CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML 
External ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in 
CmkjPlayer::load() in ...)
        - adplug <unfixed>
        NOTE: https://github.com/adplug/adplug/issues/87
@@ -290,7 +290,7 @@ CVE-2017-18485
 CVE-2017-18484
        RESERVED
 CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the 
SSID. ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2016-10863
        RESERVED
 CVE-2019-14661
@@ -1620,7 +1620,7 @@ CVE-2019-14355
 CVE-2019-14354
        RESERVED
 CVE-2019-14353 (On Trezor One devices before 1.8.2, a side channel for the 
row-based O ...)
-       TODO: check
+       NOT-FOR-US: Trezor One devices
 CVE-2019-14352 (** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also 
known as  ...)
        NOT-FOR-US: Joget Workflow
 CVE-2019-14351 (EspoCRM 5.6.4 is vulnerable to user password hash enumeration. 
A malic ...)
@@ -1656,7 +1656,7 @@ CVE-2019-14337 (An issue was discovered on D-Link 6600-AP 
and DWL-3600AP Ax 4.2.
 CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 
4.2.0.14 2 ...)
        NOT-FOR-US: D-Link
 CVE-2019-14335 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 
4.2.0.14 2 ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and 
DWL-8610AP  ...)
        NOT-FOR-US: D-Link
 CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 
4.2.0.14 2 ...)
@@ -2013,7 +2013,7 @@ CVE-2019-14223
 CVE-2019-14222
        RESERVED
 CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that 
is mishan ...)
-       TODO: check
+       NOT-FOR-US: 1CRM On-Premise Software
 CVE-2019-14220
        RESERVED
 CVE-2019-14219
@@ -5666,7 +5666,7 @@ CVE-2019-13103 (A crafted self-referential DOS partition 
table will cause all Da
 CVE-2019-13102
        RESERVED
 CVE-2019-13101 (An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, 
and 3.06  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-13100 (The Send Anywhere application 9.4.18 for Android stores 
confidential i ...)
        NOT-FOR-US: Send Anywhere application for Android
 CVE-2019-13099 (The Momo application 2.1.9 for Android stores confidential 
information ...)
@@ -5933,7 +5933,7 @@ CVE-2019-12996
 CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading 
to "Epoch ...)
        NOT-FOR-US: Istio
 CVE-2019-12994 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine 
AssetEx ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12993
        RESERVED
 CVE-2019-12992 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x 
before  ...)
@@ -6058,7 +6058,7 @@ CVE-2019-12961 (LiveZilla Server before 8.0.1.1 is 
vulnerable to CSV Injection i
 CVE-2019-12960 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection 
in func ...)
        NOT-FOR-US: LiveZilla Server
 CVE-2019-12959 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine 
AssetEx ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be 
triggered in F ...)
        - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
        NOTE: CVE-2017-14976 in poppler



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5b5630795fb980464ee2d5959cf50282f160377

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5b5630795fb980464ee2d5959cf50282f160377
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to