[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 10 20:29:11 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
568868fa by Salvatore Bonaccorso at 2019-01-10T20:28:55Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -429,7 +429,7 @@ CVE-2019-5895
CVE-2019-5894
RESERVED
CVE-2019-5893 (Nelson Open Source ERP v6.3.1 allows SQL Injection via the ...)
- TODO: check
+ NOT-FOR-US: Nelson Open Source ERP
CVE-2019-5892 (bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before ...)
- frr <itp> (bug #863249)
CVE-2019-5891
@@ -441,13 +441,13 @@ CVE-2019-5889
CVE-2019-5888
RESERVED
CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the ...)
- TODO: check
+ NOT-FOR-US: ShopXO
CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the ...)
- TODO: check
+ NOT-FOR-US: ShopXO
CVE-2019-5885
RESERVED
CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks information if ...)
- TODO: check
+ NOT-FOR-US: elFinder
CVE-2019-5883
RESERVED
CVE-2019-5881
@@ -845,7 +845,7 @@ CVE-2019-5727
CVE-2019-5726
RESERVED
CVE-2019-5725 (qibosoft through V7 allows remote attackers to read arbitrary files via ...)
- TODO: check
+ NOT-FOR-US: qibosoft
CVE-2019-5724
RESERVED
CVE-2019-5723
@@ -5196,7 +5196,7 @@ CVE-2019-3583
CVE-2019-3582
RESERVED
CVE-2019-3581 (Improper input validation in the proxy component of McAfee Web Gateway ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA ...)
@@ -14160,7 +14160,7 @@ CVE-2019-0624
CVE-2019-0623
RESERVED
CVE-2019-0622 (An elevation of privilege vulnerability exists when Skype for Andriod ...)
- TODO: check
+ NOT-FOR-US: Skype for Android
CVE-2019-0621
RESERVED
CVE-2019-0620
@@ -14228,111 +14228,111 @@ CVE-2019-0590
CVE-2019-0589
RESERVED
CVE-2019-0588 (An information disclosure vulnerability exists when the Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0587
RESERVED
CVE-2019-0586 (A remote code execution vulnerability exists in Microsoft Exchange ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0585 (A remote code execution vulnerability exists in Microsoft Word ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0584 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0583 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0582 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0581 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0580 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0579 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0578 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0577 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0576 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0575 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0574 (An elevation of privilege vulnerability exists when the Windows Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0573 (An elevation of privilege vulnerability exists when the Windows Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0572 (An elevation of privilege vulnerability exists when the Windows Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0571 (An elevation of privilege vulnerability exists when the Windows Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0570 (An elevation of privilege vulnerability exists when the Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0569 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0568 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0567 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0566 (An elevation of privilege vulnerability exists in Microsoft Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0565 (A remote code execution vulnerability exists when Microsoft Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0564 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
TODO: check
CVE-2019-0563
RESERVED
CVE-2019-0562 (An elevation of privilege vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0561 (An information disclosure vulnerability exists when Microsoft Word ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0560 (An information disclosure vulnerability exists when Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0559 (An information disclosure vulnerability exists when Microsoft Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0558 (A cross-site-scripting (XSS) vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0557 (A cross-site-scripting (XSS) vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0556 (A cross-site-scripting (XSS) vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0555 (An elevation of privilege vulnerability exists in the Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0554 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0553 (An information disclosure vulnerability exists when Windows Subsystem ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0552 (An elevation of privilege exists in Windows COM Desktop Broker, aka ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0551 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0550 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0549 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0548 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
TODO: check
CVE-2019-0547 (A memory corruption vulnerability exists in the Windows DHCP client ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0546 (A remote code execution vulnerability exists in Visual Studio when the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0545 (An information disclosure vulnerability exists in .NET Framework and ...)
TODO: check
CVE-2019-0544
RESERVED
CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the ...)
TODO: check
CVE-2019-0541 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0540
RESERVED
CVE-2019-0539 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0538 (A remote code execution vulnerability exists when the Windows Jet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0537 (An information disclosure vulnerability exists when Visual Studio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0536 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-19607 (Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote ...)
[experimental] - exiv2 <unfixed> (bug #915134)
- exiv2 <not-affected> (Vulnerable code introduced later)
@@ -14349,9 +14349,9 @@ CVE-2018-19603
CVE-2018-19602
RESERVED
CVE-2018-19601 (Rhymix CMS 1.9.8.1 allows SSRF via an ...)
- TODO: check
+ NOT-FOR-US: Rhymix CMS
CVE-2018-19600 (Rhymix CMS 1.9.8.1 allows XSS via an ...)
- TODO: check
+ NOT-FOR-US: Rhymix CMS
CVE-2018-19599
RESERVED
CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the /users ...)
@@ -15173,7 +15173,7 @@ CVE-2018-19525
CVE-2018-19524
RESERVED
CVE-2018-19523 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
- TODO: check
+ NOT-FOR-US: DriverAgent
CVE-2018-19522 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
NOT-FOR-US: DriverAgent
CVE-2018-19521
@@ -15211,7 +15211,7 @@ CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ...)
CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the ...)
NOT-FOR-US: Zurmo
CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct ...)
- TODO: check
+ NOT-FOR-US: Remedy AR System Server in BMC Remedy
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
- faad2 <unfixed> (low; bug #914641)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -15481,9 +15481,9 @@ CVE-2018-19416 (An issue was discovered in sysstat 12.1.1. The remap_struct func
NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/fbc691eaaa10d0bcea6741d5a223dc3906106548
NOTE: Vulnerable code introduced with https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c#diff-cccb0877d1539c562536a98e0d17428f
CVE-2018-19415 (Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow ...)
- TODO: check
+ NOT-FOR-US: Plikli CMS
CVE-2018-19414 (Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS ...)
- TODO: check
+ NOT-FOR-US: Plikli CMS
CVE-2018-19413 (A vulnerability in the API of SonarSource SonarQube before 7.4 could ...)
NOT-FOR-US: SonarQube
CVE-2018-19412
@@ -18870,7 +18870,7 @@ CVE-2018-18245 (Nagios Core 4.4.2 has XSS via the alert summary reports of plugi
NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/602
NOTE: Fixed by: https://github.com/NagiosEnterprises/nagioscore/commit/0329033db9a1d0954c304f209ea88824e8f78b8a
CVE-2018-18244 (Cross-site scripting in syslog.html in VIVOTEK Network Camera Series ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18243
RESERVED
CVE-2018-18242 (youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated ...)
@@ -19443,9 +19443,9 @@ CVE-2018-18007 (atbox.htm on D-Link DSL-2770L devices allows remote unauthentica
CVE-2018-18006 (Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for ...)
NOT-FOR-US: Ricoh myPrint application
CVE-2018-18005 (Cross-site scripting in event_script.js in VIVOTEK Network Camera ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18004 (Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18003
RESERVED
CVE-2018-18002
@@ -22448,7 +22448,7 @@ CVE-2018-16805 (In b3log Solo 2.9.3, XSS in the Input page under the Publish Art
CVE-2018-16804
RESERVED
CVE-2018-16803 (In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows ...)
- TODO: check
+ NOT-FOR-US: CIMTechniques CIMScan
CVE-2018-16801
RESERVED
CVE-2018-16800
@@ -23962,23 +23962,23 @@ CVE-2018-16207
CVE-2018-16206
RESERVED
CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2018-16204 (Cross-site scripting vulnerability in Google XML Sitemaps Version ...)
NOT-FOR-US: WordPress plugin google-sitemap-generator
CVE-2018-16203 (PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the ...)
NOT-FOR-US: postgresql-pgpoolAdmin
CVE-2018-16202 (Directory traversal vulnerability in cordova-plugin-ionic-webview ...)
- TODO: check
+ NOT-FOR-US: cordova-plugin-ionic-webview
CVE-2018-16201 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
- TODO: check
+ NOT-FOR-US: Toshiba
CVE-2018-16200 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
- TODO: check
+ NOT-FOR-US: Toshiba
CVE-2018-16199 (Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A ...)
- TODO: check
+ NOT-FOR-US: Toshiba
CVE-2018-16198 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
- TODO: check
+ NOT-FOR-US: Toshiba
CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
- TODO: check
+ NOT-FOR-US: Toshiba
CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication ...)
TODO: check
CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/568868faa7a42f198079d07784d6b2fcb0ef177e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/568868faa7a42f198079d07784d6b2fcb0ef177e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/08d97418/attachment.html>
More information about the debian-security-tracker-commits
mailing list