[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 14 20:31:20 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6282fa98 by Salvatore Bonaccorso at 2019-06-14T19:30:53Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1704,7 +1704,7 @@ CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named merm
CVE-2019-12135 (An unspecified vulnerability in the application server in PaperCut MF ...)
NOT-FOR-US: PaperCut
CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
- TODO: check
+ NOT-FOR-US: Workday
CVE-2019-12133
RESERVED
CVE-2019-12132
@@ -4235,7 +4235,7 @@ CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) N
CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Discovery ...)
NOT-FOR-US: Intel(R) SCS Discovery Utility
CVE-2019-11092 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheab ...)
{DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
@@ -14883,7 +14883,7 @@ CVE-2019-7221 (The KVM implementation in the Linux kernel through 4.20.5 has a U
NOTE: https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
CVE-2019-7220 (X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. ...)
- TODO: check
+ NOT-FOR-US: X-Cart
CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa ...)
- zarafa <itp> (bug #658433)
CVE-2019-7218 (Citrix ShareFile through 19.1 allows a downgrade from two-factor authe ...)
@@ -16005,7 +16005,7 @@ CVE-2019-6745
CVE-2019-6744
RESERVED
CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Xiaomi Mi6 Browser
CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: GameServiceReceiver update mechanism as used in Samsung Galaxy S9
CVE-2019-6741 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -16344,11 +16344,11 @@ CVE-2019-6584 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xy
CVE-2019-6583
RESERVED
CVE-2019-6582 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6581 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6580 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6579 (A vulnerability has been identified in Spectrum Power 4 (with Web Offi ...)
NOT-FOR-US: Spectrum Power
CVE-2019-6578 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...)
@@ -16374,7 +16374,7 @@ CVE-2019-6569 (A vulnerability has been identified in Scalance X-200 (All versio
CVE-2019-6568 (A vulnerability has been identified in CP1604 (All versions), CP1616 ( ...)
NOT-FOR-US: Siemens
CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 (All Versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6566 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...)
NOT-FOR-US: GE Communicator
CVE-2019-6565 (Moxa IKS and EDS fails to properly validate user input, giving unauthe ...)
@@ -18817,7 +18817,7 @@ CVE-2019-5680
CVE-2019-5679
RESERVED
CVE-2019-5678 (NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...)
NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...)
@@ -19639,7 +19639,7 @@ CVE-2019-5288
CVE-2019-5287
RESERVED
CVE-2019-5286 (There is a reflection XSS vulnerability in the HedEx products. Remote ...)
- TODO: check
+ NOT-FOR-US: HedEx / Huawei
CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An unauthentic ...)
NOT-FOR-US: Huawei
CVE-2019-5284 (There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei sma ...)
@@ -19721,7 +19721,7 @@ CVE-2019-5247
CVE-2019-5246
RESERVED
CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
NOT-FOR-US: Huawei
CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. An att ...)
@@ -24171,7 +24171,7 @@ CVE-2018-20525 (Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, co
CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted us ...)
NOT-FOR-US: Chat Anywhere Chrome extension
CVE-2018-20523 (Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and o ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2018-20522
RESERVED
CVE-2018-20521
@@ -31944,7 +31944,7 @@ CVE-2019-0998 (An elevation of privilege vulnerability exists when the Storage S
CVE-2019-0997
RESERVED
CVE-2019-0996 (A spoofing vulnerability exists in Azure DevOps Server when it imprope ...)
- TODO: check
+ NOT-FOR-US: Azure DevOps Server / Microsoft
CVE-2019-0995 (A security feature bypass vulnerability exists when urlmon.dll imprope ...)
NOT-FOR-US: Microsoft
CVE-2019-0994
@@ -34602,23 +34602,23 @@ CVE-2019-0185
CVE-2019-0184
RESERVED
CVE-2019-0183 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0182 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0181 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0180 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0179 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0178 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0177 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0176
RESERVED
CVE-2019-0175 (Insufficient password protection in the attestation database for Open ...)
- TODO: check
+ NOT-FOR-US: Open CIT
CVE-2019-0174 (Logic condition in specific microprocessors may allow an authenticated ...)
NOT-FOR-US: RamBleed hardware vulnerability
NOTE: https://rambleed.com/
@@ -34641,7 +34641,7 @@ CVE-2019-0166
CVE-2019-0165
RESERVED
CVE-2019-0164 (Improper permissions in the installer for Intel(R) Turbo Boost Max Tec ...)
- TODO: check
+ NOT-FOR-US: installer for Intel(R) Turbo Boost Max Technology driver
CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) Broadwel ...)
NOT-FOR-US: Intel
CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors may a ...)
@@ -34720,11 +34720,11 @@ CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.1
CVE-2019-0131
RESERVED
CVE-2019-0130 (Reflected XSS in web interface for Intel(R) Accelerated Storage Manage ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0129 (Improper permissions for Intel(R) USB 3.0 Creator Utility all versions ...)
NOT-FOR-US: Intel
CVE-2019-0128 (Improper permissions in the installer for Intel(R) Chipset Device Soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and bef ...)
NOT-FOR-US: Intel
CVE-2019-0126 (Insufficient access control in silicon reference firmware for Intel(R) ...)
@@ -53500,7 +53500,7 @@ CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning Utilit
CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Support A ...)
NOT-FOR-US: Intel
CVE-2018-12147 (Insufficient input validation in HECI subsystem in Intel(R) CSME befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-12146
RESERVED
CVE-2018-12145
@@ -56805,9 +56805,9 @@ CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 bef
CVE-2018-10948 (Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 bet ...)
NOT-FOR-US: Zimbra
CVE-2018-10947 (An issue was discovered in versions earlier than 1.3.2 for Polycom Rea ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2018-10946 (An issue was discovered in versions earlier than 1.3.0-66872 for Polyc ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler thr ...)
{DLA-1562-1}
[experimental] - poppler 0.65.0-1
@@ -77414,7 +77414,7 @@ CVE-2018-3704 (Improper directory permissions in the installer for the Intel Par
CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R) SSD D ...)
NOT-FOR-US: Intel
CVE-2018-3702 (Improper permissions in the installer for the ITE Tech* Consumer Infra ...)
- TODO: check
+ NOT-FOR-US: ITE Tech* Consumer Infrared Driver for Windows 10
CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) PROSet/Wi ...)
NOT-FOR-US: Intel
CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 eXt ...)
@@ -122133,7 +122133,7 @@ CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use
CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use afte ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6261 (NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerabili ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Vibrante Linux
CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6259 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6282fa98afb0579af8ab4bb42816f8a7a594870c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6282fa98afb0579af8ab4bb42816f8a7a594870c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190614/99a4d61d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list