[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu May 16 21:43:44 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
813fcb2b by Salvatore Bonaccorso at 2019-05-16T20:43:18Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2019-12141
CVE-2019-12140
RESERVED
CVE-2019-12139 (An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This a ...)
- TODO: check
+ NOT-FOR-US: eZ Platform
CVE-2019-12138 (MacDown 0.7.1 allows directory traversal, for execution of arbitrary p ...)
- TODO: check
+ NOT-FOR-US: MacDown
CVE-2019-12137 (Typora 0.9.9.24.6 on macOS allows directory traversal, for execution o ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, a ...)
NOT-FOR-US: Boostnote
CVE-2019-12135
@@ -2602,7 +2602,7 @@ CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions 7.
NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77753
CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. Th ...)
- TODO: check
+ NOT-FOR-US: Applaud HCM
CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the Candida ...)
NOT-FOR-US: EasyToRecruit
CVE-2019-11031
@@ -26695,7 +26695,7 @@ CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web frame
CVE-2018-20008
RESERVED
CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...)
- TODO: check
+ NOT-FOR-US: Yeelight Smart AI Speaker devices
CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulne ...)
NOT-FOR-US: PHPok
CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after ...)
@@ -27312,7 +27312,7 @@ CVE-2019-1782 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS
CVE-2019-1781 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
NOT-FOR-US: Cisco
CVE-2019-1780 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1779 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
NOT-FOR-US: Cisco
CVE-2019-1778 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
@@ -29777,7 +29777,7 @@ CVE-2019-1002
CVE-2019-1001
RESERVED
CVE-2019-1000 (An elevation of privilege vulnerability exists in Microsoft Azure Acti ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0999
RESERVED
CVE-2019-0998
@@ -29787,7 +29787,7 @@ CVE-2019-0997
CVE-2019-0996
RESERVED
CVE-2019-0995 (A security feature bypass vulnerability exists when urlmon.dll imprope ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0994
RESERVED
CVE-2019-0993
@@ -29851,67 +29851,67 @@ CVE-2019-0965
CVE-2019-0964
RESERVED
CVE-2019-0963 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0962
RESERVED
CVE-2019-0961 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0960
RESERVED
CVE-2019-0959
RESERVED
CVE-2019-0958 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0957 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0956 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0955
RESERVED
CVE-2019-0954
RESERVED
CVE-2019-0953 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0952 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0951 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0950 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0949 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0948
RESERVED
CVE-2019-0947 (A remote code execution vulnerability exists when the Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0946 (A remote code execution vulnerability exists when the Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0945 (A remote code execution vulnerability exists when the Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0944
RESERVED
CVE-2019-0943
RESERVED
CVE-2019-0942 (An elevation of privilege vulnerability exists in the Unified Write Fi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0941
RESERVED
CVE-2019-0940 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0939
RESERVED
CVE-2019-0938 (An elevation of privilege vulnerability exists in Microsoft Edge that ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0937 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0936 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0935
RESERVED
CVE-2019-0934
RESERVED
CVE-2019-0933 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0932 (An information disclosure vulnerability exists in Skype for Android, a ...)
TODO: check
CVE-2019-0931 (An elevation of privilege vulnerability exists when the Storage Servic ...)
@@ -29923,39 +29923,39 @@ CVE-2019-0929 (A remote code execution vulnerability exists when Internet Explor
CVE-2019-0928
RESERVED
CVE-2019-0927 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0926 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0925 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0924 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0923 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0922 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0921 (An spoofing vulnerability exists when Internet Explorer improperly han ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0920
RESERVED
CVE-2019-0919
RESERVED
CVE-2019-0918 (A remote code execution vulnerability exists in the way the scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0917 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0916 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0915 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0914 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0913 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0912 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0911 (A remote code execution vulnerability exists in the way the scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0910
RESERVED
CVE-2019-0909
@@ -29971,7 +29971,7 @@ CVE-2019-0905
CVE-2019-0904
RESERVED
CVE-2019-0903 (A remote code execution vulnerability exists in the way that the Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0902 (A remote code execution vulnerability exists when the Windows Jet Data ...)
TODO: check
CVE-2019-0901 (A remote code execution vulnerability exists when the Windows Jet Data ...)
@@ -29993,7 +29993,7 @@ CVE-2019-0894 (A remote code execution vulnerability exists when the Windows Jet
CVE-2019-0893 (A remote code execution vulnerability exists when the Windows Jet Data ...)
TODO: check
CVE-2019-0892 (An elevation of privilege vulnerability exists in Windows when the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0891 (A remote code execution vulnerability exists when the Windows Jet Data ...)
TODO: check
CVE-2019-0890 (A remote code execution vulnerability exists when the Windows Jet Data ...)
@@ -30007,15 +30007,15 @@ CVE-2019-0887
CVE-2019-0886 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
TODO: check
CVE-2019-0885 (A remote code execution vulnerability exists when Microsoft Windows OL ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0884 (A remote code execution vulnerability exists in the way the scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0883
RESERVED
CVE-2019-0882 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0881 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0880
RESERVED
CVE-2019-0879 (A remote code execution vulnerability exists when the Windows Jet Data ...)
@@ -30139,7 +30139,7 @@ CVE-2019-0821 (An information disclosure vulnerability exists in the way that th
CVE-2019-0820 (A denial of service vulnerability exists when .NET Framework and .NET ...)
NOT-FOR-US: Microsoft .NET Core
CVE-2019-0819 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0818
RESERVED
CVE-2019-0817 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...)
@@ -30266,7 +30266,7 @@ CVE-2019-0760
CVE-2019-0759 (An information disclosure vulnerability exists when the Windows Print ...)
NOT-FOR-US: Microsoft
CVE-2019-0758 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0757 (A tampering vulnerability exists in the NuGet Package Manager for Linu ...)
- nuget <not-affected> (NuGet older than 4.3 is not affected, bug #926122)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1685475
@@ -30318,9 +30318,9 @@ CVE-2019-0736
CVE-2019-0735 (An elevation of privilege vulnerability exists when the Windows Client ...)
NOT-FOR-US: Microsoft
CVE-2019-0734 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0733 (A security feature bypass vulnerability exists in Windows Defender App ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-0732 (A security feature bypass vulnerability exists in Windows which could ...)
NOT-FOR-US: Microsoft
CVE-2019-0731 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -38397,7 +38397,7 @@ CVE-2018-17050 (The mintToken function of a smart contract implementation for Po
CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback ...)
NOT-FOR-US: CQU-LANKERS
CVE-2018-17048 (admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content ...)
- TODO: check
+ NOT-FOR-US: FDCMS
CVE-2018-17047
RESERVED
CVE-2018-17046 (translate man before 2018-08-21 has XSS via containers/outputBox/outpu ...)
@@ -80176,7 +80176,7 @@ CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Se
CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive infor ...)
NOT-FOR-US: IBM
CVE-2018-1975 (IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1974 (IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attac ...)
NOT-FOR-US: IBM
CVE-2018-1973 (IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'AP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/813fcb2baa26c67c5969cf67c5020da32d241141
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/813fcb2baa26c67c5969cf67c5020da32d241141
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190516/40ee56cc/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list