[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri May 17 21:29:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
afbd8420 by Salvatore Bonaccorso at 2019-05-17T20:29:01Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2019-12162
RESERVED
CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.p ...)
- TODO: check
+ NOT-FOR-US: WPO WebPageTest
CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...)
- TODO: check
+ NOT-FOR-US: GoHTTP
CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in the sc ...)
- TODO: check
+ NOT-FOR-US: GoHTTP
CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...)
- TODO: check
+ NOT-FOR-US: GoHTTP
CVE-2019-12157
RESERVED
CVE-2019-12156
@@ -573,7 +573,7 @@ CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with a
- golang-1.11 <not-affected> (Only affects Go on Windows)
NOTE: https://go-review.googlesource.com/c/go/+/176619
CVE-2019-11887 (SimplyBook.me through 2019-05-11 does not properly restrict File Uploa ...)
- TODO: check
+ NOT-FOR-US: SimplyBook.me
CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme ...)
NOT-FOR-US: WaspThemes Visual CSS Style Editor plugin for WordPress
CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for ...)
@@ -2408,7 +2408,7 @@ CVE-2019-11116
CVE-2019-11115
RESERVED
CVE-2019-11114 (Insufficient input validation in Intel(R) Driver & Support Assista ...)
- TODO: check
+ NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11113
RESERVED
CVE-2019-11112
@@ -2446,11 +2446,11 @@ CVE-2019-11097
CVE-2019-11096
RESERVED
CVE-2019-11095 (Insufficient access control in Intel(R) Driver & Support Assistant ...)
- TODO: check
+ NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) NUC Kit ...)
- TODO: check
+ NOT-FOR-US: Intel (R) NUC Kit
CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Discovery ...)
- TODO: check
+ NOT-FOR-US: Intel(R) SCS Discovery Utility
CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
@@ -2568,7 +2568,7 @@ CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bi
CVE-2019-11058
RESERVED
CVE-2019-11057 (SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows ...)
- TODO: check
+ NOT-FOR-US: Vtiger CRM
CVE-2019-11056
RESERVED
CVE-2019-11055
@@ -8733,13 +8733,13 @@ CVE-2019-8931
CVE-2019-8930
RESERVED
CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8928 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8927 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8926 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel ...)
@@ -15906,15 +15906,15 @@ CVE-2019-5960
CVE-2019-5959
RESERVED
CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and examin ...)
- TODO: check
+ NOT-FOR-US: Electronic reception and examination of application for radio licenses Offline
CVE-2019-5957 (Untrusted search path vulnerability in Installer of Electronic recepti ...)
- TODO: check
+ NOT-FOR-US: Electronic reception and examination of application for radio licenses Online
CVE-2019-5956
RESERVED
CVE-2019-5955 (CREATE SD official App for Android version 1.0.2 and earlier allows re ...)
- TODO: check
+ NOT-FOR-US: CREATE SD official App for Android
CVE-2019-5954 (JR East Japan train operation information push notification App for An ...)
- TODO: check
+ NOT-FOR-US: JR East Japan train operation information push notification App for Android
CVE-2019-5953 (Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers ...)
{DSA-4425-1 DLA-1760-1}
- wget 1.20.1-1.1 (bug #926389)
@@ -15935,45 +15935,45 @@ CVE-2019-5949
CVE-2019-5948
RESERVED
CVE-2019-5947 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 al ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5946 (Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows re ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5945 (Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the use ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5944 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5943 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5942 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5941 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5940 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5939 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5938 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5937 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5936 (Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 all ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5935 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5934 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allow ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5933 (Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5932 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 all ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5931 (Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter t ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5930 (Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5929 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5928 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 an ...)
NOT-FOR-US: 'an' App for iOS
CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 ...)
@@ -19601,7 +19601,7 @@ CVE-2019-4281
CVE-2019-4280
RESERVED
CVE-2019-4279 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4278
RESERVED
CVE-2019-4277
@@ -19921,7 +19921,7 @@ CVE-2019-4121
CVE-2019-4120
RESERVED
CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4118
RESERVED
CVE-2019-4117
@@ -29943,7 +29943,7 @@ CVE-2019-0934
CVE-2019-0933 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
CVE-2019-0932 (An information disclosure vulnerability exists in Skype for Android, a ...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2019-0931 (An elevation of privilege vulnerability exists when the Storage Servic ...)
TODO: check
CVE-2019-0930 (An information disclosure vulnerability exists when Internet Explorer ...)
@@ -32482,11 +32482,11 @@ CVE-2019-0174
CVE-2019-0173
RESERVED
CVE-2019-0172 (A logic issue in Intel Unite(R) Client for Android prior to version 4. ...)
- TODO: check
+ NOT-FOR-US: Intel Unite(R) Client for Android
CVE-2019-0171 (Improper directory permissions in the installer for Intel(R) Quartus(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-0170 (Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 ma ...)
- TODO: check
+ NOT-FOR-US: Intel(R) DAL
CVE-2019-0169
RESERVED
CVE-2019-0168
@@ -32531,7 +32531,7 @@ CVE-2019-0155
CVE-2019-0154
RESERVED
CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 m ...)
- TODO: check
+ NOT-FOR-US: Intel(R) CSME
CVE-2019-0152
RESERVED
CVE-2019-0151
@@ -32561,7 +32561,7 @@ CVE-2019-0140
CVE-2019-0139
RESERVED
CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.1 ...)
- TODO: check
+ NOT-FOR-US: Intel(R) ACU Wizard
CVE-2019-0137
RESERVED
CVE-2019-0136
@@ -32573,7 +32573,7 @@ CVE-2019-0134
CVE-2019-0133
RESERVED
CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...)
- TODO: check
+ NOT-FOR-US: Intel Unite(R) Client
CVE-2019-0131
RESERVED
CVE-2019-0130
@@ -38083,11 +38083,11 @@ CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The
NOTE: https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
NOTE: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
CVE-2018-17181 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-17180 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Tra ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-17179 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2018-17178 (An issue was discovered on Neato Botvac Connected 2.2.0 devices. They ...)
NOT-FOR-US: Neato Botvac Connected devices
CVE-2018-17177 (An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 ...)
@@ -40844,7 +40844,7 @@ CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4
CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...)
NOT-FOR-US: waimai Super Cms
CVE-2018-16156 (In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC ...)
- TODO: check
+ NOT-FOR-US: PaperStream IP (TWAIN)
CVE-2018-16155
RESERVED
CVE-2018-16154
@@ -75236,7 +75236,7 @@ CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R)
CVE-2018-3702
RESERVED
CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) PROSet/Wi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 eXt ...)
NOT-FOR-US: Intel
CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for Windows may ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afbd84202ba41fb7ed8dbe134ae350591be62469
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afbd84202ba41fb7ed8dbe134ae350591be62469
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190517/8cf7b7db/attachment.html>
More information about the debian-security-tracker-commits
mailing list