Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: afbd8420 by Salvatore Bonaccorso at 2019-05-17T20:29:01Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,13 +1,13 @@ CVE-2019-12162 RESERVED CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.p ...) - TODO: check + NOT-FOR-US: WPO WebPageTest CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...) - TODO: check + NOT-FOR-US: GoHTTP CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in the sc ...) - TODO: check + NOT-FOR-US: GoHTTP CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...) - TODO: check + NOT-FOR-US: GoHTTP CVE-2019-12157 RESERVED CVE-2019-12156 @@ -573,7 +573,7 @@ CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with a - golang-1.11 <not-affected> (Only affects Go on Windows) NOTE: https://go-review.googlesource.com/c/go/+/176619 CVE-2019-11887 (SimplyBook.me through 2019-05-11 does not properly restrict File Uploa ...) - TODO: check + NOT-FOR-US: SimplyBook.me CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme ...) NOT-FOR-US: WaspThemes Visual CSS Style Editor plugin for WordPress CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for ...) @@ -2408,7 +2408,7 @@ CVE-2019-11116 CVE-2019-11115 RESERVED CVE-2019-11114 (Insufficient input validation in Intel(R) Driver & Support Assista ...) - TODO: check + NOT-FOR-US: Intel(R) Driver & Support Assistant CVE-2019-11113 RESERVED CVE-2019-11112 @@ -2446,11 +2446,11 @@ CVE-2019-11097 CVE-2019-11096 RESERVED CVE-2019-11095 (Insufficient access control in Intel(R) Driver & Support Assistant ...) - TODO: check + NOT-FOR-US: Intel(R) Driver & Support Assistant CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) NUC Kit ...) - TODO: check + NOT-FOR-US: Intel (R) NUC Kit CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Discovery ...) - TODO: check + NOT-FOR-US: Intel(R) SCS Discovery Utility CVE-2019-11092 RESERVED CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory] @@ -2568,7 +2568,7 @@ CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bi CVE-2019-11058 RESERVED CVE-2019-11057 (SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows ...) - TODO: check + NOT-FOR-US: Vtiger CRM CVE-2019-11056 RESERVED CVE-2019-11055 @@ -8733,13 +8733,13 @@ CVE-2019-8931 CVE-2019-8930 RESERVED CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8928 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8927 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8926 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel ...) @@ -15906,15 +15906,15 @@ CVE-2019-5960 CVE-2019-5959 RESERVED CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and examin ...) - TODO: check + NOT-FOR-US: Electronic reception and examination of application for radio licenses Offline CVE-2019-5957 (Untrusted search path vulnerability in Installer of Electronic recepti ...) - TODO: check + NOT-FOR-US: Electronic reception and examination of application for radio licenses Online CVE-2019-5956 RESERVED CVE-2019-5955 (CREATE SD official App for Android version 1.0.2 and earlier allows re ...) - TODO: check + NOT-FOR-US: CREATE SD official App for Android CVE-2019-5954 (JR East Japan train operation information push notification App for An ...) - TODO: check + NOT-FOR-US: JR East Japan train operation information push notification App for Android CVE-2019-5953 (Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers ...) {DSA-4425-1 DLA-1760-1} - wget 1.20.1-1.1 (bug #926389) @@ -15935,45 +15935,45 @@ CVE-2019-5949 CVE-2019-5948 RESERVED CVE-2019-5947 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 al ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5946 (Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows re ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5945 (Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the use ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5944 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5943 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5942 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5941 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5940 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5939 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5938 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5937 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5936 (Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 all ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5935 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5934 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allow ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5933 (Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5932 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 all ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5931 (Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter t ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5930 (Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5929 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5928 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 an ...) NOT-FOR-US: 'an' App for iOS CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 ...) @@ -19601,7 +19601,7 @@ CVE-2019-4281 CVE-2019-4280 RESERVED CVE-2019-4279 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4278 RESERVED CVE-2019-4277 @@ -19921,7 +19921,7 @@ CVE-2019-4121 CVE-2019-4120 RESERVED CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4118 RESERVED CVE-2019-4117 @@ -29943,7 +29943,7 @@ CVE-2019-0934 CVE-2019-0933 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0932 (An information disclosure vulnerability exists in Skype for Android, a ...) - TODO: check + NOT-FOR-US: Skype CVE-2019-0931 (An elevation of privilege vulnerability exists when the Storage Servic ...) TODO: check CVE-2019-0930 (An information disclosure vulnerability exists when Internet Explorer ...) @@ -32482,11 +32482,11 @@ CVE-2019-0174 CVE-2019-0173 RESERVED CVE-2019-0172 (A logic issue in Intel Unite(R) Client for Android prior to version 4. ...) - TODO: check + NOT-FOR-US: Intel Unite(R) Client for Android CVE-2019-0171 (Improper directory permissions in the installer for Intel(R) Quartus(R ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-0170 (Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 ma ...) - TODO: check + NOT-FOR-US: Intel(R) DAL CVE-2019-0169 RESERVED CVE-2019-0168 @@ -32531,7 +32531,7 @@ CVE-2019-0155 CVE-2019-0154 RESERVED CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 m ...) - TODO: check + NOT-FOR-US: Intel(R) CSME CVE-2019-0152 RESERVED CVE-2019-0151 @@ -32561,7 +32561,7 @@ CVE-2019-0140 CVE-2019-0139 RESERVED CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.1 ...) - TODO: check + NOT-FOR-US: Intel(R) ACU Wizard CVE-2019-0137 RESERVED CVE-2019-0136 @@ -32573,7 +32573,7 @@ CVE-2019-0134 CVE-2019-0133 RESERVED CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...) - TODO: check + NOT-FOR-US: Intel Unite(R) Client CVE-2019-0131 RESERVED CVE-2019-0130 @@ -38083,11 +38083,11 @@ CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The NOTE: https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 NOTE: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html CVE-2018-17181 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-17180 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Tra ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-17179 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2018-17178 (An issue was discovered on Neato Botvac Connected 2.2.0 devices. They ...) NOT-FOR-US: Neato Botvac Connected devices CVE-2018-17177 (An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 ...) @@ -40844,7 +40844,7 @@ CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4 CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...) NOT-FOR-US: waimai Super Cms CVE-2018-16156 (In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC ...) - TODO: check + NOT-FOR-US: PaperStream IP (TWAIN) CVE-2018-16155 RESERVED CVE-2018-16154 @@ -75236,7 +75236,7 @@ CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R) CVE-2018-3702 RESERVED CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) PROSet/Wi ...) - TODO: check + NOT-FOR-US: Intel CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 eXt ...) NOT-FOR-US: Intel CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for Windows may ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afbd84202ba41fb7ed8dbe134ae350591be62469 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afbd84202ba41fb7ed8dbe134ae350591be62469 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits