[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Thu, 16 May 2019 13:44:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
813fcb2b by Salvatore Bonaccorso at 2019-05-16T20:43:18Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2019-12141
 CVE-2019-12140
        RESERVED
 CVE-2019-12139 (An XSS issue was discovered in the Admin UI in eZ Platform 
2.x. This a ...)
-       TODO: check
+       NOT-FOR-US: eZ Platform
 CVE-2019-12138 (MacDown 0.7.1 allows directory traversal, for execution of 
arbitrary p ...)
-       TODO: check
+       NOT-FOR-US: MacDown
 CVE-2019-12137 (Typora 0.9.9.24.6 on macOS allows directory traversal, for 
execution o ...)
-       TODO: check
+       NOT-FOR-US: Typora
 CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named 
mermaid, a ...)
        NOT-FOR-US: Boostnote
 CVE-2019-12135
@@ -2602,7 +2602,7 @@ CVE-2019-11034 (When processing certain files, PHP EXIF 
extension in versions 7.
        NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77753
 CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a 
form. Th ...)
-       TODO: check
+       NOT-FOR-US: Applaud HCM
 CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the 
Candida ...)
        NOT-FOR-US: EasyToRecruit
 CVE-2019-11031
@@ -26695,7 +26695,7 @@ CVE-2018-1000861 (A code execution vulnerability exists 
in the Stapler web frame
 CVE-2018-20008
        RESERVED
 CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper 
access con ...)
-       TODO: check
+       NOT-FOR-US: Yeelight Smart AI Speaker devices
 CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored 
XSS vulne ...)
        NOT-FOR-US: PHPok
 CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a 
use-after ...)
@@ -27312,7 +27312,7 @@ CVE-2019-1782 (A vulnerability in the CLI of Cisco FXOS 
Software and Cisco NX-OS
 CVE-2019-1781 (A vulnerability in the CLI of Cisco FXOS Software and Cisco 
NX-OS Soft ...)
        NOT-FOR-US: Cisco
 CVE-2019-1780 (A vulnerability in the CLI of Cisco FXOS Software and Cisco 
NX-OS Soft ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2019-1779 (A vulnerability in the CLI of Cisco FXOS Software and Cisco 
NX-OS Soft ...)
        NOT-FOR-US: Cisco
 CVE-2019-1778 (A vulnerability in the CLI of Cisco NX-OS Software could allow 
an auth ...)
@@ -29777,7 +29777,7 @@ CVE-2019-1002
 CVE-2019-1001
        RESERVED
 CVE-2019-1000 (An elevation of privilege vulnerability exists in Microsoft 
Azure Acti ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0999
        RESERVED
 CVE-2019-0998
@@ -29787,7 +29787,7 @@ CVE-2019-0997
 CVE-2019-0996
        RESERVED
 CVE-2019-0995 (A security feature bypass vulnerability exists when urlmon.dll 
imprope ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0994
        RESERVED
 CVE-2019-0993
@@ -29851,67 +29851,67 @@ CVE-2019-0965
 CVE-2019-0964
        RESERVED
 CVE-2019-0963 (A cross-site-scripting (XSS) vulnerability exists when 
Microsoft Share ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0962
        RESERVED
 CVE-2019-0961 (An information disclosure vulnerability exists when the Windows 
GDI co ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0960
        RESERVED
 CVE-2019-0959
        RESERVED
 CVE-2019-0958 (An elevation of privilege vulnerability exists when Microsoft 
SharePoi ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0957 (An elevation of privilege vulnerability exists when Microsoft 
SharePoi ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0956 (An information disclosure vulnerability exists when Microsoft 
SharePoi ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0955
        RESERVED
 CVE-2019-0954
        RESERVED
 CVE-2019-0953 (A remote code execution vulnerability exists in Microsoft Word 
softwar ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0952 (A remote code execution vulnerability exists in Microsoft 
SharePoint S ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0951 (A spoofing vulnerability exists when Microsoft SharePoint 
Server does  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0950 (A spoofing vulnerability exists when Microsoft SharePoint 
Server does  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0949 (A spoofing vulnerability exists when Microsoft SharePoint 
Server does  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0948
        RESERVED
 CVE-2019-0947 (A remote code execution vulnerability exists when the Microsoft 
Office ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0946 (A remote code execution vulnerability exists when the Microsoft 
Office ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0945 (A remote code execution vulnerability exists when the Microsoft 
Office ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0944
        RESERVED
 CVE-2019-0943
        RESERVED
 CVE-2019-0942 (An elevation of privilege vulnerability exists in the Unified 
Write Fi ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0941
        RESERVED
 CVE-2019-0940 (A remote code execution vulnerability exists in the way that 
Microsoft ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0939
        RESERVED
 CVE-2019-0938 (An elevation of privilege vulnerability exists in Microsoft 
Edge that  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0937 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0936 (An elevation of privilege vulnerability exists in Microsoft 
Windows wh ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0935
        RESERVED
 CVE-2019-0934
        RESERVED
 CVE-2019-0933 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0932 (An information disclosure vulnerability exists in Skype for 
Android, a ...)
        TODO: check
 CVE-2019-0931 (An elevation of privilege vulnerability exists when the Storage 
Servic ...)
@@ -29923,39 +29923,39 @@ CVE-2019-0929 (A remote code execution vulnerability 
exists when Internet Explor
 CVE-2019-0928
        RESERVED
 CVE-2019-0927 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0926 (A remote code execution vulnerability exists when Microsoft 
Edge impro ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0925 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0924 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0923 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0922 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0921 (An spoofing vulnerability exists when Internet Explorer 
improperly han ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0920
        RESERVED
 CVE-2019-0919
        RESERVED
 CVE-2019-0918 (A remote code execution vulnerability exists in the way the 
scripting  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0917 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0916 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0915 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0914 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0913 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0912 (A remote code execution vulnerability exists in the way that 
the Chakr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0911 (A remote code execution vulnerability exists in the way the 
scripting  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0910
        RESERVED
 CVE-2019-0909
@@ -29971,7 +29971,7 @@ CVE-2019-0905
 CVE-2019-0904
        RESERVED
 CVE-2019-0903 (A remote code execution vulnerability exists in the way that 
the Windo ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0902 (A remote code execution vulnerability exists when the Windows 
Jet Data ...)
        TODO: check
 CVE-2019-0901 (A remote code execution vulnerability exists when the Windows 
Jet Data ...)
@@ -29993,7 +29993,7 @@ CVE-2019-0894 (A remote code execution vulnerability 
exists when the Windows Jet
 CVE-2019-0893 (A remote code execution vulnerability exists when the Windows 
Jet Data ...)
        TODO: check
 CVE-2019-0892 (An elevation of privilege vulnerability exists in Windows when 
the Win ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0891 (A remote code execution vulnerability exists when the Windows 
Jet Data ...)
        TODO: check
 CVE-2019-0890 (A remote code execution vulnerability exists when the Windows 
Jet Data ...)
@@ -30007,15 +30007,15 @@ CVE-2019-0887
 CVE-2019-0886 (An information disclosure vulnerability exists when Windows 
Hyper-V on ...)
        TODO: check
 CVE-2019-0885 (A remote code execution vulnerability exists when Microsoft 
Windows OL ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0884 (A remote code execution vulnerability exists in the way the 
scripting  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0883
        RESERVED
 CVE-2019-0882 (An information disclosure vulnerability exists when the Windows 
GDI co ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0881 (An elevation of privilege vulnerability exists when the Windows 
Kernel ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0880
        RESERVED
 CVE-2019-0879 (A remote code execution vulnerability exists when the Windows 
Jet Data ...)
@@ -30139,7 +30139,7 @@ CVE-2019-0821 (An information disclosure vulnerability 
exists in the way that th
 CVE-2019-0820 (A denial of service vulnerability exists when .NET Framework 
and .NET  ...)
        NOT-FOR-US: Microsoft .NET Core
 CVE-2019-0819 (An information disclosure vulnerability exists in Microsoft SQL 
Server ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0818
        RESERVED
 CVE-2019-0817 (A spoofing vulnerability exists in Microsoft Exchange Server 
when Outl ...)
@@ -30266,7 +30266,7 @@ CVE-2019-0760
 CVE-2019-0759 (An information disclosure vulnerability exists when the Windows 
Print  ...)
        NOT-FOR-US: Microsoft
 CVE-2019-0758 (An information disclosure vulnerability exists when the Windows 
GDI co ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0757 (A tampering vulnerability exists in the NuGet Package Manager 
for Linu ...)
        - nuget <not-affected> (NuGet older than 4.3 is not affected, bug 
#926122)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1685475
@@ -30318,9 +30318,9 @@ CVE-2019-0736
 CVE-2019-0735 (An elevation of privilege vulnerability exists when the Windows 
Client ...)
        NOT-FOR-US: Microsoft
 CVE-2019-0734 (An elevation of privilege vulnerability exists in Microsoft 
Windows wh ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0733 (A security feature bypass vulnerability exists in Windows 
Defender App ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-0732 (A security feature bypass vulnerability exists in Windows which 
could  ...)
        NOT-FOR-US: Microsoft
 CVE-2019-0731 (An elevation of privilege vulnerability exists when Windows 
improperly ...)
@@ -38397,7 +38397,7 @@ CVE-2018-17050 (The mintToken function of a smart 
contract implementation for Po
 CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php 
callback ...)
        NOT-FOR-US: CQU-LANKERS
 CVE-2018-17048 (admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa 
Content  ...)
-       TODO: check
+       NOT-FOR-US: FDCMS
 CVE-2018-17047
        RESERVED
 CVE-2018-17046 (translate man before 2018-08-21 has XSS via 
containers/outputBox/outpu ...)
@@ -80176,7 +80176,7 @@ CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 
(includes DB2 Connect Se
 CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by 
sensitive infor ...)
        NOT-FOR-US: IBM
 CVE-2018-1975 (IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 
through 9 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2018-1974 (IBM WebSphere 8.0.0.0 through 9.1.1 could allow an 
authenticated attac ...)
        NOT-FOR-US: IBM
 CVE-2018-1973 (IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with 
limited 'AP ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/813fcb2baa26c67c5969cf67c5020da32d241141

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/813fcb2baa26c67c5969cf67c5020da32d241141
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to