[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Sun Jan 20 22:11:16 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a27951b by Moritz Muehlenhoff at 2019-01-20T22:10:51Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-6497 (Hotels_Server through 2018-11-05 has SQL Injection via the ...)
- TODO: check
+ NOT-FOR-US: Hotels_Server
CVE-2019-6496 (The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows ...)
NOT-FOR-US: ThreadX-based firmware on Marvell Avastar Wi-Fi devices
CVE-2019-6495
@@ -8013,7 +8013,7 @@ CVE-2018-20235
CVE-2018-20234
RESERVED
CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-20232
RESERVED
CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication ...)
@@ -18178,7 +18178,7 @@ CVE-2018-18910
CVE-2018-18909 (xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of ...)
NOT-FOR-US: xhEditor
CVE-2018-18908 (The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows ...)
- TODO: check
+ NOT-FOR-US: Sky Go Desktop
CVE-2018-18907
RESERVED
CVE-2018-18906
@@ -26243,7 +26243,7 @@ CVE-2018-15786
CVE-2018-15785
REJECTED
CVE-2018-15784 (Dell Networking OS10 versions prior to 10.4.3.0 contain a ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-15783
REJECTED
CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...)
@@ -34688,9 +34688,9 @@ CVE-2017-18334
CVE-2017-18333
RESERVED
CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18331 (Improper access control on secure display buffers in snapdragon ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...)
NOT-FOR-US: snapdragon
CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...)
@@ -36038,9 +36038,9 @@ CVE-2018-12001
CVE-2018-12000
RESERVED
CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11997
RESERVED
CVE-2018-11996 (When a malformed command is sent to the device programmer, an ...)
@@ -36050,7 +36050,7 @@ CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to access ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11992
RESERVED
CVE-2018-11991
@@ -37991,7 +37991,7 @@ CVE-2018-11286 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11284 (Spoofed SMS can be used to send a large number of messages to the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11283
RESERVED
CVE-2018-11282
@@ -38001,7 +38001,7 @@ CVE-2018-11281 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2018-11280 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11279 (Lack of check of input size can make device memory get corrupted ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, ...)
@@ -50780,7 +50780,7 @@ CVE-2017-18162
CVE-2017-18161
RESERVED
CVE-2017-18160 (AGPS session failure in GNSS module due to cyphersuites are hardcoded ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android ...)
@@ -53384,7 +53384,7 @@ CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper i
CVE-2018-5916 (Buffer overread while decoding PDP modify request or network initiated ...)
NOT-FOR-US: Snapdragon
CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in snapdragon ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5913
@@ -53452,11 +53452,11 @@ CVE-2018-5883
CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5880 (Improper data length check while processing an event report indication ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5879 (Improper length check while processing an MQTT message can lead to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5877 (In the device programmer target-side code for firehose, a string may ...)
@@ -53479,11 +53479,11 @@ CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9
CVE-2018-5870 (While loading a service image, an untrusted pointer dereference can ...)
NOT-FOR-US: Snapdragon
CVE-2018-5869 (Improper input validation in the QTEE keymaster app can lead to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5868 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5867 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5866 (While processing logs, data is copied into a buffer pointed to by an ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5865 (While processing a debug log event from firmware in all Android ...)
@@ -60232,7 +60232,7 @@ CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the lin
CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3595 (Anti-rollback can be bypassed in replay scenario during app loading ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm ...)
@@ -97333,7 +97333,7 @@ CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the
CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in snapdragon ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a27951b66c223abc5b89a36059a6e6bd3dca31e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a27951b66c223abc5b89a36059a6e6bd3dca31e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190120/7e9679ec/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list