[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sun Jan 20 22:11:16 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a27951b by Moritz Muehlenhoff at 2019-01-20T22:10:51Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-6497 (Hotels_Server through 2018-11-05 has SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: Hotels_Server
 CVE-2019-6496 (The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows ...)
 	NOT-FOR-US: ThreadX-based firmware on Marvell Avastar Wi-Fi devices
 CVE-2019-6495
@@ -8013,7 +8013,7 @@ CVE-2018-20235
 CVE-2018-20234
 	RESERVED
 CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-20232
 	RESERVED
 CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication ...)
@@ -18178,7 +18178,7 @@ CVE-2018-18910
 CVE-2018-18909 (xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of ...)
 	NOT-FOR-US: xhEditor
 CVE-2018-18908 (The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows ...)
-	TODO: check
+	NOT-FOR-US: Sky Go Desktop
 CVE-2018-18907
 	RESERVED
 CVE-2018-18906
@@ -26243,7 +26243,7 @@ CVE-2018-15786
 CVE-2018-15785
 	REJECTED
 CVE-2018-15784 (Dell Networking OS10 versions prior to 10.4.3.0 contain a ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2018-15783
 	REJECTED
 CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...)
@@ -34688,9 +34688,9 @@ CVE-2017-18334
 CVE-2017-18333
 	RESERVED
 CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18331 (Improper access control on secure display buffers in snapdragon ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...)
 	NOT-FOR-US: snapdragon
 CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...)
@@ -36038,9 +36038,9 @@ CVE-2018-12001
 CVE-2018-12000
 	RESERVED
 CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11997
 	RESERVED
 CVE-2018-11996 (When a malformed command is sent to the device programmer, an ...)
@@ -36050,7 +36050,7 @@ CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
 CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to access ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11992
 	RESERVED
 CVE-2018-11991
@@ -37991,7 +37991,7 @@ CVE-2018-11286 (In all android releases (Android for MSM, Firefox OS for MSM, QR
 CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11284 (Spoofed SMS can be used to send a large number of messages to the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11283
 	RESERVED
 CVE-2018-11282
@@ -38001,7 +38001,7 @@ CVE-2018-11281 (In all android releases (Android for MSM, Firefox OS for MSM, QR
 CVE-2018-11280 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11279 (Lack of check of input size can make device memory get corrupted ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, ...)
@@ -50780,7 +50780,7 @@ CVE-2017-18162
 CVE-2017-18161
 	RESERVED
 CVE-2017-18160 (AGPS session failure in GNSS module due to cyphersuites are hardcoded ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android ...)
@@ -53384,7 +53384,7 @@ CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper i
 CVE-2018-5916 (Buffer overread while decoding PDP modify request or network initiated ...)
 	NOT-FOR-US: Snapdragon
 CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in snapdragon ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5913
@@ -53452,11 +53452,11 @@ CVE-2018-5883
 CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5880 (Improper data length check while processing an event report indication ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5879 (Improper length check while processing an MQTT message can lead to ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5877 (In the device programmer target-side code for firehose, a string may ...)
@@ -53479,11 +53479,11 @@ CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9
 CVE-2018-5870 (While loading a service image, an untrusted pointer dereference can ...)
 	NOT-FOR-US: Snapdragon
 CVE-2018-5869 (Improper input validation in the QTEE keymaster app can lead to ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5868 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5867 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5866 (While processing logs, data is copied into a buffer pointed to by an ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5865 (While processing a debug log event from firmware in all Android ...)
@@ -60232,7 +60232,7 @@ CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the lin
 CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3595 (Anti-rollback can be bypassed in replay scenario during app loading ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm ...)
@@ -97333,7 +97333,7 @@ CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the
 CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in snapdragon ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a27951b66c223abc5b89a36059a6e6bd3dca31e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a27951b66c223abc5b89a36059a6e6bd3dca31e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190120/7e9679ec/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list