[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jul 22 21:21:30 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0233c87 by Salvatore Bonaccorso at 2019-07-22T20:21:07Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3527,15 +3527,15 @@ CVE-2019-13102
 CVE-2019-13101
 	RESERVED
 CVE-2019-13100 (The Send Anywhere application 9.4.18 for Android stores confidential i ...)
-	TODO: check
+	NOT-FOR-US: Send Anywhere application for Android
 CVE-2019-13099 (The Momo application 2.1.9 for Android stores confidential information ...)
-	TODO: check
+	NOT-FOR-US: Momo application for Android
 CVE-2019-13098 (The user password via the registration form of TronLink Wallet 2.2.0 i ...)
-	TODO: check
+	NOT-FOR-US: TronLink Wallet
 CVE-2019-13097 (The application API of Cat Runner Decorate Home version 2.8.0 for Andr ...)
-	TODO: check
+	NOT-FOR-US: Cat Runner Decorate Home
 CVE-2019-13096 (TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and pla ...)
-	TODO: check
+	NOT-FOR-US: TronLink Wallet
 CVE-2019-13095
 	RESERVED
 CVE-2019-13094
@@ -5510,15 +5510,15 @@ CVE-2019-12330
 CVE-2019-12329
 	RESERVED
 CVE-2019-12328 (A command injection (missing input validation) issue in the remote pho ...)
-	TODO: check
+	NOT-FOR-US: Atcom A10W VoIP phone
 CVE-2019-12327 (Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow a ...)
-	TODO: check
+	NOT-FOR-US: Akuvox R50P VoIP phone
 CVE-2019-12326 (Missing file and path validation in the ringtone upload function of th ...)
-	TODO: check
+	NOT-FOR-US: Akuvox R50P VoIP phone
 CVE-2019-12325 (The Htek UC902 VoIP phone web management interface contains several bu ...)
-	TODO: check
+	NOT-FOR-US: Htek UC902 VoIP phone
 CVE-2019-12324 (A command injection (missing input validation) issue in the IP address ...)
-	TODO: check
+	NOT-FOR-US: Akuvox R50P VoIP phone
 CVE-2019-12323 (The HC.Server service in Hosting Controller HC10 10.14 allows an Inval ...)
 	NOT-FOR-US: Hosting Controller HC10
 CVE-2019-12322
@@ -12109,17 +12109,17 @@ CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check fo
 CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...)
 	TODO: check
 CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site  ...)
-	TODO: check
+	NOT-FOR-US: ILIAS
 CVE-2019-1010236
 	RESERVED
 CVE-2019-1010235 (Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is ...)
-	TODO: check
+	NOT-FOR-US: Frog CMS
 CVE-2019-1010234 (The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper I ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2019-1010233
 	RESERVED
 CVE-2019-1010232 (Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2019-1010231
 	RESERVED
 CVE-2019-1010230
@@ -28522,7 +28522,7 @@ CVE-2019-3416
 CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an  ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by co ...)
@@ -32923,7 +32923,7 @@ CVE-2019-2294
 CVE-2019-2293
 	RESERVED
 CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2291
 	RESERVED
 CVE-2019-2290
@@ -32933,7 +32933,7 @@ CVE-2019-2289
 CVE-2019-2288
 	RESERVED
 CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2286
 	RESERVED
 CVE-2019-2285
@@ -32949,12 +32949,12 @@ CVE-2019-2281
 CVE-2019-2280
 	RESERVED
 CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2278
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on user c ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2276
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
@@ -32971,7 +32971,7 @@ CVE-2019-2271
 CVE-2019-2270
 	RESERVED
 CVE-2019-2269 (Possible buffer overflow while processing the high level lim process a ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2268
 	RESERVED
 CVE-2019-2267
@@ -32981,15 +32981,15 @@ CVE-2019-2266
 CVE-2019-2265
 	RESERVED
 CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2263
 	RESERVED
 CVE-2019-2262
 	RESERVED
 CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non secure sub ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2260 (A race condition occurs while processing perf-event which can lead to  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2259 (Resource allocation error while playing the video whose dimensions are ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2258
@@ -33025,7 +33025,7 @@ CVE-2019-2245 (Possible integer underflow can happen when calculating length of
 CVE-2019-2244 (Possible integer underflow can happen when calculating length of eleme ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2243 (Possible buffer overflow at the end of iterating loop while getting th ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2242
 	RESERVED
 CVE-2019-2241
@@ -53675,13 +53675,13 @@ CVE-2018-13929
 CVE-2018-13928
 	RESERVED
 CVE-2018-13927 (Debug policy with invalid signature can be loaded when the debug polic ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2018-13926
 	RESERVED
 CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-13924 (Lack of check to prevent the buffer length taking negative values can  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2018-13923
 	RESERVED
 CVE-2018-13922
@@ -53738,7 +53738,7 @@ CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC i
 CVE-2018-13897
 	RESERVED
 CVE-2018-13896 (XBL_SEC image authentication and other crypto related validations are  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2018-13895 (Due to the missing permissions on several content providers of the RCS ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-13894



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0233c874329e09f701a1f74dd67a4dc7ffa1ac2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0233c874329e09f701a1f74dd67a4dc7ffa1ac2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190722/4cdf69ee/attachment.html>

More information about the debian-security-tracker-commits mailing list