[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jul 25 21:33:21 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3632c4a5 by Salvatore Bonaccorso at 2019-07-25T20:32:54Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2019-14271
 	RESERVED
 CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6 ...)
-	TODO: check
+	NOT-FOR-US: Comodo Antivirus
 CVE-2019-14269
 	RESERVED
 CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request prox ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2019-14267
 	RESERVED
 CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Confi ...)
@@ -12308,7 +12308,7 @@ CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The i
 CVE-2019-1010201 (Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive  ...)
 	NOT-FOR-US: Jeesite
 CVE-2019-1010200 (Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b ...)
-	TODO: check
+	NOT-FOR-US: Voice Builder
 CVE-2019-1010199 (ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site  ...)
 	NOT-FOR-US: ServiceStack ServiceStack Framework
 CVE-2019-1010198
@@ -12368,7 +12368,7 @@ CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: comm
 CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
 	NOT-FOR-US: Jsish
 CVE-2019-1010172 (Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impac ...)
 	NOT-FOR-US: Jsish
 CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: den ...)
@@ -12765,9 +12765,9 @@ CVE-2019-9887
 CVE-2019-9886 (Any URLs with download_attachment.php under templates or home folders  ...)
 	NOT-FOR-US: BroadLearning eClass
 CVE-2019-9885 (eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL c ...)
-	TODO: check
+	NOT-FOR-US: eClass platform
 CVE-2019-9884 (eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS meth ...)
-	TODO: check
+	NOT-FOR-US: eClass platform
 CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
 	NOT-FOR-US: MailSherlock
 CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
@@ -26189,7 +26189,7 @@ CVE-2019-4441
 CVE-2019-4440
 	RESERVED
 CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4438
 	RESERVED
 CVE-2019-4437
@@ -26237,7 +26237,7 @@ CVE-2019-4417
 CVE-2019-4416
 	RESERVED
 CVE-2019-4415 (IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain e ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4414
 	RESERVED
 CVE-2019-4413
@@ -26643,7 +26643,7 @@ CVE-2019-4214
 CVE-2019-4213
 	RESERVED
 CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forger ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
 	NOT-FOR-US: IBM
 CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...)
@@ -26835,7 +26835,7 @@ CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart coul
 CVE-2019-4117
 	RESERVED
 CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4115
 	RESERVED
 CVE-2019-4114
@@ -28100,7 +28100,7 @@ CVE-2019-3623
 CVE-2019-3622 (Files or Directories Accessible to External Parties in McAfee Data Los ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3621 (Authentication protection bypass vulnerability in McAfee Data Loss Pre ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3620
 	RESERVED
 CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAfee eP ...)
@@ -28486,9 +28486,9 @@ CVE-2019-3488
 CVE-2019-3487
 	RESERVED
 CVE-2019-3486 (Mitigates a stored cross site scripting issue in ArcSight Security Man ...)
-	TODO: check
+	NOT-FOR-US: ArcSight Security Management Center
 CVE-2019-3485 (Mitigates a stored cross site scripting issue in ArcSight Logger versi ...)
-	TODO: check
+	NOT-FOR-US: ArcSight Logger
 CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger versions pr ...)
 	NOT-FOR-US: ArcSight Logger
 CVE-2019-3483 (Mitigates a potential information leakage issue in ArcSight Logger ver ...)
@@ -32865,11 +32865,11 @@ CVE-2019-2347
 CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan command  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in Snapdragon ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2344
 	RESERVED
 CVE-2019-2343 (Out of bound read and information disclosure in firmware due to insuff ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2342
 	RESERVED
 CVE-2019-2341
@@ -32923,27 +32923,27 @@ CVE-2019-2318
 CVE-2019-2317
 	RESERVED
 CVE-2019-2316 (When computing the digest a local variable is used after going out of  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2315
 	RESERVED
 CVE-2019-2314 (Possible race condition that will cause a use-after-free when writing  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2313
 	RESERVED
 CVE-2019-2312 (When handling the vendor command there exists a potential buffer overf ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2311
 	RESERVED
 CVE-2019-2310
 	RESERVED
 CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2308 (User application could potentially make RPC call to the fastrpc driver ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2307 (Possible integer underflow due to lack of validation before calculatio ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2306 (Improper casting of structure while handling the buffer leads to out o ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2305 (Out of bound access when reason code is extracted from frame data with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2304
@@ -32953,13 +32953,13 @@ CVE-2019-2303
 CVE-2019-2302
 	RESERVED
 CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2300
 	RESERVED
 CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted command  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2297
 	RESERVED
 CVE-2019-2296
@@ -32969,13 +32969,13 @@ CVE-2019-2295
 CVE-2019-2294
 	RESERVED
 CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-2291
 	RESERVED
 CVE-2019-2290 (Multiple open and close from multiple threads will lead camera driver  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2289
 	RESERVED
 CVE-2019-2288
@@ -32993,7 +32993,7 @@ CVE-2019-2283
 CVE-2019-2282
 	RESERVED
 CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2280
 	RESERVED
 CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...)
@@ -33009,9 +33009,9 @@ CVE-2019-2275
 CVE-2019-2274
 	RESERVED
 CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of serv ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2272 (Buffer overflow can occur in display function due to lack of validatio ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2271
 	RESERVED
 CVE-2019-2270
@@ -33029,7 +33029,7 @@ CVE-2019-2265
 CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-2263 (Access to freed memory can happen while reading from diag driver due t ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2262
 	RESERVED
 CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non secure sub ...)
@@ -53775,7 +53775,7 @@ CVE-2018-13899 (Processing messages after error may result in user after free me
 CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC in Snap ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-13897 (Clients hostname gets added to DNS record on device which is running d ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2018-13896 (XBL_SEC image authentication and other crypto related validations are  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2018-13895 (Due to the missing permissions on several content providers of the RCS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3632c4a5cf6ba5825c5cd50c1e425b75ef056162

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3632c4a5cf6ba5825c5cd50c1e425b75ef056162
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190725/406b2cc3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list