[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 7 08:36:21 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
687f4011 by Salvatore Bonaccorso at 2019-11-07T08:35:54Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,7 +28,7 @@ CVE-2019-18794
CVE-2019-18793
RESERVED
CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity CMS
CVE-2019-18792
RESERVED
CVE-2019-18791
@@ -3254,7 +3254,7 @@ CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation
CVE-2019-18412
RESERVED
CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2019-18410
RESERVED
CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...)
@@ -9049,9 +9049,9 @@ CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customer
CVE-2019-16402
RESERVED
CVE-2019-16401 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2019-16400 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers from Broke ...)
NOT-FOR-US: Western Digital
CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution ca ...)
@@ -20133,17 +20133,17 @@ CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+
CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_ ...)
NOT-FOR-US: Chamilo LMS
CVE-2019-13081 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13080 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13079 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13078 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13077 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13076 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerability. I ...)
- firefox-esr 68.2.0esr-1 (unimportant)
- firefox 68.0-1 (unimportant)
@@ -20595,9 +20595,9 @@ CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 d
CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices
CVE-2019-12918 (Quest KACE Systems Management Appliance Server Center version 9.1.317 ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems Management ...)
- TODO: check
+ NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-12916
RESERVED
CVE-2019-12915
@@ -27047,7 +27047,7 @@ CVE-2019-10567
CVE-2019-10566
RESERVED
CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10564
RESERVED
CVE-2019-10563
@@ -27096,9 +27096,9 @@ CVE-2019-10544
CVE-2019-10543
RESERVED
CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted firmware file ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10541 (Dereference on uninitialized buffer can happen when parsing FLV clip w ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of count val ...)
NOT-FOR-US: Snapdragon
CVE-2019-10539 (Possible buffer overflow issue due to lack of length check when parsin ...)
@@ -27112,20 +27112,20 @@ CVE-2019-10536
CVE-2019-10535
RESERVED
CVE-2019-10534 (Null-pointer dereference can occur while accessing the super index ent ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10533 (Out of bound access due to improper validation of array index cause th ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10532
RESERVED
CVE-2019-10531 (Incorrect reading of system image resulting in buffer overflow when si ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10530
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10529 (Possible use after free issue due to race condition while attempting t ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog session inf ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10527
RESERVED
CVE-2019-10526
@@ -27133,11 +27133,11 @@ CVE-2019-10526
CVE-2019-10525
RESERVED
CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrongly int ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10523
RESERVED
CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow can occur ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10521
RESERVED
CVE-2019-10520
@@ -27152,13 +27152,13 @@ CVE-2019-10517
CVE-2019-10516
RESERVED
CVE-2019-10515 (DCI client which might be preemptively freed up might be accessed for ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10514
RESERVED
CVE-2019-10513
RESERVED
CVE-2019-10512 (Payload size is not checked before using it as array index in audio in ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10511
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -27173,13 +27173,13 @@ CVE-2019-10507 (Lack of check of extscan change results received from firmware c
CVE-2019-10506 (While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor comm ...)
NOT-FOR-US: Snapdragon
CVE-2019-10505 (Out of bound access while processing a non-standard IE measurement req ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10504 (Firmware not able to send EXT scan response to host within 1 sec due t ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10503
RESERVED
CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size is acces ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
NOT-FOR-US: Snapdragon
CVE-2019-10500
@@ -27191,9 +27191,9 @@ CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 io_vec
CVE-2019-10497 (Use after free issue occurs If another instance of open for voice_svc ...)
NOT-FOR-US: Snapdragon
CVE-2019-10496 (Lack of checking a variable received from driver and populating in Fir ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10495 (Arbitrary buffer write issue while processing sequence header during H ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10494
RESERVED
CVE-2019-10493
@@ -27202,13 +27202,13 @@ CVE-2019-10493
CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...)
NOT-FOR-US: Snapdragon
CVE-2019-10491 (ADSP can be compromised since it`s a general-purpose CPU processing un ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10490
RESERVED
CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...)
NOT-FOR-US: Snapdragon
CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks while ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10487
RESERVED
CVE-2019-10486
@@ -50561,9 +50561,9 @@ CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with
CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...)
NOT-FOR-US: Snapdragon
CVE-2019-2332 (Memory corruption while accessing the memory as payload size is not va ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2331 (Possible Integer overflow because of subtracting two integers without ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2330 (improper input validation in allocation request for secure allocations ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2329
@@ -50575,11 +50575,11 @@ CVE-2019-2327 (Possible buffer overflow can occur when playing clip with incorre
CVE-2019-2326 (Data token is received from ADSP and is used without validation as an ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2325 (Out of boundary access due to token received from ADSP and is used wit ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2324 (When ADSP is compromised, the audio port index that`s returned from AD ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2323 (Lack of check to ensure crypto engine data passed by user is initializ ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non-stan ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2321
@@ -50625,7 +50625,7 @@ CVE-2019-2304
CVE-2019-2303
RESERVED
CVE-2019-2302 (While processing vendor command which contains corrupted channel count ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
NOT-FOR-US: Snapdragon
CVE-2019-2300
@@ -50660,11 +50660,11 @@ CVE-2019-2287 (Improper validation for inputs received from firmware can lead to
CVE-2019-2286
RESERVED
CVE-2019-2285 (Out of bound write issue is observed while giving information about pr ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...)
NOT-FOR-US: Snapdragon
CVE-2019-2283 (Improper validation of read and write index of tx and rx fifo`s before ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2282
RESERVED
CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...)
@@ -50680,7 +50680,7 @@ CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on u
CVE-2019-2276 (Possible out of bound read occurs while processing beaconing request d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2275 (While deserializing any key blob during key operations, buffer overflo ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2274
RESERVED
CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of serv ...)
@@ -50714,7 +50714,7 @@ CVE-2019-2260 (A race condition occurs while processing perf-event which can lea
CVE-2019-2259 (Resource allocation error while playing the video whose dimensions are ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2258 (Improper validation of array index causes OOB write and then leads to ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2257 (Wrong permissions in configuration file can lead to unauthorized permi ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2256 (An unprivileged user can craft a bitstream such that the payload encod ...)
@@ -50732,13 +50732,13 @@ CVE-2019-2251
CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2249 (Kernel can do a memory read from arbitrary address passed by user duri ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2248 (Buffer overflow can occur if invalid header tries to overwrite the exi ...)
NOT-FOR-US: Snapdragon
CVE-2019-2247 (Possibility of double free issue while running multiple instances of s ...)
NOT-FOR-US: Snapdragon
CVE-2019-2246 (Thread start can cause invalid memory writes to arbitrary memory locat ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2245 (Possible integer underflow can happen when calculating length of eleme ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2244 (Possible integer underflow can happen when calculating length of eleme ...)
@@ -179151,7 +179151,7 @@ CVE-2016-4403 (A security vulnerability was identified in the Filter SDK compone
CVE-2016-4402 (A security vulnerability was identified in the Filter SDK component of ...)
NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4401 (Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 all ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass Policy Manager
CVE-2016-4400 (A security vulnerability was identified in HP Network Node Manager i ( ...)
NOT-FOR-US: HP Network Node Manager i
CVE-2016-4399 (A security vulnerability was identified in HP Network Node Manager i ( ...)
@@ -197017,7 +197017,7 @@ CVE-2015-7278 (Cross-site request forgery (CSRF) vulnerability on Amped Wireless
CVE-2015-7277 (The web administration interface on Amped Wireless R10000 devices with ...)
NOT-FOR-US: Amped Wireless
CVE-2015-7276 (Technicolor C2000T and C2100T uses hard-coded cryptographic keys. ...)
- TODO: check
+ NOT-FOR-US: Technicolor
CVE-2015-7275 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 ...)
NOT-FOR-US: Dell iDRAC
CVE-2015-7274 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/687f4011b6350d52d9e011b4bc6c09dfc99c6606
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/687f4011b6350d52d9e011b4bc6c09dfc99c6606
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191107/7cb247ff/attachment.html>
More information about the debian-security-tracker-commits
mailing list