[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Nov 13 20:44:37 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd113f85 by Salvatore Bonaccorso at 2019-11-13T20:43:24Z
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,11 +31,11 @@ CVE-2019-18933
 CVE-2019-18932
 	RESERVED
 CVE-2019-18931 (Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer O ...)
-	TODO: check
+	NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users  ...)
-	TODO: check
+	NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users  ...)
-	TODO: check
+	NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18928
 	RESERVED
 CVE-2019-18927
@@ -3888,7 +3888,7 @@ CVE-2019-18281 (An out-of-bounds memory access in the generateDirectionalRuns()
 CVE-2019-18280 (Sourcecodester Online Grading System 1.0 is affected by a Cross Site R ...)
 	NOT-FOR-US: Sourcecodester Online Grading System
 CVE-2019-18279 (In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included driver ...)
-	TODO: check
+	NOT-FOR-US: Phoenix SCT WinFlash
 CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Windows,  ...)
 	NOT-FOR-US: VLC on Windows
 CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...)
@@ -6634,9 +6634,9 @@ CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell Ser
 CVE-2019-17525
 	RESERVED
 CVE-2019-17524 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...)
-	TODO: check
+	NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices
 CVE-2019-17523 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...)
-	TODO: check
+	NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices
 CVE-2019-17522 (A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the ...)
 	NOT-FOR-US: Hotaru CMS
 CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerab ...)
@@ -7991,13 +7991,13 @@ CVE-2019-16953
 CVE-2019-16952
 	RESERVED
 CVE-2019-16951 (A remote file include (RFI) issue was discovered in Enghouse Web Chat  ...)
-	TODO: check
+	NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16950 (An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.28 ...)
-	TODO: check
+	NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16949 (An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34 ...)
-	TODO: check
+	NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16948 (An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any P ...)
-	TODO: check
+	NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16947
 	RESERVED
 CVE-2019-16946
@@ -10735,7 +10735,7 @@ CVE-2019-15950 (The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted v
 CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as root. The ex ...)
 	NOT-FOR-US: Nagios XI
 CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller dev ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices
 CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted  ...)
 	- bitcoin <unfixed> (bug #939608)
 CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
@@ -42499,21 +42499,21 @@ CVE-2019-5296 (Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 h
 CVE-2019-5295 (Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5294 (There is an out of bound read vulnerability in some Huawei products. A ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5293 (Some Huawei products have a memory leak vulnerability when handling so ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5292 (Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions bef ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5291
 	RESERVED
 CVE-2019-5290
 	RESERVED
 CVE-2019-5289 (Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5288 (P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5287 (P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5286 (There is a reflection XSS vulnerability in the HedEx products. Remote  ...)
 	NOT-FOR-US: HedEx / Huawei
 CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An unauthentic ...)
@@ -42523,13 +42523,13 @@ CVE-2019-5284 (There is a DoS vulnerability in RTSP module of Leland-AL00A Huawe
 CVE-2019-5283 (There is Factory Reset Protection (FRP) bypass security vulnerability  ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5282 (Bastet module of some Huawei smartphones with Versions earlier than Em ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5281 (There is an information leak vulnerability in some Huawei phones, vers ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5279 (Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5278
 	RESERVED
 CVE-2019-5277
@@ -42595,7 +42595,7 @@ CVE-2019-5248
 CVE-2019-5247
 	RESERVED
 CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
@@ -42625,13 +42625,13 @@ CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0
 CVE-2019-5232
 	RESERVED
 CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E18 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...)
 	NOT-FOR-US: P30 smartphones
 CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone whith V ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5227
 	RESERVED
 CVE-2019-5226
@@ -46187,7 +46187,7 @@ CVE-2019-3650
 CVE-2019-3649
 	RESERVED
 CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows client i ...)
-	TODO: check
+	NOT-FOR-US: McAfee Total Protection
 CVE-2019-3647
 	RESERVED
 CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
@@ -46201,7 +46201,7 @@ CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a
 CVE-2019-3642
 	RESERVED
 CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE server in  ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3640
 	RESERVED
 CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...)
@@ -250871,13 +250871,13 @@ CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execu
 CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be ...)
 	NOT-FOR-US: Linksys
 CVE-2013-4657 (Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due t ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2013-4656 (Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to mi ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2013-4655 (Symlink Traversal vulnerability in Belkin N900 due to misconfiguration ...)
-	TODO: check
+	NOT-FOR-US: Belkin
 CVE-2013-4654 (Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2013-4653 (Multiple cross-site scripting (XSS) vulnerabilities in the signin func ...)
 	NOT-FOR-US: Alcatel-Lucent Omnitouch
 CVE-2013-4652 (Unspecified vulnerability in the command-line management interface on  ...)
@@ -254238,7 +254238,7 @@ CVE-2013-3519 (lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Playe
 CVE-2013-3518
 	RESERVED
 CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR35 ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2013-3516
 	RESERVED
 CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd113f857a6bdca75e6636dcf9cf5161606a62b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd113f857a6bdca75e6636dcf9cf5161606a62b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191113/3ae514de/attachment.html>

More information about the debian-security-tracker-commits mailing list