[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Nov 22 12:49:18 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe1e8acc by Moritz Muehlenhoff at 2019-11-22T12:48:56Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19892,9 +19892,9 @@ CVE-2019-13584 (The remote admin webserver on FANUC Robotics Virtual Robot Contr
 CVE-2019-13583
 	RESERVED
 CVE-2019-13582 (An issue was discovered in Marvell 88W8688 Wi-Fi firmware before versi ...)
-	TODO: check
+	NOT-FOR-US: Tesla
 CVE-2019-13581 (An issue was discovered in Marvell 88W8688 Wi-Fi firmware before versi ...)
-	TODO: check
+	NOT-FOR-US: Tesla
 CVE-2019-13580
 	RESERVED
 CVE-2019-13579
@@ -27679,11 +27679,11 @@ CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricke
 	NOTE: https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
 	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
 CVE-2019-10767 (An attacker can include file contents from outside the `/adapter/xxx/` ...)
-	TODO: check
+	NOT-FOR-US: ioBroker
 CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL In ...)
-	TODO: check
+	NOT-FOR-US: Pixie CMS
 CVE-2019-10765 (iobroker.admin before 3.6.12 allows attacker to include file contents  ...)
-	TODO: check
+	NOT-FOR-US: ioBroker
 CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might be possi ...)
 	NOT-FOR-US: elliptic-php
 CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attack ...)
@@ -28132,7 +28132,7 @@ CVE-2019-10629
 CVE-2019-10628
 	RESERVED
 CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2019-10626
 	RESERVED
 CVE-2019-10625
@@ -28152,7 +28152,7 @@ CVE-2019-10619
 CVE-2019-10618
 	RESERVED
 CVE-2019-10617 (Low privilege users can access service configuration which contains re ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2019-10616
 	RESERVED
 CVE-2019-10615
@@ -28255,13 +28255,13 @@ CVE-2019-10568
 CVE-2019-10567
 	RESERVED
 CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10564
 	RESERVED
 CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improper inp ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10562
 	RESERVED
 CVE-2019-10561
@@ -28320,7 +28320,7 @@ CVE-2019-10537
 CVE-2019-10536
 	RESERVED
 CVE-2019-10535 (Improper validation for loop variable received from firmware can lead  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10534 (Null-pointer dereference can occur while accessing the super index ent ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10533 (Out of bound access due to improper validation of array index cause th ...)
@@ -28387,7 +28387,7 @@ CVE-2019-10505 (Out of bound access while processing a non-standard IE measureme
 CVE-2019-10504 (Firmware not able to send EXT scan response to host within 1 sec due t ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10503 (Out-of-bounds access can occur in camera driver due to improper valida ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size is acces ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
@@ -28414,7 +28414,7 @@ CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapd
 CVE-2019-10491 (ADSP can be compromised since it`s a general-purpose CPU processing un ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10490 (Use after free issue in Xtra daemon shutdown due to static object inst ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks while  ...)
@@ -28422,7 +28422,7 @@ CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks
 CVE-2019-10487
 	RESERVED
 CVE-2019-10486 (Race condition due to the lack of resource lock which will be concurre ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10485
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
@@ -39205,7 +39205,7 @@ CVE-2019-6855
 CVE-2019-6854
 	RESERVED
 CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability exists  ...)
-	TODO: check
+	NOT-FOR-US: Andover Continuum
 CVE-2019-6852 (A CWE-200: Information Exposure vulnerability exists in Modicon Contro ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2019-6851 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
@@ -39579,7 +39579,7 @@ CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiMana
 CVE-2019-6694
 	RESERVED
 CVE-2019-6693 (Use of a hard-coded cryptographic key to cipher sensitive data in Fort ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for Wind ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...)
@@ -42443,9 +42443,9 @@ CVE-2019-5639
 CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)
 	NOT-FOR-US: Rapid7 Nexpose
 CVE-2019-5637 (When Beckhoff TwinCAT is configured to use the Profinet driver, a deni ...)
-	TODO: check
+	NOT-FOR-US: Beckhoff
 CVE-2019-5636 (When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the A ...)
-	TODO: check
+	NOT-FOR-US: Beckhoff
 CVE-2019-5635 (A cleartext transmission of sensitive information vulnerability is pre ...)
 	NOT-FOR-US: Hickory
 CVE-2019-5634 (An inclusion of sensitive information in log files vulnerability is pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe1e8acc44b79a32b272a1afb35dcee6f009c27c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe1e8acc44b79a32b272a1afb35dcee6f009c27c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191122/2ae261af/attachment.html>

More information about the debian-security-tracker-commits mailing list