[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 22 20:45:02 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b46b0de6 by Salvatore Bonaccorso at 2019-11-22T20:44:24Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-19240 (Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests wit ...)
- TODO: check
+ NOT-FOR-US: Embedthis GoAhead
CVE-2019-19239
RESERVED
CVE-2019-19238
@@ -506,7 +506,7 @@ CVE-2019-19015
CVE-2019-19014
RESERVED
CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...)
- TODO: check
+ NOT-FOR-US: Pagekit CMS
CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...)
- libonig <unfixed> (bug #944959)
NOTE: https://github.com/kkos/oniguruma/issues/164
@@ -7547,9 +7547,9 @@ CVE-2019-17448
CVE-2019-17447
RESERVED
CVE-2019-17446 (An issue was discovered in Eracent EPA Agent through 10.2.26. The agen ...)
- TODO: check
+ NOT-FOR-US: Eracent EPA Agent
CVE-2019-17445 (An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Ag ...)
- TODO: check
+ NOT-FOR-US: Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent
CVE-2019-17444
RESERVED
CVE-2019-17443
@@ -9227,7 +9227,7 @@ CVE-2019-16765
CVE-2019-16764
RESERVED
CVE-2019-16763 (In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data ...)
- TODO: check
+ NOT-FOR-US: Pannellum
CVE-2019-16762 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
NOT-FOR-US: SLP
CVE-2019-16761 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
@@ -12337,7 +12337,7 @@ CVE-2019-15654
CVE-2019-15653
RESERVED
CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices ...)
- TODO: check
+ NOT-FOR-US: NSSLGlobal SatLink VSAT Modem Unit (VMU) devices
CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
- wolfssl 4.1.0+dfsg-2
NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
@@ -51931,7 +51931,7 @@ CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is la
CVE-2019-2340
RESERVED
CVE-2019-2339 (Out of bound access due to lack of check of whiltelist array size whil ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2338
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -51939,9 +51939,9 @@ CVE-2019-2337
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2336 (Subsequent use of the CBO listener may result in further memory corrup ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2335 (While processing Attach Reject message, Valid exit condition is not me ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with wrong ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...)
@@ -51953,7 +51953,7 @@ CVE-2019-2331 (Possible Integer overflow because of subtracting two integers wit
CVE-2019-2330 (improper input validation in allocation request for secure allocations ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2329 (Use after free issue in cleanup routine due to missing pointer sanitiz ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2328 (Possible buffer overflow when number of channels passed is more than s ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2327 (Possible buffer overflow can occur when playing clip with incorrect el ...)
@@ -51978,13 +51978,13 @@ CVE-2019-2319
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2318 (Non Secure Kernel can cause Trustzone to do an arbitrary memory read w ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2317
RESERVED
CVE-2019-2316 (When computing the digest a local variable is used after going out of ...)
NOT-FOR-US: Snapdragon
CVE-2019-2315 (While invoking the API to copy from fd or local buffer to the secure b ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2314 (Possible race condition that will cause a use-after-free when writing ...)
NOT-FOR-US: Snapdragon
CVE-2019-2313
@@ -52009,7 +52009,7 @@ CVE-2019-2305 (Out of bound access when reason code is extracted from frame data
CVE-2019-2304
RESERVED
CVE-2019-2303 (SNDCP module may access array out side its boundary when it receives m ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2302 (While processing vendor command which contains corrupted channel count ...)
NOT-FOR-US: Snapdragon
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
@@ -52021,11 +52021,11 @@ CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted com
CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...)
NOT-FOR-US: Snapdragon
CVE-2019-2297 (Buffer overflow can occur while processing non-standard NAN message fr ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2296
RESERVED
CVE-2019-2295 (Information disclosure due to lack of address range check done on the ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2294 (Usage of hard-coded magic number for calculating heap guard bytes can ...)
NOT-FOR-US: Snapdragon
CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length ...)
@@ -52037,7 +52037,7 @@ CVE-2019-2291
CVE-2019-2290 (Multiple open and close from multiple threads will lead camera driver ...)
NOT-FOR-US: Snapdragon
CVE-2019-2289 (Lack of integrity check allows MODEM to accept any NAS messages which ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2288
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -52074,17 +52074,17 @@ CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of
CVE-2019-2272 (Buffer overflow can occur in display function due to lack of validatio ...)
NOT-FOR-US: Snapdragon
CVE-2019-2271 (Buffer over read can happen while parsing downlink session management ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2270
RESERVED
CVE-2019-2269 (Possible buffer overflow while processing the high level lim process a ...)
NOT-FOR-US: Snapdragon
CVE-2019-2268 (Possible OOB read issue in P2P action frames while handling WLAN manag ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2267
RESERVED
CVE-2019-2266 (Possible double free issue in kernel while handling the camera sensor ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2265
RESERVED
CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...)
@@ -52114,7 +52114,7 @@ CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a corru
CVE-2019-2252 (Classic buffer overflow vulnerability while playing the specific video ...)
NOT-FOR-US: Snapdragon
CVE-2019-2251 (If a bitmap file is loaded from any un-authenticated source, there is ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2249 (Kernel can do a memory read from arbitrary address passed by user duri ...)
@@ -72978,7 +72978,7 @@ CVE-2018-13917
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13916 (Out-of-bounds memory access in Qurt kernel function when using the ide ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-13915
RESERVED
CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
@@ -85613,7 +85613,7 @@ CVE-2018-9197
CVE-2018-9196
RESERVED
CVE-2018-9195 (Use of a hardcoded cryptographic key in the FortiGuard services commun ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2018-9194 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
@@ -86448,7 +86448,7 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-
CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...)
NOT-FOR-US: Lutron Quantum BACnet Integration
CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2018-8878
RESERVED
CVE-2018-8877
@@ -246201,7 +246201,7 @@ CVE-2013-6813
CVE-2013-6812 (The ONEDC app before 1.7 for iOS does not properly verify X.509 certif ...)
NOT-FOR-US: ONEDC app
CVE-2013-6811 (Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Li ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in EMC Co ...)
NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
CVE-2013-6809 (Format string vulnerability in the client in Tftpd32 before 4.50 allow ...)
@@ -255383,13 +255383,13 @@ CVE-2013-3316
CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify acces ...)
NOT-FOR-US: TIBCO
CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) I ...)
- TODO: check
+ NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3313 (The Loftek Nexus 543 IP Camera stores passwords in cleartext, which al ...)
- TODO: check
+ NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3312 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Loft ...)
- TODO: check
+ NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3311 (Directory traversal vulnerability in the Loftek Nexus 543 IP Camera al ...)
- TODO: check
+ NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3310
RESERVED
CVE-2009-5135 (The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b46b0de69ace8eb0ccfae0c2b62af93bbfc4a9e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b46b0de69ace8eb0ccfae0c2b62af93bbfc4a9e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191122/cb9319bd/attachment.html>
More information about the debian-security-tracker-commits
mailing list