[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 5 17:45:58 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e79e443f by Moritz Muehlenhoff at 2020-02-05T18:45:42+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85131,19 +85131,19 @@ CVE-2018-16270 (Samsung Galaxy Gear series before build RE2 includes the hcidump
CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows an unpri ...)
NOT-FOR-US: Samsung
CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an unprivil ...)
- TODO: check
+ NOT-FOR-US: Tizen
CVE-2018-16267 (The system-popup system service in Tizen allows an unprivileged proces ...)
- TODO: check
+ NOT-FOR-US: Tizen
CVE-2018-16266 (The Enlightenment system service in Tizen allows an unprivileged proce ...)
- TODO: check
+ NOT-FOR-US: Tizen
CVE-2018-16265 (The bt/bt_core system service in Tizen allows an unprivileged process ...)
- TODO: check
+ NOT-FOR-US: Tizen
CVE-2018-16264 (The BlueZ system service in Tizen allows an unprivileged process to pa ...)
- TODO: check
+ NOT-FOR-US: Tizen
CVE-2018-16263 (The PulseAudio system service in Tizen allows an unprivileged process ...)
- TODO: check
+ NOT-FOR-US: Tizen
CVE-2018-16262 (The pkgmgr system service in Tizen allows an unprivileged process to p ...)
- TODO: check
+ NOT-FOR-US: Tizen
CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, the ...)
NOT-FOR-US: Pulse Secure Pulse Desktop Client
CVE-2018-16260
@@ -138143,9 +138143,9 @@ CVE-2017-14809
CVE-2017-14808
REJECTED
CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL Command ...)
- TODO: check
+ NOT-FOR-US: SUSE Studio
CVE-2017-14806 (A Improper Certificate Validation vulnerability in susestudio-common o ...)
- TODO: check
+ NOT-FOR-US: SUSE Studio
CVE-2017-14805
RESERVED
CVE-2017-14804 (The build package before 20171128 did not check directory names during ...)
@@ -197987,7 +197987,7 @@ CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before 1
CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
NOT-FOR-US: Apple
CVE-2016-4676 (A Cross-origin vulnerability exists in WebKit in Apple Safari before 1 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
NOT-FOR-US: Apple
CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
@@ -220150,9 +220150,9 @@ CVE-2015-5953 (Cross-site scripting (XSS) vulnerability in the activity applicat
- owncloud 7.0.6+dfsg-1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-010
CVE-2015-5952 (Directory traversal vulnerability in Thomson Reuters for FATCA before ...)
- TODO: check
+ NOT-FOR-US: Thomson Reuters FATCA
CVE-2015-5951 (A file upload issue exists in the specid parameter in Thomson Reuters ...)
- NOT-FOR-US: Thomson Reuters FATCH
+ NOT-FOR-US: Thomson Reuters FATCA
CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on ...)
- nvidia-graphics-drivers 340.93-1 (bug #800566)
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -222834,9 +222834,9 @@ CVE-2015-5075 (Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM
CVE-2015-5074 (Incomplete blacklist vulnerability in the FileUploadsFilter class in p ...)
NOT-FOR-US: X2Engine
CVE-2015-5072 (The BIRT Engine servlet in the AR System Mid Tier component before 9.0 ...)
- TODO: check
+ NOT-FOR-US: AR System Mid Tier
CVE-2015-5071 (AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 ...)
- TODO: check
+ NOT-FOR-US: AR System Mid Tier
CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for ...)
NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro
CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...)
@@ -226875,11 +226875,11 @@ CVE-2015-3615 (Cross-site scripting (XSS) vulnerability in Fortinet FortiManager
CVE-2015-3614 (Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows r ...)
NOT-FOR-US: Fortinet
CVE-2015-3613 (A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-3612 (A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-3611 (A Command Injection vulnerability exists in FortiManager 5.2.1 and ear ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-3610 (The Siemens HomeControl for Room Automation application before 2.0.1 f ...)
NOT-FOR-US: Siemens HomeControl for Room Automation application for Android
CVE-2015-3609
@@ -229302,7 +229302,7 @@ CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6
CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager (s ...)
NOT-FOR-US: TYPO3 extension sb_akronymmanager
CVE-2015-2802 (An Information Disclosure vulnerability exists in HP SiteScope 11.2 an ...)
- TODO: check
+ NOT-FOR-US: HP SiteScope
CVE-2015-2801
RESERVED
CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700, S5300, ...)
@@ -229403,7 +229403,7 @@ CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1
CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 h ...)
NOT-FOR-US: MyBB
CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not properly han ...)
- TODO: check
+ NOT-FOR-US: papercrop Ruby gem
CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x b ...)
{DSA-3280-1 DLA-212-1}
- php5 5.6.9+dfsg-1
@@ -233174,7 +233174,7 @@ CVE-2015-1532
CVE-2015-1531
RESERVED
CVE-2015-1530 (media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows at ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...)
NOT-FOR-US: Android
CVE-2015-1528 (Integer overflow in the native_handle_create function in libcutils/nat ...)
@@ -233184,7 +233184,7 @@ CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows loc
CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
NOT-FOR-US: Android
CVE-2015-1525 (audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attacker ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-1524
RESERVED
CVE-2015-1523
@@ -249658,7 +249658,7 @@ CVE-2014-5083
CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1 ...)
NOT-FOR-US: Sphider
CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus pri ...)
- TODO: check
+ NOT-FOR-US: sphider
CVE-2014-5080
RESERVED
CVE-2014-5079
@@ -252617,7 +252617,7 @@ CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesi
CVE-2014-3869
RESERVED
CVE-2014-3868 (Multiple SQL injection vulnerabilities in ZeusCart 4.x. ...)
- TODO: check
+ NOT-FOR-US: ZeusCart
CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
NOT-FOR-US: IBM Sametime
CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component ...)
@@ -254977,7 +254977,7 @@ CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dyn
NOTE: https://github.com/elasticsearch/elasticsearch/commit/81e83cca
NOTE: https://github.com/elasticsearch/elasticsearch/issues/5853
CVE-2014-3119 (Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: web2Project
CVE-2014-3118
RESERVED
CVE-2014-3117
@@ -255642,7 +255642,7 @@ CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.50
CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...)
NOT-FOR-US: F-Secure Messaging Secure Gateway
CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1 ...)
- TODO: check
+ NOT-FOR-US: MapSuite MapAPI
CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a de ...)
NOT-FOR-US: Juniper ScreenOS
CVE-2014-2841
@@ -257818,7 +257818,7 @@ CVE-2014-2052
CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote att ...)
- owncloud 6.0.2+dfsg-1
CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud Server bef ...)
- TODO: check
+ - owncloud 6.0.2+dfsg-1
CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...)
- owncloud 6.0.0+dfsg-1
CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote att ...)
@@ -264450,7 +264450,7 @@ CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module i
CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar mo ...)
NOT-FOR-US: Olat
CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security Bypass Vulne ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 use ...)
NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit
CVE-2013-6790
@@ -266408,7 +266408,7 @@ CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allo
CVE-2013-6057
RESERVED
CVE-2013-6056 (OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: AlienVault OSSIM
CVE-2013-6055
REJECTED
CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...)
@@ -267374,7 +267374,7 @@ CVE-2013-5661 (Cache Poisoning issue exists in DNS Response Rate Limiting. ...)
CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote attack ...)
NOT-FOR-US: Power Software WinArchiver
CVE-2013-5659 (Wiz 5.0.3 has a user mode write access violation ...)
- TODO: check
+ NOT-FOR-US: Wiz
CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...)
NOT-FOR-US: AultWare pwStore
CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79e443f08ea2f85bdf48b8a879f06622566ca90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79e443f08ea2f85bdf48b8a879f06622566ca90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/dbefa528/attachment.html>
More information about the debian-security-tracker-commits
mailing list