[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 8 20:42:59 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b998114 by Salvatore Bonaccorso at 2020-02-08T21:42:26+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26604,9 +26604,9 @@ CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive
CVE-2019-17137
RESERVED
CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PhantomPDF
CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PhantomPDF
CVE-2019-17134 (Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 ...)
- octavia 4.0.0-6 (bug #941897)
[buster] - octavia <no-dsa> (Minor issue in regular setups, can be fixed via point release)
@@ -29509,7 +29509,7 @@ CVE-2019-16157
CVE-2019-16156
RESERVED
CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...)
- TODO: check
+ NOT-FOR-US: Fortiguard FortiClient
CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...)
NOT-FOR-US: FortiAuthenticator WEB UI
CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...)
@@ -36515,7 +36515,7 @@ CVE-2019-14090
CVE-2019-14089
RESERVED
CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14087
RESERVED
CVE-2019-14086
@@ -36565,23 +36565,23 @@ CVE-2019-14065
CVE-2019-14064
RESERVED
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14062
RESERVED
CVE-2019-14061
RESERVED
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14059
RESERVED
CVE-2019-14058
RESERVED
CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14056
RESERVED
CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14054
RESERVED
CVE-2019-14053
@@ -36589,29 +36589,29 @@ CVE-2019-14053
CVE-2019-14052
RESERVED
CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14050
RESERVED
CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14048
RESERVED
CVE-2019-14047
RESERVED
CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14045
RESERVED
CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14043
RESERVED
CVE-2019-14042
RESERVED
CVE-2019-14041 (During listener modified response processing, a buffer overrun occurs ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14040 (Using memory after being freed in qsee due to wrong implementation can ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14039
RESERVED
CVE-2019-14038
@@ -39487,9 +39487,9 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote
CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...)
NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13333 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -39984,7 +39984,7 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a networ
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a
CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...)
- TODO: check
+ NOT-FOR-US: Fujitsu
CVE-2019-13162
RESERVED
CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x ...)
@@ -47248,7 +47248,7 @@ CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 b
CVE-2019-10591
RESERVED
CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10589
RESERVED
CVE-2019-10588
@@ -47294,7 +47294,7 @@ CVE-2019-10569
CVE-2019-10568
RESERVED
CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...)
NOT-FOR-US: Snapdragon
CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
@@ -228058,7 +228058,7 @@ CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Reso
CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...)
NOT-FOR-US: Accentis Content Resource Management System
CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...)
- TODO: check
+ NOT-FOR-US: NetCracker Resource Management System
CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...)
NOT-FOR-US: SearchBlox
CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...)
@@ -229723,7 +229723,7 @@ CVE-2015-2911
CVE-2015-2910
RESERVED
CVE-2015-2909 (Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 dev ...)
- TODO: check
+ NOT-FOR-US: Dedicated Micros DVR products
CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
@@ -232034,7 +232034,7 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation pa
CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...)
NOT-FOR-US: phpMoAdmin
CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...)
- TODO: check
+ NOT-FOR-US: NetCracker Resource Management System
CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...)
{DSA-3382-1 DLA-336-1}
- phpmyadmin 4:4.4.4-1 (unimportant)
@@ -232485,7 +232485,7 @@ CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v201502
NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...)
- TODO: check
+ NOT-FOR-US: Huge-IT Slider (slider- image) plugin for WordPress
CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...)
NOT-FOR-US: PTC Creo View
CVE-2015-2057
@@ -237732,7 +237732,7 @@ CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x b
- request-tracker4 4.2.8-3
- request-tracker3.8 <removed> (unimportant)
CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...)
- TODO: check
+ NOT-FOR-US: Fork CMS
CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...)
NOT-FOR-US: vBulletin
CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...)
@@ -239489,9 +239489,9 @@ CVE-2014-9131
CVE-2014-9128
RESERVED
CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...)
- TODO: check
+ NOT-FOR-US: Open-School Community Edition
CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...)
- TODO: check
+ NOT-FOR-US: Open-School Community Edition
CVE-2014-9125
RESERVED
CVE-2014-9124
@@ -243875,7 +243875,7 @@ CVE-2014-7865
CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...)
NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine
CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...)
NOT-FOR-US: ManageEngine
CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...)
@@ -249793,7 +249793,7 @@ CVE-2014-5290
CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execu ...)
NOT-FOR-US: Senkas Kolibri
CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via uns ...)
- TODO: check
+ NOT-FOR-US: Kemp Load Master
CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load Master 7.1-1 ...)
NOT-FOR-US: Kemp Load Master
CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveM ...)
@@ -250369,7 +250369,7 @@ CVE-2014-5093 (Status2k does not remove the install directory allowing credentia
CVE-2014-5092 (Status2k allows Remote Command Execution in admin/options/editpl.php. ...)
NOT-FOR-US: Status2k
CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring Software via t ...)
- TODO: check
+ NOT-FOR-US: Status2K Server Monitoring Software
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated adminis ...)
NOT-FOR-US: Status2k
CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k allo ...)
@@ -273571,7 +273571,7 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators t
NOTE: https://tracker.moodle.org/browse/MDL-41449
NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
- TODO: check
+ NOT-FOR-US: ISPConfig
CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...)
TODO: check
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...)
@@ -273647,7 +273647,7 @@ CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1)
CVE-2013-3592
RESERVED
CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execu ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...)
NOT-FOR-US: SearchBlox
CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the Admi ...)
@@ -274749,7 +274749,7 @@ CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRE
CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...)
NOT-FOR-US: Verizon
CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
NOT-FOR-US: D-Link
CVE-2013-3094
@@ -274759,7 +274759,7 @@ CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...)
NOT-FOR-US: Belkin router
CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) rout ...)
- TODO: check
+ NOT-FOR-US: Belkin N300 router
CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 rou ...)
NOT-FOR-US: Belkin N300 router
CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
@@ -274814,7 +274814,7 @@ CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WN
CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksy ...)
NOT-FOR-US: Linksys
CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...)
NOT-FOR-US: Linksys
CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls sect ...)
@@ -280478,7 +280478,7 @@ CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote att
CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers t ...)
NOT-FOR-US: Cisco ASA
CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-1201
RESERVED
CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ( ...)
@@ -290317,7 +290317,7 @@ CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.ph
CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input ...)
NOT-FOR-US: Chamilo LMS
CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...)
NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...)
@@ -293942,7 +293942,7 @@ CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in unspecifie
CVE-2012-2594
RESERVED
CVE-2012-2593 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
- TODO: check
+ NOT-FOR-US: Atmail Webmail Server
CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 a ...)
NOT-FOR-US: AXIGEN Mail Server
CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b998114a97dced4120c3a70ff9f0ef7647800ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b998114a97dced4120c3a70ff9f0ef7647800ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200208/855fac9f/attachment.html>
More information about the debian-security-tracker-commits
mailing list