[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Mar 9 22:36:34 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58a493d7 by Moritz Muehlenhoff at 2020-03-09T23:36:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -195016,7 +195016,7 @@ CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm W
 CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows att ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devic ...)
 	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
@@ -212795,7 +212795,7 @@ CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48
 CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in the inte ...)
 	NOT-FOR-US: Siemens
 CVE-2016-1487 (Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2016-1486 (A vulnerability in the email attachment scanning functionality of the  ...)
 	NOT-FOR-US: Siemens OZW OZW672
 CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services En ...)
@@ -213957,7 +213957,7 @@ CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine P
 CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plug ...)
 	NOT-FOR-US: WP Favorite Posts plugin for WordPress
 CVE-2016-1159 (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build ...)
-	TODO: check
+	NOT-FOR-US: ZOHO
 CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH  ...)
 	NOT-FOR-US: Corega
 CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Lo ...)
@@ -217062,11 +217062,11 @@ CVE-2015-8509 (Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x an
 CVE-2015-8508 (Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in ...)
 	- bugzilla4 <itp> (bug #669643)
 CVE-2015-8507 (mediaserver in Android 6.0 before 2015-12-01 allows remote attackers t ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2015-8506 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 a ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to  ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Android
 CVE-2015-8503
 	RESERVED
 CVE-2015-8502
@@ -219343,7 +219343,7 @@ CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32 functi
 CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D  ...)
 	NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
 CVE-2015-7890 (Multiple buffer overflows in the esa_write function in /dev/seirenin t ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge  ...)
 	NOT-FOR-US: Samsung
 CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
@@ -221013,19 +221013,19 @@ CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...)
 CVE-2015-7345
 	RESERVED
 CVE-2015-7344 (HikaShop Joomla Component before 2.6.0 has XSS via an injected payload ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7343 (JNews Joomla Component before 8.5.0 has XSS via the mailingsearch para ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7342 (JNews Joomla Component before 8.5.0 allows SQL injection via upload th ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7341 (JNews Joomla Component before 8.5.0 allows arbitrary File Upload via S ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7340 (JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid i ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7339 (JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7338 (SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via e ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-7336
 	RESERVED
 CVE-2015-7335
@@ -244984,8 +244984,7 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s
 CVE-2014-8740
 	RESERVED
 CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...)
-	- libjs-jquery-file-upload <undetermined>
-	TODO: check, might be considered only as specific use in WordPress and Joomla?
+	NOT-FOR-US: Joomla/Wordpress plugin
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...)
 	NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...)
@@ -247263,7 +247262,7 @@ CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attac
 	NOTE: the vulnerability is in the Android OS itself (and its backup manager)
 	NOTE: adb is just an intermediary in the backup process
 CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge (aka adb ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2014-7950
 	RESERVED
 CVE-2014-7949
@@ -263473,7 +263472,7 @@ CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student
 CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with f ...)
 	NOT-FOR-US: Belkin router
 CVE-2014-1634 (SQL Injection exists in Advanced Newsletter Magento extension before 2 ...)
-	TODO: check
+	NOT-FOR-US: Magento extension
 CVE-2014-1633
 	RESERVED
 CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers ...)
@@ -305510,7 +305509,7 @@ CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-
 	- dhcp3 <not-affected> (Only affects DHCP 4.x)
 	- isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low)
 CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical ...)
 	NOT-FOR-US: 7-Technologies IGSS
 CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka H ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58a493d7608ce608e8c0a5f748de2c15cbf31ef9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58a493d7608ce608e8c0a5f748de2c15cbf31ef9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200309/405184e5/attachment.html>

More information about the debian-security-tracker-commits mailing list