[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso Wed, 13 Nov 2019 12:45:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dd113f85 by Salvatore Bonaccorso at 2019-11-13T20:43:24Z
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,11 +31,11 @@ CVE-2019-18933
 CVE-2019-18932
        RESERVED
 CVE-2019-18931 (Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a 
Buffer O ...)
-       TODO: check
+       NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows 
web users  ...)
-       TODO: check
+       NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows 
web users  ...)
-       TODO: check
+       NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18928
        RESERVED
 CVE-2019-18927
@@ -3888,7 +3888,7 @@ CVE-2019-18281 (An out-of-bounds memory access in the 
generateDirectionalRuns()
 CVE-2019-18280 (Sourcecodester Online Grading System 1.0 is affected by a 
Cross Site R ...)
        NOT-FOR-US: Sourcecodester Online Grading System
 CVE-2019-18279 (In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the 
included driver ...)
-       TODO: check
+       NOT-FOR-US: Phoenix SCT WinFlash
 CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on 
Windows,  ...)
        NOT-FOR-US: VLC on Windows
 CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, 
messages fea ...)
@@ -6634,9 +6634,9 @@ CVE-2019-17526 (** DISPUTED ** An issue was discovered in 
SageMath Sage Cell Ser
 CVE-2019-17525
        RESERVED
 CVE-2019-17524 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices 
allows r ...)
-       TODO: check
+       NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices
 CVE-2019-17523 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices 
allows r ...)
-       TODO: check
+       NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices
 CVE-2019-17522 (A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 
via the ...)
        NOT-FOR-US: Hotaru CMS
 CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF 
vulnerab ...)
@@ -7991,13 +7991,13 @@ CVE-2019-16953
 CVE-2019-16952
        RESERVED
 CVE-2019-16951 (A remote file include (RFI) issue was discovered in Enghouse 
Web Chat  ...)
-       TODO: check
+       NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16950 (An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 
and 6.2.28 ...)
-       TODO: check
+       NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16949 (An issue was discovered in Enghouse Web Chat 6.1.300.31 and 
6.2.284.34 ...)
-       TODO: check
+       NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16948 (An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. 
In any P ...)
-       TODO: check
+       NOT-FOR-US: Enghouse Web Chat
 CVE-2019-16947
        RESERVED
 CVE-2019-16946
@@ -10735,7 +10735,7 @@ CVE-2019-15950 (The CRM Plugin before 4.2.4 for Redmine 
allows XSS via crafted v
 CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as 
root. The ex ...)
        NOT-FOR-US: Nagios XI
 CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth 
controller dev ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments CC256x and WL18xx dual-mode Bluetooth 
controller devices
 CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data 
unencrypted  ...)
        - bitcoin <unfixed> (bug #939608)
 CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an 
ASN.1 Octet ...)
@@ -42499,21 +42499,21 @@ CVE-2019-5296 (Mate20 Huawei smartphones versions 
earlier than HMA-AL00C00B175 h
 CVE-2019-5295 (Huawei Honor V10 smartphones versions earlier than 
Berkeley-AL20 9.0.0 ...)
        NOT-FOR-US: Huawei
 CVE-2019-5294 (There is an out of bound read vulnerability in some Huawei 
products. A ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5293 (Some Huawei products have a memory leak vulnerability when 
handling so ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5292 (Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the 
versions bef ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5291
        RESERVED
 CVE-2019-5290
        RESERVED
 CVE-2019-5289 (Gauss100 OLTP database in ManageOne with versions of 6.5.0 have 
an out ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5288 (P30 smart phones with versions earlier than ELLE-AL00B 
9.1.0.193(C00E1 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5287 (P30 smart phones with versions earlier than ELLE-AL00B 
9.1.0.193(C00E1 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5286 (There is a reflection XSS vulnerability in the HedEx products. 
Remote  ...)
        NOT-FOR-US: HedEx / Huawei
 CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An 
unauthentic ...)
@@ -42523,13 +42523,13 @@ CVE-2019-5284 (There is a DoS vulnerability in RTSP 
module of Leland-AL00A Huawe
 CVE-2019-5283 (There is Factory Reset Protection (FRP) bypass security 
vulnerability  ...)
        NOT-FOR-US: Huawei
 CVE-2019-5282 (Bastet module of some Huawei smartphones with Versions earlier 
than Em ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5281 (There is an information leak vulnerability in some Huawei 
phones, vers ...)
        NOT-FOR-US: Huawei
 CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with 
V600R019C10 has ...)
        NOT-FOR-US: Huawei
 CVE-2019-5279 (Huawei smart phones Emily-L29C with Versions earlier than 
9.1.0.311(C1 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5278
        RESERVED
 CVE-2019-5277
@@ -42595,7 +42595,7 @@ CVE-2019-5248
 CVE-2019-5247
        RESERVED
 CVE-2019-5246 (Smartphones with software of ELLE-AL00B 
9.1.0.109(C00E106R1P21), 9.1.0 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking 
vulner ...)
        NOT-FOR-US: Huawei
 CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 
8.0.0.361(C636) ve ...)
@@ -42625,13 +42625,13 @@ CVE-2019-5233 (Huawei smartphones with versions 
earlier than Taurus-AL00B 10.0.0
 CVE-2019-5232
        RESERVED
 CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 
9.1.0.186(C00E18 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than 
Charlotte ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 
9.1.0.193(C00E19 ...)
        NOT-FOR-US: P30 smartphones
 CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone 
whith V ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5227
        RESERVED
 CVE-2019-5226
@@ -46187,7 +46187,7 @@ CVE-2019-3650
 CVE-2019-3649
        RESERVED
 CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows 
client i ...)
-       TODO: check
+       NOT-FOR-US: McAfee Total Protection
 CVE-2019-3647
        RESERVED
 CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows 
client i ...)
@@ -46201,7 +46201,7 @@ CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 
7.8.2.13 is vulnerable to a
 CVE-2019-3642
        RESERVED
 CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE 
server in  ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3640
        RESERVED
 CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee 
Web Gate ...)
@@ -250871,13 +250871,13 @@ CVE-2013-4659 (Buffer overflow in Broadcom ACSD 
allows remote attackers to execu
 CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic 
links to be ...)
        NOT-FOR-US: Linksys
 CVE-2013-4657 (Symlink Traversal vulnerability in NETGEAR WNR3500U and 
WNR3500L due t ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2013-4656 (Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U 
due to mi ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2013-4655 (Symlink Traversal vulnerability in Belkin N900 due to 
misconfiguration ...)
-       TODO: check
+       NOT-FOR-US: Belkin
 CVE-2013-4654 (Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and 
TL-1043ND.. ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2013-4653 (Multiple cross-site scripting (XSS) vulnerabilities in the 
signin func ...)
        NOT-FOR-US: Alcatel-Lucent Omnitouch
 CVE-2013-4652 (Unspecified vulnerability in the command-line management 
interface on  ...)
@@ -254238,7 +254238,7 @@ CVE-2013-3519 (lgtosync.sys in VMware Workstation 9.x 
before 9.0.3, VMware Playe
 CVE-2013-3518
        RESERVED
 CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U 
and WNR35 ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2013-3516
        RESERVED
 CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX 
Source 2. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd113f857a6bdca75e6636dcf9cf5161606a62b1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd113f857a6bdca75e6636dcf9cf5161606a62b1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to