[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Wed, 18 Dec 2019 12:54:27 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d804cb80 by Salvatore Bonaccorso at 2019-12-18T20:53:12Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -189,13 +189,13 @@ CVE-2020-3826
 CVE-2020-3825
        RESERVED
 CVE-2019-19890 (An issue was discovered on Humax Wireless Voice Gateway 
HGB10R-2 20160 ...)
-       TODO: check
+       NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices
 CVE-2019-19889 (An issue was discovered on Humax Wireless Voice Gateway 
HGB10R-2 20160 ...)
-       TODO: check
+       NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices
 CVE-2019-19888 (jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a 
divide-by-zer ...)
-       TODO: check
+       NOT-FOR-US: ffjpeg
 CVE-2019-19887 (bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a 
NULL pointe ...)
-       TODO: check
+       NOT-FOR-US: ffjpeg
 CVE-2019-19886
        RESERVED
 CVE-2019-19885
@@ -745,13 +745,13 @@ CVE-2019-XXXX [several vulnerabilities fixed in WordPress 
5.3.1]
        NOTE: 
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
        TODO: asked maintainer to request CVEs with more insight
 CVE-2019-19833 (In Tautulli 2.1.9, CSRF in the /shutdown URI allows an 
attacker to shu ...)
-       TODO: check
+       NOT-FOR-US: Tautulli
 CVE-2019-19832 (Xerox AltaLink C8035 printers allow CSRF. A request to add 
users is ma ...)
-       TODO: check
+       NOT-FOR-US: Xerox
 CVE-2019-19831
        RESERVED
 CVE-2019-19829 (A cross-site scripting (XSS) vulnerability exists in 
SolarWinds Serv-U ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2019-19828
        RESERVED
 CVE-2019-19827
@@ -1964,7 +1964,7 @@ CVE-2019-19744
 CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a 
root(admi ...)
        NOT-FOR-US: D-Link
 CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-19741
        RESERVED
 CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter 
CampaignID in Ca ...)
@@ -6112,7 +6112,7 @@ CVE-2019-19237
 CVE-2019-19236
        RESERVED
 CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 
10 note ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2019-19234
        RESERVED
 CVE-2019-19233
@@ -30611,7 +30611,7 @@ CVE-2019-11994
 CVE-2019-11993
        RESERVED
 CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 
could b ...)
-       TODO: check
+       NOT-FOR-US: HPE OneView for VMware vCenter
 CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service 
Processor (SP)  ...)
        NOT-FOR-US: HPE 3PAR Service Processor
 CVE-2019-11990 (Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 
1.4.1,  ...)
@@ -32423,9 +32423,9 @@ CVE-2019-11402 (In Gradle Enterprise before 2018.5.3, 
Build Cache Nodes did not
 CVE-2019-11401 (A issue was discovered in SiteServer CMS 6.9.0. It allows 
remote attac ...)
        NOT-FOR-US: SiteServer CMS
 CVE-2019-11400 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, 
TEW-652BRP 3.04b ...)
-       TODO: check
+       NOT-FOR-US: TRENDnet
 CVE-2019-11399 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, 
TEW-652BRP 3.04b ...)
-       TODO: check
+       NOT-FOR-US: TRENDnet
 CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 
2019.2 a ...)
        NOT-FOR-US: UliCMS
 CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application 
Builder 4.5M. ...)
@@ -34639,7 +34639,7 @@ CVE-2019-10602
 CVE-2019-10601 (Out of bound access can occur while processing firmware event 
due to l ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10600 (Use of local variable as argument to netlink CB callback goes 
out of i ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10599
        RESERVED
 CVE-2019-10598 (Out of bound access can occur while processing peer info in 
IBSS conne ...)
@@ -34671,7 +34671,7 @@ CVE-2019-10586
 CVE-2019-10585
        RESERVED
 CVE-2019-10584 (Possibility of out of bound access in debug queue, if packet 
size fiel ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10583
        RESERVED
 CVE-2019-10582
@@ -34695,7 +34695,7 @@ CVE-2019-10574
 CVE-2019-10573
        RESERVED
 CVE-2019-10572 (Improper check in video driver while processing data from 
video firmwa ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to 
missing check ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10570
@@ -34711,7 +34711,7 @@ CVE-2019-10566 (Buffer overflow can occur in wlan 
module if supported rates or e
 CVE-2019-10565 (Double free issue can happen when sensor power settings is 
freed by so ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10564 (Possible OOB issue in EEPROM due to lack of check while 
accessing memo ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10563 (Buffer over-read can occur in fast message handler due to 
improper inp ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10562
@@ -34751,7 +34751,7 @@ CVE-2019-10546
 CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check 
related  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10544 (Improper length check on source buffer to handle userspace 
data receiv ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10543
        RESERVED
 CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted 
firmware file  ...)
@@ -34789,7 +34789,7 @@ CVE-2019-10527
 CVE-2019-10526
        RESERVED
 CVE-2019-10525 (Buffer overflow during SIB read when network configures 
complete sib l ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10524 (Lack of check for a negative value returned for get_clk is 
wrongly int ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10523
@@ -34803,17 +34803,17 @@ CVE-2019-10520 (An unprivileged application can 
allocate GPU memory by calling m
 CVE-2019-10519
        RESERVED
 CVE-2019-10518 (Use after free of a pointer in iWLAN scenario during netmgr 
state tran ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10517 (Memory is being freed up twice when two concurrent threads are 
executi ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10516 (Multiple read overflows in MM while decoding service 
accept,service re ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10515 (DCI client which might be preemptively freed up might be 
accessed for  ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10514
        RESERVED
 CVE-2019-10513 (Possibility of Null pointer access if the SPDM commands are 
executed i ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10512 (Payload size is not checked before using it as array index in 
audio in ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10511 (Possibility of memory overflow while decoding GSNDCP 
compressed mode P ...)
@@ -34839,7 +34839,7 @@ CVE-2019-10502 (Possible stack overflow when an index 
equal to io buffer size is
 CVE-2019-10501 (Possible use after free issue due to improper input validation 
in volu ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10500 (While processing MT Secondary PDP request, Buffer overflow 
will happen ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10499 (Improper validation of read and write index of tx and rx 
fifo`s before ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 
io_vec reques ...)
@@ -34865,7 +34865,7 @@ CVE-2019-10489 (Possible null-pointer dereference can 
occur while parsing avi cl
 CVE-2019-10488 (Null pointer dereference can occur while parsing invalid 
chunks while  ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10487 (Buffer over read can happen while parsing SMS OTA messages at 
transpor ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10486 (Race condition due to the lack of resource lock which will be 
concurre ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10485 (Infinite loop while decoding compressed data can lead to 
overrun condi ...)
@@ -34875,7 +34875,7 @@ CVE-2019-10484 (Use after free issue occurs when 
command destructors access dyna
 CVE-2019-10483
        RESERVED
 CVE-2019-10482 (Due to the use of non-time-constant comparison functions there 
is issu ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10481 (Out of bound access occurs while handling the WMI FW event due 
to lack ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10480 (Out of bound write can happen in WMI firmware event handler 
due to lac ...)
@@ -40621,39 +40621,39 @@ CVE-2019-8808 (Multiple memory corruption issues were 
addressed with improved me
        [jessie] - webkit2gtk <ignored> (Not covered by security support in 
jessie)
        NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8807 (A memory corruption issue was addressed with improved memory 
handling. ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8806 (A memory corruption issue was addressed with improved 
validation. This ...)
        TODO: check
 CVE-2019-8805 (A validation issue existed in the entitlement verification. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8804 (An inconsistency in Wi-Fi network configuration settings was 
addressed ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8803 (An authentication issue was addressed with improved state 
management.  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8802 (A validation issue was addressed with improved logic. This 
issue is fi ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This 
was addr ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8800 (A memory corruption issue was addressed with improved 
validation. This ...)
        TODO: check
 CVE-2019-8799
        RESERVED
 CVE-2019-8798 (A memory corruption issue was addressed with improved memory 
handling. ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8797 (A memory corruption issue was addressed with improved memory 
handling. ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8796
        RESERVED
 CVE-2019-8795 (A memory corruption issue was addressed with improved memory 
handling. ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8794 (A validation issue was addressed with improved input 
sanitization. Thi ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8793 (A consistency issue existed in deciding when to show the screen 
record ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2019-8792 (An injection issue was addressed with improved validation. This 
issue  ...)
-       TODO: check
+       NOT-FOR-US: Shazam Android App
 CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was 
address ...)
-       TODO: check
+       NOT-FOR-US: Shazam Android App
 CVE-2019-8790
        RESERVED
 CVE-2019-8789 (A validation issue existed in the handling of symlinks. This 
issue was ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d804cb8051adffceedc30068c9f8c9e8af6ed713

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d804cb8051adffceedc30068c9f8c9e8af6ed713
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to