[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Sat, 08 Feb 2020 12:44:00 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9b998114 by Salvatore Bonaccorso at 2020-02-08T21:42:26+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26604,9 +26604,9 @@ CVE-2019-17138 (This vulnerability allows remote 
attackers to disclose sensitive
 CVE-2019-17137
        RESERVED
 CVE-2019-17136 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-17135 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-17134 (Amphora Images in OpenStack Octavia &gt;=0.10.0 &lt;2.1.2, 
&gt;=3.0.0  ...)
        - octavia 4.0.0-6 (bug #941897)
        [buster] - octavia <no-dsa> (Minor issue in regular setups, can be 
fixed via point release)
@@ -29509,7 +29509,7 @@ CVE-2019-16157
 CVE-2019-16156
        RESERVED
 CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 
6.2.1 an ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard FortiClient
 CVE-2019-16154 (An improper neutralization of input during web page generation 
in Fort ...)
        NOT-FOR-US: FortiAuthenticator WEB UI
 CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM 
database ...)
@@ -36515,7 +36515,7 @@ CVE-2019-14090
 CVE-2019-14089
        RESERVED
 CVE-2019-14088 (Possible use after free issue while CRM is accessing the link 
pointer  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14087
        RESERVED
 CVE-2019-14086
@@ -36565,23 +36565,23 @@ CVE-2019-14065
 CVE-2019-14064
        RESERVED
 CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings 
which r ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14062
        RESERVED
 CVE-2019-14061
        RESERVED
 CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated 
for blob ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14059
        RESERVED
 CVE-2019-14058
        RESERVED
 CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv 
file due t ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14056
        RESERVED
 CVE-2019-14055 (Possibility of use-after-free and double free because of not 
marking b ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14054
        RESERVED
 CVE-2019-14053
@@ -36589,29 +36589,29 @@ CVE-2019-14053
 CVE-2019-14052
        RESERVED
 CVE-2019-14051 (Subsequent additions performed during Module loading while 
allocating  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14050
        RESERVED
 CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system 
allocation whi ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14048
        RESERVED
 CVE-2019-14047
        RESERVED
 CVE-2019-14046 (Out of bound access while allocating memory for an array in 
camera due ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14045
        RESERVED
 CVE-2019-14044 (Out of bound access due to access of uninitialized memory 
segment in a ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14043
        RESERVED
 CVE-2019-14042
        RESERVED
 CVE-2019-14041 (During listener modified response processing, a buffer overrun 
occurs  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14040 (Using memory after being freed in qsee due to wrong 
implementation can ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-14039
        RESERVED
 CVE-2019-14038
@@ -39487,9 +39487,9 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell 
DB01-S Gen 1 allows remote
 CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 
7.11.7 has  ...)
        NOT-FOR-US: SalesAgility SuiteCRM
 CVE-2019-13334 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-13333 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-13332 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
        NOT-FOR-US: Foxit Reader
 CVE-2019-13331 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
@@ -39984,7 +39984,7 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does 
not ensure that a networ
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a
 CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. 
This affect ...)
-       TODO: check
+       NOT-FOR-US: Fujitsu
 CVE-2019-13162
        RESERVED
 CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 
13.27.0, 14.x  ...)
@@ -47248,7 +47248,7 @@ CVE-2019-10592 (Possible integer overflow while 
multiplying two integers of 32 b
 CVE-2019-10591
        RESERVED
 CVE-2019-10590 (Out of bound access while parsing dts atom, which is 
non-standard as i ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10589
        RESERVED
 CVE-2019-10588
@@ -47294,7 +47294,7 @@ CVE-2019-10569
 CVE-2019-10568
        RESERVED
 CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking 
there is ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or 
extende ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10565 (Double free issue can happen when sensor power settings is 
freed by so ...)
@@ -228058,7 +228058,7 @@ CVE-2015-3425 (Cross-site scripting (XSS) 
vulnerability in Accentis Content Reso
 CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource 
Management Sy ...)
        NOT-FOR-US: Accentis Content Resource Management System
 CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource 
Manageme ...)
-       TODO: check
+       NOT-FOR-US: NetCracker Resource Management System
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 
8.2.1 al ...)
        NOT-FOR-US: SearchBlox
 CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress 
Eshop plu ...)
@@ -229723,7 +229723,7 @@ CVE-2015-2911
 CVE-2015-2910
        RESERVED
 CVE-2015-2909 (Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and 
DS2 dev ...)
-       TODO: check
+       NOT-FOR-US: Dedicated Micros DVR products
 CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with 
firmwar ...)
        NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
 CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with 
firmwar ...)
@@ -232034,7 +232034,7 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to 
obtain the installation pa
 CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 
allows remo ...)
        NOT-FOR-US: phpMoAdmin
 CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in 
NetCracker Reso ...)
-       TODO: check
+       NOT-FOR-US: NetCracker Resource Management System
 CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 
4.0.10.9, 4.2 ...)
        {DSA-3382-1 DLA-336-1}
        - phpmyadmin 4:4.4.4-1 (unimportant)
@@ -232485,7 +232485,7 @@ CVE-2015-2080 (The exception handling code in Eclipse 
Jetty before 9.2.9.v201502
        NOTE: 
https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
        NOTE: 
http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
 CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider 
(slider-i ...)
-       TODO: check
+       NOT-FOR-US: Huge-IT Slider (slider- image) plugin for WordPress
 CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo 
View all ...)
        NOT-FOR-US: PTC Creo View
 CVE-2015-2057
@@ -237732,7 +237732,7 @@ CVE-2014-9472 (The email gateway in RT (aka Request 
Tracker) 3.0.0 through 4.x b
        - request-tracker4 4.2.8-3
        - request-tracker3.8 <removed> (unimportant)
 CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm 
function in F ...)
-       TODO: check
+       NOT-FOR-US: Fork CMS
 CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 
3.6.0, 3. ...)
        NOT-FOR-US: vBulletin
 CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in 
InstantASP Inst ...)
@@ -239489,9 +239489,9 @@ CVE-2014-9131
 CVE-2014-9128
        RESERVED
 CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict 
access to ...)
-       TODO: check
+       NOT-FOR-US: Open-School Community Edition
 CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in 
Open-School Com ...)
-       TODO: check
+       NOT-FOR-US: Open-School Community Edition
 CVE-2014-9125
        RESERVED
 CVE-2014-9124
@@ -243875,7 +243875,7 @@ CVE-2014-7865
 CVE-2014-7864 (Multiple SQL injection vulnerabilities in the 
FailOverHelperServlet (a ...)
        NOT-FOR-US: ZOHO ManageEngine OpManager
 CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO 
ManageEngi ...)
-       TODO: check
+       NOT-FOR-US: ZOHO ManageEngine
 CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central 
and Deskt ...)
        NOT-FOR-US: ManageEngine
 CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not 
properly v ...)
@@ -249793,7 +249793,7 @@ CVE-2014-5290
 CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers 
to execu ...)
        NOT-FOR-US: Senkas Kolibri
 CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a 
via uns ...)
-       TODO: check
+       NOT-FOR-US: Kemp Load Master
 CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load 
Master 7.1-1 ...)
        NOT-FOR-US: Kemp Load Master
 CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO 
ActiveM ...)
@@ -250369,7 +250369,7 @@ CVE-2014-5093 (Status2k does not remove the install 
directory allowing credentia
 CVE-2014-5092 (Status2k allows Remote Command Execution in 
admin/options/editpl.php. ...)
        NOT-FOR-US: Status2k
 CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring 
Software via t ...)
-       TODO: check
+       NOT-FOR-US: Status2K Server Monitoring Software
 CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated 
adminis ...)
        NOT-FOR-US: Status2k
 CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in 
Status2k allo ...)
@@ -273571,7 +273571,7 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote 
authenticated administrators t
        NOTE: https://tracker.moodle.org/browse/MDL-41449
        NOTE: 
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
 CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
-       TODO: check
+       NOT-FOR-US: ISPConfig
 CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability 
...)
        TODO: check
 CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee 
Managed Age ...)
@@ -273647,7 +273647,7 @@ CVE-2013-3593 (Baramundi Management Suite 7.5 through 
8.9 uses cleartext for (1)
 CVE-2013-3592
        RESERVED
 CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP 
Code Execu ...)
-       TODO: check
+       NOT-FOR-US: vTiger CRM
 CVE-2013-3590 (Unrestricted file upload vulnerability in 
admin/uploadImage.html in Se ...)
        NOT-FOR-US: SearchBlox
 CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in 
the Admi ...)
@@ -274749,7 +274749,7 @@ CVE-2013-3098 (Multiple cross-site request forgery 
(CSRF) vulnerabilities in TRE
 CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the 
Verizon FI ...)
        NOT-FOR-US: Verizon
 CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware 
Linking ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
D-Link D ...)
        NOT-FOR-US: D-Link
 CVE-2013-3094
@@ -274759,7 +274759,7 @@ CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
 CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to 
bypass a ...)
        NOT-FOR-US: Belkin router
 CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 
(F7D7301v1) rout ...)
-       TODO: check
+       NOT-FOR-US: Belkin N300 router
 CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin 
N300 rou ...)
        NOT-FOR-US: Belkin N300 router
 CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in 
Belkin ...)
@@ -274814,7 +274814,7 @@ CVE-2013-3069 (Multiple cross-site scripting (XSS) 
vulnerabilities in NETGEAR WN
 CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in 
Linksy ...)
        NOT-FOR-US: Linksys
 CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly 
restrict  ...)
        NOT-FOR-US: Linksys
 CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental 
Controls sect ...)
@@ -280478,7 +280478,7 @@ CVE-2013-1204 (Memory leak in the SNMP process in 
Cisco IOS XR allows remote att
 CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote 
attackers t ...)
        NOT-FOR-US: Cisco ASA
 CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2013-1201
        RESERVED
 CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control 
System ( ...)
@@ -290317,7 +290317,7 @@ CVE-2012-4031 (Multiple directory traversal 
vulnerabilities in src/acloglogin.ph
 CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied 
input  ...)
        NOT-FOR-US: Chamilo LMS
 CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in 
main/dropbox/index.php in  ...)
-       TODO: check
+       NOT-FOR-US: Chamilo LMS
 CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential 
data,  ...)
        NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX 
Framework allo ...)
@@ -293942,7 +293942,7 @@ CVE-2012-2595 (Multiple cross-site scripting (XSS) 
vulnerabilities in unspecifie
 CVE-2012-2594
        RESERVED
 CVE-2012-2593 (Cross-site scripting (XSS) vulnerability in the administrative 
interfa ...)
-       TODO: check
+       NOT-FOR-US: Atmail Webmail Server
 CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 
8.0.1 a ...)
        NOT-FOR-US: AXIGEN Mail Server
 CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in 
EmailArchitect  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b998114a97dced4120c3a70ff9f0ef7647800ed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b998114a97dced4120c3a70ff9f0ef7647800ed
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to