[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab0ccb6c by Salvatore Bonaccorso at 2020-02-26T21:23:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60175,7 +60175,7 @@ CVE-2019-6746 (This vulnerability allows remote 
attackers to disclose sensitive
 CVE-2019-6745
        REJECTED
 CVE-2019-6744 (This vulnerability allows local attackers to disclose sensitive 
inform ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
        NOT-FOR-US: Xiaomi Mi6 Browser
 CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
@@ -64181,7 +64181,7 @@ CVE-2019-5167
 CVE-2019-5166
        RESERVED
 CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in 
the hostn ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5164 (An exploitable code execution vulnerability exists in the 
ss-manager b ...)
        - shadowsocks-libev 3.3.3+ds-2
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
@@ -64193,7 +64193,7 @@ CVE-2019-5163 (An exploitable denial-of-service 
vulnerability exists in the UDPR
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956
        NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
 CVE-2019-5162 (An exploitable improper access control vulnerability exists in 
the iw_ ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5161
        RESERVED
 CVE-2019-5160
@@ -64211,7 +64211,7 @@ CVE-2019-5155
 CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the 
JPEG2000 pars ...)
        NOT-FOR-US: LEADTOOLS
 CVE-2019-5153 (An exploitable remote code execution vulnerability exists in 
the iw_we ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5152 (An exploitable information disclosure vulnerability exists in 
the netw ...)
        - shadowsocks-libev <unfixed> (unimportant)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942
@@ -64226,7 +64226,7 @@ CVE-2019-5150 (An exploitable SQL injection 
vulnerability exist in YouPHPTube 7.
 CVE-2019-5149
        RESERVED
 CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in 
ServiceAgent  ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
        NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
@@ -64236,21 +64236,21 @@ CVE-2019-5145 (An exploitable use-after-free 
vulnerability exists in the JavaScr
 CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the 
derive_taps_ ...)
        NOT-FOR-US: Kakadu Software SDK
 CVE-2019-5143 (An exploitable format string vulnerability exists in the 
iw_console co ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5142 (An exploitable command injection vulnerability exists in the 
hostname  ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5141 (An exploitable command injection vulnerability exists in the 
iw_webs f ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5140 (An exploitable command injection vulnerability exists in the 
iwwebs fu ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5139 (An exploitable use of hard-coded credentials vulnerability 
exists in m ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5138 (An exploitable command injection vulnerability exists in 
encrypted dia ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5137 (The usage of hard-coded cryptographic keys within the 
ServiceAgent bin ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the 
iw_con ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-5135
        RESERVED
 CVE-2019-5134
@@ -66651,9 +66651,9 @@ CVE-2019-4002
 CVE-2019-4001
        RESERVED
 CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated 
code in ...)
-       TODO: check
+       NOT-FOR-US: Druva inSync Mac OS Client
 CVE-2019-3999 (Improper neutralization of special elements used in an OS 
command in D ...)
-       TODO: check
+       NOT-FOR-US: Druva inSync Windows Client
 CVE-2019-3998 (Authentication bypass using an alternate path or channel in 
SimpliSafe ...)
        NOT-FOR-US: SimpliSafe SS3 firmware
 CVE-2019-3997 (Authentication bypass using an alternate path or channel in 
SimpliSafe ...)
@@ -67625,7 +67625,7 @@ CVE-2019-3672
 CVE-2019-3671
        RESERVED
 CVE-2019-3670 (Remote Code Execution vulnerability in the web interface in 
McAfee Web ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3669
        RESERVED
 CVE-2019-3668
@@ -91437,7 +91437,7 @@ CVE-2018-14707 (Directory traversal in the Drobo Pix 
web application on Drobo 5N
 CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo 
endpoint o ...)
        NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14705 (In Drobo 5N2 4.0.5, all optional applications lack any form of 
authent ...)
-       TODO: check
+       NOT-FOR-US: Drobo 5N2
 CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 
NAS vers ...)
        NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data 
endpoint in D ...)
@@ -95094,7 +95094,7 @@ CVE-2018-13315 (Incorrect access control in 
formPasswordSetup in TOTOLINK A3002R
 CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU 
version 1. ...)
        NOT-FOR-US: TOTOLINK
 CVE-2018-13313 (In TOTOLINK A3002RU 1.0.8, the router provides a page that 
allows the  ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU 
version 1.0 ...)
        NOT-FOR-US: TOTOLINK
 CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU 
version 1.0.8 ...)
@@ -254592,7 +254592,7 @@ CVE-2014-4023 (Cross-site scripting (XSS) 
vulnerability in tmui/dashboard/echo.j
 CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 
4.4.x, wh ...)
        - xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 
onwards)
 CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores 
sensitiv ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has 
a defau ...)
        NOT-FOR-US: ZTE router
 CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote 
attackers to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0ccb6cadf7c18845c03e841df47d6ec921ab83

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0ccb6cadf7c18845c03e841df47d6ec921ab83
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits