[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Mon, 09 Mar 2020 15:36:53 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
58a493d7 by Moritz Muehlenhoff at 2020-03-09T23:36:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -195016,7 +195016,7 @@ CVE-2016-6676 (Off-by-one error in 
CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm W
 CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the 
Qualcomm Wi ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices 
allows att ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Android
 CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 
9 devic ...)
        NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 
on Nexus ...)
@@ -212795,7 +212795,7 @@ CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for 
Windows and SHAREit before 3.5.48
 CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in 
the inte ...)
        NOT-FOR-US: Siemens
 CVE-2016-1487 (Lexmark Markvision Enterprise before 2.3.0 misuses the Apache 
Commons  ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2016-1486 (A vulnerability in the email attachment scanning functionality 
of the  ...)
        NOT-FOR-US: Siemens OZW OZW672
 CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity 
Services En ...)
@@ -213957,7 +213957,7 @@ CVE-2016-1161 (Cross-site request forgery (CSRF) 
vulnerability in ManageEngine P
 CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite 
Posts plug ...)
        NOT-FOR-US: WP Favorite Posts plugin for WordPress
 CVE-2016-1159 (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 
(Build ...)
-       TODO: check
+       NOT-FOR-US: ZOHO
 CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega 
CG-WLBARGMH  ...)
        NOT-FOR-US: Corega
 CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in 
Script* Lo ...)
@@ -217062,11 +217062,11 @@ CVE-2015-8509 (Template.pm in Bugzilla 2.x, 3.x, 
and 4.x before 4.2.16, 4.3.x an
 CVE-2015-8508 (Cross-site scripting (XSS) vulnerability in 
showdependencygraph.cgi in ...)
        - bugzilla4 <itp> (bug #669643)
 CVE-2015-8507 (mediaserver in Android 6.0 before 2015-12-01 allows remote 
attackers t ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Android
 CVE-2015-8506 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 
2015-12-01 a ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Android
 CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote 
attackers to  ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Android
 CVE-2015-8503
        RESERVED
 CVE-2015-8502
@@ -219343,7 +219343,7 @@ CVE-2015-7892 (Stack-based buffer overflow in the 
m2m1shot_compat_ioctl32 functi
 CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung 
Graphics 2D  ...)
        NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
 CVE-2015-7890 (Multiple buffer overflows in the esa_write function in 
/dev/seirenin t ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung 
S6 Edge  ...)
        NOT-FOR-US: Samsung
 CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService 
on the ...)
@@ -221013,19 +221013,19 @@ CVE-2015-7346 (SQL injection vulnerability in ZCMS 
1.1. ...)
 CVE-2015-7345
        RESERVED
 CVE-2015-7344 (HikaShop Joomla Component before 2.6.0 has XSS via an injected 
payload ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2015-7343 (JNews Joomla Component before 8.5.0 has XSS via the 
mailingsearch para ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2015-7342 (JNews Joomla Component before 8.5.0 allows SQL injection via 
upload th ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2015-7341 (JNews Joomla Component before 8.5.0 allows arbitrary File 
Upload via S ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2015-7340 (JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via 
evid i ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2015-7339 (JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file 
upload via a ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2015-7338 (SQL Injection exists in AcyMailing Joomla Component before 
4.9.5 via e ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2015-7336
        RESERVED
 CVE-2015-7335
@@ -244984,8 +244984,7 @@ CVE-2014-8741 (Directory traversal vulnerability in 
the GfdFileUploadServerlet s
 CVE-2014-8740
        RESERVED
 CVE-2014-8739 (Unrestricted file upload vulnerability in 
server/php/UploadHandler.php ...)
-       - libjs-jquery-file-upload <undetermined>
-       TODO: check, might be considered only as specific use in WordPress and 
Joomla?
+       NOT-FOR-US: Joomla/Wordpress plugin
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows 
remote a ...)
        NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x 
before 7 ...)
@@ -247263,7 +247262,7 @@ CVE-2014-7952 (The backup mechanism in the adb tool 
in Android might allow attac
        NOTE: the vulnerability is in the Android OS itself (and its backup 
manager)
        NOTE: adb is just an intermediary in the backup process
 CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge 
(aka adb ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2014-7950
        RESERVED
 CVE-2014-7949
@@ -263473,7 +263472,7 @@ CVE-2014-1636 (Multiple SQL injection vulnerabilities 
in Command School Student
 CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router 
with f ...)
        NOT-FOR-US: Belkin router
 CVE-2014-1634 (SQL Injection exists in Advanced Newsletter Magento extension 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: Magento extension
 CVE-2014-1633
        RESERVED
 CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote 
attackers ...)
@@ -305510,7 +305509,7 @@ CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 
and 4.1-ESV before 4.1-ESV-
        - dhcp3 <not-affected> (Only affects DHCP 4.x)
        - isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low)
 CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive 
Graphical ...)
        NOT-FOR-US: 7-Technologies IGSS
 CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe 
(aka H ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58a493d7608ce608e8c0a5f748de2c15cbf31ef9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58a493d7608ce608e8c0a5f748de2c15cbf31ef9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to