Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3632c4a5 by Salvatore Bonaccorso at 2019-07-25T20:32:54Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2019-14271
RESERVED
CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through
12.0.0.6 ...)
- TODO: check
+ NOT-FOR-US: Comodo Antivirus
CVE-2019-14269
RESERVED
CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web
request prox ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2019-14267
RESERVED
CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the
index.php?s=/ucenter/Confi ...)
@@ -12308,7 +12308,7 @@ CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML
External Entity (XXE). The i
CVE-2019-1010201 (Jeesite 1.2.7 is affected by: SQL Injection. The impact is:
sensitive ...)
NOT-FOR-US: Jeesite
CVE-2019-1010200 (Voice Builder Prior to commit
c145d4604df67e6fc625992412eef0bf9a85e26b ...)
- TODO: check
+ NOT-FOR-US: Voice Builder
CVE-2019-1010199 (ServiceStack ServiceStack Framework 4.5.14 is affected by:
Cross Site ...)
NOT-FOR-US: ServiceStack ServiceStack Framework
CVE-2019-1010198
@@ -12368,7 +12368,7 @@ CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and
earlier is affected by: comm
CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The
impact is ...)
NOT-FOR-US: Jsish
CVE-2019-1010172 (Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource
Consumption. ...)
- TODO: check
+ NOT-FOR-US: Jsish
CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference.
The impac ...)
NOT-FOR-US: Jsish
CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The
impact is: den ...)
@@ -12765,9 +12765,9 @@ CVE-2019-9887
CVE-2019-9886 (Any URLs with download_attachment.php under templates or home
folders ...)
NOT-FOR-US: BroadLearning eClass
CVE-2019-9885 (eClass platform < ip.2.5.10.2.1 allows an attacker to
execute SQL c ...)
- TODO: check
+ NOT-FOR-US: eClass platform
CVE-2019-9884 (eClass platform < ip.2.5.10.2.1 allows an attacker to use
GETS meth ...)
- TODO: check
+ NOT-FOR-US: eClass platform
CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF
vulnerabi ...)
NOT-FOR-US: MailSherlock
CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF
vulnerabi ...)
@@ -26189,7 +26189,7 @@ CVE-2019-4441
CVE-2019-4440
RESERVED
CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate
session ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4438
RESERVED
CVE-2019-4437
@@ -26237,7 +26237,7 @@ CVE-2019-4417
CVE-2019-4416
RESERVED
CVE-2019-4415 (IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to
obtain e ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4414
RESERVED
CVE-2019-4413
@@ -26643,7 +26643,7 @@ CVE-2019-4214
CVE-2019-4213
RESERVED
CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request
forger ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site
scripting. Thi ...)
NOT-FOR-US: IBM
CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass
authentication expo ...)
@@ -26835,7 +26835,7 @@ CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and
3.1.2 ibm-mcm-chart coul
CVE-2019-4117
RESERVED
CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly
sensit ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4115
RESERVED
CVE-2019-4114
@@ -28100,7 +28100,7 @@ CVE-2019-3623
CVE-2019-3622 (Files or Directories Accessible to External Parties in McAfee
Data Los ...)
NOT-FOR-US: McAfee
CVE-2019-3621 (Authentication protection bypass vulnerability in McAfee Data
Loss Pre ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3620
RESERVED
CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in
McAfee eP ...)
@@ -28486,9 +28486,9 @@ CVE-2019-3488
CVE-2019-3487
RESERVED
CVE-2019-3486 (Mitigates a stored cross site scripting issue in ArcSight
Security Man ...)
- TODO: check
+ NOT-FOR-US: ArcSight Security Management Center
CVE-2019-3485 (Mitigates a stored cross site scripting issue in ArcSight
Logger versi ...)
- TODO: check
+ NOT-FOR-US: ArcSight Logger
CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger
versions pr ...)
NOT-FOR-US: ArcSight Logger
CVE-2019-3483 (Mitigates a potential information leakage issue in ArcSight
Logger ver ...)
@@ -32865,11 +32865,11 @@ CVE-2019-2347
CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan
command ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in
Snapdragon ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2344
RESERVED
CVE-2019-2343 (Out of bound read and information disclosure in firmware due to
insuff ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2342
RESERVED
CVE-2019-2341
@@ -32923,27 +32923,27 @@ CVE-2019-2318
CVE-2019-2317
RESERVED
CVE-2019-2316 (When computing the digest a local variable is used after going
out of ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2315
RESERVED
CVE-2019-2314 (Possible race condition that will cause a use-after-free when
writing ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2313
RESERVED
CVE-2019-2312 (When handling the vendor command there exists a potential
buffer overf ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2311
RESERVED
CVE-2019-2310
RESERVED
CVE-2019-2309 (While storing calibrated data from firmware in cache, An
integer overf ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2308 (User application could potentially make RPC call to the fastrpc
driver ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2307 (Possible integer underflow due to lack of validation before
calculatio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2306 (Improper casting of structure while handling the buffer leads
to out o ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2305 (Out of bound access when reason code is extracted from frame
data with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2304
@@ -32953,13 +32953,13 @@ CVE-2019-2303
CVE-2019-2302
RESERVED
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not
in ran ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2300
RESERVED
CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted
command ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2298 (Protection is missing while accessing md sessions info via
macro which ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2297
RESERVED
CVE-2019-2296
@@ -32969,13 +32969,13 @@ CVE-2019-2295
CVE-2019-2294
RESERVED
CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of
length ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2292 (Out of bound access can occur due to buffer copy without
checking size ...)
NOT-FOR-US: Snapdragon
CVE-2019-2291
RESERVED
CVE-2019-2290 (Multiple open and close from multiple threads will lead camera
driver ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2289
RESERVED
CVE-2019-2288
@@ -32993,7 +32993,7 @@ CVE-2019-2283
CVE-2019-2282
RESERVED
CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and
subsequ ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2280
RESERVED
CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to
access be ...)
@@ -33009,9 +33009,9 @@ CVE-2019-2275
CVE-2019-2274
RESERVED
CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial
of serv ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2272 (Buffer overflow can occur in display function due to lack of
validatio ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2271
RESERVED
CVE-2019-2270
@@ -33029,7 +33029,7 @@ CVE-2019-2265
CVE-2019-2264 (Null pointer dereference occurs for channel context while
opening glin ...)
NOT-FOR-US: Snapdragon
CVE-2019-2263 (Access to freed memory can happen while reading from diag
driver due t ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2262
RESERVED
CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non
secure sub ...)
@@ -53775,7 +53775,7 @@ CVE-2018-13899 (Processing messages after error may
result in user after free me
CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC
in Snap ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13897 (Clients hostname gets added to DNS record on device which is
running d ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-13896 (XBL_SEC image authentication and other crypto related
validations are ...)
NOT-FOR-US: Snapdragon
CVE-2018-13895 (Due to the missing permissions on several content providers of
the RCS ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3632c4a5cf6ba5825c5cd50c1e425b75ef056162
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3632c4a5cf6ba5825c5cd50c1e425b75ef056162
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
