Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e79e443f by Moritz Muehlenhoff at 2020-02-05T18:45:42+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85131,19 +85131,19 @@ CVE-2018-16270 (Samsung Galaxy Gear series before 
build RE2 includes the hcidump
 CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows 
an unpri ...)
        NOT-FOR-US: Samsung
 CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an 
unprivil ...)
-       TODO: check
+       NOT-FOR-US: Tizen
 CVE-2018-16267 (The system-popup system service in Tizen allows an 
unprivileged proces ...)
-       TODO: check
+       NOT-FOR-US: Tizen
 CVE-2018-16266 (The Enlightenment system service in Tizen allows an 
unprivileged proce ...)
-       TODO: check
+       NOT-FOR-US: Tizen
 CVE-2018-16265 (The bt/bt_core system service in Tizen allows an unprivileged 
process  ...)
-       TODO: check
+       NOT-FOR-US: Tizen
 CVE-2018-16264 (The BlueZ system service in Tizen allows an unprivileged 
process to pa ...)
-       TODO: check
+       NOT-FOR-US: Tizen
 CVE-2018-16263 (The PulseAudio system service in Tizen allows an unprivileged 
process  ...)
-       TODO: check
+       NOT-FOR-US: Tizen
 CVE-2018-16262 (The pkgmgr system service in Tizen allows an unprivileged 
process to p ...)
-       TODO: check
+       NOT-FOR-US: Tizen
 CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 
9.0R1, the ...)
        NOT-FOR-US: Pulse Secure Pulse Desktop Client
 CVE-2018-16260
@@ -138143,9 +138143,9 @@ CVE-2017-14809
 CVE-2017-14808
        REJECTED
 CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL 
Command  ...)
-       TODO: check
+       NOT-FOR-US: SUSE Studio
 CVE-2017-14806 (A Improper Certificate Validation vulnerability in 
susestudio-common o ...)
-       TODO: check
+       NOT-FOR-US: SUSE Studio
 CVE-2017-14805
        RESERVED
 CVE-2017-14804 (The build package before 20171128 did not check directory 
names during ...)
@@ -197987,7 +197987,7 @@ CVE-2016-4678 (An issue was discovered in certain 
Apple products. macOS before 1
 CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 
10.1 is  ...)
        NOT-FOR-US: Apple
 CVE-2016-4676 (A Cross-origin vulnerability exists in WebKit in Apple Safari 
before 1 ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 
10.1 is  ...)
        NOT-FOR-US: Apple
 CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before 
10.12. ...)
@@ -220150,9 +220150,9 @@ CVE-2015-5953 (Cross-site scripting (XSS) 
vulnerability in the activity applicat
        - owncloud 7.0.6+dfsg-1
        NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-010
 CVE-2015-5952 (Directory traversal vulnerability in Thomson Reuters for FATCA 
before  ...)
-       TODO: check
+       NOT-FOR-US: Thomson Reuters FATCA
 CVE-2015-5951 (A file upload issue exists in the specid parameter in Thomson 
Reuters  ...)
-       NOT-FOR-US: Thomson Reuters FATCH
+       NOT-FOR-US: Thomson Reuters FATCA
 CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 
341.81 on ...)
        - nvidia-graphics-drivers 340.93-1 (bug #800566)
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -222834,9 +222834,9 @@ CVE-2015-5075 (Cross-site request forgery (CSRF) 
vulnerability in X2Engine X2CRM
 CVE-2015-5074 (Incomplete blacklist vulnerability in the FileUploadsFilter 
class in p ...)
        NOT-FOR-US: X2Engine
 CVE-2015-5072 (The BIRT Engine servlet in the AR System Mid Tier component 
before 9.0 ...)
-       TODO: check
+       NOT-FOR-US: AR System Mid Tier
 CVE-2015-5071 (AR System Mid Tier in the AR System Mid Tier component before 
9.0 SP1  ...)
-       TODO: check
+       NOT-FOR-US: AR System Mid Tier
 CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 
3.0.96 for  ...)
        NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) 
and Showbiz Pro
 CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution 
(revslider) ...)
@@ -226875,11 +226875,11 @@ CVE-2015-3615 (Cross-site scripting (XSS) 
vulnerability in Fortinet FortiManager
 CVE-2015-3614 (Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 
allows r ...)
        NOT-FOR-US: Fortinet
 CVE-2015-3613 (A vulnerability exists in in FortiManager 5.2.1 and earlier and 
5.0.10 ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2015-3612 (A Cross-site Scripting (XSS) vulnerability exists in 
FortiManager 5.2. ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2015-3611 (A Command Injection vulnerability exists in FortiManager 5.2.1 
and ear ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2015-3610 (The Siemens HomeControl for Room Automation application before 
2.0.1 f ...)
        NOT-FOR-US: Siemens HomeControl for Room Automation application for 
Android
 CVE-2015-3609
@@ -229302,7 +229302,7 @@ CVE-2015-2804 (The management web interface in 
Alcatel-Lucent OmniSwitch 6450, 6
 CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the 
Akronymmanager (s ...)
        NOT-FOR-US: TYPO3 extension sb_akronymmanager
 CVE-2015-2802 (An Information Disclosure vulnerability exists in HP SiteScope 
11.2 an ...)
-       TODO: check
+       NOT-FOR-US: HP SiteScope
 CVE-2015-2801
        RESERVED
 CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700, 
S5300, ...)
@@ -229403,7 +229403,7 @@ CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 
1.23.9, and 1.24.x before 1
 CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 
1.8.4 h ...)
        NOT-FOR-US: MyBB
 CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not 
properly han ...)
-       TODO: check
+       NOT-FOR-US: papercrop Ruby gem
 CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 
5.6.x b ...)
        {DSA-3280-1 DLA-212-1}
        - php5 5.6.9+dfsg-1
@@ -233174,7 +233174,7 @@ CVE-2015-1532
 CVE-2015-1531
        RESERVED
 CVE-2015-1530 (media/libmedia/IAudioPolicyService.cpp in Android before 5.1 
allows at ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in 
Android ...)
        NOT-FOR-US: Android
 CVE-2015-1528 (Integer overflow in the native_handle_create function in 
libcutils/nat ...)
@@ -233184,7 +233184,7 @@ CVE-2015-1527 (Integer overflow in 
IAudioPolicyService.cpp in Android allows loc
 CVE-2015-1526 (The media_server component in Android allows remote attackers 
to cause ...)
        NOT-FOR-US: Android
 CVE-2015-1525 (audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows 
attacker ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2015-1524
        RESERVED
 CVE-2015-1523
@@ -249658,7 +249658,7 @@ CVE-2014-5083
 CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in 
Sphider 1 ...)
        NOT-FOR-US: Sphider
 CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and 
sphider-plus pri ...)
-       TODO: check
+       NOT-FOR-US: sphider
 CVE-2014-5080
        RESERVED
 CVE-2014-5079
@@ -252617,7 +252617,7 @@ CVE-2014-3871 (Multiple SQL injection vulnerabilities 
in register.php in Geodesi
 CVE-2014-3869
        RESERVED
 CVE-2014-3868 (Multiple SQL injection vulnerabilities in ZeusCart 4.x. ...)
-       TODO: check
+       NOT-FOR-US: ZeusCart
 CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x 
through ...)
        NOT-FOR-US: IBM Sametime
 CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial 
component  ...)
@@ -254977,7 +254977,7 @@ CVE-2014-3120 (The default configuration in 
Elasticsearch before 1.2 enables dyn
        NOTE: https://github.com/elasticsearch/elasticsearch/commit/81e83cca
        NOTE: https://github.com/elasticsearch/elasticsearch/issues/5853
 CVE-2014-3119 (Multiple SQL injection vulnerabilities in web2Project 3.1 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: web2Project
 CVE-2014-3118
        RESERVED
 CVE-2014-3117
@@ -255642,7 +255642,7 @@ CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does 
not properly validate X.50
 CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging 
Secure  ...)
        NOT-FOR-US: F-Secure Messaging Secure Gateway
 CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite 
MapAPI 1 ...)
-       TODO: check
+       NOT-FOR-US: MapSuite MapAPI
 CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to 
cause a de ...)
        NOT-FOR-US: Juniper ScreenOS
 CVE-2014-2841
@@ -257818,7 +257818,7 @@ CVE-2014-2052
 CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows 
remote att ...)
        - owncloud 6.0.2+dfsg-1
 CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud 
Server bef ...)
-       TODO: check
+       - owncloud 6.0.2+dfsg-1
 CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 
5.0.15 and  ...)
        - owncloud 6.0.0+dfsg-1
 CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows 
remote att ...)
@@ -264450,7 +264450,7 @@ CVE-2013-6794 (Cross-site scripting (XSS) 
vulnerability in the Calendar module i
 CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Calendar mo ...)
        NOT-FOR-US: Olat
 CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security 
Bypass Vulne ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 
4.0 use ...)
        NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit
 CVE-2013-6790
@@ -266408,7 +266408,7 @@ CVE-2013-6058 (SQL injection vulnerability in appRain 
CMF 3.0.2 and earlier allo
 CVE-2013-6057
        RESERVED
 CVE-2013-6056 (OSSIM before 4.3.3.1 has tele_compress.php path traversal 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: AlienVault OSSIM
 CVE-2013-6055
        REJECTED
 CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified 
impact and  ...)
@@ -267374,7 +267374,7 @@ CVE-2013-5661 (Cache Poisoning issue exists in DNS 
Response Rate Limiting. ...)
 CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote 
attack ...)
        NOT-FOR-US: Power Software WinArchiver
 CVE-2013-5659 (Wiz 5.0.3 has a user mode write access violation ...)
-       TODO: check
+       NOT-FOR-US: Wiz
 CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...)
        NOT-FOR-US: AultWare pwStore
 CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79e443f08ea2f85bdf48b8a879f06622566ca90

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79e443f08ea2f85bdf48b8a879f06622566ca90
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to