[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 6 08:10:25 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cfe0af2d by security tracker role at 2019-02-06T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2019-7461
+ RESERVED
+CVE-2019-7460
+ RESERVED
+CVE-2019-7459
+ RESERVED
+CVE-2019-7458
+ RESERVED
+CVE-2019-7457
+ RESERVED
+CVE-2019-7456
+ RESERVED
+CVE-2019-7455
+ RESERVED
+CVE-2019-7454
+ RESERVED
+CVE-2019-7453
+ RESERVED
+CVE-2019-7452
+ RESERVED
+CVE-2019-7451
+ RESERVED
+CVE-2019-7450
+ RESERVED
+CVE-2019-7449
+ RESERVED
+CVE-2019-7448
+ RESERVED
+CVE-2019-7447
+ RESERVED
+CVE-2019-7446
+ RESERVED
+CVE-2019-7445
+ RESERVED
+CVE-2019-7444
+ RESERVED
+CVE-2019-7443
+ RESERVED
+CVE-2019-7442
+ RESERVED
+CVE-2019-7441
+ RESERVED
+CVE-2019-7440
+ RESERVED
+CVE-2019-7439
+ RESERVED
+CVE-2019-7438
+ RESERVED
+CVE-2019-7437
+ RESERVED
+CVE-2019-7436
+ RESERVED
+CVE-2019-7435
+ RESERVED
+CVE-2019-7434
+ RESERVED
+CVE-2019-7433
+ RESERVED
+CVE-2019-7432
+ RESERVED
+CVE-2019-7431
+ RESERVED
+CVE-2019-7430
+ RESERVED
+CVE-2019-7429
+ RESERVED
+CVE-2019-7428
+ RESERVED
+CVE-2019-7427
+ RESERVED
+CVE-2019-7426
+ RESERVED
+CVE-2019-7425
+ RESERVED
+CVE-2019-7424
+ RESERVED
+CVE-2019-7423
+ RESERVED
+CVE-2019-7422
+ RESERVED
+CVE-2019-7421
+ RESERVED
+CVE-2019-7420
+ RESERVED
+CVE-2019-7419
+ RESERVED
+CVE-2019-7418
+ RESERVED
+CVE-2019-7417
+ RESERVED
+CVE-2019-7416
+ RESERVED
CVE-2019-7415
RESERVED
CVE-2019-7414
@@ -2093,18 +2185,15 @@ CVE-2019-6525
NOT-FOR-US: AVEVA Wonderware System Platform
CVE-2019-6524
RESERVED
-CVE-2019-6523
- RESERVED
+CVE-2019-6523 (WebAccess/SCADA, Version 8.3. The software does not properly sanitize ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6522
RESERVED
-CVE-2019-6521
- RESERVED
+CVE-2019-6521 (WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6520
RESERVED
-CVE-2019-6519
- RESERVED
+CVE-2019-6519 (WebAccess/SCADA, Version 8.3. An improper authentication vulnerability ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6518
RESERVED
@@ -2135,8 +2224,8 @@ CVE-2019-6506
RESERVED
CVE-2019-6505
RESERVED
-CVE-2019-6504
- RESERVED
+CVE-2019-6504 (Insufficient output sanitization in the Automic Web Interface (AWI), ...)
+ TODO: check
CVE-2019-6503 (There is a deserialization vulnerability in Chatopera cosin v3.10.0. An ...)
NOT-FOR-US: Chatopera cosin
CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory ...)
@@ -10283,12 +10372,12 @@ CVE-2018-20254
RESERVED
CVE-2018-20253
RESERVED
-CVE-2018-20252
- RESERVED
-CVE-2018-20251
- RESERVED
-CVE-2018-20250
- RESERVED
+CVE-2018-20252 (There is an out-of-bounds writes vulnerability during parsing of ...)
+ TODO: check
+CVE-2018-20251 (A validation function (in WinRAR code) is being called before ...)
+ TODO: check
+CVE-2018-20250 (By crafting the filename field of the ACE format, the destination ...)
+ TODO: check
CVE-2018-20249 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where ...)
NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20248 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where ...)
@@ -21512,12 +21601,10 @@ CVE-2018-18508
RESERVED
CVE-2018-18507
RESERVED
-CVE-2018-18506
- RESERVED
+CVE-2018-18506 (When proxy auto-detection is enabled, if a web server serves a Proxy ...)
- firefox 65.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506
-CVE-2018-18505
- RESERVED
+CVE-2018-18505 (An earlier fix for an Inter-process Communication (IPC) vulnerability, ...)
{DSA-4376-1 DLA-1648-1}
- firefox 65.0-1
- firefox-esr 60.5.0esr-1
@@ -21525,20 +21612,16 @@ CVE-2018-18505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18505
-CVE-2018-18504
- RESERVED
+CVE-2018-18504 (A crash and out-of-bounds read can occur when the buffer of a texture ...)
- firefox 65.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18504
-CVE-2018-18503
- RESERVED
+CVE-2018-18503 (When JavaScript is used to create and manipulate an audio buffer, a ...)
- firefox 65.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18503
-CVE-2018-18502
- RESERVED
+CVE-2018-18502 (Mozilla developers and community members reported memory safety bugs ...)
- firefox 65.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502
-CVE-2018-18501
- RESERVED
+CVE-2018-18501 (Mozilla developers and community members reported memory safety bugs ...)
{DSA-4376-1 DLA-1648-1}
- firefox 65.0-1
- firefox-esr 60.5.0esr-1
@@ -21546,8 +21629,7 @@ CVE-2018-18501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18501
-CVE-2018-18500
- RESERVED
+CVE-2018-18500 (A use-after-free vulnerability can occur while parsing an HTML5 stream ...)
{DSA-4376-1 DLA-1648-1}
- firefox 65.0-1
- firefox-esr 60.5.0esr-1
@@ -22031,10 +22113,10 @@ CVE-2018-18336 (Incorrect object lifecycle in PDFium in Google Chrome prior to .
CVE-2018-18335 (Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18334
- RESERVED
-CVE-2018-18333
- RESERVED
+CVE-2018-18334 (A vulnerability in the Private Browser of Trend Micro Dr. Safety for ...)
+ TODO: check
+CVE-2018-18333 (A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) ...)
+ TODO: check
CVE-2018-18332 (A Trend Micro OfficeScan XG weak file permissions vulnerability may ...)
NOT-FOR-US: Trend Micro
CVE-2018-18331 (A Trend Micro OfficeScan XG weak file permissions vulnerability on a ...)
@@ -23059,10 +23141,13 @@ CVE-2014-10076 (The wp-db-backup plugin 2.2.4 for WordPress relies on a five-cha
CVE-2014-10075 (The karo gem 2.3.8 for Ruby allows Remote command injection via the ...)
NOT-FOR-US: karo gem
CVE-2013-7468
+ RESERVED
NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2013-7467
+ RESERVED
NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2013-7466
+ RESERVED
NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require ...)
NOT-FOR-US: Ice Cold Apps Servers Ultimate
@@ -47053,44 +47138,34 @@ CVE-2018-8802 (SQL injection vulnerability in the management interface in ePorta
CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
- gitlab 10.5.6+dfsg-1 (bug #893905)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
-CVE-2018-8800 [Remote code execution in ui_clip_handle_data()]
- RESERVED
+CVE-2018-8800 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8799 [DoS in process_secondary_order()]
- RESERVED
+CVE-2018-8799 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8798 [Minor information leak in rdpsnd_process_ping()]
- RESERVED
+CVE-2018-8798 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8797 [Remote code execution in process_plane()]
- RESERVED
+CVE-2018-8797 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8796 [DoS in process_bitmap_data()]
- RESERVED
+CVE-2018-8796 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8795 [Remote code execution in process_bitmap_data()]
- RESERVED
+CVE-2018-8795 (rdesktop versions up to and including v1.8.3 contain an Integer ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8794 [Memory corruption in process_bitmap_data()]
- RESERVED
+CVE-2018-8794 (rdesktop versions up to and including v1.8.3 contain an Integer ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8793 [Remote code execution in cssp_read_tsrequest()]
- RESERVED
+CVE-2018-8793 (rdesktop versions up to and including v1.8.3 contain a Heap-Based ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8792 [DoS in cssp_read_tsrequest()]
- RESERVED
+CVE-2018-8792 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
-CVE-2018-8791 [Minor information leak in rdpdr_process()]
- RESERVED
+CVE-2018-8791 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds ...)
- rdesktop 1.8.4-1
NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8790
@@ -60934,12 +61009,12 @@ CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the JavaScr
NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3992 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
NOT-FOR-US: Foxit Software's PDF Reader
-CVE-2018-3991
- RESERVED
-CVE-2018-3990
- RESERVED
-CVE-2018-3989
- RESERVED
+CVE-2018-3991 (An exploitable heap overflow vulnerability exists in the WkbProgramLow ...)
+ TODO: check
+CVE-2018-3990 (An exploitable pool corruption vulnerability exists in the 0x8200E804 ...)
+ TODO: check
+CVE-2018-3989 (An exploitable kernel memory disclosure vulnerability exists in the ...)
+ TODO: check
CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private information ...)
NOT-FOR-US: Signal Messenger
CVE-2018-3987
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfe0af2d01c92705039c3a0a47f5bf54af20b4aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfe0af2d01c92705039c3a0a47f5bf54af20b4aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190206/82bdf272/attachment.html>
More information about the debian-security-tracker-commits
mailing list