[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 26 08:10:21 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b174f03d by security tracker role at 2019-02-26T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,62 @@
-CVE-2019-9162 [netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs]
+CVE-2019-9183
+ RESERVED
+CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a ...)
+ TODO: check
+CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...)
+ TODO: check
+CVE-2019-9180
+ RESERVED
+CVE-2019-9179
+ RESERVED
+CVE-2019-9178
+ RESERVED
+CVE-2019-9177
+ RESERVED
+CVE-2019-9176
+ RESERVED
+CVE-2019-9175
+ RESERVED
+CVE-2019-9174
+ RESERVED
+CVE-2019-9173
+ RESERVED
+CVE-2019-9172
+ RESERVED
+CVE-2019-9171
+ RESERVED
+CVE-2019-9170
+ RESERVED
+CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
+ TODO: check
+CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...)
+ TODO: check
+CVE-2019-9167
+ RESERVED
+CVE-2019-9166
+ RESERVED
+CVE-2019-9165
+ RESERVED
+CVE-2019-9164
+ RESERVED
+CVE-2019-9163
+ RESERVED
+CVE-2019-9161
+ RESERVED
+CVE-2019-9160
+ RESERVED
+CVE-2019-9159
+ RESERVED
+CVE-2019-9158
+ RESERVED
+CVE-2019-9157
+ RESERVED
+CVE-2019-9156
+ RESERVED
+CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, ...)
+ TODO: check
+CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in ...)
+ TODO: check
+CVE-2019-9162 (In the Linux kernel before 4.20.12, ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -3259,6 +3317,7 @@ CVE-2019-7667
CVE-2019-7666
RESERVED
CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
+ {DLA-1689-1}
- elfutils 0.176-1 (low; bug #921880)
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089
@@ -4650,12 +4709,14 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in ...)
NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b
NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e
CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can ...)
+ {DLA-1689-1}
- elfutils 0.176-1 (low; bug #920909)
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103
NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59
CVE-2019-7149 (A heap-based buffer over-read was discovered in the function ...)
+ {DLA-1689-1}
- elfutils 0.176-1 (low; bug #920910)
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102
@@ -6349,7 +6410,7 @@ CVE-2015-9277 (MailEnable before 8.60 allows Directory Traversal for reading the
NOT-FOR-US: MailEnable
CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS ...)
NOT-FOR-US: SmarterTools SmarterMail
-CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle ...)
+CVE-2019-6446 (** DISPUTED ** ...)
- python-numpy 1:1.10.4-1
[jessie] - python-numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/12759
@@ -6793,10 +6854,10 @@ CVE-2019-6268
RESERVED
CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for ...)
NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
-CVE-2019-6266
- RESERVED
-CVE-2019-6265
- RESERVED
+CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is ...)
+ TODO: check
+CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware bestinformed ...)
+ TODO: check
CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...)
NOT-FOR-US: Joomla!
CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...)
@@ -16984,8 +17045,8 @@ CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
- chromium 71.0.3578.80-1
CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...)
NOT-FOR-US: doorGets
-CVE-2018-20063
- RESERVED
+CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An ...)
+ TODO: check
CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php ...)
NOT-FOR-US: NoneCms
CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...)
@@ -17062,8 +17123,8 @@ CVE-2018-20035
RESERVED
CVE-2018-20034
RESERVED
-CVE-2018-20033
- RESERVED
+CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon ...)
+ TODO: check
CVE-2018-20032
RESERVED
CVE-2018-20031
@@ -25628,12 +25689,14 @@ CVE-2018-18523
CVE-2018-18522
RESERVED
CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...)
+ {DLA-1689-1}
- elfutils 0.175-1 (low; bug #911413)
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...)
+ {DLA-1689-1}
- elfutils 0.175-1 (low; bug #911414)
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
@@ -26265,6 +26328,7 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo
NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850
CVE-2018-18310 (An invalid memory address dereference was discovered in ...)
+ {DLA-1689-1}
- elfutils 0.175-1 (bug #911083)
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
@@ -32147,6 +32211,7 @@ CVE-2018-16064
CVE-2018-16063
RESERVED
CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before ...)
+ {DLA-1689-1}
- elfutils 0.175-1 (bug #907562)
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
@@ -32885,7 +32950,7 @@ CVE-2018-15779
CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...)
NOT-FOR-US: Dell
CVE-2018-15777
- RESERVED
+ REJECTED
CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an ...)
NOT-FOR-US: EMC iDRAC
CVE-2018-15775
@@ -37742,12 +37807,12 @@ CVE-2018-13916
RESERVED
CVE-2018-13915
RESERVED
-CVE-2018-13914
- RESERVED
-CVE-2018-13913
- RESERVED
-CVE-2018-13912
- RESERVED
+CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
+ TODO: check
+CVE-2018-13913 (Improper validation of array index can lead to unauthorized access ...)
+ TODO: check
+CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in ...)
+ TODO: check
CVE-2018-13911
RESERVED
CVE-2018-13910
@@ -37760,11 +37825,9 @@ CVE-2018-13907
RESERVED
CVE-2018-13906
RESERVED
-CVE-2018-13905
- RESERVED
+CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource cleanup ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13904
- RESERVED
+CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13903
RESERVED
@@ -37772,8 +37835,7 @@ CVE-2018-13902
RESERVED
CVE-2018-13901
RESERVED
-CVE-2018-13900
- RESERVED
+CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13899
RESERVED
@@ -42835,15 +42897,13 @@ CVE-2018-11950 (Unapproved TrustZone applications can be loaded and executed in
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11949
RESERVED
-CVE-2018-11948
- RESERVED
+CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11947
RESERVED
CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11945
- RESERVED
+CVE-2018-11945 (Improper input validation in wireless service messaging module for ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11944
RESERVED
@@ -42857,25 +42917,21 @@ CVE-2018-11940
RESERVED
CVE-2018-11939
RESERVED
-CVE-2018-11938
- RESERVED
+CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11937
RESERVED
CVE-2018-11936
RESERVED
-CVE-2018-11935
- RESERVED
+CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11934
RESERVED
CVE-2018-11933
RESERVED
-CVE-2018-11932
- RESERVED
+CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11931
- RESERVED
+CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11930
RESERVED
@@ -43009,8 +43065,7 @@ CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11865 (Integer overflow may happen when calculating an internal structure ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11864
- RESERVED
+CVE-2018-11864 (Bytes can be written to fuses from Secure region which can be read ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
@@ -43048,8 +43103,7 @@ CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11845
- RESERVED
+CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11844
RESERVED
@@ -43099,8 +43153,7 @@ CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory ...
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11820
- RESERVED
+CVE-2018-11820 (Use of non-time constant memcmp function creates side channel that ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11819
RESERVED
@@ -44698,8 +44751,7 @@ CVE-2018-11291 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11289
- RESERVED
+CVE-2018-11289 (Data truncation during higher to lower type conversion which causes ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for ...)
NOT-FOR-US: Qualcomm components for Android
@@ -60288,8 +60340,7 @@ CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that is
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the DRM ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5839
- RESERVED
+CVE-2018-5839 (Improperly configured memory protection allows read/write access to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in ...)
NOT-FOR-US: Qualcomm components for Android
@@ -106329,24 +106380,28 @@ CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd
NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...)
+ {DLA-1689-1}
- elfutils 0.168-1 (bug #859990)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...)
+ {DLA-1689-1}
- elfutils 0.168-1 (bug #859991)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...)
+ {DLA-1689-1}
- elfutils 0.168-1 (bug #859992)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...)
+ {DLA-1689-1}
- elfutils 0.168-1 (bug #859993)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
@@ -106359,6 +106414,7 @@ CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compr
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301
NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/
CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...)
+ {DLA-1689-1}
- elfutils 0.168-1 (bug #859995)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b174f03d30f148ed39907620b57887551e932935
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b174f03d30f148ed39907620b57887551e932935
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190226/b409d522/attachment.html>
More information about the debian-security-tracker-commits
mailing list