[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 3 20:10:32 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83806915 by security tracker role at 2019-01-03T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,659 @@
+CVE-2019-3905 (Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. ...)
+ TODO: check
+CVE-2019-3904
+ RESERVED
+CVE-2019-3903
+ RESERVED
+CVE-2019-3902
+ RESERVED
+CVE-2019-3901
+ RESERVED
+CVE-2019-3900
+ RESERVED
+CVE-2019-3899
+ RESERVED
+CVE-2019-3898
+ RESERVED
+CVE-2019-3897
+ RESERVED
+CVE-2019-3896
+ RESERVED
+CVE-2019-3895
+ RESERVED
+CVE-2019-3894
+ RESERVED
+CVE-2019-3893
+ RESERVED
+CVE-2019-3892
+ RESERVED
+CVE-2019-3891
+ RESERVED
+CVE-2019-3890
+ RESERVED
+CVE-2019-3889
+ RESERVED
+CVE-2019-3888
+ RESERVED
+CVE-2019-3887
+ RESERVED
+CVE-2019-3886
+ RESERVED
+CVE-2019-3885
+ RESERVED
+CVE-2019-3884
+ RESERVED
+CVE-2019-3883
+ RESERVED
+CVE-2019-3882
+ RESERVED
+CVE-2019-3881
+ RESERVED
+CVE-2019-3880
+ RESERVED
+CVE-2019-3879
+ RESERVED
+CVE-2019-3878
+ RESERVED
+CVE-2019-3877
+ RESERVED
+CVE-2019-3876
+ RESERVED
+CVE-2019-3875
+ RESERVED
+CVE-2019-3874
+ RESERVED
+CVE-2019-3873
+ RESERVED
+CVE-2019-3872
+ RESERVED
+CVE-2019-3871
+ RESERVED
+CVE-2019-3870
+ RESERVED
+CVE-2019-3869
+ RESERVED
+CVE-2019-3868
+ RESERVED
+CVE-2019-3867
+ RESERVED
+CVE-2019-3866
+ RESERVED
+CVE-2019-3865
+ RESERVED
+CVE-2019-3864
+ RESERVED
+CVE-2019-3863
+ RESERVED
+CVE-2019-3862
+ RESERVED
+CVE-2019-3861
+ RESERVED
+CVE-2019-3860
+ RESERVED
+CVE-2019-3859
+ RESERVED
+CVE-2019-3858
+ RESERVED
+CVE-2019-3857
+ RESERVED
+CVE-2019-3856
+ RESERVED
+CVE-2019-3855
+ RESERVED
+CVE-2019-3854
+ RESERVED
+CVE-2019-3853
+ RESERVED
+CVE-2019-3852
+ RESERVED
+CVE-2019-3851
+ RESERVED
+CVE-2019-3850
+ RESERVED
+CVE-2019-3849
+ RESERVED
+CVE-2019-3848
+ RESERVED
+CVE-2019-3847
+ RESERVED
+CVE-2019-3846
+ RESERVED
+CVE-2019-3845
+ RESERVED
+CVE-2019-3844
+ RESERVED
+CVE-2019-3843
+ RESERVED
+CVE-2019-3842
+ RESERVED
+CVE-2019-3841
+ RESERVED
+CVE-2019-3840
+ RESERVED
+CVE-2019-3839
+ RESERVED
+CVE-2019-3838
+ RESERVED
+CVE-2019-3837
+ RESERVED
+CVE-2019-3836
+ RESERVED
+CVE-2019-3835
+ RESERVED
+CVE-2019-3834
+ RESERVED
+CVE-2019-3833
+ RESERVED
+CVE-2019-3832
+ RESERVED
+CVE-2019-3831
+ RESERVED
+CVE-2019-3830
+ RESERVED
+CVE-2019-3829
+ RESERVED
+CVE-2019-3828
+ RESERVED
+CVE-2019-3827
+ RESERVED
+CVE-2019-3826
+ RESERVED
+CVE-2019-3825
+ RESERVED
+CVE-2019-3824
+ RESERVED
+CVE-2019-3823
+ RESERVED
+CVE-2019-3822
+ RESERVED
+CVE-2019-3821
+ RESERVED
+CVE-2019-3820
+ RESERVED
+CVE-2019-3819
+ RESERVED
+CVE-2019-3818
+ RESERVED
+CVE-2019-3817
+ RESERVED
+CVE-2019-3816
+ RESERVED
+CVE-2019-3815
+ RESERVED
+CVE-2019-3814
+ RESERVED
+CVE-2019-3813
+ RESERVED
+CVE-2019-3812
+ RESERVED
+CVE-2019-3811
+ RESERVED
+CVE-2019-3810
+ RESERVED
+CVE-2019-3809
+ RESERVED
+CVE-2019-3808
+ RESERVED
+CVE-2019-3807
+ RESERVED
+CVE-2019-3806
+ RESERVED
+CVE-2019-3805
+ RESERVED
+CVE-2019-3804
+ RESERVED
+CVE-2019-3803
+ RESERVED
+CVE-2019-3802
+ RESERVED
+CVE-2019-3801
+ RESERVED
+CVE-2019-3800
+ RESERVED
+CVE-2019-3799
+ RESERVED
+CVE-2019-3798
+ RESERVED
+CVE-2019-3797
+ RESERVED
+CVE-2019-3796
+ RESERVED
+CVE-2019-3795
+ RESERVED
+CVE-2019-3794
+ RESERVED
+CVE-2019-3793
+ RESERVED
+CVE-2019-3792
+ RESERVED
+CVE-2019-3791
+ RESERVED
+CVE-2019-3790
+ RESERVED
+CVE-2019-3789
+ RESERVED
+CVE-2019-3788
+ RESERVED
+CVE-2019-3787
+ RESERVED
+CVE-2019-3786
+ RESERVED
+CVE-2019-3785
+ RESERVED
+CVE-2019-3784
+ RESERVED
+CVE-2019-3783
+ RESERVED
+CVE-2019-3782
+ RESERVED
+CVE-2019-3781
+ RESERVED
+CVE-2019-3780
+ RESERVED
+CVE-2019-3779
+ RESERVED
+CVE-2019-3778
+ RESERVED
+CVE-2019-3777
+ RESERVED
+CVE-2019-3776
+ RESERVED
+CVE-2019-3775
+ RESERVED
+CVE-2019-3774
+ RESERVED
+CVE-2019-3773
+ RESERVED
+CVE-2019-3772
+ RESERVED
+CVE-2019-3771
+ RESERVED
+CVE-2019-3770
+ RESERVED
+CVE-2019-3769
+ RESERVED
+CVE-2019-3768
+ RESERVED
+CVE-2019-3767
+ RESERVED
+CVE-2019-3766
+ RESERVED
+CVE-2019-3765
+ RESERVED
+CVE-2019-3764
+ RESERVED
+CVE-2019-3763
+ RESERVED
+CVE-2019-3762
+ RESERVED
+CVE-2019-3761
+ RESERVED
+CVE-2019-3760
+ RESERVED
+CVE-2019-3759
+ RESERVED
+CVE-2019-3758
+ RESERVED
+CVE-2019-3757
+ RESERVED
+CVE-2019-3756
+ RESERVED
+CVE-2019-3755
+ RESERVED
+CVE-2019-3754
+ RESERVED
+CVE-2019-3753
+ RESERVED
+CVE-2019-3752
+ RESERVED
+CVE-2019-3751
+ RESERVED
+CVE-2019-3750
+ RESERVED
+CVE-2019-3749
+ RESERVED
+CVE-2019-3748
+ RESERVED
+CVE-2019-3747
+ RESERVED
+CVE-2019-3746
+ RESERVED
+CVE-2019-3745
+ RESERVED
+CVE-2019-3744
+ RESERVED
+CVE-2019-3743
+ RESERVED
+CVE-2019-3742
+ RESERVED
+CVE-2019-3741
+ RESERVED
+CVE-2019-3740
+ RESERVED
+CVE-2019-3739
+ RESERVED
+CVE-2019-3738
+ RESERVED
+CVE-2019-3737
+ RESERVED
+CVE-2019-3736
+ RESERVED
+CVE-2019-3735
+ RESERVED
+CVE-2019-3734
+ RESERVED
+CVE-2019-3733
+ RESERVED
+CVE-2019-3732
+ RESERVED
+CVE-2019-3731
+ RESERVED
+CVE-2019-3730
+ RESERVED
+CVE-2019-3729
+ RESERVED
+CVE-2019-3728
+ RESERVED
+CVE-2019-3727
+ RESERVED
+CVE-2019-3726
+ RESERVED
+CVE-2019-3725
+ RESERVED
+CVE-2019-3724
+ RESERVED
+CVE-2019-3723
+ RESERVED
+CVE-2019-3722
+ RESERVED
+CVE-2019-3721
+ RESERVED
+CVE-2019-3720
+ RESERVED
+CVE-2019-3719
+ RESERVED
+CVE-2019-3718
+ RESERVED
+CVE-2019-3717
+ RESERVED
+CVE-2019-3716
+ RESERVED
+CVE-2019-3715
+ RESERVED
+CVE-2019-3714
+ RESERVED
+CVE-2019-3713
+ RESERVED
+CVE-2019-3712
+ RESERVED
+CVE-2019-3711
+ RESERVED
+CVE-2019-3710
+ RESERVED
+CVE-2019-3709
+ RESERVED
+CVE-2019-3708
+ RESERVED
+CVE-2019-3707
+ RESERVED
+CVE-2019-3706
+ RESERVED
+CVE-2019-3705
+ RESERVED
+CVE-2019-3704
+ RESERVED
+CVE-2019-3703
+ RESERVED
+CVE-2019-3702
+ RESERVED
+CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...)
+ TODO: check
+CVE-2019-3700
+ RESERVED
+CVE-2019-3699
+ RESERVED
+CVE-2019-3698
+ RESERVED
+CVE-2019-3697
+ RESERVED
+CVE-2019-3696
+ RESERVED
+CVE-2019-3695
+ RESERVED
+CVE-2019-3694
+ RESERVED
+CVE-2019-3693
+ RESERVED
+CVE-2019-3692
+ RESERVED
+CVE-2019-3691
+ RESERVED
+CVE-2019-3690
+ RESERVED
+CVE-2019-3689
+ RESERVED
+CVE-2019-3688
+ RESERVED
+CVE-2019-3687
+ RESERVED
+CVE-2019-3686
+ RESERVED
+CVE-2019-3685
+ RESERVED
+CVE-2019-3684
+ RESERVED
+CVE-2019-3683
+ RESERVED
+CVE-2019-3682
+ RESERVED
+CVE-2019-3681
+ RESERVED
+CVE-2019-3680
+ RESERVED
+CVE-2019-3679
+ RESERVED
+CVE-2019-3678
+ RESERVED
+CVE-2019-3677
+ RESERVED
+CVE-2019-3676
+ RESERVED
+CVE-2019-3675
+ RESERVED
+CVE-2019-3674
+ RESERVED
+CVE-2019-3673
+ RESERVED
+CVE-2019-3672
+ RESERVED
+CVE-2019-3671
+ RESERVED
+CVE-2019-3670
+ RESERVED
+CVE-2019-3669
+ RESERVED
+CVE-2019-3668
+ RESERVED
+CVE-2019-3667
+ RESERVED
+CVE-2019-3666
+ RESERVED
+CVE-2019-3665
+ RESERVED
+CVE-2019-3664
+ RESERVED
+CVE-2019-3663
+ RESERVED
+CVE-2019-3662
+ RESERVED
+CVE-2019-3661
+ RESERVED
+CVE-2019-3660
+ RESERVED
+CVE-2019-3659
+ RESERVED
+CVE-2019-3658
+ RESERVED
+CVE-2019-3657
+ RESERVED
+CVE-2019-3656
+ RESERVED
+CVE-2019-3655
+ RESERVED
+CVE-2019-3654
+ RESERVED
+CVE-2019-3653
+ RESERVED
+CVE-2019-3652
+ RESERVED
+CVE-2019-3651
+ RESERVED
+CVE-2019-3650
+ RESERVED
+CVE-2019-3649
+ RESERVED
+CVE-2019-3648
+ RESERVED
+CVE-2019-3647
+ RESERVED
+CVE-2019-3646
+ RESERVED
+CVE-2019-3645
+ RESERVED
+CVE-2019-3644
+ RESERVED
+CVE-2019-3643
+ RESERVED
+CVE-2019-3642
+ RESERVED
+CVE-2019-3641
+ RESERVED
+CVE-2019-3640
+ RESERVED
+CVE-2019-3639
+ RESERVED
+CVE-2019-3638
+ RESERVED
+CVE-2019-3637
+ RESERVED
+CVE-2019-3636
+ RESERVED
+CVE-2019-3635
+ RESERVED
+CVE-2019-3634
+ RESERVED
+CVE-2019-3633
+ RESERVED
+CVE-2019-3632
+ RESERVED
+CVE-2019-3631
+ RESERVED
+CVE-2019-3630
+ RESERVED
+CVE-2019-3629
+ RESERVED
+CVE-2019-3628
+ RESERVED
+CVE-2019-3627
+ RESERVED
+CVE-2019-3626
+ RESERVED
+CVE-2019-3625
+ RESERVED
+CVE-2019-3624
+ RESERVED
+CVE-2019-3623
+ RESERVED
+CVE-2019-3622
+ RESERVED
+CVE-2019-3621
+ RESERVED
+CVE-2019-3620
+ RESERVED
+CVE-2019-3619
+ RESERVED
+CVE-2019-3618
+ RESERVED
+CVE-2019-3617
+ RESERVED
+CVE-2019-3616
+ RESERVED
+CVE-2019-3615
+ RESERVED
+CVE-2019-3614
+ RESERVED
+CVE-2019-3613
+ RESERVED
+CVE-2019-3612
+ RESERVED
+CVE-2019-3611
+ RESERVED
+CVE-2019-3610
+ RESERVED
+CVE-2019-3609
+ RESERVED
+CVE-2019-3608
+ RESERVED
+CVE-2019-3607
+ RESERVED
+CVE-2019-3606
+ RESERVED
+CVE-2019-3605
+ RESERVED
+CVE-2019-3604
+ RESERVED
+CVE-2019-3603
+ RESERVED
+CVE-2019-3602
+ RESERVED
+CVE-2019-3601
+ RESERVED
+CVE-2019-3600
+ RESERVED
+CVE-2019-3599
+ RESERVED
+CVE-2019-3598
+ RESERVED
+CVE-2019-3597
+ RESERVED
+CVE-2019-3596
+ RESERVED
+CVE-2019-3595
+ RESERVED
+CVE-2019-3594
+ RESERVED
+CVE-2019-3593
+ RESERVED
+CVE-2019-3592
+ RESERVED
+CVE-2019-3591
+ RESERVED
+CVE-2019-3590
+ RESERVED
+CVE-2019-3589
+ RESERVED
+CVE-2019-3588
+ RESERVED
+CVE-2019-3587
+ RESERVED
+CVE-2019-3586
+ RESERVED
+CVE-2019-3585
+ RESERVED
+CVE-2019-3584
+ RESERVED
+CVE-2019-3583
+ RESERVED
+CVE-2019-3582
+ RESERVED
+CVE-2019-3581
+ RESERVED
+CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via ...)
+ TODO: check
+CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA ...)
+ TODO: check
+CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause ...)
+ TODO: check
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)
NOT-FOR-US: OpenRefine
CVE-2019-3579
@@ -8,8 +664,8 @@ CVE-2019-3577 (An issue was discovered in Waimai Super Cms 20150505. ...)
NOT-FOR-US: Waimai Super Cms
CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability that can ...)
NOT-FOR-US: inxedu
-CVE-2019-3575
- RESERVED
+CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary ...)
+ TODO: check
CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the ...)
- libsixel <unfixed> (low)
[stretch] - libsixel <no-dsa> (Minor issue)
@@ -744,8 +1400,8 @@ CVE-2018-20514
RESERVED
CVE-2018-20513
RESERVED
-CVE-2018-20512
- RESERVED
+CVE-2018-20512 (EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of ...)
+ TODO: check
CVE-2018-20510
RESERVED
CVE-2018-20509
@@ -5135,20 +5791,20 @@ CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as ..
NOT-FOR-US: Apereo Bedework bw-webdav
CVE-2018-19999
RESERVED
-CVE-2018-19998
- RESERVED
+CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...)
+ TODO: check
CVE-2018-19997
RESERVED
CVE-2018-19996
RESERVED
-CVE-2018-19995
- RESERVED
-CVE-2018-19994
- RESERVED
-CVE-2018-19993
- RESERVED
-CVE-2018-19992
- RESERVED
+CVE-2018-19995 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 ...)
+ TODO: check
+CVE-2018-19994 (An error-based SQL injection vulnerability in product/card.php in ...)
+ TODO: check
+CVE-2018-19993 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 ...)
+ TODO: check
+CVE-2018-19992 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 ...)
+ TODO: check
CVE-2018-19991 (VeryNginx 0.3.3 allows remote attackers to bypass the Web Application ...)
NOT-FOR-US: VeryNginx
CVE-2018-19990
@@ -6363,10 +7019,10 @@ CVE-2018-19864 (NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allo
NOT-FOR-US: NUUO NVRmini2 Network Video Recorder firmware
CVE-2018-19863 (An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on ...)
NOT-FOR-US: 1Password
-CVE-2018-19862
- RESERVED
-CVE-2018-19861
- RESERVED
+CVE-2018-19862 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
+ TODO: check
CVE-2018-19860
RESERVED
CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a relative ...)
@@ -9891,8 +10547,8 @@ CVE-2018-19525
RESERVED
CVE-2018-19524
RESERVED
-CVE-2018-19523
- RESERVED
+CVE-2018-19523 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
+ TODO: check
CVE-2018-19522 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
NOT-FOR-US: DriverAgent
CVE-2018-19521
@@ -9929,8 +10585,8 @@ CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ...)
NOT-FOR-US: CMSimple
CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the ...)
NOT-FOR-US: Zurmo
-CVE-2018-19505
- RESERVED
+CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct ...)
+ TODO: check
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
- faad2 <unfixed> (low; bug #914641)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -10196,10 +10852,10 @@ CVE-2018-19416 (An issue was discovered in sysstat 12.1.1. The remap_struct func
NOTE: https://github.com/sysstat/sysstat/issues/196
NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/fbc691eaaa10d0bcea6741d5a223dc3906106548
NOTE: Vulnerable code introduced with https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c#diff-cccb0877d1539c562536a98e0d17428f
-CVE-2018-19415
- RESERVED
-CVE-2018-19414
- RESERVED
+CVE-2018-19415 (Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow ...)
+ TODO: check
+CVE-2018-19414 (Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS ...)
+ TODO: check
CVE-2018-19413 (A vulnerability in the API of SonarSource SonarQube before 7.4 could ...)
NOT-FOR-US: SonarQube
CVE-2018-19412
@@ -16167,8 +16823,8 @@ CVE-2018-17163
RESERVED
CVE-2018-17162
RESERVED
-CVE-2018-17161
- RESERVED
+CVE-2018-17161 (In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, ...)
+ TODO: check
CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, ...)
TODO: check
CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS ...)
@@ -16820,8 +17476,7 @@ CVE-2018-16887
NOT-FOR-US: Katello
CVE-2018-16886
RESERVED
-CVE-2018-16885 [out-of-bound read in memcpy_fromiovecend()]
- RESERVED
+CVE-2018-16885 (A flaw was found in the Linux kernel that allows the userspace to call ...)
- linux <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1661503
CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares ...)
@@ -16836,8 +17491,7 @@ CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly restr
NOTE: Fixed in upstream 2.0.0 while refactoring code
NOTE: Fixed by https://pagure.io/SSSD/sssd/c/fbe2476a3dd9be83ffa85c29dca26f734618d72d?branch=master
NOTE: Fixes for older branches will be provided in January 2019.
-CVE-2018-16882 [KVM: nVMX: use after free in posted interrupt processing]
- RESERVED
+CVE-2018-16882 (A use-after-free issue was found in the way the Linux kernel's KVM ...)
- linux 4.19.13-1
NOTE: https://marc.info/?l=kvm&m=154514994222809&w=2
NOTE: Fixed by: https://git.kernel.org/linus/c2dd5146e9fe1f22c77c1b011adf84eea0245806
@@ -16845,15 +17499,13 @@ CVE-2018-16881
RESERVED
CVE-2018-16880
RESERVED
-CVE-2018-16879
- RESERVED
+CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
NOT-FOR-US: Ansible Tower
CVE-2018-16878
RESERVED
CVE-2018-16877
RESERVED
-CVE-2018-16876 [Information disclosure in vvv+ mode with no_log on]
- RESERVED
+CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a ...)
- ansible <unfixed> (bug #916102)
[jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ansible/ansible/pull/49569
@@ -16888,8 +17540,8 @@ CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35ce73d1c8e19a37e2737717ea1c984dc1
CVE-2018-16871
RESERVED
-CVE-2018-16870
- RESERVED
+CVE-2018-16870 (It was found that wolfssl before 3.15.7 is vulnerable to a new variant ...)
+ TODO: check
CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack was ...)
- nettle 3.4.1~rc1-1
NOTE: http://cat.eyalro.net/
@@ -23120,8 +23772,8 @@ CVE-2018-14483
RESERVED
CVE-2018-14482
RESERVED
-CVE-2018-14481
- RESERVED
+CVE-2018-14481 (Osclass 3.7.4 has XSS via the query string to index.php, a different ...)
+ TODO: check
CVE-2018-14480
RESERVED
CVE-2018-14479
@@ -28202,30 +28854,30 @@ CVE-2017-18332
RESERVED
CVE-2017-18331
RESERVED
-CVE-2017-18330
- RESERVED
-CVE-2017-18329
- RESERVED
-CVE-2017-18328
- RESERVED
-CVE-2017-18327
- RESERVED
-CVE-2017-18326
- RESERVED
+CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...)
+ TODO: check
+CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...)
+ TODO: check
+CVE-2017-18328 (Use after free in QSH client rule processing in snapdragon mobile and ...)
+ TODO: check
+CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or ...)
+ TODO: check
+CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon ...)
+ TODO: check
CVE-2017-18325
RESERVED
-CVE-2017-18324
- RESERVED
-CVE-2017-18323
- RESERVED
-CVE-2017-18322
- RESERVED
-CVE-2017-18321
- RESERVED
-CVE-2017-18320
- RESERVED
-CVE-2017-18319
- RESERVED
+CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in ...)
+ TODO: check
+CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in ...)
+ TODO: check
+CVE-2017-18322 (Cryptographic key material leaked in WCDMA debug messages in ...)
+ TODO: check
+CVE-2017-18321 (Security keys used by the terminal and NW for a session could be ...)
+ TODO: check
+CVE-2017-18320 (QSEE unload attempt on a 3rd party TEE without previously loading ...)
+ TODO: check
+CVE-2017-18319 (Information leak in UIM API debug messages in snapdragon mobile and ...)
+ TODO: check
CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon Automobile, ...)
NOT-FOR-US: Snapdragon
CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be bypassed ...)
@@ -44296,8 +44948,8 @@ CVE-2017-18143 (In Android before security patch level 2018-04-05 on Qualcomm ..
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18142 (In Android before security patch level 2018-04-05 on Qualcomm ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18141
- RESERVED
+CVE-2017-18141 (When a 3rd party TEE has been loaded it is possible for the non-secure ...)
+ TODO: check
CVE-2017-18140 (In Android before security patch level 2018-04-05 on Qualcomm ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18139 (In Android before security patch level 2018-04-05 on Qualcomm ...)
@@ -82792,8 +83444,8 @@ CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm closed-source components for Android
-CVE-2017-11004
- RESERVED
+CVE-2017-11004 (A non-secure user may be able to access certain registers in ...)
+ TODO: check
CVE-2017-11003 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11002 (In all Qualcomm products with Android releases from CAF using the ...)
@@ -196593,7 +197245,7 @@ CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL b
[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote ...)
NOT-FOR-US: Cloudera Manager
-CVE-2014-0219 (Apache Karaf enables a shutdown port on the loopback interface, which ...)
+CVE-2014-0219 (Apache Karaf before 4.0.10 enables a shutdown port on the loopback ...)
- apache-karaf <itp> (bug #881297)
CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader ...)
- moodle 2.6.3-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/838069151d214a38d118b28cf0c7a9a893176943
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/838069151d214a38d118b28cf0c7a9a893176943
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/ac8767b5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list