[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 11 08:10:24 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5af0994d by security tracker role at 2019-01-11T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2019-6132 (An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in ...)
+ TODO: check
+CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack ...)
+ TODO: check
+CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the ...)
+ TODO: check
+CVE-2019-6129 (png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as ...)
+ TODO: check
+CVE-2019-6128 (The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory ...)
+ TODO: check
+CVE-2019-6127 (An issue was discovered in XiaoCms 20141229. It allows ...)
+ TODO: check
+CVE-2019-6126 (The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script ...)
+ TODO: check
+CVE-2019-6125
+ RESERVED
+CVE-2019-6124
+ RESERVED
+CVE-2019-6123
+ RESERVED
+CVE-2019-6122
+ RESERVED
+CVE-2019-6121
+ RESERVED
+CVE-2019-6120
+ RESERVED
+CVE-2019-6119
+ RESERVED
+CVE-2019-6118
+ RESERVED
+CVE-2019-6117
+ RESERVED
+CVE-2019-6116
+ RESERVED
+CVE-2019-6115
+ RESERVED
+CVE-2019-6114
+ RESERVED
+CVE-2019-6113
+ RESERVED
+CVE-2019-6112
+ RESERVED
+CVE-2019-6111
+ RESERVED
+CVE-2019-6110
+ RESERVED
+CVE-2019-6109
+ RESERVED
+CVE-2018-20698
+ RESERVED
+CVE-2018-20697
+ RESERVED
+CVE-2018-20696
+ RESERVED
+CVE-2018-20695
+ RESERVED
+CVE-2018-20694
+ RESERVED
+CVE-2018-20693
+ RESERVED
+CVE-2018-20692
+ RESERVED
+CVE-2018-20691
+ RESERVED
+CVE-2018-20690
+ RESERVED
+CVE-2018-20689
+ RESERVED
+CVE-2018-20688
+ RESERVED
+CVE-2018-20687
+ RESERVED
+CVE-2018-20686
+ RESERVED
+CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp ...)
+ TODO: check
+CVE-2017-1002157 (modulemd 1.3.1 and earlier uses an unsafe function for processing ...)
+ TODO: check
+CVE-2017-1002152 (Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting ...)
+ TODO: check
CVE-2019-6108
RESERVED
CVE-2019-6107
@@ -708,7 +788,7 @@ CVE-2019-5755
RESERVED
CVE-2019-5754
RESERVED
-CVE-2018-20685 [scp: bypass of access restrictions via the filename of . or an empty filename]
+CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to ...)
- openssh <unfixed>
NOTE: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
CVE-2018-20682 (Fork CMS 5.0.6 allows stored XSS via the private/en/settings ...)
@@ -5575,6 +5655,7 @@ CVE-2019-3462
RESERVED
CVE-2019-3461
RESERVED
+ {DSA-4365-1}
- tmpreaper <unfixed> (bug #918956)
CVE-2019-3460 [Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp]
RESERVED
@@ -16185,8 +16266,8 @@ CVE-2019-0090
RESERVED
CVE-2019-0089
RESERVED
-CVE-2019-0088
- RESERVED
+CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for ...)
+ TODO: check
CVE-2019-0087
RESERVED
CVE-2019-0086
@@ -19223,8 +19304,8 @@ CVE-2018-18100
RESERVED
CVE-2018-18099
RESERVED
-CVE-2018-18098
- RESERVED
+CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...)
+ TODO: check
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox ...)
NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux ...)
@@ -25941,10 +26022,10 @@ CVE-2018-15463
RESERVED
CVE-2018-15462
RESERVED
-CVE-2018-15461
- RESERVED
-CVE-2018-15460
- RESERVED
+CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...)
+ TODO: check
+CVE-2018-15460 (A vulnerability in the email message filtering feature of Cisco ...)
+ TODO: check
CVE-2018-15459
RESERVED
CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco Firepower ...)
@@ -34440,8 +34521,8 @@ CVE-2018-12179
RESERVED
CVE-2018-12178
RESERVED
-CVE-2018-12177
- RESERVED
+CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) ...)
+ TODO: check
CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a ...)
NOT-FOR-US: Intel
CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...)
@@ -34461,10 +34542,10 @@ CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Proce
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...)
NOT-FOR-US: Intel
-CVE-2018-12167
- RESERVED
-CVE-2018-12166
- RESERVED
+CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC ...)
+ TODO: check
+CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD ...)
+ TODO: check
CVE-2018-12165
RESERVED
CVE-2018-12164
@@ -53612,10 +53693,10 @@ CVE-2018-5415
RESERVED
CVE-2018-5414
RESERVED
-CVE-2018-5413
- RESERVED
-CVE-2018-5412
- RESERVED
+CVE-2018-5413 (Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low ...)
+ TODO: check
+CVE-2018-5412 (Imperva SecureSphere running v12.0.0.50 is vulnerable to local ...)
+ TODO: check
CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a stored ...)
NOT-FOR-US: Pixar Tractor
CVE-2018-5410 (Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a ...)
@@ -53640,8 +53721,8 @@ CVE-2018-5405
RESERVED
CVE-2018-5404
RESERVED
-CVE-2018-5403
- RESERVED
+CVE-2018-5403 (Imperva SecureSphere gateway (GW) running v13, for both pre-First Time ...)
+ TODO: check
CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
NOT-FOR-US: Auto-Maskin
CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
@@ -58315,8 +58396,8 @@ CVE-2018-3705 (Improper directory permissions in the installer for the Intel Sys
NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...)
NOT-FOR-US: Intel Parallel Studio
-CVE-2018-3703
- RESERVED
+CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R) SSD ...)
+ TODO: check
CVE-2018-3702
RESERVED
CVE-2018-3701
@@ -110888,8 +110969,8 @@ CVE-2017-3720
RESERVED
CVE-2017-3719
RESERVED
-CVE-2017-3718
- RESERVED
+CVE-2017-3718 (Improper setting of device configuration in system firmware for ...)
+ TODO: check
CVE-2017-3717
RESERVED
CVE-2017-3716
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af0994d1454150ad84f6e2cfdbd83d4b866d3f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af0994d1454150ad84f6e2cfdbd83d4b866d3f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190111/6a7cb7ec/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list