[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 22 21:10:27 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23735094 by security tracker role at 2019-07-22T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-14235
+ RESERVED
+CVE-2019-14234
+ RESERVED
+CVE-2019-14233
+ RESERVED
+CVE-2019-14232
+ RESERVED
CVE-2019-14231 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...)
NOT-FOR-US: Viral Quiz Maker
CVE-2019-14230 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...)
@@ -3433,6 +3441,7 @@ CVE-2019-13120
CVE-2019-13119
RESERVED
CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of ...)
+ {DLA-1860-1}
- libxslt <unfixed> (low; bug #931320)
[buster] - libxslt <no-dsa> (Minor issue)
[stretch] - libxslt <no-dsa> (Minor issue)
@@ -3440,6 +3449,7 @@ CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characte
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain format stri ...)
+ {DLA-1860-1}
- libxslt <unfixed> (low; bug #931321)
[buster] - libxslt <no-dsa> (Minor issue)
[stretch] - libxslt <no-dsa> (Minor issue)
@@ -3516,16 +3526,16 @@ CVE-2019-13102
RESERVED
CVE-2019-13101
RESERVED
-CVE-2019-13100
- RESERVED
-CVE-2019-13099
- RESERVED
-CVE-2019-13098
- RESERVED
-CVE-2019-13097
- RESERVED
-CVE-2019-13096
- RESERVED
+CVE-2019-13100 (The Send Anywhere application 9.4.18 for Android stores confidential i ...)
+ TODO: check
+CVE-2019-13099 (The Momo application 2.1.9 for Android stores confidential information ...)
+ TODO: check
+CVE-2019-13098 (The user password via the registration form of TronLink Wallet 2.2.0 i ...)
+ TODO: check
+CVE-2019-13097 (The application API of Cat Runner Decorate Home version 2.8.0 for Andr ...)
+ TODO: check
+CVE-2019-13096 (TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and pla ...)
+ TODO: check
CVE-2019-13095
RESERVED
CVE-2019-13094
@@ -5149,9 +5159,9 @@ CVE-2019-12460 (Web Port 1.19.1 allows XSS via the /access/setup type parameter.
NOT-FOR-US: Web Port
CVE-2019-12459 (FileRun 2019.05.21 allows customizables/plugins/audio_player Directory ...)
NOT-FOR-US: FileRun
-CVE-2019-12458 (FileRun 2019.05.21 allows css/ext-ux Directory Listing. ...)
+CVE-2019-12458 (FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has ...)
NOT-FOR-US: FileRun
-CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. ...)
+CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. This issue h ...)
NOT-FOR-US: FileRun
CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-In with ...)
NOT-FOR-US: Google Sign-In
@@ -5499,16 +5509,16 @@ CVE-2019-12330
RESERVED
CVE-2019-12329
RESERVED
-CVE-2019-12328
- RESERVED
-CVE-2019-12327
- RESERVED
-CVE-2019-12326
- RESERVED
-CVE-2019-12325
- RESERVED
-CVE-2019-12324
- RESERVED
+CVE-2019-12328 (A command injection (missing input validation) issue in the remote pho ...)
+ TODO: check
+CVE-2019-12327 (Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow a ...)
+ TODO: check
+CVE-2019-12326 (Missing file and path validation in the ringtone upload function of th ...)
+ TODO: check
+CVE-2019-12325 (The Htek UC902 VoIP phone web management interface contains several bu ...)
+ TODO: check
+CVE-2019-12324 (A command injection (missing input validation) issue in the IP address ...)
+ TODO: check
CVE-2019-12323 (The HC.Server service in Hosting Controller HC10 10.14 allows an Inval ...)
NOT-FOR-US: Hosting Controller HC10
CVE-2019-12322
@@ -5770,6 +5780,7 @@ CVE-2019-12224
CVE-2019-12223
RESERVED
CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -5779,6 +5790,7 @@ CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -5788,6 +5800,7 @@ CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -5797,6 +5810,7 @@ CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -5806,6 +5820,7 @@ CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -5815,6 +5830,7 @@ CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620
NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -5824,6 +5840,7 @@ CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -11649,8 +11666,8 @@ CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in c
NOT-FOR-US: Wikindx
CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
-CVE-2019-9959
- RESERVED
+CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
+ TODO: check
CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 u ...)
NOT-FOR-US: Quadbase EspressReport ES (ERES)
CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allow ...)
@@ -12091,46 +12108,46 @@ CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check fo
NOTE: https://github.com/DaveGamble/cJSON/issues/315
CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...)
TODO: check
-CVE-2019-1010237
- RESERVED
+CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site ...)
+ TODO: check
CVE-2019-1010236
RESERVED
-CVE-2019-1010235
- RESERVED
-CVE-2019-1010234
- RESERVED
+CVE-2019-1010235 (Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is ...)
+ TODO: check
+CVE-2019-1010234 (The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper I ...)
+ TODO: check
CVE-2019-1010233
RESERVED
-CVE-2019-1010232
- RESERVED
+CVE-2019-1010232 (Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab ...)
+ TODO: check
CVE-2019-1010231
RESERVED
CVE-2019-1010230
RESERVED
CVE-2019-1010229
RESERVED
-CVE-2019-1010228
- RESERVED
+CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The im ...)
+ TODO: check
CVE-2019-1010227
RESERVED
CVE-2019-1010226
RESERVED
CVE-2019-1010225
RESERVED
-CVE-2019-1010224
- RESERVED
-CVE-2019-1010223
- RESERVED
-CVE-2019-1010222
- RESERVED
+CVE-2019-1010224 (aubio 0.4.8 and earlier is affected by: null pointer. The impact is: c ...)
+ TODO: check
+CVE-2019-1010223 (aubio 0.4.8 and earlier is affected by: Buffer Overflow. The impact is ...)
+ TODO: check
+CVE-2019-1010222 (aubio 0.4.8 and earlier is affected by: null pointer. The impact is: c ...)
+ TODO: check
CVE-2019-1010221
RESERVED
-CVE-2019-1010220
- RESERVED
+CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...)
+ TODO: check
CVE-2019-1010219
RESERVED
-CVE-2019-1010218
- RESERVED
+CVE-2019-1010218 (Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Cu ...)
+ TODO: check
CVE-2019-1010217
RESERVED
CVE-2019-1010216
@@ -18345,7 +18362,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-1861-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -24775,6 +24792,7 @@ CVE-2019-5054
CVE-2019-5053
RESERVED
CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...)
+ {DLA-1861-1}
- libsdl2-image <unfixed> (bug #932754)
[buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
@@ -26392,8 +26410,8 @@ CVE-2019-4269 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Con
NOT-FOR-US: IBM
CVE-2019-4268
RESERVED
-CVE-2019-4267
- RESERVED
+CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerab ...)
+ TODO: check
CVE-2019-4266
RESERVED
CVE-2019-4265
@@ -26454,8 +26472,8 @@ CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnera
NOT-FOR-US: IBM
CVE-2019-4237 (A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Se ...)
NOT-FOR-US: IBM
-CVE-2019-4236
- RESERVED
+CVE-2019-4236 (A IBM Spectrum Protect 7.l client backup or archive operation running ...)
+ TODO: check
CVE-2019-4235 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require th ...)
NOT-FOR-US: IBM
CVE-2019-4234 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the imp ...)
@@ -28503,8 +28521,8 @@ CVE-2019-3416
RESERVED
CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
NOT-FOR-US: ZTE
-CVE-2019-3414
- RESERVED
+CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS ...)
+ TODO: check
CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an ...)
NOT-FOR-US: ZTE
CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by co ...)
@@ -32904,8 +32922,8 @@ CVE-2019-2294
RESERVED
CVE-2019-2293
RESERVED
-CVE-2019-2292
- RESERVED
+CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...)
+ TODO: check
CVE-2019-2291
RESERVED
CVE-2019-2290
@@ -32914,8 +32932,8 @@ CVE-2019-2289
RESERVED
CVE-2019-2288
RESERVED
-CVE-2019-2287
- RESERVED
+CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...)
+ TODO: check
CVE-2019-2286
RESERVED
CVE-2019-2285
@@ -32930,13 +32948,13 @@ CVE-2019-2281
RESERVED
CVE-2019-2280
RESERVED
-CVE-2019-2279
- RESERVED
+CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...)
+ TODO: check
CVE-2019-2278
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2277
- RESERVED
+CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on user c ...)
+ TODO: check
CVE-2019-2276
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -32952,8 +32970,8 @@ CVE-2019-2271
RESERVED
CVE-2019-2270
RESERVED
-CVE-2019-2269
- RESERVED
+CVE-2019-2269 (Possible buffer overflow while processing the high level lim process a ...)
+ TODO: check
CVE-2019-2268
RESERVED
CVE-2019-2267
@@ -32962,16 +32980,16 @@ CVE-2019-2266
RESERVED
CVE-2019-2265
RESERVED
-CVE-2019-2264
- RESERVED
+CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...)
+ TODO: check
CVE-2019-2263
RESERVED
CVE-2019-2262
RESERVED
-CVE-2019-2261
- RESERVED
-CVE-2019-2260
- RESERVED
+CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non secure sub ...)
+ TODO: check
+CVE-2019-2260 (A race condition occurs while processing perf-event which can lead to ...)
+ TODO: check
CVE-2019-2259 (Resource allocation error while playing the video whose dimensions are ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2258
@@ -33006,8 +33024,8 @@ CVE-2019-2245 (Possible integer underflow can happen when calculating length of
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2244 (Possible integer underflow can happen when calculating length of eleme ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2243
- RESERVED
+CVE-2019-2243 (Possible buffer overflow at the end of iterating loop while getting th ...)
+ TODO: check
CVE-2019-2242
RESERVED
CVE-2019-2241
@@ -53656,14 +53674,14 @@ CVE-2018-13929
RESERVED
CVE-2018-13928
RESERVED
-CVE-2018-13927
- RESERVED
+CVE-2018-13927 (Debug policy with invalid signature can be loaded when the debug polic ...)
+ TODO: check
CVE-2018-13926
RESERVED
CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13924
- RESERVED
+CVE-2018-13924 (Lack of check to prevent the buffer length taking negative values can ...)
+ TODO: check
CVE-2018-13923
RESERVED
CVE-2018-13922
@@ -53719,8 +53737,8 @@ CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC i
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13897
RESERVED
-CVE-2018-13896
- RESERVED
+CVE-2018-13896 (XBL_SEC image authentication and other crypto related validations are ...)
+ TODO: check
CVE-2018-13895 (Due to the missing permissions on several content providers of the RCS ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13894
@@ -81235,6 +81253,7 @@ CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the No
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word Do ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...)
+ {DLA-1861-1}
- libsdl2-image 2.0.3+dfsg1-3 (bug #912617)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 1.2.12-10 (bug #912618)
@@ -87061,8 +87080,8 @@ CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments coul
NOT-FOR-US: IBM
CVE-2018-2025
RESERVED
-CVE-2018-2024
- RESERVED
+CVE-2018-2024 (IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-criti ...)
+ TODO: check
CVE-2018-2023
RESERVED
CVE-2018-2022 (IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unautho ...)
@@ -160493,9 +160512,11 @@ CVE-2016-4612
CVE-2016-4611 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
NOT-FOR-US: Webkit as used by Apple
CVE-2016-4610 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+ {DLA-1860-1}
- libxslt 1.1.29-1
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/93bb314768aafaffad1df15bbee10b7c5423e283 (v1.1.29-rc1)
CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+ {DLA-1860-1}
- libxslt 1.1.29-1
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/8b90c9a699e0eaa98bbeec63a473ddc73aaa238c (v1.1.29-rc1)
CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23735094e5c82ed482c9b768efdeeef6ce5021eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23735094e5c82ed482c9b768efdeeef6ce5021eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190722/34cf2ecb/attachment.html>
More information about the debian-security-tracker-commits
mailing list