[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 25 21:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a51fa9cc by security tracker role at 2019-07-25T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-14271
+ RESERVED
+CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6 ...)
+ TODO: check
+CVE-2019-14269
+ RESERVED
+CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request prox ...)
+ TODO: check
+CVE-2019-14267
+ RESERVED
+CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Confi ...)
+ TODO: check
+CVE-2019-14265
+ RESERVED
+CVE-2019-14264
+ RESERVED
+CVE-2019-14263
+ RESERVED
CVE-2019-14262 (MetadataExtractor 2.1.0 allows stack consumption. ...)
NOT-FOR-US: MetadataExtractor
CVE-2019-14261
@@ -707,8 +725,8 @@ CVE-2019-13919
RESERVED
CVE-2019-13918
RESERVED
-CVE-2019-13917
- RESERVED
+CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...)
+ {DSA-4488-1}
- exim4 4.92-10
NOTE: https://www.openwall.com/lists/oss-security/2019/07/22/3
CVE-2019-13916
@@ -1337,7 +1355,7 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.
- libsdl2 <unfixed>
- libsdl1.2 <unfixed>
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
-CVE-2019-13615 (VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in ...)
+CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media ...)
- libebml 1.3.6-1 (low; bug #932241)
[stretch] - libebml <no-dsa> (Minor issue)
NOTE: https://trac.videolan.org/vlc/ticket/22474
@@ -3559,6 +3577,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
CVE-2019-13116
RESERVED
CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
+ {DLA-1730-3}
- libssh2 <unfixed> (bug #932329)
[buster] - libssh2 <no-dsa> (Minor issue)
[stretch] - libssh2 <no-dsa> (Minor issue)
@@ -12326,10 +12345,10 @@ CVE-2019-1010185
RESERVED
CVE-2019-1010184
RESERVED
-CVE-2019-1010183
- RESERVED
-CVE-2019-1010182
- RESERVED
+CVE-2019-1010183 (serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion ...)
+ TODO: check
+CVE-2019-1010182 (yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. Th ...)
+ TODO: check
CVE-2019-1010181
RESERVED
CVE-2019-1010180 (GNU gdb All versions is affected by: Buffer Overflow - Out of bound me ...)
@@ -12340,16 +12359,16 @@ CVE-2019-1010178 (Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrec
NOT-FOR-US: Fred MODX Revolution
CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: deni ...)
NOT-FOR-US: Jsish
-CVE-2019-1010176
- RESERVED
+CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affecte ...)
+ TODO: check
CVE-2019-1010175
RESERVED
-CVE-2019-1010174
- RESERVED
+CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: command inje ...)
+ TODO: check
CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
NOT-FOR-US: Jsish
-CVE-2019-1010172
- RESERVED
+CVE-2019-1010172 (Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. ...)
+ TODO: check
CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impac ...)
NOT-FOR-US: Jsish
CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: den ...)
@@ -12370,8 +12389,8 @@ CVE-2019-1010163 (Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buff
NOT-FOR-US: Socusoft Co Photo 2 Video Converter
CVE-2019-1010162 (jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. ...)
NOT-FOR-US: Jsish
-CVE-2019-1010161
- RESERVED
+CVE-2019-1010161 (perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Cont ...)
+ TODO: check
CVE-2019-1010160
RESERVED
CVE-2019-1010159
@@ -12441,8 +12460,8 @@ CVE-2019-1010129 (VCFTools vcfools prior to version 0.1.15 is affected by: Heap
TODO: check
CVE-2019-1010128
RESERVED
-CVE-2019-1010127
- RESERVED
+CVE-2019-1010127 (VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-fr ...)
+ TODO: check
CVE-2019-1010126
RESERVED
CVE-2019-1010125
@@ -12745,10 +12764,10 @@ CVE-2019-9887
RESERVED
CVE-2019-9886 (Any URLs with download_attachment.php under templates or home folders ...)
NOT-FOR-US: BroadLearning eClass
-CVE-2019-9885
- RESERVED
-CVE-2019-9884
- RESERVED
+CVE-2019-9885 (eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL c ...)
+ TODO: check
+CVE-2019-9884 (eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS meth ...)
+ TODO: check
CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
NOT-FOR-US: MailSherlock
CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
@@ -26169,8 +26188,8 @@ CVE-2019-4441
RESERVED
CVE-2019-4440
RESERVED
-CVE-2019-4439
- RESERVED
+CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session ...)
+ TODO: check
CVE-2019-4438
RESERVED
CVE-2019-4437
@@ -26217,8 +26236,8 @@ CVE-2019-4417
RESERVED
CVE-2019-4416
RESERVED
-CVE-2019-4415
- RESERVED
+CVE-2019-4415 (IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain e ...)
+ TODO: check
CVE-2019-4414
RESERVED
CVE-2019-4413
@@ -26623,8 +26642,8 @@ CVE-2019-4214
RESERVED
CVE-2019-4213
RESERVED
-CVE-2019-4212
- RESERVED
+CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forger ...)
+ TODO: check
CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
NOT-FOR-US: IBM
CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...)
@@ -26815,8 +26834,8 @@ CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart coul
NOT-FOR-US: IBM
CVE-2019-4117
RESERVED
-CVE-2019-4116
- RESERVED
+CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensit ...)
+ TODO: check
CVE-2019-4115
RESERVED
CVE-2019-4114
@@ -27434,7 +27453,7 @@ CVE-2019-3860 (An out of bounds read flaw was discovered in libssh2 before 1.8.1
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
CVE-2019-3859 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
- {DSA-4431-1 DLA-1730-1}
+ {DSA-4431-1 DLA-1730-3 DLA-1730-1}
- libssh2 1.8.0-2.1 (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3859.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
@@ -28080,8 +28099,8 @@ CVE-2019-3623
RESERVED
CVE-2019-3622 (Files or Directories Accessible to External Parties in McAfee Data Los ...)
NOT-FOR-US: McAfee
-CVE-2019-3621
- RESERVED
+CVE-2019-3621 (Authentication protection bypass vulnerability in McAfee Data Loss Pre ...)
+ TODO: check
CVE-2019-3620
RESERVED
CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAfee eP ...)
@@ -28466,8 +28485,8 @@ CVE-2019-3488
RESERVED
CVE-2019-3487
RESERVED
-CVE-2019-3486
- RESERVED
+CVE-2019-3486 (Mitigates a stored cross site scripting issue in ArcSight Security Man ...)
+ TODO: check
CVE-2019-3485 (Mitigates a stored cross site scripting issue in ArcSight Logger versi ...)
TODO: check
CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger versions pr ...)
@@ -32843,15 +32862,14 @@ CVE-2019-2348
RESERVED
CVE-2019-2347
RESERVED
-CVE-2019-2346
- RESERVED
+CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan command ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2345
- RESERVED
+CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in Snapdragon ...)
+ TODO: check
CVE-2019-2344
RESERVED
-CVE-2019-2343
- RESERVED
+CVE-2019-2343 (Out of bound read and information disclosure in firmware due to insuff ...)
+ TODO: check
CVE-2019-2342
RESERVED
CVE-2019-2341
@@ -32868,8 +32886,7 @@ CVE-2019-2336
RESERVED
CVE-2019-2335
RESERVED
-CVE-2019-2334
- RESERVED
+CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with wrong ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2333
RESERVED
@@ -32877,19 +32894,15 @@ CVE-2019-2332
RESERVED
CVE-2019-2331
RESERVED
-CVE-2019-2330
- RESERVED
+CVE-2019-2330 (improper input validation in allocation request for secure allocations ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2329
RESERVED
-CVE-2019-2328
- RESERVED
+CVE-2019-2328 (Possible buffer overflow when number of channels passed is more than s ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2327
- RESERVED
+CVE-2019-2327 (Possible buffer overflow can occur when playing clip with incorrect el ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2326
- RESERVED
+CVE-2019-2326 (Data token is received from ADSP and is used without validation as an ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2325
RESERVED
@@ -32897,8 +32910,7 @@ CVE-2019-2324
RESERVED
CVE-2019-2323
RESERVED
-CVE-2019-2322
- RESERVED
+CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non-stan ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2321
RESERVED
@@ -32910,32 +32922,29 @@ CVE-2019-2318
RESERVED
CVE-2019-2317
RESERVED
-CVE-2019-2316
- RESERVED
+CVE-2019-2316 (When computing the digest a local variable is used after going out of ...)
+ TODO: check
CVE-2019-2315
RESERVED
-CVE-2019-2314
- RESERVED
+CVE-2019-2314 (Possible race condition that will cause a use-after-free when writing ...)
+ TODO: check
CVE-2019-2313
RESERVED
-CVE-2019-2312
- RESERVED
+CVE-2019-2312 (When handling the vendor command there exists a potential buffer overf ...)
+ TODO: check
CVE-2019-2311
RESERVED
CVE-2019-2310
RESERVED
-CVE-2019-2309
- RESERVED
-CVE-2019-2308
- RESERVED
+CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...)
+ TODO: check
+CVE-2019-2308 (User application could potentially make RPC call to the fastrpc driver ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2307
- RESERVED
+CVE-2019-2307 (Possible integer underflow due to lack of validation before calculatio ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2306
- RESERVED
-CVE-2019-2305
- RESERVED
+CVE-2019-2306 (Improper casting of structure while handling the buffer leads to out o ...)
+ TODO: check
+CVE-2019-2305 (Out of bound access when reason code is extracted from frame data with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2304
RESERVED
@@ -32943,14 +32952,14 @@ CVE-2019-2303
RESERVED
CVE-2019-2302
RESERVED
-CVE-2019-2301
- RESERVED
+CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
+ TODO: check
CVE-2019-2300
RESERVED
-CVE-2019-2299
- RESERVED
-CVE-2019-2298
- RESERVED
+CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted command ...)
+ TODO: check
+CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...)
+ TODO: check
CVE-2019-2297
RESERVED
CVE-2019-2296
@@ -32959,14 +32968,14 @@ CVE-2019-2295
RESERVED
CVE-2019-2294
RESERVED
-CVE-2019-2293
- RESERVED
+CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length ...)
+ TODO: check
CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...)
NOT-FOR-US: Snapdragon
CVE-2019-2291
RESERVED
-CVE-2019-2290
- RESERVED
+CVE-2019-2290 (Multiple open and close from multiple threads will lead camera driver ...)
+ TODO: check
CVE-2019-2289
RESERVED
CVE-2019-2288
@@ -32983,28 +32992,26 @@ CVE-2019-2283
RESERVED
CVE-2019-2282
RESERVED
-CVE-2019-2281
- RESERVED
+CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...)
+ TODO: check
CVE-2019-2280
RESERVED
CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2278
- RESERVED
+CVE-2019-2278 (User keystore signature is ignored in boot and can lead to bypass boot ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on user c ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2276
- RESERVED
+CVE-2019-2276 (Possible out of bound read occurs while processing beaconing request d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2275
RESERVED
CVE-2019-2274
RESERVED
-CVE-2019-2273
- RESERVED
-CVE-2019-2272
- RESERVED
+CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of serv ...)
+ TODO: check
+CVE-2019-2272 (Buffer overflow can occur in display function due to lack of validatio ...)
+ TODO: check
CVE-2019-2271
RESERVED
CVE-2019-2270
@@ -33021,8 +33028,8 @@ CVE-2019-2265
RESERVED
CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2263
- RESERVED
+CVE-2019-2263 (Access to freed memory can happen while reading from diag driver due t ...)
+ TODO: check
CVE-2019-2262
RESERVED
CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non secure sub ...)
@@ -33039,11 +33046,9 @@ CVE-2019-2256 (An unprivileged user can craft a bitstream such that the payload
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2255 (An unprivileged user can craft a bitstream such that the payload encod ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2254
- RESERVED
+CVE-2019-2254 (Position determination accuracy may be degraded due to wrongly decoded ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2253
- RESERVED
+CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a corrupted ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2252
RESERVED
@@ -33067,26 +33072,19 @@ CVE-2019-2243 (Possible buffer overflow at the end of iterating loop while getti
NOT-FOR-US: Snapdragon
CVE-2019-2242
RESERVED
-CVE-2019-2241
- RESERVED
+CVE-2019-2241 (While rendering the layout background, Error status check is not caugh ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2240
- RESERVED
+CVE-2019-2240 (While sending the rendered surface content to the screen, Error handli ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2239
- RESERVED
+CVE-2019-2239 (Sanity checks are missing in layout which can lead to SUI Corruption o ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2238
- RESERVED
+CVE-2019-2238 (Lack of check of data type can lead to subsequent loop-expression pote ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2237
- RESERVED
+CVE-2019-2237 (Failure in taking appropriate action to handle the error case If keypa ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2236
- RESERVED
+CVE-2019-2236 (Null pointer dereference during secure application termination using s ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2235
- RESERVED
+CVE-2019-2235 (Buffer overflow occurs when emulated RPMB is used due to sector size a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2234
RESERVED
@@ -53776,8 +53774,8 @@ CVE-2018-13899 (Processing messages after error may result in user after free me
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC in Snap ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13897
- RESERVED
+CVE-2018-13897 (Clients hostname gets added to DNS record on device which is running d ...)
+ TODO: check
CVE-2018-13896 (XBL_SEC image authentication and other crypto related validations are ...)
NOT-FOR-US: Snapdragon
CVE-2018-13895 (Due to the missing permissions on several content providers of the RCS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a51fa9cc2dcfd853daf7f24a8c0d0f9f7a326be2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a51fa9cc2dcfd853daf7f24a8c0d0f9f7a326be2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190725/9e99f48b/attachment.html>
More information about the debian-security-tracker-commits
mailing list