[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jun 8 09:10:24 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80b4dd31 by security tracker role at 2019-06-08T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-12779 (libqb before 1.0.5 allows local users to overwrite arbitrary files via ...)
+	TODO: check
 CVE-2019-12778
 	RESERVED
 CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
@@ -558,12 +560,12 @@ CVE-2019-12508
 	RESERVED
 CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative Path) thr ...)
 	NOT-FOR-US: Relative Path PHP library
-CVE-2019-12506
-	RESERVED
-CVE-2019-12505
-	RESERVED
-CVE-2019-12504
-	RESERVED
+CVE-2019-12506 (Due to unencrypted and unauthenticated data communication, the wireles ...)
+	TODO: check
+CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the wireles ...)
+	TODO: check
+CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the wireles ...)
+	TODO: check
 CVE-2019-12503
 	RESERVED
 CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...)
@@ -3449,6 +3451,7 @@ CVE-2019-11359 (Cross-site scripting (XSS) vulnerability in display.php in I, Li
 CVE-2019-11357
 	RESERVED
 CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0 ...)
+	{DSA-4458-1}
 	- cyrus-imapd 3.0.8-6
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828
 	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3
@@ -9926,13 +9929,11 @@ CVE-2019-9089
 	RESERVED
 CVE-2019-9088
 	RESERVED
-CVE-2019-9087
-	RESERVED
+CVE-2019-9087 (HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php nu ...)
 	- hoteldruid 2.3.2-1
 	[stretch] - hoteldruid <no-dsa> (Minor issue)
 	[jessie] - hoteldruid <no-dsa> (low popcon)
-CVE-2019-9086
-	RESERVED
+CVE-2019-9086 (HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle ...)
 	- hoteldruid 2.3.2-1
 	[stretch] - hoteldruid <no-dsa> (Minor issue)
 	[jessie] - hoteldruid <no-dsa> (low popcon)
@@ -9941,8 +9942,7 @@ CVE-2019-9085
 	- hoteldruid 2.3.2-1
 	[stretch] - hoteldruid <no-dsa> (Minor issue)
 	[jessie] - hoteldruid <no-dsa> (low popcon)
-CVE-2019-9084
-	RESERVED
+CVE-2019-9084 (In Hoteldruid before 2.3.1, a division by zero was discovered in $num_ ...)
 	- hoteldruid 2.3.2-1
 	[stretch] - hoteldruid <no-dsa> (Minor issue)
 	[jessie] - hoteldruid <no-dsa> (low popcon)
@@ -19059,8 +19059,8 @@ CVE-2019-5443
 	RESERVED
 CVE-2019-5442
 	RESERVED
-CVE-2019-5441
-	RESERVED
+CVE-2019-5441 (An OS Command Injection has been discovered in the Nextcloud App: Extr ...)
+	TODO: check
 CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery token gene ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2019-5439
@@ -22094,12 +22094,12 @@ CVE-2019-3959
 	RESERVED
 CVE-2019-3958
 	RESERVED
-CVE-2019-3957
-	RESERVED
-CVE-2019-3956
-	RESERVED
-CVE-2019-3955
-	RESERVED
+CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
+	TODO: check
+CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
+	TODO: check
+CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...)
+	TODO: check
 CVE-2019-3954
 	RESERVED
 CVE-2019-3953
@@ -28233,35 +28233,34 @@ CVE-2019-2104
 	RESERVED
 CVE-2019-2103
 	RESERVED
-CVE-2019-2102
-	RESERVED
-CVE-2019-2101
-	RESERVED
+CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a provided e ...)
+	TODO: check
+CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a possible out ...)
 	- linux <undetermined>
 	NOTE: https://source.android.com/security/bulletin/2019-06-01
 	TODO: check, Android bulletin does not make clear if this only in Android specific use
 CVE-2019-2100
 	RESERVED
-CVE-2019-2099
-	RESERVED
-CVE-2019-2098
-	RESERVED
-CVE-2019-2097
-	RESERVED
-CVE-2019-2096
-	RESERVED
-CVE-2019-2095
-	RESERVED
-CVE-2019-2094
-	RESERVED
-CVE-2019-2093
-	RESERVED
-CVE-2019-2092
-	RESERVED
-CVE-2019-2091
-	RESERVED
-CVE-2019-2090
-	RESERVED
+CVE-2019-2099 (In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out- ...)
+	TODO: check
+CVE-2019-2098 (In areNotificationsEnabledForPackage of NotificationManagerService.jav ...)
+	TODO: check
+CVE-2019-2097 (In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possibl ...)
+	TODO: check
+CVE-2019-2096 (In EffectRelease of EffectBundle.cpp, there is a possible memory corru ...)
+	TODO: check
+CVE-2019-2095 (In callGenIDChangeListeners and related functions of SkPixelRef.cpp, t ...)
+	TODO: check
+CVE-2019-2094 (In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out o ...)
+	TODO: check
+CVE-2019-2093 (In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write ...)
+	TODO: check
+CVE-2019-2092 (In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.jav ...)
+	TODO: check
+CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerServ ...)
+	TODO: check
+CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there  ...)
+	TODO: check
 CVE-2019-2089
 	RESERVED
 CVE-2019-2088
@@ -57442,34 +57441,34 @@ CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), a
 	NOT-FOR-US: Aurora DAD
 CVE-2018-10704
 	RESERVED
-CVE-2018-10703
-	RESERVED
-CVE-2018-10702
-	RESERVED
-CVE-2018-10701
-	RESERVED
-CVE-2018-10700
-	RESERVED
-CVE-2018-10699
-	RESERVED
-CVE-2018-10698
-	RESERVED
-CVE-2018-10697
-	RESERVED
-CVE-2018-10696
-	RESERVED
-CVE-2018-10695
-	RESERVED
-CVE-2018-10694
-	RESERVED
-CVE-2018-10693
-	RESERVED
-CVE-2018-10692
-	RESERVED
-CVE-2018-10691
-	RESERVED
-CVE-2018-10690
-	RESERVED
+CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
+	TODO: check
+CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
+	TODO: check
+CVE-2018-10701 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
+	TODO: check
+CVE-2018-10700 (An issue was discovered on Moxa AWK-3121 1.19 devices. It provides fun ...)
+	TODO: check
+CVE-2018-10699 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
+	TODO: check
+CVE-2018-10698 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device enab ...)
+	TODO: check
+CVE-2018-10697 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
+	TODO: check
+CVE-2018-10696 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
+	TODO: check
+CVE-2018-10695 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ale ...)
+	TODO: check
+CVE-2018-10694 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
+	TODO: check
+CVE-2018-10693 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides pin ...)
+	TODO: check
+CVE-2018-10692 (An issue was discovered on Moxa AWK-3121 1.14 devices. The session coo ...)
+	TODO: check
+CVE-2018-10691 (An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended  ...)
+	TODO: check
+CVE-2018-10690 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device by d ...)
+	TODO: check
 CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel a ...)
 	- blktrace 1.2.0-1 (low; bug #897695)
 	[stretch] - blktrace 1.1.0-2+deb9u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80b4dd310edf080e3540972f9b4b02943538dad3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80b4dd310edf080e3540972f9b4b02943538dad3
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190608/829b2071/attachment.html>


More information about the debian-security-tracker-commits mailing list