[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 8 09:10:24 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80b4dd31 by security tracker role at 2019-06-08T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-12779 (libqb before 1.0.5 allows local users to overwrite arbitrary files via ...)
+ TODO: check
CVE-2019-12778
RESERVED
CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
@@ -558,12 +560,12 @@ CVE-2019-12508
RESERVED
CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative Path) thr ...)
NOT-FOR-US: Relative Path PHP library
-CVE-2019-12506
- RESERVED
-CVE-2019-12505
- RESERVED
-CVE-2019-12504
- RESERVED
+CVE-2019-12506 (Due to unencrypted and unauthenticated data communication, the wireles ...)
+ TODO: check
+CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the wireles ...)
+ TODO: check
+CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the wireles ...)
+ TODO: check
CVE-2019-12503
RESERVED
CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...)
@@ -3449,6 +3451,7 @@ CVE-2019-11359 (Cross-site scripting (XSS) vulnerability in display.php in I, Li
CVE-2019-11357
RESERVED
CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0 ...)
+ {DSA-4458-1}
- cyrus-imapd 3.0.8-6
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3
@@ -9926,13 +9929,11 @@ CVE-2019-9089
RESERVED
CVE-2019-9088
RESERVED
-CVE-2019-9087
- RESERVED
+CVE-2019-9087 (HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php nu ...)
- hoteldruid 2.3.2-1
[stretch] - hoteldruid <no-dsa> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
-CVE-2019-9086
- RESERVED
+CVE-2019-9086 (HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle ...)
- hoteldruid 2.3.2-1
[stretch] - hoteldruid <no-dsa> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
@@ -9941,8 +9942,7 @@ CVE-2019-9085
- hoteldruid 2.3.2-1
[stretch] - hoteldruid <no-dsa> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
-CVE-2019-9084
- RESERVED
+CVE-2019-9084 (In Hoteldruid before 2.3.1, a division by zero was discovered in $num_ ...)
- hoteldruid 2.3.2-1
[stretch] - hoteldruid <no-dsa> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
@@ -19059,8 +19059,8 @@ CVE-2019-5443
RESERVED
CVE-2019-5442
RESERVED
-CVE-2019-5441
- RESERVED
+CVE-2019-5441 (An OS Command Injection has been discovered in the Nextcloud App: Extr ...)
+ TODO: check
CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery token gene ...)
NOT-FOR-US: Revive Adserver
CVE-2019-5439
@@ -22094,12 +22094,12 @@ CVE-2019-3959
RESERVED
CVE-2019-3958
RESERVED
-CVE-2019-3957
- RESERVED
-CVE-2019-3956
- RESERVED
-CVE-2019-3955
- RESERVED
+CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
+ TODO: check
+CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
+ TODO: check
+CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...)
+ TODO: check
CVE-2019-3954
RESERVED
CVE-2019-3953
@@ -28233,35 +28233,34 @@ CVE-2019-2104
RESERVED
CVE-2019-2103
RESERVED
-CVE-2019-2102
- RESERVED
-CVE-2019-2101
- RESERVED
+CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a provided e ...)
+ TODO: check
+CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a possible out ...)
- linux <undetermined>
NOTE: https://source.android.com/security/bulletin/2019-06-01
TODO: check, Android bulletin does not make clear if this only in Android specific use
CVE-2019-2100
RESERVED
-CVE-2019-2099
- RESERVED
-CVE-2019-2098
- RESERVED
-CVE-2019-2097
- RESERVED
-CVE-2019-2096
- RESERVED
-CVE-2019-2095
- RESERVED
-CVE-2019-2094
- RESERVED
-CVE-2019-2093
- RESERVED
-CVE-2019-2092
- RESERVED
-CVE-2019-2091
- RESERVED
-CVE-2019-2090
- RESERVED
+CVE-2019-2099 (In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out- ...)
+ TODO: check
+CVE-2019-2098 (In areNotificationsEnabledForPackage of NotificationManagerService.jav ...)
+ TODO: check
+CVE-2019-2097 (In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possibl ...)
+ TODO: check
+CVE-2019-2096 (In EffectRelease of EffectBundle.cpp, there is a possible memory corru ...)
+ TODO: check
+CVE-2019-2095 (In callGenIDChangeListeners and related functions of SkPixelRef.cpp, t ...)
+ TODO: check
+CVE-2019-2094 (In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out o ...)
+ TODO: check
+CVE-2019-2093 (In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2019-2092 (In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.jav ...)
+ TODO: check
+CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerServ ...)
+ TODO: check
+CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there ...)
+ TODO: check
CVE-2019-2089
RESERVED
CVE-2019-2088
@@ -57442,34 +57441,34 @@ CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), a
NOT-FOR-US: Aurora DAD
CVE-2018-10704
RESERVED
-CVE-2018-10703
- RESERVED
-CVE-2018-10702
- RESERVED
-CVE-2018-10701
- RESERVED
-CVE-2018-10700
- RESERVED
-CVE-2018-10699
- RESERVED
-CVE-2018-10698
- RESERVED
-CVE-2018-10697
- RESERVED
-CVE-2018-10696
- RESERVED
-CVE-2018-10695
- RESERVED
-CVE-2018-10694
- RESERVED
-CVE-2018-10693
- RESERVED
-CVE-2018-10692
- RESERVED
-CVE-2018-10691
- RESERVED
-CVE-2018-10690
- RESERVED
+CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
+ TODO: check
+CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
+ TODO: check
+CVE-2018-10701 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
+ TODO: check
+CVE-2018-10700 (An issue was discovered on Moxa AWK-3121 1.19 devices. It provides fun ...)
+ TODO: check
+CVE-2018-10699 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
+ TODO: check
+CVE-2018-10698 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device enab ...)
+ TODO: check
+CVE-2018-10697 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
+ TODO: check
+CVE-2018-10696 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
+ TODO: check
+CVE-2018-10695 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ale ...)
+ TODO: check
+CVE-2018-10694 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
+ TODO: check
+CVE-2018-10693 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides pin ...)
+ TODO: check
+CVE-2018-10692 (An issue was discovered on Moxa AWK-3121 1.14 devices. The session coo ...)
+ TODO: check
+CVE-2018-10691 (An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended ...)
+ TODO: check
+CVE-2018-10690 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device by d ...)
+ TODO: check
CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel a ...)
- blktrace 1.2.0-1 (low; bug #897695)
[stretch] - blktrace 1.1.0-2+deb9u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80b4dd310edf080e3540972f9b4b02943538dad3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80b4dd310edf080e3540972f9b4b02943538dad3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190608/829b2071/attachment.html>
More information about the debian-security-tracker-commits
mailing list