[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 13 21:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6f5ad00 by security tracker role at 2019-06-13T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-12799
+ RESERVED
+CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c do ...)
+ TODO: check
+CVE-2019-12797
+ RESERVED
+CVE-2019-12796
+ RESERVED
CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...)
- gvfs 1.38.1-5 (bug #930376)
NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
@@ -58,7 +66,8 @@ CVE-2019-12781
RESERVED
CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo ...)
NOT-FOR-US: Belkin Wemo Enabled Crock-Pot
-CVE-2019-5439 [Buffer overflow in libavi_plugin memmove() call]
+CVE-2019-5439 (A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which ...)
+ {DSA-4459-1}
- vlc 3.0.7-1 (bug #930276)
NOTE: https://hackerone.com/reports/484398
NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
@@ -129,6 +138,7 @@ CVE-2019-12751
CVE-2019-12750
RESERVED
CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...)
+ {DSA-4462-1}
- dbus 1.12.16-1 (bug #930375)
NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2
NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
@@ -4079,32 +4089,32 @@ CVE-2019-11131
RESERVED
CVE-2019-11130
RESERVED
-CVE-2019-11129
- RESERVED
-CVE-2019-11128
- RESERVED
-CVE-2019-11127
- RESERVED
-CVE-2019-11126
- RESERVED
-CVE-2019-11125
- RESERVED
-CVE-2019-11124
- RESERVED
-CVE-2019-11123
- RESERVED
+CVE-2019-11129 (Out of bound read/write in system firmware for Intel(R) NUC Kit may al ...)
+ TODO: check
+CVE-2019-11128 (Insufficient input validation in system firmware for Intel(R) NUC Kit ...)
+ TODO: check
+CVE-2019-11127 (Buffer overflow in system firmware for Intel(R) NUC Kit may allow a pr ...)
+ TODO: check
+CVE-2019-11126 (Pointer corruption in system firmware for Intel(R) NUC Kit may allow a ...)
+ TODO: check
+CVE-2019-11125 (Insufficient input validation in system firmware for Intel(R) NUC Kit ...)
+ TODO: check
+CVE-2019-11124 (Out of bound read/write in system firmware for Intel(R) NUC Kit may al ...)
+ TODO: check
+CVE-2019-11123 (Insufficient session validation in system firmware for Intel(R) NUC Ki ...)
+ TODO: check
CVE-2019-11122
RESERVED
CVE-2019-11121
RESERVED
CVE-2019-11120
RESERVED
-CVE-2019-11119
- RESERVED
+CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...)
+ TODO: check
CVE-2019-11118
RESERVED
-CVE-2019-11117
- RESERVED
+CVE-2019-11117 (Improper permissions in the installer for Intel(R) Omni-Path Fabric Ma ...)
+ TODO: check
CVE-2019-11116
RESERVED
CVE-2019-11115
@@ -4153,8 +4163,8 @@ CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) N
NOT-FOR-US: Intel (R) NUC Kit
CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Discovery ...)
NOT-FOR-US: Intel(R) SCS Discovery Utility
-CVE-2019-11092
- RESERVED
+CVE-2019-11092 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheab ...)
{DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
@@ -14512,8 +14522,8 @@ CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 doe
NOT-FOR-US: LightySoft LogMX
CVE-2019-7322
RESERVED
-CVE-2019-7321
- RESERVED
+CVE-2019-7321 (Usage of an uninitialized variable in the function fz_load_jpeg in Art ...)
+ TODO: check
CVE-2019-7320
RESERVED
CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PD ...)
@@ -19047,7 +19057,7 @@ CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 1
NOT-FOR-US: VMware
CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 up ...)
NOT-FOR-US: VMware vCloud Director for Service Providers
-CVE-2019-5522 (VMware Tools for Windows (10.x before 10.3.10) update addresses an out ...)
+CVE-2019-5522 (VMware Tools for Windows update addresses an out of bounds read vulner ...)
NOT-FOR-US: VMware
CVE-2019-5521
RESERVED
@@ -19549,8 +19559,8 @@ CVE-2019-5288
RESERVED
CVE-2019-5287
RESERVED
-CVE-2019-5286
- RESERVED
+CVE-2019-5286 (There is a reflection XSS vulnerability in the HedEx products. Remote ...)
+ TODO: check
CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An unauthentic ...)
NOT-FOR-US: Huawei
CVE-2019-5284 (There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei sma ...)
@@ -19631,8 +19641,8 @@ CVE-2019-5247
RESERVED
CVE-2019-5246
RESERVED
-CVE-2019-5245
- RESERVED
+CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...)
+ TODO: check
CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
NOT-FOR-US: Huawei
CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. An att ...)
@@ -34510,26 +34520,25 @@ CVE-2019-0185
RESERVED
CVE-2019-0184
RESERVED
-CVE-2019-0183
- RESERVED
-CVE-2019-0182
- RESERVED
-CVE-2019-0181
- RESERVED
-CVE-2019-0180
- RESERVED
-CVE-2019-0179
- RESERVED
-CVE-2019-0178
- RESERVED
-CVE-2019-0177
- RESERVED
+CVE-2019-0183 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
+CVE-2019-0182 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
+CVE-2019-0181 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
+CVE-2019-0180 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
+CVE-2019-0179 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
+CVE-2019-0178 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
+CVE-2019-0177 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
CVE-2019-0176
RESERVED
-CVE-2019-0175
- RESERVED
-CVE-2019-0174
- RESERVED
+CVE-2019-0175 (Insufficient password protection in the attestation database for Open ...)
+ TODO: check
+CVE-2019-0174 (Logic condition in specific microprocessors may allow an authenticated ...)
NOT-FOR-US: RamBleed hardware vulnerability
NOTE: https://rambleed.com/
CVE-2019-0173
@@ -34550,8 +34559,8 @@ CVE-2019-0166
RESERVED
CVE-2019-0165
RESERVED
-CVE-2019-0164
- RESERVED
+CVE-2019-0164 (Improper permissions in the installer for Intel(R) Turbo Boost Max Tec ...)
+ TODO: check
CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) Broadwel ...)
NOT-FOR-US: Intel
CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors may a ...)
@@ -34575,8 +34584,8 @@ CVE-2019-0159
RESERVED
CVE-2019-0158 (Insufficient path checking in the installation package for Intel(R) Gr ...)
NOT-FOR-US: Intel
-CVE-2019-0157
- RESERVED
+CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...)
+ TODO: check
CVE-2019-0156
RESERVED
CVE-2019-0155
@@ -34617,8 +34626,8 @@ CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.
NOT-FOR-US: Intel(R) ACU Wizard
CVE-2019-0137
RESERVED
-CVE-2019-0136
- RESERVED
+CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi Softw ...)
+ TODO: check
CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...)
NOT-FOR-US: Intel
CVE-2019-0134
@@ -34629,12 +34638,12 @@ CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.1
NOT-FOR-US: Intel Unite(R) Client
CVE-2019-0131
RESERVED
-CVE-2019-0130
- RESERVED
+CVE-2019-0130 (Reflected XSS in web interface for Intel(R) Accelerated Storage Manage ...)
+ TODO: check
CVE-2019-0129 (Improper permissions for Intel(R) USB 3.0 Creator Utility all versions ...)
NOT-FOR-US: Intel
-CVE-2019-0128
- RESERVED
+CVE-2019-0128 (Improper permissions in the installer for Intel(R) Chipset Device Soft ...)
+ TODO: check
CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and bef ...)
NOT-FOR-US: Intel
CVE-2019-0126 (Insufficient access control in silicon reference firmware for Intel(R) ...)
@@ -53408,8 +53417,8 @@ CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning Utilit
NOT-FOR-US: Intel
CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Support A ...)
NOT-FOR-US: Intel
-CVE-2018-12147
- RESERVED
+CVE-2018-12147 (Insufficient input validation in HECI subsystem in Intel(R) CSME befor ...)
+ TODO: check
CVE-2018-12146
RESERVED
CVE-2018-12145
@@ -56713,10 +56722,10 @@ CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 bef
NOT-FOR-US: Zimbra
CVE-2018-10948 (Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 bet ...)
NOT-FOR-US: Zimbra
-CVE-2018-10947
- RESERVED
-CVE-2018-10946
- RESERVED
+CVE-2018-10947 (An issue was discovered in versions earlier than 1.3.2 for Polycom Rea ...)
+ TODO: check
+CVE-2018-10946 (An issue was discovered in versions earlier than 1.3.0-66872 for Polyc ...)
+ TODO: check
CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler thr ...)
{DLA-1562-1}
[experimental] - poppler 0.65.0-1
@@ -77322,8 +77331,8 @@ CVE-2018-3704 (Improper directory permissions in the installer for the Intel Par
NOT-FOR-US: Intel Parallel Studio
CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R) SSD D ...)
NOT-FOR-US: Intel
-CVE-2018-3702
- RESERVED
+CVE-2018-3702 (Improper permissions in the installer for the ITE Tech* Consumer Infra ...)
+ TODO: check
CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) PROSet/Wi ...)
NOT-FOR-US: Intel
CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 eXt ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6f5ad00db2b98991530184c89cc5d929a2cdc91
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6f5ad00db2b98991530184c89cc5d929a2cdc91
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190613/babf8ce2/attachment.html>
More information about the debian-security-tracker-commits
mailing list