[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 14 21:10:42 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c5f92f5 by security tracker role at 2019-06-14T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,22 @@
+CVE-2019-12826
+ RESERVED
+CVE-2019-12825
+ RESERVED
+CVE-2019-12824
+ RESERVED
+CVE-2019-12823
+ RESERVED
+CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a he ...)
+ TODO: check
+CVE-2019-12821
+ RESERVED
+CVE-2019-12820
+ RESERVED
CVE-2019-12817
RESERVED
CVE-2019-12816 [remote code execution]
RESERVED
+ {DSA-4463-1}
- znc 1.7.2-3
NOTE: Versions affected: 0.098 - 1.7.3
CVE-2019-12815
@@ -189,7 +204,7 @@ CVE-2019-12751
CVE-2019-12750
RESERVED
CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...)
- {DSA-4462-1}
+ {DSA-4462-1 DLA-1818-1}
- dbus 1.12.16-1 (bug #930375)
NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2
NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
@@ -2488,8 +2503,8 @@ CVE-2019-11772
RESERVED
CVE-2019-11771
RESERVED
-CVE-2019-11770
- RESERVED
+CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files indicate ...)
+ TODO: check
CVE-2019-11769
RESERVED
CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...)
@@ -3023,8 +3038,8 @@ CVE-2019-11584
RESERVED
CVE-2019-11583
RESERVED
-CVE-2019-11582
- RESERVED
+CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree for Window ...)
+ TODO: check
CVE-2019-11581
RESERVED
CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall development p ...)
@@ -6562,8 +6577,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python
NOTE: https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de (2.7)
NOTE: https://bugs.python.org/issue36742
NOTE: Patch for 2.7 series introduces new problems, cf. https://bugs.python.org/issue36742#msg344981
-CVE-2019-10159
- RESERVED
+CVE-2019-10159 (cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnera ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2019-10158
RESERVED
@@ -6688,8 +6702,7 @@ CVE-2019-10127
RESERVED
- postgresql-11 <not-affected> (Windows-specific)
NOTE: https://www.postgresql.org/about/news/1939/
-CVE-2019-10126
- RESERVED
+CVE-2019-10126 (A flaw was found in the Linux kernel. A heap based buffer overflow in ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de
CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php query s ...)
@@ -7216,6 +7229,7 @@ CVE-2019-9919 (An issue was discovered in the Harmis JE Messenger component 1.2.
CVE-2019-9918 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
NOT-FOR-US: Harmis JE Messenger component for Joomla!
CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial ...)
+ {DSA-4463-1}
- znc 1.7.2-2 (bug #925285)
[jessie] - znc <no-dsa> (Minor issue, workaround is to disable modpython)
NOTE: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
@@ -21440,8 +21454,8 @@ CVE-2019-4405
RESERVED
CVE-2019-4404
RESERVED
-CVE-2019-4403
- RESERVED
+CVE-2019-4403 (IBM Connections 6.0 is vulnerable to cross-site scripting. This vulner ...)
+ TODO: check
CVE-2019-4402
RESERVED
CVE-2019-4401
@@ -21484,8 +21498,8 @@ CVE-2019-4383
RESERVED
CVE-2019-4382
RESERVED
-CVE-2019-4381
- RESERVED
+CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain sensiti ...)
+ TODO: check
CVE-2019-4380
RESERVED
CVE-2019-4379
@@ -21768,8 +21782,8 @@ CVE-2019-4241
RESERVED
CVE-2019-4240
RESERVED
-CVE-2019-4239
- RESERVED
+CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stor ...)
+ TODO: check
CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
NOT-FOR-US: IBM
CVE-2019-4237
@@ -23554,8 +23568,8 @@ CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty,
NOTE: binutils not covered by security support
CVE-2018-20656
RESERVED
-CVE-2018-20655
- RESERVED
+CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size check when ...)
+ TODO: check
CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...)
{DLA-1636-1}
- aria2 1.34.0-4 (low; bug #918058)
@@ -28158,19 +28172,15 @@ CVE-2019-2261
RESERVED
CVE-2019-2260
RESERVED
-CVE-2019-2259
- RESERVED
+CVE-2019-2259 (Resource allocation error while playing the video whose dimensions are ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2258
RESERVED
-CVE-2019-2257
- RESERVED
+CVE-2019-2257 (Wrong permissions in configuration file can lead to unauthorized permi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2256
- RESERVED
+CVE-2019-2256 (An unprivileged user can craft a bitstream such that the payload encod ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2255
- RESERVED
+CVE-2019-2255 (An unprivileged user can craft a bitstream such that the payload encod ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2254
RESERVED
@@ -33453,8 +33463,8 @@ CVE-2019-0318
RESERVED
CVE-2019-0317
RESERVED
-CVE-2019-0316
- RESERVED
+CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITO ...)
+ TODO: check
CVE-2019-0315 (Under certain conditions the PI Integration Builder Web UI of SAP NetW ...)
NOT-FOR-US: SAP
CVE-2019-0314 (SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, v ...)
@@ -33479,8 +33489,8 @@ CVE-2019-0305 (Java Server Pages (JSPs) provided by the SAP NetWeaver Process In
NOT-FOR-US: SAP NetWeaver Process Integration
CVE-2019-0304 (FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7. ...)
NOT-FOR-US: SAP NetWeaver AS ABAP Platform
-CVE-2019-0303
- RESERVED
+CVE-2019-0303 (SAP BusinessObjects Business Intelligence Platform (Administration Con ...)
+ TODO: check
CVE-2019-0302
RESERVED
CVE-2019-0301 (Under certain conditions, it is possible to request the modification o ...)
@@ -48877,8 +48887,7 @@ CVE-2018-13921
RESERVED
CVE-2018-13920 (Use-after-free condition due to Improper handling of hrtimers when the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13919
- RESERVED
+CVE-2018-13919 (Use-after-free vulnerability will occur if reset of the routing table ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13918 (kernel could return a received message length higher than expected, wh ...)
NOT-FOR-US: Qualcomm components for Android
@@ -48895,23 +48904,17 @@ CVE-2018-13913 (Improper validation of array index can lead to unauthorized acce
NOT-FOR-US: CodeAurora components for Android
CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in c ...)
NOT-FOR-US: CodeAurora components for Android
-CVE-2018-13911
- RESERVED
+CVE-2018-13911 (Out of bounds memory read and access may lead to unexpected behavior i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13910
- RESERVED
+CVE-2018-13910 (Out-of-Bounds access in TZ due to invalid index calculated to check ag ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13909
- RESERVED
+CVE-2018-13909 (Metadata verification and partial hash system calls by bootloader may ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13908
- RESERVED
+CVE-2018-13908 (Truncated access authentication token leads to weakened access control ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13907
- RESERVED
+CVE-2018-13907 (While deserializing any key blob during key operations, buffer overflo ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13906
- RESERVED
+CVE-2018-13906 (The HMAC authenticating the message from QSEE is vulnerable to timing ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource cleanup ca ...)
NOT-FOR-US: Qualcomm components for Android
@@ -48919,18 +48922,15 @@ CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13903
RESERVED
-CVE-2018-13902
- RESERVED
+CVE-2018-13902 (Out of bounds memory read and access due to improper array index valid ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13901
- RESERVED
+CVE-2018-13901 (Due to missing permissions in Android Manifest file, Sensitive informa ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13899 (Processing messages after error may result in user after free memory f ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13898
- RESERVED
+CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC in Snap ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13897
RESERVED
@@ -54029,8 +54029,7 @@ CVE-2018-11957
RESERVED
CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Android
-CVE-2018-11955
- RESERVED
+CVE-2018-11955 (Lack of check on length of reason-code fetched from payload may lead d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11954
RESERVED
@@ -54047,8 +54046,8 @@ CVE-2018-11949 (Failure to initialize the extra buffer can lead to an out of buf
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the informati ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11947
- RESERVED
+CVE-2018-11947 (The txrx stats req might be double freed in the pdev detach when the h ...)
+ TODO: check
CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11945 (Improper input validation in wireless service messaging module for dat ...)
@@ -54057,14 +54056,14 @@ CVE-2018-11944
RESERVED
CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11942
- RESERVED
+CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...)
+ TODO: check
CVE-2018-11941
RESERVED
CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function can lead ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11939
- RESERVED
+CVE-2018-11939 (Use after issue in WLAN function due to multiple ACS scan requests at ...)
+ TODO: check
CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11937 (Lack of input validation before copying can lead to a buffer over read ...)
@@ -54073,8 +54072,8 @@ CVE-2018-11936 (Index of array is processed in a wrong way inside a while loop a
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11934
- RESERVED
+CVE-2018-11934 (Possible out of bounds write due to improper input validation while pr ...)
+ TODO: check
CVE-2018-11933
RESERVED
CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from ...)
@@ -54083,8 +54082,8 @@ CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11930 (Improper input validation on input data which is used to locate and co ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11929
- RESERVED
+CVE-2018-11929 (Lack of input validation in WLAN function can lead to potential heap o ...)
+ TODO: check
CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow while proc ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11927 (Improper input validation on input which is used as an array index wil ...)
@@ -54303,8 +54302,8 @@ CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory alloc
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11820 (Use of non-time constant memcmp function creates side channel that lea ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11819
- RESERVED
+CVE-2018-11819 (Use after issue in WLAN function due to multiple ACS scan requests at ...)
+ TODO: check
CVE-2018-11818 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11817
@@ -69831,10 +69830,10 @@ CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser
NOTE: https://sourceforge.net/p/podofo/tickets/3/
CVE-2018-6351
RESERVED
-CVE-2018-6350
- RESERVED
-CVE-2018-6349
- RESERVED
+CVE-2018-6350 (An out-of-bounds read was possible in WhatsApp due to incorrect parsin ...)
+ TODO: check
+CVE-2018-6349 (When receiving calls using WhatsApp for Android, a missing size check ...)
+ TODO: check
CVE-2018-6348
RESERVED
CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of headers/trailers ...)
@@ -69853,8 +69852,8 @@ CVE-2018-6341 (React applications which rendered to HTML using the ReactDOMServe
NOT-FOR-US: React
CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger an out- ...)
- hhvm <removed>
-CVE-2018-6339
- RESERVED
+CVE-2018-6339 (When receiving calls using WhatsApp on Android, a stack allocation fai ...)
+ TODO: check
CVE-2018-6338
RESERVED
CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and child proc ...)
@@ -71384,13 +71383,12 @@ CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in snapd
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ functi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5913
- RESERVED
+CVE-2018-5913 (A non-time constant function memcmp is used which creates a side chann ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5912 (Potential buffer overflow in Video due to lack of input validation in ...)
NOT-FOR-US: Snapdragon
-CVE-2018-5911
- RESERVED
+CVE-2018-5911 (Buffer overflow in WLAN function due to improper check of buffer size ...)
+ TODO: check
CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
@@ -71405,8 +71403,8 @@ CVE-2018-5905 (In all android releases (Android for MSM, Firefox OS for MSM, QRD
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5904 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5903
- RESERVED
+CVE-2018-5903 (Out of bounds read occurs due to improper validation of array while pr ...)
+ TODO: check
CVE-2018-5902
RESERVED
CVE-2018-5901
@@ -71445,8 +71443,8 @@ CVE-2018-5885 (While loading dynamic fonts, a buffer overflow may occur if the n
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5884 (Improper Access Control in Multimedia in Snapdragon Mobile and Snapdra ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5883
- RESERVED
+CVE-2018-5883 (Buffer overflow in WLAN driver event handlers due to improper validati ...)
+ TODO: check
CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ove ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device manage ...)
@@ -78241,8 +78239,8 @@ CVE-2018-3585
RESERVED
CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3583
- RESERVED
+CVE-2018-3583 (A buffer overflow can occur while processing an extscan hotlist event ...)
+ TODO: check
CVE-2018-3582 (Buffer overflow can occur due to improper input validation in multiple ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3581 (In the WLAN driver in all Android releases from CAF (Android for MSM, ...)
@@ -115403,8 +115401,7 @@ CVE-2017-8254 (In all Qualcomm products with Android releases from CAF using the
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8253 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8252
- RESERVED
+CVE-2017-8252 (Kernel can inject faults in computations during the execution of Trust ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c5f92f52d35a021a96a7cee65054cccc8295f89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c5f92f52d35a021a96a7cee65054cccc8295f89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190614/66f7038e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list