[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue May 7 09:10:21 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eba70500 by security tracker role at 2019-05-07T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...)
+	TODO: check
 CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...)
 	NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress
 CVE-2019-11806
@@ -555,8 +557,8 @@ CVE-2019-11571
 	RESERVED
 CVE-2019-11570
 	RESERVED
-CVE-2019-11569
-	RESERVED
+CVE-2019-11569 (Veeam ONE Reporter 9.5.0.3201 allows CSRF. ...)
+	TODO: check
 CVE-2019-11568 (An issue was discovered in AikCms v2.0. There is a File upload vulnera ...)
 	NOT-FOR-US: AikCms
 CVE-2019-11567 (An issue was discovered in AikCms v2.0. There is a SQL Injection vulne ...)
@@ -1934,8 +1936,8 @@ CVE-2019-11000
 	RESERVED
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
-CVE-2019-10999
-	RESERVED
+CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer o ...)
+	TODO: check
 CVE-2019-10998
 	RESERVED
 CVE-2019-10997
@@ -31489,7 +31491,7 @@ CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mo
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0215
 CVE-2019-0214 (In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the  ...)
 	NOT-FOR-US: Apache Archiva
-CVE-2019-0213 (In Apache Archiva before 2.2.4, it is possible to write files to the a ...)
+CVE-2019-0213 (In Apache Archiva before 2.2.4, it may be possible to store malicious  ...)
 	NOT-FOR-US: Apache Archiva
 CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1 ...)
 	NOT-FOR-US: Apache HBase
@@ -32527,16 +32529,16 @@ CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0
 	NOTE: https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb
 CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho Ma ...)
 	NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager
-CVE-2018-18979
-	RESERVED
-CVE-2018-18978
-	RESERVED
-CVE-2018-18977
-	RESERVED
-CVE-2018-18976
-	RESERVED
-CVE-2018-18975
-	RESERVED
+CVE-2018-18979 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
+	TODO: check
+CVE-2018-18978 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
+	TODO: check
+CVE-2018-18977 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
+	TODO: check
+CVE-2018-18976 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
+	TODO: check
+CVE-2018-18975 (An issue was discovered in the Ascensia Contour NEXT ONE app for iOS b ...)
+	TODO: check
 CVE-2018-18974
 	RESERVED
 CVE-2018-18973
@@ -52909,22 +52911,17 @@ CVE-2017-18281 (A bool variable in Video function, which gets typecasted to int
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18280 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18279
-	RESERVED
+CVE-2017-18279 (Lack of check of buffer length before copying can lead to buffer overf ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18278
-	RESERVED
+CVE-2017-18278 (An integer underflow may occur due to lack of check when received data ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18277 (When dynamic memory allocation fails, currently the process sleeps for ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18276
-	RESERVED
+CVE-2017-18276 (Secure camera logic allows display/secure camera controllers to access ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18275
-	RESERVED
+CVE-2017-18275 (A new account can be inserted into simContacts service using Android c ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18274
-	RESERVED
+CVE-2017-18274 (While iterating through the models contained in a fixed-size array in  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::App ...)
 	- libpodofo 0.9.6+dfsg-4 (low; bug #916583)
@@ -65654,8 +65651,7 @@ CVE-2018-1000041 (GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63
 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in driver ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: double-free introduced and fixed in the 4.11 release cycle
-CVE-2017-18173
-	RESERVED
+CVE-2017-18173 (In case of using an invalid android verified boot signature with very  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18172 (In a device, with screen size 1440x2560, the check of contiguous buffe ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -65687,10 +65683,10 @@ CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android  ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18157
-	RESERVED
-CVE-2017-18156
-	RESERVED
+CVE-2017-18157 (A Use After Free Condition can occur in Thermal Engine in Snapdragon A ...)
+	TODO: check
+CVE-2017-18156 (While processing camera buffers in camera driver, a use after free con ...)
+	TODO: check
 CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon Automobile and S ...)
 	NOT-FOR-US: Snapdragon
 CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in MediaServer i ...)
@@ -65740,8 +65736,7 @@ CVE-2017-18133 (In Android before security patch level 2018-04-05 on Qualcomm Sn
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18132 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18131
-	RESERVED
+CVE-2017-18131 (In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18130 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -89433,8 +89428,7 @@ CVE-2017-15843 (Due to a race condition in a bus driver, a double free in msm_bu
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the mutex b ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15841
-	RESERVED
+CVE-2017-15841 (When HOST sends a Special command ID packet, Controller triggers a RAM ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15840
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eba705007593f6da8567b5880a52ae5046028173

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eba705007593f6da8567b5880a52ae5046028173
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190507/d05af7f6/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list