[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat May 11 09:10:26 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c645e690 by security tracker role at 2019-05-11T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,4 @@
-CVE-2019-11884 [Bluetooth: hidp: fix buffer overflow]
+CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Li ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
CVE-2019-11883
@@ -1923,8 +1923,8 @@ CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not p
NOT-FOR-US: Jenkins
CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
NOT-FOR-US: Jenkins
-CVE-2019-11066
- RESERVED
+CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted Open ...)
+ TODO: check
CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
- gradle <unfixed> (bug #926923)
[buster] - gradle <no-dsa> (Minor issue)
@@ -1948,8 +1948,8 @@ CVE-2019-11061
RESERVED
CVE-2019-11060
RESERVED
-CVE-2019-11059
- RESERVED
+CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...)
+ TODO: check
CVE-2019-11058
RESERVED
CVE-2019-11057
@@ -2115,8 +2115,7 @@ CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip fe
NOT-FOR-US: Materialize
CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices th ...)
NOT-FOR-US: Reolink devices
-CVE-2019-11000
- RESERVED
+CVE-2019-11000 (An issue was discovered in GitLab Enterprise Edition before 11.7.11, 1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer o ...)
@@ -16119,12 +16118,12 @@ CVE-2019-5679
RESERVED
CVE-2019-5678
RESERVED
-CVE-2019-5677
- RESERVED
-CVE-2019-5676
- RESERVED
-CVE-2019-5675
- RESERVED
+CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...)
+ TODO: check
+CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...)
+ TODO: check
+CVE-2019-5675 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...)
+ TODO: check
CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on al ...)
@@ -16485,11 +16484,11 @@ CVE-2019-5498
RESERVED
CVE-2019-5497
RESERVED
-CVE-2019-5496
- RESERVED
-CVE-2019-5495
- RESERVED
-CVE-2019-5494 (Oncommand Unified Manager in 7-mode prior to version 5.2.3 shipped wit ...)
+CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...)
+ TODO: check
+CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows prior ...)
+ TODO: check
+CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...)
TODO: check
CVE-2019-5493
RESERVED
@@ -16601,10 +16600,10 @@ CVE-2019-5440
RESERVED
CVE-2019-5439
RESERVED
-CVE-2019-5438
- RESERVED
-CVE-2019-5437
- RESERVED
+CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0.29.0. ...)
+ TODO: check
+CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...)
+ TODO: check
CVE-2019-5436
RESERVED
CVE-2019-5435
@@ -20681,8 +20680,8 @@ CVE-2019-3568
RESERVED
CVE-2019-3567
RESERVED
-CVE-2019-3566
- RESERVED
+CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...)
+ TODO: check
CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...)
TODO: check
CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...)
@@ -59672,8 +59671,8 @@ CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.
NOT-FOR-US: WolfCMS
CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login fun ...)
NOT-FOR-US: WolfCMS
-CVE-2018-8812
- RESERVED
+CVE-2018-8812 (An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 an ...)
+ TODO: check
CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in system/workplace/ad ...)
NOT-FOR-US: OpenCMS
CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c645e690be226e7752e438f5fa922f18a538c5e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c645e690be226e7752e438f5fa922f18a538c5e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190511/3754fbc4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list