[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 17 21:12:40 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
324f1a05 by security tracker role at 2019-05-17T20:12:32Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-12162
+ RESERVED
+CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.p ...)
+ TODO: check
+CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...)
+ TODO: check
+CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in the sc ...)
+ TODO: check
+CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...)
+ TODO: check
+CVE-2019-12157
+ RESERVED
+CVE-2019-12156
+ RESERVED
+CVE-2019-12155
+ RESERVED
+CVE-2019-12154
+ RESERVED
+CVE-2019-12153
+ RESERVED
+CVE-2019-12152
+ RESERVED
CVE-2019-12151
RESERVED
CVE-2019-12150
@@ -146,8 +168,8 @@ CVE-2019-12088
RESERVED
CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...)
NOT-FOR-US: Samsung devices
-CVE-2019-12086
- RESERVED
+CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+ TODO: check
CVE-2019-12085
RESERVED
CVE-2019-12084
@@ -550,8 +572,8 @@ CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with a
- golang-1.12 <not-affected> (Only affects Go on Windows)
- golang-1.11 <not-affected> (Only affects Go on Windows)
NOTE: https://go-review.googlesource.com/c/go/+/176619
-CVE-2019-11887
- RESERVED
+CVE-2019-11887 (SimplyBook.me through 2019-05-11 does not properly restrict File Uploa ...)
+ TODO: check
CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme ...)
NOT-FOR-US: WaspThemes Visual CSS Style Editor plugin for WordPress
CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for ...)
@@ -2385,8 +2407,8 @@ CVE-2019-11116
RESERVED
CVE-2019-11115
RESERVED
-CVE-2019-11114
- RESERVED
+CVE-2019-11114 (Insufficient input validation in Intel(R) Driver & Support Assista ...)
+ TODO: check
CVE-2019-11113
RESERVED
CVE-2019-11112
@@ -2423,12 +2445,12 @@ CVE-2019-11097
RESERVED
CVE-2019-11096
RESERVED
-CVE-2019-11095
- RESERVED
-CVE-2019-11094
- RESERVED
-CVE-2019-11093
- RESERVED
+CVE-2019-11095 (Insufficient access control in Intel(R) Driver & Support Assistant ...)
+ TODO: check
+CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) NUC Kit ...)
+ TODO: check
+CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Discovery ...)
+ TODO: check
CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
@@ -2450,8 +2472,7 @@ CVE-2019-11087
RESERVED
CVE-2019-11086
RESERVED
-CVE-2019-11085 [drm/i915/gvt: Fix mmap range check]
- RESERVED
+CVE-2019-11085 (Insufficient input validation in Kernel Mode Driver in Intel(R) i915 G ...)
- linux 4.19.20-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -2546,8 +2567,8 @@ CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bi
NOTE: https://git.denx.de/?p=u-boot.git;a=commit;h=febbc583319b567fe3d83e521cc2ace9be8d1501
CVE-2019-11058
RESERVED
-CVE-2019-11057
- RESERVED
+CVE-2019-11057 (SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows ...)
+ TODO: check
CVE-2019-11056
RESERVED
CVE-2019-11055
@@ -4745,8 +4766,8 @@ CVE-2019-10141
RESERVED
CVE-2019-10140
RESERVED
-CVE-2019-10139
- RESERVED
+CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ans ...)
+ TODO: check
CVE-2019-10138
RESERVED
CVE-2019-10137
@@ -8682,8 +8703,8 @@ CVE-2019-8939 (data/interfaces/default/history.html in Tautulli 2.1.26 has XSS v
NOT-FOR-US: Tautulli
CVE-2019-8938 (VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter ...)
NOT-FOR-US: VertrigoServ
-CVE-2019-8937
- RESERVED
+CVE-2019-8937 (HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, ori ...)
+ TODO: check
CVE-2019-8936 (NTP through 4.2.8p12 has a NULL Pointer Dereference. ...)
[experimental] - ntp 1:4.2.8p13+dfsg-1
- ntp 1:4.2.8p12+dfsg-4 (bug #924228)
@@ -8711,14 +8732,14 @@ CVE-2019-8931
RESERVED
CVE-2019-8930
RESERVED
-CVE-2019-8929
- RESERVED
-CVE-2019-8928
- RESERVED
-CVE-2019-8927
- RESERVED
-CVE-2019-8926
- RESERVED
+CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
+ TODO: check
+CVE-2019-8928 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
+ TODO: check
+CVE-2019-8927 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
+ TODO: check
+CVE-2019-8926 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
+ TODO: check
CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel ...)
@@ -12425,8 +12446,7 @@ CVE-2019-7355
RESERVED
CVE-2019-7354
RESERVED
-CVE-2019-7353 [Leak of Confidential Issue and Merge Request Titles]
- RESERVED
+CVE-2019-7353 (An Incorrect Access Control issue was discovered in GitLab Community a ...)
- gitlab <not-affected> (Only affects 11.7)
NOTE: https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
@@ -13764,8 +13784,7 @@ CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerabili
[jessie] - phpmyadmin <not-affected> (Vulnerable code introduced later >= 4.5.0)
NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435
-CVE-2019-6797
- RESERVED
+CVE-2019-6797 (An information disclosure issue was discovered in GitLab Enterprise Ed ...)
- gitlab <not-affected> (Only affects EE)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6796 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
@@ -13791,8 +13810,7 @@ CVE-2019-6791
RESERVED
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6790
- RESERVED
+CVE-2019-6790 (An Incorrect Access Control (issue 2 of 3) issue was discovered in Git ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6789
@@ -13803,8 +13821,7 @@ CVE-2019-6788
RESERVED
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6787
- RESERVED
+CVE-2019-6787 (An Incorrect Access Control issue was discovered in GitLab Community a ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6786
@@ -13827,8 +13844,7 @@ CVE-2019-6782
RESERVED
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6781
- RESERVED
+CVE-2019-6781 (An Improper Input Validation issue was discovered in GitLab Community ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6780 (The Wise Chat plugin before 2.7 for WordPress mishandles external link ...)
@@ -14435,7 +14451,7 @@ CVE-2019-1003002 (A sandbox bypass vulnerability exists in Pipeline: Declarative
NOT-FOR-US: Jenkins plugin
CVE-2019-1003001 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security Plugin 2.49 a ...)
+CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security Plugin 1.49 a ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-6501 (In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allow ...)
- qemu 1:3.1+dfsg-3 (bug #920222)
@@ -15889,18 +15905,17 @@ CVE-2019-5960
RESERVED
CVE-2019-5959
RESERVED
-CVE-2019-5958
- RESERVED
-CVE-2019-5957
- RESERVED
+CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and examin ...)
+ TODO: check
+CVE-2019-5957 (Untrusted search path vulnerability in Installer of Electronic recepti ...)
+ TODO: check
CVE-2019-5956
RESERVED
-CVE-2019-5955
- RESERVED
-CVE-2019-5954
- RESERVED
-CVE-2019-5953 [Buffer overflow vulnerability]
- RESERVED
+CVE-2019-5955 (CREATE SD official App for Android version 1.0.2 and earlier allows re ...)
+ TODO: check
+CVE-2019-5954 (JR East Japan train operation information push notification App for An ...)
+ TODO: check
+CVE-2019-5953 (Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers ...)
{DSA-4425-1 DLA-1760-1}
- wget 1.20.1-1.1 (bug #926389)
NOTE: https://jvn.jp/en/jp/JVN25261088/
@@ -15919,46 +15934,46 @@ CVE-2019-5949
RESERVED
CVE-2019-5948
RESERVED
-CVE-2019-5947
- RESERVED
-CVE-2019-5946
- RESERVED
-CVE-2019-5945
- RESERVED
-CVE-2019-5944
- RESERVED
-CVE-2019-5943
- RESERVED
-CVE-2019-5942
- RESERVED
-CVE-2019-5941
- RESERVED
-CVE-2019-5940
- RESERVED
-CVE-2019-5939
- RESERVED
-CVE-2019-5938
- RESERVED
-CVE-2019-5937
- RESERVED
-CVE-2019-5936
- RESERVED
-CVE-2019-5935
- RESERVED
-CVE-2019-5934
- RESERVED
-CVE-2019-5933
- RESERVED
-CVE-2019-5932
- RESERVED
-CVE-2019-5931
- RESERVED
-CVE-2019-5930
- RESERVED
-CVE-2019-5929
- RESERVED
-CVE-2019-5928
- RESERVED
+CVE-2019-5947 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 al ...)
+ TODO: check
+CVE-2019-5946 (Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows re ...)
+ TODO: check
+CVE-2019-5945 (Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the use ...)
+ TODO: check
+CVE-2019-5944 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2019-5943 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2019-5942 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2019-5941 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2019-5940 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
+ TODO: check
+CVE-2019-5939 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
+ TODO: check
+CVE-2019-5938 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
+ TODO: check
+CVE-2019-5937 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
+ TODO: check
+CVE-2019-5936 (Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 all ...)
+ TODO: check
+CVE-2019-5935 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2019-5934 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allow ...)
+ TODO: check
+CVE-2019-5933 (Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2019-5932 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 all ...)
+ TODO: check
+CVE-2019-5931 (Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter t ...)
+ TODO: check
+CVE-2019-5930 (Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access ...)
+ TODO: check
+CVE-2019-5929 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...)
+ TODO: check
+CVE-2019-5928 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...)
+ TODO: check
CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 an ...)
NOT-FOR-US: 'an' App for iOS
CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 ...)
@@ -16049,8 +16064,8 @@ CVE-2019-5885 (Matrix Synapse before 0.34.0.1, when the macaroon_secret_key auth
NOTE: https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks information if ...)
NOT-FOR-US: elFinder
-CVE-2019-5883
- RESERVED
+CVE-2019-5883 (An Incorrect Access Control issue was discovered in GitLab Community a ...)
+ TODO: check
CVE-2019-5881
RESERVED
CVE-2019-5880
@@ -19585,8 +19600,8 @@ CVE-2019-4281
RESERVED
CVE-2019-4280
RESERVED
-CVE-2019-4279
- RESERVED
+CVE-2019-4279 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
+ TODO: check
CVE-2019-4278
RESERVED
CVE-2019-4277
@@ -19905,8 +19920,8 @@ CVE-2019-4121
RESERVED
CVE-2019-4120
RESERVED
-CVE-2019-4119
- RESERVED
+CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...)
+ TODO: check
CVE-2019-4118
RESERVED
CVE-2019-4117
@@ -22123,8 +22138,7 @@ CVE-2018-20501 [Missing authorization control merge requests]
RESERVED
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20500 [Improper access control CI/CD settings]
- RESERVED
+CVE-2018-20500 (An insecure permissions issue was discovered in GitLab Community and E ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20499 [SSRF in project imports with LFS]
@@ -30786,8 +30800,7 @@ CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Director ...)
NOT-FOR-US: Silverpeas
-CVE-2018-19585
- RESERVED
+CVE-2018-19585 (GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19584
@@ -32468,12 +32481,12 @@ CVE-2019-0174
RESERVED
CVE-2019-0173
RESERVED
-CVE-2019-0172
- RESERVED
-CVE-2019-0171
- RESERVED
-CVE-2019-0170
- RESERVED
+CVE-2019-0172 (A logic issue in Intel Unite(R) Client for Android prior to version 4. ...)
+ TODO: check
+CVE-2019-0171 (Improper directory permissions in the installer for Intel(R) Quartus(R ...)
+ TODO: check
+CVE-2019-0170 (Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 ma ...)
+ TODO: check
CVE-2019-0169
RESERVED
CVE-2019-0168
@@ -32517,8 +32530,8 @@ CVE-2019-0155
RESERVED
CVE-2019-0154
RESERVED
-CVE-2019-0153
- RESERVED
+CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 m ...)
+ TODO: check
CVE-2019-0152
RESERVED
CVE-2019-0151
@@ -32547,8 +32560,8 @@ CVE-2019-0140
RESERVED
CVE-2019-0139
RESERVED
-CVE-2019-0138
- RESERVED
+CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.1 ...)
+ TODO: check
CVE-2019-0137
RESERVED
CVE-2019-0136
@@ -32559,8 +32572,8 @@ CVE-2019-0134
RESERVED
CVE-2019-0133
RESERVED
-CVE-2019-0132
- RESERVED
+CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...)
+ TODO: check
CVE-2019-0131
RESERVED
CVE-2019-0130
@@ -32571,8 +32584,8 @@ CVE-2019-0128
RESERVED
CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and bef ...)
NOT-FOR-US: Intel
-CVE-2019-0126
- RESERVED
+CVE-2019-0126 (Insufficient access control in silicon reference firmware for Intel(R) ...)
+ TODO: check
CVE-2019-0125
RESERVED
CVE-2019-0124
@@ -32583,22 +32596,22 @@ CVE-2019-0122 (Double free in Intel(R) SGX SDK for Linux before version 2.2 and
NOT-FOR-US: Intel
CVE-2019-0121 (Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and ...)
NOT-FOR-US: Intel
-CVE-2019-0120
- RESERVED
-CVE-2019-0119
- RESERVED
+CVE-2019-0120 (Insufficient key protection vulnerability in silicon reference firmwar ...)
+ TODO: check
+CVE-2019-0119 (Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) ...)
+ TODO: check
CVE-2019-0118
RESERVED
CVE-2019-0117
RESERVED
-CVE-2019-0116
- RESERVED
-CVE-2019-0115
- RESERVED
-CVE-2019-0114
- RESERVED
-CVE-2019-0113
- RESERVED
+CVE-2019-0116 (An out of bound read in KMD module for Intel(R) Graphics Driver before ...)
+ TODO: check
+CVE-2019-0115 (Insufficient input validation in KMD module for Intel(R) Graphics Driv ...)
+ TODO: check
+CVE-2019-0114 (A race condition in Intel(R) Graphics Drivers before version 10.18.14. ...)
+ TODO: check
+CVE-2019-0113 (Insufficient bounds checking in Intel(R) Graphics Drivers before versi ...)
+ TODO: check
CVE-2019-0112 (Improper flow control in crypto routines for Intel(R) Data Center Mana ...)
NOT-FOR-US: Intel
CVE-2019-0111 (Improper file permissions for Intel(R) Data Center Manager SDK before ...)
@@ -32625,34 +32638,34 @@ CVE-2019-0101 (Authentication bypass in the Intel Unite(R) solution versions 3.2
NOT-FOR-US: Intel
CVE-2019-0100
RESERVED
-CVE-2019-0099
- RESERVED
-CVE-2019-0098
- RESERVED
-CVE-2019-0097
- RESERVED
-CVE-2019-0096
- RESERVED
+CVE-2019-0099 (Insufficient access control vulnerability in subsystem in Intel(R) SPS ...)
+ TODO: check
+CVE-2019-0098 (Logic bug vulnerability in subsystem for Intel(R) CSME before version ...)
+ TODO: check
+CVE-2019-0097 (Insufficient input validation vulnerability in subsystem for Intel(R) ...)
+ TODO: check
+CVE-2019-0096 (Out of bound write vulnerability in subsystem for Intel(R) AMT before ...)
+ TODO: check
CVE-2019-0095
RESERVED
-CVE-2019-0094
- RESERVED
-CVE-2019-0093
- RESERVED
-CVE-2019-0092
- RESERVED
-CVE-2019-0091
- RESERVED
-CVE-2019-0090
- RESERVED
-CVE-2019-0089
- RESERVED
+CVE-2019-0094 (Insufficient input validation vulnerability in subsystem for Intel(R) ...)
+ TODO: check
+CVE-2019-0093 (Insufficient data sanitization vulnerability in HECI subsystem for Int ...)
+ TODO: check
+CVE-2019-0092 (Insufficient input validation vulnerability in subsystem for Intel(R) ...)
+ TODO: check
+CVE-2019-0091 (Code injection vulnerability in installer for Intel(R) CSME before ver ...)
+ TODO: check
+CVE-2019-0090 (Insufficient access control vulnerability in subsystem for Intel(R) CS ...)
+ TODO: check
+CVE-2019-0089 (Improper data sanitization vulnerability in subsystem in Intel(R) SPS ...)
+ TODO: check
CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for Wind ...)
NOT-FOR-US: Intel
CVE-2019-0087
RESERVED
-CVE-2019-0086
- RESERVED
+CVE-2019-0086 (Insufficient access control vulnerability in Dynamic Application Loade ...)
+ TODO: check
CVE-2018-19269
REJECTED
CVE-2018-19268
@@ -38069,12 +38082,12 @@ CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The
- linux 4.18.10-1
NOTE: https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
NOTE: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
-CVE-2018-17181
- RESERVED
-CVE-2018-17180
- RESERVED
-CVE-2018-17179
- RESERVED
+CVE-2018-17181 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection ...)
+ TODO: check
+CVE-2018-17180 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Tra ...)
+ TODO: check
+CVE-2018-17179 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL ...)
+ TODO: check
CVE-2018-17178 (An issue was discovered on Neato Botvac Connected 2.2.0 devices. They ...)
NOT-FOR-US: Neato Botvac Connected devices
CVE-2018-17177 (An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 ...)
@@ -40830,8 +40843,8 @@ CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4
NOT-FOR-US: Eaton Power Xpert Meter
CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...)
NOT-FOR-US: waimai Super Cms
-CVE-2018-16156
- RESERVED
+CVE-2018-16156 (In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC ...)
+ TODO: check
CVE-2018-16155
RESERVED
CVE-2018-16154
@@ -75222,8 +75235,8 @@ CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R)
NOT-FOR-US: Intel
CVE-2018-3702
RESERVED
-CVE-2018-3701
- RESERVED
+CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) PROSet/Wi ...)
+ TODO: check
CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 eXt ...)
NOT-FOR-US: Intel
CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for Windows may ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/324f1a058e0f672a5ae1735f0d39a857c3371e7f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/324f1a058e0f672a5ae1735f0d39a857c3371e7f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190517/98c366f3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list