[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 24 21:10:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
15819380 by security tracker role at 2019-05-24T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-12321
+ RESERVED
+CVE-2019-12320
+ RESERVED
+CVE-2019-12319
+ RESERVED
+CVE-2019-12318
+ RESERVED
+CVE-2019-12317
+ RESERVED
+CVE-2019-12316
+ RESERVED
+CVE-2019-12315 (Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) ...)
+ TODO: check
+CVE-2019-12314 (Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute pa ...)
+ TODO: check
+CVE-2019-12313 (XSS exists in Shave before 2.5.3 because output encoding is mishandled ...)
+ TODO: check
+CVE-2019-12312 (In Libreswan before 3.28, an assertion failure can lead to a pluto IKE ...)
+ TODO: check
+CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php ...)
+ TODO: check
+CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...)
+ TODO: check
+CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...)
+ TODO: check
+CVE-2016-10757 (In Redaxo 5.2.0, the cron management of the admin panel suffers from C ...)
+ TODO: check
+CVE-2016-10756 (Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload becaus ...)
+ TODO: check
+CVE-2016-10755 (AbanteCart 1.2.8 allows SQL Injection via the source_language paramete ...)
+ TODO: check
+CVE-2016-10754 (modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection ...)
+ TODO: check
+CVE-2016-10753 (e107 2.1.2 allows PHP Object Injection with resultant SQL injection, b ...)
+ TODO: check
+CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote atta ...)
+ TODO: check
+CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the ...)
+ TODO: check
CVE-2019-12311
RESERVED
CVE-2019-12310
@@ -286,8 +326,8 @@ CVE-2019-12197
RESERVED
CVE-2019-12196
RESERVED
-CVE-2019-12195
- RESERVED
+CVE-2019-12195 (TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. ...)
+ TODO: check
CVE-2019-12194
RESERVED
CVE-2019-12193
@@ -366,8 +406,7 @@ CVE-2019-12157
RESERVED
CVE-2019-12156
RESERVED
-CVE-2019-12155 [qxl: null pointer dereference while releasing spice resources]
- RESERVED
+CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NUL ...)
- qemu <unfixed> (bug #929353)
- qemu-kvm <removed>
NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1
@@ -380,8 +419,8 @@ CVE-2019-12152
RESERVED
CVE-2019-12151
RESERVED
-CVE-2019-12150
- RESERVED
+CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded file is a ...)
+ TODO: check
CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...)
- systemd 241-4 (bug #929116)
[stretch] - systemd <no-dsa> (Minor issue)
@@ -959,10 +998,10 @@ CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.0003
NOT-FOR-US: XiongMai Besder IP20H1 cameras
CVE-2019-11877
RESERVED
-CVE-2019-11876
- RESERVED
-CVE-2019-11875
- RESERVED
+CVE-2019-11876 (In PrestaShop 1.7.5.2, the shop_country parameter in the install/index ...)
+ TODO: check
+CVE-2019-11875 (In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0. ...)
+ TODO: check
CVE-2019-11874
RESERVED
CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...)
@@ -1603,8 +1642,8 @@ CVE-2019-11606 (doorGets 7.0 has a sensitive information disclosure vulnerabilit
NOT-FOR-US: doorGets
CVE-2019-11605
RESERVED
-CVE-2019-11604
- RESERVED
+CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...)
+ TODO: check
CVE-2019-11603
RESERVED
CVE-2019-11602
@@ -2331,6 +2370,7 @@ CVE-2019-11347
CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of Duty ga ...)
NOT-FOR-US: Activision
CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_ ...)
+ {DSA-4450-1}
- wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463)
NOTE: https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
NOTE: Patches: https://w1.fi/security/2019-5/
@@ -3407,6 +3447,7 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi
NOTE: https://issues.roundup-tracker.org/issue2551035
NOTE: https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SP ...)
+ {DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
@@ -3420,6 +3461,7 @@ CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was ad
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=95571f17d5e2de39735e62e5251583f930c06d51
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-16.html
CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...)
+ {DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
@@ -3431,6 +3473,7 @@ CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an infinite
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=26eee01f57f0a86fb375892c7937eac24ede4610
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-13.html
CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC di ...)
+ {DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
@@ -3454,6 +3497,7 @@ CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-15.html
CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler ...)
+ {DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
@@ -3463,6 +3507,7 @@ CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the Net
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-09.html
CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API d ...)
+ {DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
@@ -3585,10 +3630,10 @@ CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...)
NOT-FOR-US: Computrols CBAS
CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / ...)
NOT-FOR-US: Computrols CBAS
-CVE-2019-10848
- RESERVED
-CVE-2019-10847
- RESERVED
+CVE-2019-10848 (Computrols CBAS 18.0.0 allows Username Enumeration. ...)
+ TODO: check
+CVE-2019-10847 (Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. ...)
+ TODO: check
CVE-2019-10846 (Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scr ...)
NOT-FOR-US: Computrols CBAS
CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...)
@@ -4042,8 +4087,8 @@ CVE-2019-10687
RESERVED
CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
NOT-FOR-US: Ctrip Apollo
-CVE-2019-10685
- RESERVED
+CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
+ TODO: check
CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 74cms v5.0. ...)
NOT-FOR-US: 74cms
CVE-2019-10683
@@ -5206,8 +5251,7 @@ CVE-2019-10145
RESERVED
CVE-2019-10144
RESERVED
-CVE-2019-10143 [freeradius rotates logs with root permissions]
- RESERVED
+CVE-2019-10143 (It was discovered freeradius up to and including version 3.0.19 does n ...)
- freeradius <unfixed> (unimportant; bug #929466)
NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666
NOTE: This is not a security issue per se
@@ -10615,8 +10659,8 @@ CVE-2019-8348
RESERVED
CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via ...)
NOT-FOR-US: BEESCMS
-CVE-2019-8346
- RESERVED
+CVE-2019-8346 (In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authoriza ...)
+ TODO: check
CVE-2019-8345 (The Help feature in the ES File Explorer File Manager application 4.1. ...)
NOT-FOR-US: ES File Explorer File Manager
CVE-2019-8344
@@ -11749,10 +11793,10 @@ CVE-2019-7818 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201
NOT-FOR-US: Adobe
CVE-2019-7817 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7816
- RESERVED
-CVE-2019-7815
- RESERVED
+CVE-2019-7816 (ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Up ...)
+ TODO: check
+CVE-2019-7815 (Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010 ...)
+ TODO: check
CVE-2019-7814 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
CVE-2019-7813 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
@@ -13714,163 +13758,162 @@ CVE-2019-7097 (Adobe Dreamweaver versions 19.0 and earlier have an insecure prot
NOT-FOR-US: Adobe
CVE-2019-7096 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2019-7095
- RESERVED
-CVE-2019-7094
- RESERVED
-CVE-2019-7093
- RESERVED
-CVE-2019-7092
- RESERVED
-CVE-2019-7091
- RESERVED
-CVE-2019-7090
- RESERVED
+CVE-2019-7095 (Adobe Digital Editions versions 4.5.10.185749 and below have a heap ov ...)
+ TODO: check
+CVE-2019-7094 (Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a h ...)
+ TODO: check
+CVE-2019-7093 (Creative Cloud Desktop Application (installer) versions 4.7.0.400 and ...)
+ TODO: check
+CVE-2019-7092 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...)
+ TODO: check
+CVE-2019-7091 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...)
+ TODO: check
+CVE-2019-7090 (Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Pl ...)
NOT-FOR-US: Adobe
-CVE-2019-7089
- RESERVED
+CVE-2019-7089 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
CVE-2019-7088 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7087
- RESERVED
-CVE-2019-7086
- RESERVED
-CVE-2019-7085
- RESERVED
-CVE-2019-7084
- RESERVED
-CVE-2019-7083
- RESERVED
-CVE-2019-7082
- RESERVED
-CVE-2019-7081
- RESERVED
-CVE-2019-7080
- RESERVED
-CVE-2019-7079
- RESERVED
-CVE-2019-7078
- RESERVED
-CVE-2019-7077
- RESERVED
-CVE-2019-7076
- RESERVED
-CVE-2019-7075
- RESERVED
-CVE-2019-7074
- RESERVED
-CVE-2019-7073
- RESERVED
-CVE-2019-7072
- RESERVED
-CVE-2019-7071
- RESERVED
-CVE-2019-7070
- RESERVED
-CVE-2019-7069
- RESERVED
-CVE-2019-7068
- RESERVED
-CVE-2019-7067
- RESERVED
-CVE-2019-7066
- RESERVED
-CVE-2019-7065
- RESERVED
-CVE-2019-7064
- RESERVED
-CVE-2019-7063
- RESERVED
-CVE-2019-7062
- RESERVED
+CVE-2019-7087 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7086 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7085 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7084 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7083 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7082 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7081 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7080 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7079 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7078 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7077 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7076 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7075 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7074 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7073 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7072 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7071 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7070 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7069 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7068 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7067 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7066 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7065 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7064 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7063 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7062 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
CVE-2019-7061 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7060
- RESERVED
-CVE-2019-7059
- RESERVED
-CVE-2019-7058
- RESERVED
-CVE-2019-7057
- RESERVED
-CVE-2019-7056
- RESERVED
-CVE-2019-7055
- RESERVED
-CVE-2019-7054
- RESERVED
-CVE-2019-7053
- RESERVED
-CVE-2019-7052
- RESERVED
-CVE-2019-7051
- RESERVED
-CVE-2019-7050
- RESERVED
-CVE-2019-7049
- RESERVED
-CVE-2019-7048
- RESERVED
-CVE-2019-7047
- RESERVED
-CVE-2019-7046
- RESERVED
-CVE-2019-7045
- RESERVED
-CVE-2019-7044
- RESERVED
-CVE-2019-7043
- RESERVED
-CVE-2019-7042
- RESERVED
-CVE-2019-7041
- RESERVED
-CVE-2019-7040
- RESERVED
-CVE-2019-7039
- RESERVED
-CVE-2019-7038
- RESERVED
-CVE-2019-7037
- RESERVED
-CVE-2019-7036
- RESERVED
-CVE-2019-7035
- RESERVED
-CVE-2019-7034
- RESERVED
-CVE-2019-7033
- RESERVED
-CVE-2019-7032
- RESERVED
-CVE-2019-7031
- RESERVED
-CVE-2019-7030
- RESERVED
-CVE-2019-7029
- RESERVED
-CVE-2019-7028
- RESERVED
-CVE-2019-7027
- RESERVED
-CVE-2019-7026
- RESERVED
-CVE-2019-7025
- RESERVED
-CVE-2019-7024
- RESERVED
-CVE-2019-7023
- RESERVED
-CVE-2019-7022
- RESERVED
-CVE-2019-7021
- RESERVED
-CVE-2019-7020
- RESERVED
-CVE-2019-7019
- RESERVED
-CVE-2019-7018
- RESERVED
+CVE-2019-7060 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7059 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7058 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7057 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7056 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7055 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7054 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7053 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7052 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7051 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7050 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7049 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7048 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7047 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7046 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7045 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7044 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7043 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7042 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7041 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7040 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7039 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7038 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7037 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7036 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7035 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7034 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7033 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7032 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7031 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7030 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7029 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7028 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7027 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7026 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7025 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7024 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7023 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7022 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7021 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7020 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7019 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7018 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
+ TODO: check
CVE-2019-7017
RESERVED
CVE-2019-7016
@@ -25280,8 +25323,8 @@ CVE-2019-2728
RESERVED
CVE-2019-2727
RESERVED
-CVE-2019-2726
- RESERVED
+CVE-2019-2726 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
+ TODO: check
CVE-2019-2725 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2019-2724
@@ -26680,22 +26723,19 @@ CVE-2019-2252
RESERVED
CVE-2019-2251
RESERVED
-CVE-2019-2250
- RESERVED
+CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2249
RESERVED
-CVE-2019-2248
- RESERVED
-CVE-2019-2247
- RESERVED
+CVE-2019-2248 (Buffer overflow can occur if invalid header tries to overwrite the exi ...)
+ TODO: check
+CVE-2019-2247 (Possibility of double free issue while running multiple instances of s ...)
+ TODO: check
CVE-2019-2246
RESERVED
-CVE-2019-2245
- RESERVED
+CVE-2019-2245 (Possible integer underflow can happen when calculating length of eleme ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2244
- RESERVED
+CVE-2019-2244 (Possible integer underflow can happen when calculating length of eleme ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2243
RESERVED
@@ -29339,10 +29379,10 @@ CVE-2018-19615 (Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions
NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
CVE-2018-19614 (XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre ...)
NOT-FOR-US: Westermo routers
-CVE-2018-19613
- RESERVED
-CVE-2018-19612
- RESERVED
+CVE-2018-19613 (Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. ...)
+ TODO: check
+CVE-2018-19612 (The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 ...)
+ TODO: check
CVE-2018-19611
RESERVED
CVE-2018-19610
@@ -36532,12 +36572,12 @@ CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive File
NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive FileManage ...)
NOT-FOR-US: tecrail Responsive FileManager
-CVE-2018-18060
- RESERVED
-CVE-2018-18059
- RESERVED
-CVE-2018-18058
- RESERVED
+CVE-2018-18060 (An issue was discovered in Bitdefender Engines before 7.76808. A vulne ...)
+ TODO: check
+CVE-2018-18059 (An issue was discovered in Bitdefender Engines before 7.76675. A vulne ...)
+ TODO: check
+CVE-2018-18058 (An issue was discovered in Bitdefender Engines before 7.76662. A vulne ...)
+ TODO: check
CVE-2018-18057
RESERVED
CVE-2018-18056
@@ -37129,8 +37169,8 @@ CVE-2018-17845
RESERVED
CVE-2018-17844
RESERVED
-CVE-2018-17843
- RESERVED
+CVE-2018-17843 (SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Soft ...)
+ TODO: check
CVE-2018-17842
RESERVED
CVE-2018-17841
@@ -47328,8 +47368,7 @@ CVE-2018-13927
RESERVED
CVE-2018-13926
RESERVED
-CVE-2018-13925
- RESERVED
+CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13924
RESERVED
@@ -47339,8 +47378,7 @@ CVE-2018-13922
RESERVED
CVE-2018-13921
RESERVED
-CVE-2018-13920
- RESERVED
+CVE-2018-13920 (Use-after-free condition due to Improper handling of hrtimers when the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13919
RESERVED
@@ -47392,8 +47430,7 @@ CVE-2018-13901
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13899
- RESERVED
+CVE-2018-13899 (Processing messages after error may result in user after free memory f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13898
RESERVED
@@ -47402,8 +47439,7 @@ CVE-2018-13897
RESERVED
CVE-2018-13896
RESERVED
-CVE-2018-13895
- RESERVED
+CVE-2018-13895 (Due to the missing permissions on several content providers of the RCS ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13894
RESERVED
@@ -47419,14 +47455,11 @@ CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
NOT-FOR-US: CodeAurora components for Android
CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due to de r ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13887
- RESERVED
+CVE-2018-13887 (Untrusted header fields in GNSS XTRA3 function can lead to integer ove ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13886
- RESERVED
+CVE-2018-13886 (Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then bu ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13885
- RESERVED
+CVE-2018-13885 (Possible memory overread may be lead to access of sensitive data in Sn ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13884
RESERVED
@@ -50461,8 +50494,8 @@ CVE-2018-12626
RESERVED
CVE-2018-12625
RESERVED
-CVE-2018-12624
- RESERVED
+CVE-2018-12624 (An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XS ...)
+ TODO: check
CVE-2018-12623
RESERVED
CVE-2018-12622
@@ -52368,11 +52401,9 @@ CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allo
NOTE: webkit not covered by security support
CVE-2018-12014 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
-CVE-2018-12013
- RESERVED
+CVE-2018-12013 (Improper authentication in locked memory region can lead to unprivilge ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-12012
- RESERVED
+CVE-2018-12012 (While updating blacklisting region shared buffered memory region is no ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
@@ -52386,11 +52417,9 @@ CVE-2018-12007
RESERVED
CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
-CVE-2018-12005
- RESERVED
+CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system halt i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-12004
- RESERVED
+CVE-2018-12004 (Secure keypad is unlocked with secure display still intact in Snapdrag ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-12003
RESERVED
@@ -52449,8 +52478,7 @@ CVE-2018-11978
RESERVED
CVE-2018-11977
RESERVED
-CVE-2018-11976
- RESERVED
+CVE-2018-11976 (ECDSA signature code leaks private keys from secure world to non-secur ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11975
RESERVED
@@ -52466,11 +52494,9 @@ CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in Snap
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11969
RESERVED
-CVE-2018-11968
- RESERVED
+CVE-2018-11968 (Improper check before assigning value can lead to integer overflow in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11967
- RESERVED
+CVE-2018-11967 (Signature verification of the skel library could potentially be disabl ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11966 (Undefined behavior in UE while processing unknown IEI in OTA message i ...)
NOT-FOR-US: Qualcomm components for Android
@@ -52499,8 +52525,7 @@ CVE-2018-11955
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11954
RESERVED
-CVE-2018-11953
- RESERVED
+CVE-2018-11953 (While processing ssid IE length from remote AP, possible out-of-bounds ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11952
RESERVED
@@ -52509,8 +52534,7 @@ CVE-2018-11951 (Improper access control in core module lead XBL_LOADER performs
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11950 (Unapproved TrustZone applications can be loaded and executed in Snapdr ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11949
- RESERVED
+CVE-2018-11949 (Failure to initialize the extra buffer can lead to an out of buffer ac ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the informati ...)
NOT-FOR-US: Qualcomm components for Android
@@ -52528,18 +52552,15 @@ CVE-2018-11942
RESERVED
CVE-2018-11941
RESERVED
-CVE-2018-11940
- RESERVED
+CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function can lead ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11939
RESERVED
CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11937
- RESERVED
+CVE-2018-11937 (Lack of input validation before copying can lead to a buffer over read ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11936
- RESERVED
+CVE-2018-11936 (Index of array is processed in a wrong way inside a while loop and res ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...)
NOT-FOR-US: Qualcomm components for Android
@@ -52551,27 +52572,21 @@ CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11930
- RESERVED
+CVE-2018-11930 (Improper input validation on input data which is used to locate and co ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11929
RESERVED
-CVE-2018-11928
- RESERVED
+CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow while proc ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11927
- RESERVED
+CVE-2018-11927 (Improper input validation on input which is used as an array index wil ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11926
RESERVED
-CVE-2018-11925
- RESERVED
+CVE-2018-11925 (Data length received from firmware is not validated against the max al ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11924
- RESERVED
+CVE-2018-11924 (Improper buffer length validation in WLAN function can lead to a poten ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11923
- RESERVED
+CVE-2018-11923 (Improper buffer length check before copying can lead to integer overfl ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11922
RESERVED
@@ -54423,8 +54438,7 @@ CVE-2018-11273 (In all android releases (Android for MSM, Firefox OS for MSM, QR
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11272
RESERVED
-CVE-2018-11271
- RESERVED
+CVE-2018-11271 (Improper authentication can happen on Remote command handling due to i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11270 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
@@ -55862,8 +55876,8 @@ CVE-2018-10817 (Severalnines ClusterControl before 1.6.0-4699 allows XSS. ...)
NOT-FOR-US: Severalnines ClusterControl
CVE-2018-10816
RESERVED
-CVE-2018-10815
- RESERVED
+CVE-2018-10815 (An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x befo ...)
+ TODO: check
CVE-2018-10814 (Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for ...)
NOT-FOR-US: Synametrics SynaMan
CVE-2018-10813 (In Dedos-web 1.0, the cookie and session secrets used in the Express.j ...)
@@ -119474,8 +119488,8 @@ CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the Fil
- perl 5.24.1-3 (bug #863870)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
-CVE-2016-10245
- RESERVED
+CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...)
+ TODO: check
CVE-2017-6511 (andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in ...)
NOT-FOR-US: FineCMS
CVE-2017-6510 (Easy File Sharing FTP Server version 3.6 is vulnerable to a directory ...)
@@ -139675,12 +139689,12 @@ CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in d
NOT-FOR-US: dotCMS
CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability in /ht ...)
- b2evolution <removed>
-CVE-2016-8900
- RESERVED
+CVE-2016-8900 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
+ TODO: check
CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
NOT-FOR-US: Exponent CMS
-CVE-2016-8898
- RESERVED
+CVE-2016-8898 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability ...)
+ TODO: check
CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability ...)
NOT-FOR-US: Exponent CMS
CVE-2016-8896
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15819380517e18d2960d2125b3e0d625bea6722b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15819380517e18d2960d2125b3e0d625bea6722b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190524/b7301127/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list