[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 21 20:10:44 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4113a477 by security tracker role at 2019-11-21T20:10:30Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...)
+ TODO: check
+CVE-2019-19196
+ RESERVED
+CVE-2019-19195
+ RESERVED
+CVE-2019-19194
+ RESERVED
+CVE-2019-19193
+ RESERVED
+CVE-2019-19192
+ RESERVED
+CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ...)
+ TODO: check
+CVE-2019-19190
+ RESERVED
+CVE-2019-19189
+ RESERVED
+CVE-2019-19188
+ RESERVED
+CVE-2019-19187
+ RESERVED
+CVE-2019-19186
+ RESERVED
+CVE-2019-19185
+ RESERVED
+CVE-2019-19184
+ RESERVED
+CVE-2019-19183
+ RESERVED
+CVE-2019-19182
+ RESERVED
+CVE-2019-19181
+ RESERVED
+CVE-2019-19180
+ RESERVED
+CVE-2019-19179
+ RESERVED
+CVE-2019-19178
+ RESERVED
+CVE-2019-19177
+ RESERVED
+CVE-2019-19176
+ RESERVED
+CVE-2019-19175
+ RESERVED
+CVE-2019-19174
+ RESERVED
+CVE-2019-19173
+ RESERVED
+CVE-2019-19172
+ RESERVED
+CVE-2019-19171
+ RESERVED
+CVE-2019-19170
+ RESERVED
+CVE-2019-19169
+ RESERVED
+CVE-2019-19168
+ RESERVED
+CVE-2019-19167
+ RESERVED
+CVE-2019-19166
+ RESERVED
+CVE-2019-19165
+ RESERVED
+CVE-2019-19164
+ RESERVED
+CVE-2019-19163
+ RESERVED
+CVE-2019-19162
+ RESERVED
+CVE-2019-19161
+ RESERVED
+CVE-2019-19160
+ RESERVED
+CVE-2019-19159
+ RESERVED
+CVE-2019-19158
+ RESERVED
+CVE-2019-19157
+ RESERVED
+CVE-2019-19156
+ RESERVED
+CVE-2019-19155
+ RESERVED
+CVE-2019-19154
+ RESERVED
+CVE-2019-19153
+ RESERVED
+CVE-2019-19152
+ RESERVED
+CVE-2019-19151
+ RESERVED
+CVE-2019-19150
+ RESERVED
+CVE-2019-19149
+ RESERVED
+CVE-2019-19148
+ RESERVED
+CVE-2019-19147
+ RESERVED
CVE-2019-19146
RESERVED
CVE-2019-19145
@@ -264,8 +366,8 @@ CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impa
NOTE: Crash in CLI tool, no security impact
CVE-2019-19034
RESERVED
-CVE-2019-19033
- RESERVED
+CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...)
+ TODO: check
CVE-2019-19032
RESERVED
CVE-2019-19031
@@ -323,8 +425,8 @@ CVE-2019-19008
RESERVED
CVE-2019-19007
RESERVED
-CVE-2019-19006
- RESERVED
+CVE-2019-19006 (Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197. ...)
+ TODO: check
CVE-2019-19005
RESERVED
CVE-2019-19004
@@ -421,8 +523,8 @@ CVE-2019-18960
RESERVED
CVE-2019-18959
RESERVED
-CVE-2019-18958
- RESERVED
+CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory where ...)
+ TODO: check
CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has r ...)
NOT-FOR-US: Microstrategy Library
CVE-2019-18956
@@ -565,8 +667,7 @@ CVE-2019-18892
RESERVED
CVE-2019-18891
RESERVED
-CVE-2019-18890 [SQL injection]
- RESERVED
+CVE-2019-18890 (A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x befor ...)
{DSA-4574-1}
- redmine 3.4.2-1
NOTE: https://www.redmine.org/news/125
@@ -594,8 +695,7 @@ CVE-2019-18887 [Use constant time comparison in UriSigner]
- symfony 4.3.8+dfsg-1
NOTE: https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
NOTE: https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb
-CVE-2019-18886 [Prevent user enumeration using switch user functionality]
- RESERVED
+CVE-2019-18886 (An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. ...)
{DLA-1999-1}
- symfony 4.3.8+dfsg-1
[buster] - symfony <not-affected> (Vulnerability introduced in 4.1.0)
@@ -4218,8 +4318,8 @@ CVE-2019-18351
RESERVED
CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...)
NOT-FOR-US: Ant Design Pro
-CVE-2019-18349
- RESERVED
+CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)
+ TODO: check
CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...)
- python3.8 <unfixed> (unimportant)
- python3.7 <unfixed> (unimportant)
@@ -6649,8 +6749,8 @@ CVE-2019-17652
RESERVED
CVE-2019-17651
RESERVED
-CVE-2019-17650
- RESERVED
+CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...)
+ TODO: check
CVE-2019-17649
RESERVED
CVE-2019-17648
@@ -7451,8 +7551,8 @@ CVE-2019-17423
RESERVED
CVE-2019-17422
RESERVED
-CVE-2019-17421
- RESERVED
+CVE-2019-17421 (Incorrect file permissions on the packaged Nipper executable file in Z ...)
+ TODO: check
CVE-2019-17420 (In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other prod ...)
- libhtp 1:0.5.31-1
NOTE: https://github.com/OISF/libhtp/pull/213
@@ -7757,8 +7857,8 @@ CVE-2019-17274
RESERVED
CVE-2019-17273
RESERVED
-CVE-2019-17272
- RESERVED
+CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...)
+ TODO: check
CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...)
NOT-FOR-US: vBulletin
CVE-2019-17270
@@ -9043,8 +9143,8 @@ CVE-2019-16760 (Cargo prior to Rust 1.26.0 may download the wrong dependency if
NOTE: https://rustsec.org/advisories/CVE-2019-16760.html
CVE-2019-16759 (vBulletin 5.x through 5.5.4 allows remote command execution via the wi ...)
NOT-FOR-US: vBulletin
-CVE-2019-16758
- RESERVED
+CVE-2019-16758 (In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a ...)
+ TODO: check
CVE-2019-16757
RESERVED
CVE-2019-16756
@@ -9509,38 +9609,27 @@ CVE-2019-16550
RESERVED
CVE-2019-16549
RESERVED
-CVE-2019-16548
- RESERVED
+CVE-2019-16548 (A cross-site request forgery vulnerability in Jenkins Google Compute E ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16547
- RESERVED
+CVE-2019-16547 (Missing permission checks in various API endpoints in Jenkins Google C ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16546
- RESERVED
+CVE-2019-16546 (Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16545
- RESERVED
+CVE-2019-16545 (Jenkins QMetry for JIRA - Test Management Plugin transmits credentials ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16544
- RESERVED
+CVE-2019-16544 (Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stor ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16543
- RESERVED
+CVE-2019-16543 (Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials une ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16542
- RESERVED
+CVE-2019-16542 (Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stor ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16541
- RESERVED
+CVE-2019-16541 (Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (f ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16540
- RESERVED
+CVE-2019-16540 (A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16539
- RESERVED
+CVE-2019-16539 (A missing permission check in Jenkins Support Core Plugin 2.63 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16538
- RESERVED
+CVE-2019-16538 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 ...)
NOT-FOR-US: Jenkins plugin
CVE-2016-11013 (The wp-listings plugin before 2.0.2 for WordPress has includes/views/s ...)
NOT-FOR-US: wp-listings plugin for WordPress
@@ -9907,10 +9996,10 @@ CVE-2019-16408
RESERVED
CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a DLL Hi ...)
NOT-FOR-US: JetBrains ReSharper installer
-CVE-2019-16406
- RESERVED
-CVE-2019-16405
- RESERVED
+CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware v ...)
+ TODO: check
+CVE-2019-16405 (Centreon Web 19.04.4 allows Remote Code Execution by an administrator ...)
+ TODO: check
CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...)
NOT-FOR-US: OpenEMR
CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customers to c ...)
@@ -10132,8 +10221,8 @@ CVE-2019-16342
RESERVED
CVE-2019-16341
RESERVED
-CVE-2019-16340
- RESERVED
+CVE-2019-16340 (Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to d ...)
+ TODO: check
CVE-2019-16339
RESERVED
CVE-2019-16338
@@ -12028,8 +12117,8 @@ CVE-2019-15706
RESERVED
CVE-2019-15705
RESERVED
-CVE-2019-15704
- RESERVED
+CVE-2019-15704 (A clear text storage of sensitive information vulnerability in FortiCl ...)
+ TODO: check
CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2. ...)
NOT-FOR-US: Fortinet
CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...)
@@ -12557,8 +12646,8 @@ CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the U
NOT-FOR-US: OpenWrt libuci
CVE-2019-15512
RESERVED
-CVE-2019-15511
- RESERVED
+CVE-2019-15511 (An exploitable local privilege escalation vulnerability exists in the ...)
+ TODO: check
CVE-2019-15510
RESERVED
CVE-2019-15509
@@ -27524,8 +27613,8 @@ CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricke
[jessie] - angular.js <not-affected> (vulnerable code is not present, deep merging introduced later)
NOTE: https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
-CVE-2019-10767
- RESERVED
+CVE-2019-10767 (An attacker can include file contents from outside the `/adapter/xxx/` ...)
+ TODO: check
CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL In ...)
TODO: check
CVE-2019-10765 (iobroker.admin before 3.6.12 allows attacker to include file contents ...)
@@ -27977,8 +28066,8 @@ CVE-2019-10629
RESERVED
CVE-2019-10628
RESERVED
-CVE-2019-10627
- RESERVED
+CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image ...)
+ TODO: check
CVE-2019-10626
RESERVED
CVE-2019-10625
@@ -27997,8 +28086,8 @@ CVE-2019-10619
RESERVED
CVE-2019-10618
RESERVED
-CVE-2019-10617
- RESERVED
+CVE-2019-10617 (Low privilege users can access service configuration which contains re ...)
+ TODO: check
CVE-2019-10616
RESERVED
CVE-2019-10615
@@ -28100,14 +28189,14 @@ CVE-2019-10568
RESERVED
CVE-2019-10567
RESERVED
-CVE-2019-10566
- RESERVED
+CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...)
+ TODO: check
CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
NOT-FOR-US: Snapdragon
CVE-2019-10564
RESERVED
-CVE-2019-10563
- RESERVED
+CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improper inp ...)
+ TODO: check
CVE-2019-10562
RESERVED
CVE-2019-10561
@@ -28165,8 +28254,8 @@ CVE-2019-10537
RESERVED
CVE-2019-10536
RESERVED
-CVE-2019-10535
- RESERVED
+CVE-2019-10535 (Improper validation for loop variable received from firmware can lead ...)
+ TODO: check
CVE-2019-10534 (Null-pointer dereference can occur while accessing the super index ent ...)
NOT-FOR-US: Snapdragon
CVE-2019-10533 (Out of bound access due to improper validation of array index cause th ...)
@@ -28232,8 +28321,8 @@ CVE-2019-10505 (Out of bound access while processing a non-standard IE measureme
NOT-FOR-US: Snapdragon
CVE-2019-10504 (Firmware not able to send EXT scan response to host within 1 sec due t ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10503
- RESERVED
+CVE-2019-10503 (Out-of-bounds access can occur in camera driver due to improper valida ...)
+ TODO: check
CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size is acces ...)
NOT-FOR-US: Snapdragon
CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
@@ -28259,16 +28348,16 @@ CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapd
NOT-FOR-US: Snapdragon
CVE-2019-10491 (ADSP can be compromised since it`s a general-purpose CPU processing un ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10490
- RESERVED
+CVE-2019-10490 (Use after free issue in Xtra daemon shutdown due to static object inst ...)
+ TODO: check
CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...)
NOT-FOR-US: Snapdragon
CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks while ...)
NOT-FOR-US: Snapdragon
CVE-2019-10487
RESERVED
-CVE-2019-10486
- RESERVED
+CVE-2019-10486 (Race condition due to the lack of resource lock which will be concurre ...)
+ TODO: check
CVE-2019-10485
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -39424,8 +39513,8 @@ CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiMana
NOT-FOR-US: Fortinet
CVE-2019-6694
RESERVED
-CVE-2019-6693
- RESERVED
+CVE-2019-6693 (Use of a hard-coded cryptographic key to cipher sensitive data in Fort ...)
+ TODO: check
CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for Wind ...)
NOT-FOR-US: Fortinet
CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...)
@@ -42562,8 +42651,8 @@ CVE-2019-5511 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) runni
NOT-FOR-US: VMware
CVE-2019-5510
RESERVED
-CVE-2019-5509
- RESERVED
+CVE-2019-5509 (ONTAP Select Deploy administration utility versions 2.11.2 through 2.1 ...)
+ TODO: check
CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vul ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...)
@@ -43505,10 +43594,10 @@ CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investin
NOT-FOR-US: Investintech
CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...)
NOT-FOR-US: Investintech
-CVE-2019-5087
- RESERVED
-CVE-2019-5086
- RESERVED
+CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
+ TODO: check
+CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
+ TODO: check
CVE-2019-5085
RESERVED
CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
@@ -43535,10 +43624,10 @@ CVE-2019-5074
RESERVED
CVE-2019-5073
RESERVED
-CVE-2019-5072
- RESERVED
-CVE-2019-5071
- RESERVED
+CVE-2019-5072 (An exploitable command injection vulnerability exists in the /goform/W ...)
+ TODO: check
+CVE-2019-5071 (An exploitable command injection vulnerability exists in the /goform/W ...)
+ TODO: check
CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...)
NOT-FOR-US: eFront LMS
CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
@@ -51738,18 +51827,18 @@ CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is la
NOT-FOR-US: Snapdragon
CVE-2019-2340
RESERVED
-CVE-2019-2339
- RESERVED
+CVE-2019-2339 (Out of bound access due to lack of check of whiltelist array size whil ...)
+ TODO: check
CVE-2019-2338
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2337
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2336
- RESERVED
-CVE-2019-2335
- RESERVED
+CVE-2019-2336 (Subsequent use of the CBO listener may result in further memory corrup ...)
+ TODO: check
+CVE-2019-2335 (While processing Attach Reject message, Valid exit condition is not me ...)
+ TODO: check
CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with wrong ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...)
@@ -51760,8 +51849,8 @@ CVE-2019-2331 (Possible Integer overflow because of subtracting two integers wit
NOT-FOR-US: Snapdragon
CVE-2019-2330 (improper input validation in allocation request for secure allocations ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2329
- RESERVED
+CVE-2019-2329 (Use after free issue in cleanup routine due to missing pointer sanitiz ...)
+ TODO: check
CVE-2019-2328 (Possible buffer overflow when number of channels passed is more than s ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2327 (Possible buffer overflow can occur when playing clip with incorrect el ...)
@@ -51785,14 +51874,14 @@ CVE-2019-2320
CVE-2019-2319
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2318
- RESERVED
+CVE-2019-2318 (Non Secure Kernel can cause Trustzone to do an arbitrary memory read w ...)
+ TODO: check
CVE-2019-2317
RESERVED
CVE-2019-2316 (When computing the digest a local variable is used after going out of ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2315
- RESERVED
+CVE-2019-2315 (While invoking the API to copy from fd or local buffer to the secure b ...)
+ TODO: check
CVE-2019-2314 (Possible race condition that will cause a use-after-free when writing ...)
NOT-FOR-US: Snapdragon
CVE-2019-2313
@@ -51816,8 +51905,8 @@ CVE-2019-2305 (Out of bound access when reason code is extracted from frame data
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2304
RESERVED
-CVE-2019-2303
- RESERVED
+CVE-2019-2303 (SNDCP module may access array out side its boundary when it receives m ...)
+ TODO: check
CVE-2019-2302 (While processing vendor command which contains corrupted channel count ...)
NOT-FOR-US: Snapdragon
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
@@ -51828,12 +51917,12 @@ CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted com
NOT-FOR-US: Snapdragon
CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2297
- RESERVED
+CVE-2019-2297 (Buffer overflow can occur while processing non-standard NAN message fr ...)
+ TODO: check
CVE-2019-2296
RESERVED
-CVE-2019-2295
- RESERVED
+CVE-2019-2295 (Information disclosure due to lack of address range check done on the ...)
+ TODO: check
CVE-2019-2294 (Usage of hard-coded magic number for calculating heap guard bytes can ...)
NOT-FOR-US: Snapdragon
CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length ...)
@@ -51844,8 +51933,8 @@ CVE-2019-2291
RESERVED
CVE-2019-2290 (Multiple open and close from multiple threads will lead camera driver ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2289
- RESERVED
+CVE-2019-2289 (Lack of integrity check allows MODEM to accept any NAS messages which ...)
+ TODO: check
CVE-2019-2288
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -51881,18 +51970,18 @@ CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of
NOT-FOR-US: Snapdragon
CVE-2019-2272 (Buffer overflow can occur in display function due to lack of validatio ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2271
- RESERVED
+CVE-2019-2271 (Buffer over read can happen while parsing downlink session management ...)
+ TODO: check
CVE-2019-2270
RESERVED
CVE-2019-2269 (Possible buffer overflow while processing the high level lim process a ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2268
- RESERVED
+CVE-2019-2268 (Possible OOB read issue in P2P action frames while handling WLAN manag ...)
+ TODO: check
CVE-2019-2267
RESERVED
-CVE-2019-2266
- RESERVED
+CVE-2019-2266 (Possible double free issue in kernel while handling the camera sensor ...)
+ TODO: check
CVE-2019-2265
RESERVED
CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...)
@@ -51921,8 +52010,8 @@ CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a corru
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2252 (Classic buffer overflow vulnerability while playing the specific video ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2251
- RESERVED
+CVE-2019-2251 (If a bitmap file is loaded from any un-authenticated source, there is ...)
+ TODO: check
CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2249 (Kernel can do a memory read from arbitrary address passed by user duri ...)
@@ -72785,8 +72874,8 @@ CVE-2018-13918 (kernel could return a received message length higher than expect
CVE-2018-13917
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13916
- RESERVED
+CVE-2018-13916 (Out-of-bounds memory access in Qurt kernel function when using the ide ...)
+ TODO: check
CVE-2018-13915
RESERVED
CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
@@ -85421,8 +85510,8 @@ CVE-2018-9197
RESERVED
CVE-2018-9196
RESERVED
-CVE-2018-9195
- RESERVED
+CVE-2018-9195 (Use of a hardcoded cryptographic key in the FortiGuard services commun ...)
+ TODO: check
CVE-2018-9194 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
@@ -86256,8 +86345,8 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-
NOTE: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...)
NOT-FOR-US: Lutron Quantum BACnet Integration
-CVE-2018-8879
- RESERVED
+CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...)
+ TODO: check
CVE-2018-8878
RESERVED
CVE-2018-8877
@@ -234571,8 +234660,7 @@ CVE-2014-3702 (Directory traversal vulnerability in eNovance eDeploy allows remo
CVE-2014-3701
RESERVED
- edeploy <itp> (bug #717664)
-CVE-2014-3700
- RESERVED
+CVE-2014-3700 (eDeploy through at least 2014-10-14 has remote code execution due to e ...)
- edeploy <itp> (bug #717664)
CVE-2014-3699
RESERVED
@@ -239837,23 +239925,19 @@ CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not prop
NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
CVE-2014-1939 (java/android/webkit/BrowserFrame.java in Android before 4.4 uses the a ...)
NOT-FOR-US: Android Jelly Bean
-CVE-2014-1938 [insecure use of /tmp]
- RESERVED
+CVE-2014-1938 (python-rply before 0.7.4 insecurely creates temporary files. ...)
- python-rply 0.7.4-1 (unimportant; bug #737627)
NOTE: this CVE is for the insecure use of /tmp as followup for CVE-2014-1604
NOTE: https://github.com/alex/rply/issues/42
NOTE: Not exploitable with kernel hardening since wheezy
-CVE-2014-1937 [insecure use of /tmp]
- RESERVED
+CVE-2014-1937 (Gamera before 3.4.1 insecurely creates temporary files. ...)
- gamera 3.4.1-1 (low; bug #737324)
[squeeze] - gamera <no-dsa> (Minor issue)
[wheezy] - gamera 3.3.3-2+deb7u1
-CVE-2014-1936 [insecure use of /tmp]
- RESERVED
+CVE-2014-1936 (rc before 1.7.1-5 insecurely creates temporary files. ...)
- rc 1.7.1-5 (unimportant; bug #737125)
NOTE: Only in the test suite, not part of the standard package
-CVE-2014-1935 [insecure use of /tmp]
- RESERVED
+CVE-2014-1935 (9base 1:6-6 and 1:6-7 insecurely creates temporary files which results ...)
- 9base <unfixed> (unimportant; bug #737206)
[squeeze] - 9base <no-dsa> (Minor issue)
NOTE: Not exploitable with kernel hardening since wheezy
@@ -243540,11 +243624,9 @@ CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP Q
NOT-FOR-US: QNAP QTS
CVE-2013-7173
RESERVED
-CVE-2013-7172
- RESERVED
+CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...)
- libiodbc2 <not-affected> (RPATH issue slackware specific)
-CVE-2013-7171
- RESERVED
+CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...)
- llvm-2.9 <not-affected> (RPATH issue slackware specific)
- llvm-3.0 <not-affected> (RPATH issue slackware specific)
- llvm-3.1 <not-affected> (RPATH issue slackware specific)
@@ -245482,11 +245564,9 @@ CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss R
NOTE: https://issues.jboss.org/browse/RF-13250
CVE-2014-0085 (JBoss Fuse did not enable encrypted passwords by default in its usage ...)
NOT-FOR-US: Fuse Fabric
-CVE-2014-0084
- RESERVED
+CVE-2014-0084 (Ruby gem openshift-origin-node before 2014-02-14 does not contain a cr ...)
NOT-FOR-US: rubygem-openshift-origin-node
-CVE-2014-0083 [SSHA passwords generated by the net-ldap Ruby gem use a weak salt]
- RESERVED
+CVE-2014-0083 (The Ruby net-ldap gem before 0.16.2 uses a weak salt when generating S ...)
- ruby-net-ldap <not-affected> (SSHA support not present)
NOTE: SSHA support only from version v0.5.0, see #742706
CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...)
@@ -269997,8 +270077,7 @@ CVE-2012-4525 [XSS in password.php]
RESERVED
- piwigo <removed>
[squeeze] - piwigo <not-affected> (vulnerable code not present)
-CVE-2012-4524 [xlockmore bypass]
- RESERVED
+CVE-2012-4524 (xlockmore before 5.43 'dclock' security bypass vulnerability ...)
- xlockmore <removed> (low)
CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates when th ...)
{DSA-2573-1}
@@ -272520,8 +272599,7 @@ CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not pr
{DSA-2897-1 DSA-2725-1}
- tomcat6 6.0.37
- tomcat7 7.0.30
-CVE-2012-3543
- RESERVED
+CVE-2012-3543 (mono 2.10.x ASP.NET Web Form Hash collision DoS ...)
- mono 2.10.8.1-7 (bug #686562)
[squeeze] - mono <no-dsa> (Minor issue)
CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and ...)
@@ -272774,8 +272852,7 @@ CVE-2012-3462
CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_d ...)
{DSA-2526-1}
- libotr 3.2.1-1 (medium; bug #684121)
-CVE-2012-3460
- RESERVED
+CVE-2012-3460 (cumin: At installation postgresql database user created without passwo ...)
NOT-FOR-US: Cumin
CVE-2012-3459 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...)
NOT-FOR-US: Cumin
@@ -275682,8 +275759,7 @@ CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.
CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before 1.4 ...)
{DSA-2467-1}
- mahara 1.4.2-1
-CVE-2012-2350 [pam_shield default configuration does not take any action]
- RESERVED
+CVE-2012-2350 (pam_shield before 0.9.4: Default configuration does not perform protec ...)
- pam-shield 0.9.2-3.3 (low; bug #658830)
[squeeze] - pam-shield 0.9.2-3.3~squeeze1
CVE-2012-2349
@@ -275994,8 +276070,7 @@ CVE-2012-2240 (scripts/dscverify.pl in devscripts before 2.12.3 allows remote at
CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attacke ...)
{DSA-2591-1}
- mahara 1.5.1-3
-CVE-2012-2238
- RESERVED
+CVE-2012-2238 (trytond 2.4: ModelView.button fails to validate authorization ...)
- tryton-server <not-affected> (only affected 2.4, in experimental)
CVE-2012-2237 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x be ...)
{DSA-2540-1}
@@ -308990,7 +309065,7 @@ CVE-2010-XXXX [ZF2010-07]
NOTE: http://framework.zend.com/security/advisory/ZF2010-07
CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...)
- jetty 6.1.22-1 (bug #575789)
-CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...)
+CVE-2009-4611 (Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data with ...)
- jetty 6.1.22-1
CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...)
- jetty <not-affected> (low; bug #575790)
@@ -312070,7 +312145,8 @@ CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5047 (Jetty 6.x before 6.1.22 suffers from an escape sequence injection vuln ...)
+CVE-2009-5047
+ REJECTED
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4113a477f12700cc47559260eff14e2359fc33c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4113a477f12700cc47559260eff14e2359fc33c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191121/221456ea/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list