Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
642cad9a by security tracker role at 2019-01-19T08:10:10Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-6494
+ RESERVED
+CVE-2019-6493
+ RESERVED
+CVE-2019-6492
+ RESERVED
+CVE-2019-6491
+ RESERVED
+CVE-2019-6490
+ RESERVED
+CVE-2019-6489
+ RESERVED
+CVE-2018-20741
+ RESERVED
+CVE-2018-20740
+ RESERVED
+CVE-2018-20739
+ RESERVED
+CVE-2018-20738
+ RESERVED
+CVE-2018-20737
+ RESERVED
+CVE-2018-20736
+ RESERVED
CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6)
through ...)
- glibc <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24097
@@ -5847,12 +5871,12 @@ CVE-2019-3776
RESERVED
CVE-2019-3775
RESERVED
-CVE-2019-3774
- RESERVED
-CVE-2019-3773
- RESERVED
-CVE-2019-3772
- RESERVED
+CVE-2019-3774 (Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older
unsupported ...)
+ TODO: check
+CVE-2019-3773 (Spring Web Services, versions 2.4.3, 3.0.4, and older
unsupported ...)
+ TODO: check
+CVE-2019-3772 (Spring Integration (spring-integration-xml and
spring-integration-ws ...)
+ TODO: check
CVE-2019-3771
RESERVED
CVE-2019-3770
@@ -7979,8 +8003,8 @@ CVE-2018-20235
RESERVED
CVE-2018-20234
RESERVED
-CVE-2018-20233
- RESERVED
+CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin
Manager ...)
+ TODO: check
CVE-2018-20232
RESERVED
CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the
two-factor-authentication ...)
@@ -26204,8 +26228,8 @@ CVE-2018-15786
REJECTED
CVE-2018-15785
REJECTED
-CVE-2018-15784
- RESERVED
+CVE-2018-15784 (Dell Networking OS10 versions prior to 10.4.3.0 contain a ...)
+ TODO: check
CVE-2018-15783
REJECTED
CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager
versions prior ...)
@@ -34649,10 +34673,10 @@ CVE-2017-18334
RESERVED
CVE-2017-18333
RESERVED
-CVE-2017-18332
- RESERVED
-CVE-2017-18331
- RESERVED
+CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or
...)
+ TODO: check
+CVE-2017-18331 (Improper access control on secure display buffers in
snapdragon ...)
+ TODO: check
CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via
initialization ...)
NOT-FOR-US: snapdragon
CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in
snapdragon ...)
@@ -35999,10 +36023,10 @@ CVE-2018-12001
RESERVED
CVE-2018-12000
RESERVED
-CVE-2018-11999
- RESERVED
-CVE-2018-11998
- RESERVED
+CVE-2018-11999 (Improper input validation in trustzone can lead to denial of
service ...)
+ TODO: check
+CVE-2018-11998 (While processing a packet decode request in MQTT, Race
condition can ...)
+ TODO: check
CVE-2018-11997
RESERVED
CVE-2018-11996 (When a malformed command is sent to the device programmer, an
...)
@@ -36011,8 +36035,8 @@ CVE-2018-11995 (In all android releases(Android for
MSM, Firefox OS for MSM, QRD
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to
access ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11993
- RESERVED
+CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT
...)
+ TODO: check
CVE-2018-11992
RESERVED
CVE-2018-11991
@@ -37944,8 +37968,7 @@ CVE-2018-11290 (In Snapdragon (Automobile, Mobile,
Wear) in version MDM9206, MDM
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11289
RESERVED
-CVE-2018-11288
- RESERVED
+CVE-2018-11288 (Possible undefined behavior due to lack of size check in
function for ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11287 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206,
MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
@@ -37953,8 +37976,8 @@ CVE-2018-11286 (In all android releases (Android for
MSM, Firefox OS for MSM, QR
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206,
MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11284
- RESERVED
+CVE-2018-11284 (Spoofed SMS can be used to send a large number of messages to
the ...)
+ TODO: check
CVE-2018-11283
RESERVED
CVE-2018-11282
@@ -37963,8 +37986,8 @@ CVE-2018-11281 (In all android releases (Android for
MSM, Firefox OS for MSM, QR
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11280 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11279
- RESERVED
+CVE-2018-11279 (Lack of check of input size can make device memory get
corrupted ...)
+ TODO: check
CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W,
...)
@@ -50742,8 +50765,8 @@ CVE-2017-18162
RESERVED
CVE-2017-18161
RESERVED
-CVE-2017-18160
- RESERVED
+CVE-2017-18160 (AGPS session failure in GNSS module due to cyphersuites are
hardcoded ...)
+ TODO: check
CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android
for MSM, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in
Android ...)
@@ -53346,8 +53369,8 @@ CVE-2018-5917 (Possible buffer overflow in OEM crypto
function due to improper i
NOT-FOR-US: Snapdragon
CVE-2018-5916 (Buffer overread while decoding PDP modify request or network
initiated ...)
NOT-FOR-US: Snapdragon
-CVE-2018-5915
- RESERVED
+CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in
snapdragon ...)
+ TODO: check
CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ
...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5913
@@ -53414,12 +53437,12 @@ CVE-2018-5883
RESERVED
CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a
buffer ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5881
- RESERVED
-CVE-2018-5880
- RESERVED
-CVE-2018-5879
- RESERVED
+CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device
...)
+ TODO: check
+CVE-2018-5880 (Improper data length check while processing an event report
indication ...)
+ TODO: check
+CVE-2018-5879 (Improper length check while processing an MQTT message can lead
to ...)
+ TODO: check
CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS
message, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5877 (In the device programmer target-side code for firehose, a
string may ...)
@@ -53441,12 +53464,12 @@ CVE-2018-5871 (In Snapdragon (Automobile, Mobile,
Wear) in version MDM9206, MDM9
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5870 (While loading a service image, an untrusted pointer dereference
can ...)
NOT-FOR-US: Snapdragon
-CVE-2018-5869
- RESERVED
-CVE-2018-5868
- RESERVED
-CVE-2018-5867
- RESERVED
+CVE-2018-5869 (Improper input validation in the QTEE keymaster app can lead to
...)
+ TODO: check
+CVE-2018-5868 (Lack of checking input size can lead to buffer overflow In
WideVine in ...)
+ TODO: check
+CVE-2018-5867 (Lack of checking input size can lead to buffer overflow In
WideVine in ...)
+ TODO: check
CVE-2018-5866 (While processing logs, data is copied into a buffer pointed to
by an ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5865 (While processing a debug log event from firmware in all Android
...)
@@ -60194,8 +60217,8 @@ CVE-2018-3597 (In the ADSP RPC driver in Android
releases from CAF using the lin
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD
Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3595
- RESERVED
+CVE-2018-3595 (Anti-rollback can be bypassed in replay scenario during app
loading ...)
+ TODO: check
CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm
...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm
...)
@@ -97295,8 +97318,8 @@ CVE-2017-8278 (In all Qualcomm products with Android
releases from CAF using the
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8276
- RESERVED
+CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in
snapdragon ...)
+ TODO: check
CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm
...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/642cad9a3a7f18dc404ff254d394d807236cbff7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/642cad9a3a7f18dc404ff254d394d807236cbff7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
