Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c25fe47 by security tracker role at 2019-02-01T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-7298 (An issue was discovered on D-Link DIR-823G devices with
firmware ...)
+ TODO: check
+CVE-2019-7297 (An issue was discovered on D-Link DIR-823G devices with
firmware ...)
+ TODO: check
+CVE-2019-7296 (typora through 0.9.64 has XSS, with resultant remote command
execution, ...)
+ TODO: check
+CVE-2019-7295 (typora through 0.9.63 has XSS, with resultant remote command
execution, ...)
+ TODO: check
+CVE-2019-7294
+ RESERVED
+CVE-2019-7293
+ RESERVED
+CVE-2019-7292
+ RESERVED
+CVE-2019-7291
+ RESERVED
+CVE-2019-7290
+ RESERVED
+CVE-2019-7289
+ RESERVED
+CVE-2019-7288
+ RESERVED
+CVE-2019-7287
+ RESERVED
+CVE-2019-7286
+ RESERVED
+CVE-2019-7285
+ RESERVED
+CVE-2019-7284
+ RESERVED
CVE-2019-7281
RESERVED
CVE-2019-7280
@@ -19817,7 +19847,7 @@ CVE-2018-19025
RESERVED
CVE-2018-19024
RESERVED
-CVE-2018-19023 (Hetronic Nova-M radio control systems prior to version r161
use fixed ...)
+CVE-2018-19023 (Hetronic Nova-M prior to verson r161 uses fixed codes that are
reproducible by sniffing and re-transmission. This can lead to unauthorized
replay of a command, spoofing of an arbitrary message, or keeping the
controlled load in a permanent "stop" state. ...)
NOT-FOR-US: Hetronic Nova-M radio control systems
CVE-2018-19022
RESERVED
@@ -19893,7 +19923,7 @@ CVE-2018-18987 (VT-Designer Version 2.1.7.31 is
vulnerable by the program popula
NOT-FOR-US: VT-Designer
CVE-2018-18986
RESERVED
-CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior
to ...)
+CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior
to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2,
all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to
4.6.96.28.4 a cross-site scripting vulnerability has been identified that may
allow a remote attacker to inject code to some web pages affecting
confidentiality. ...)
NOT-FOR-US: Tridium Niagara Enterprise
CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer
29901 ...)
NOT-FOR-US: Medtronic
@@ -22755,8 +22785,7 @@ CVE-2018-17930 (A stack-based buffer overflow
vulnerability has been identified
NOT-FOR-US: Teledyne DALSA Sherlock
CVE-2018-17929 (In Delta Industrial Automation TPEditor, TPEditor Versions
1.90 and ...)
NOT-FOR-US: TPEditor
-CVE-2018-17928
- RESERVED
+CVE-2018-17928 (The product CMS-770 (Software Versions 1.7.1 and prior)is
vulnerable ...)
NOT-FOR-US: ABB CMS-770
CVE-2018-17927 (In Delta Industrial Automation TPEditor, TPEditor Versions
1.90 and ...)
NOT-FOR-US: TPEditor
@@ -28206,7 +28235,7 @@ CVE-2018-15781
CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper
access ...)
NOT-FOR-US: RSA Archer
CVE-2018-15779
- RESERVED
+ REJECTED
CVE-2018-15778
RESERVED
CVE-2018-15777
@@ -36381,8 +36410,8 @@ CVE-2018-12550
RESERVED
CVE-2018-12549
RESERVED
-CVE-2018-12548
- RESERVED
+CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public
...)
+ TODO: check
CVE-2018-12547
RESERVED
CVE-2018-12546
@@ -54124,8 +54153,8 @@ CVE-2018-6243
RESERVED
CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016
contain a ...)
NOT-FOR-US: NVIDIA
-CVE-2018-6241
- RESERVED
+CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver
in ...)
+ TODO: check
CVE-2018-6240
RESERVED
CVE-2018-6239
@@ -56415,8 +56444,8 @@ CVE-2018-5562
RESERVED
CVE-2018-5561
RESERVED
-CVE-2018-5560
- RESERVED
+CVE-2018-5560 (A reliance on a static, hard-coded credential in the design of
the ...)
+ TODO: check
CVE-2018-5559 (In Rapid7 Komand version 0.41.0 and prior, certain endpoints
that are ...)
NOT-FOR-US: Rapid7 Komand
CVE-2018-5558
@@ -81446,7 +81475,7 @@ CVE-2017-14224 (A heap-based buffer overflow in
WritePCXImage in coders/pcx.c in
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b
CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1654-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
@@ -81594,7 +81623,7 @@ CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg
3.3.3, a DoS in ...)
- libav <removed>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c
in FFmpeg ...)
- {DSA-3996-1}
+ {DSA-3996-1 DLA-1654-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE: libav in Jessie uses a different guard for item_num. Check whether
@@ -100537,6 +100566,7 @@ CVE-2017-7866 (FFmpeg before 2017-01-23 has an
out-of-bounds write caused by a .
[jessie] - libav <not-affected> (vulnerable code not present)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264
CVE-2017-7865 (FFmpeg before 2017-01-24 has an out-of-bounds write caused by a
...)
+ {DLA-1654-1}
- ffmpeg 7:3.2.4-1
- libav <removed>
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb
@@ -100545,6 +100575,7 @@ CVE-2017-7864 (FreeType 2 before 2017-02-02 has an
out-of-bounds write caused by
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a
...)
+ {DLA-1654-1}
- ffmpeg 7:3.2.4-1
- libav <removed>
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e
@@ -176262,6 +176293,7 @@ CVE-2015-1208 (Integer underflow in the
mov_read_default function in ...)
- ffmpeg 7:2.5.3-1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in
Google ...)
+ {DLA-1654-1}
- ffmpeg 7:2.6.1-1
- libav <removed>
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
@@ -182744,6 +182776,7 @@ CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before
2.4.2 does not consider all
NOTE: ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
NOTE: libav:
https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec
ID ...)
+ {DLA-1654-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too
many checks missing)
- libav 6:11.2-1 (bug #773626)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c25fe47cde19738ef23d36e581a2ee54b5fc093
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c25fe47cde19738ef23d36e581a2ee54b5fc093
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
