Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
715c6ada by security tracker role at 2019-03-20T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-9887
+ RESERVED
+CVE-2019-9886
+ RESERVED
+CVE-2019-9885
+ RESERVED
+CVE-2019-9884
+ RESERVED
+CVE-2019-9883
+ RESERVED
+CVE-2019-9882
+ RESERVED
+CVE-2019-9881
+ RESERVED
+CVE-2019-9880
+ RESERVED
+CVE-2019-9879
+ RESERVED
CVE-2019-9878 (There is an invalid memory access in the function
GfxIndexedColorSpace ...)
TODO: check
CVE-2019-9877 (There is an invalid memory access vulnerability in the function
TextPa ...)
@@ -7567,24 +7585,24 @@ CVE-2019-6737
RESERVED
CVE-2019-6736
RESERVED
-CVE-2019-6735
- RESERVED
-CVE-2019-6734
- RESERVED
-CVE-2019-6733
- RESERVED
-CVE-2019-6732
- RESERVED
-CVE-2019-6731
- RESERVED
-CVE-2019-6730
- RESERVED
-CVE-2019-6729
- RESERVED
-CVE-2019-6728
- RESERVED
-CVE-2019-6727
- RESERVED
+CVE-2019-6735 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2019-6734 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2019-6733 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2019-6732 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2019-6731 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
+ TODO: check
+CVE-2019-6730 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
+ TODO: check
+CVE-2019-6729 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
+ TODO: check
+CVE-2019-6728 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2019-6727 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
+ TODO: check
CVE-2019-6726
RESERVED
CVE-2019-6725
@@ -8326,8 +8344,8 @@ CVE-2019-6443 (An issue was discovered in NTPsec before
1.1.3. Because of a bug
- ntpsec 1.1.3+dfsg1-1 (bug #919513)
CVE-2019-6442 (An issue was discovered in NTPsec before 1.1.3. An
authenticated attac ...)
- ntpsec 1.1.3+dfsg1-1 (bug #919513)
-CVE-2019-6441
- RESERVED
+CVE-2019-6441 (An issue was discovered on Shenzhen Coship RT3050 4.0.0.40,
RT3052 4.0 ...)
+ TODO: check
CVE-2019-6440 (Zemana AntiMalware before 3.0.658 Beta mishandles update logic.
...)
NOT-FOR-US: Zemana AntiMalware
CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL
through ...)
@@ -8707,14 +8725,14 @@ CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer
over-read exists in Sass::P
- libsass <unfixed> (low)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2814
-CVE-2019-6282
- RESERVED
+CVE-2019-6282 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with
firmware W ...)
+ TODO: check
CVE-2019-6281
RESERVED
CVE-2019-6280
RESERVED
-CVE-2019-6279
- RESERVED
+CVE-2019-6279 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with
firmware W ...)
+ TODO: check
CVE-2018-20712 (A heap-based buffer over-read exists in the function
d_expression_1 in ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
@@ -8743,10 +8761,10 @@ CVE-2019-6277
RESERVED
CVE-2019-6276
RESERVED
-CVE-2019-6275
- RESERVED
-CVE-2019-6274
- RESERVED
+CVE-2019-6275 (Command injection vulnerability in firmware_cgi in GL.iNet
GL-AR300M-L ...)
+ TODO: check
+CVE-2019-6274 (Directory traversal vulnerability in storage_cgi in GL.iNet
GL-AR300M- ...)
+ TODO: check
CVE-2019-6273 (download_file in GL.iNet GL-AR300M-Lite devices with firmware
2.27 all ...)
NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
CVE-2019-6272 (Command injection vulnerability in login_cgi in GL.iNet
GL-AR300M-Lite ...)
@@ -24810,7 +24828,7 @@ CVE-2018-19558 (An issue was discovered in arcms
through 2018-03-19. SQL injecti
NOT-FOR-US: arcms
CVE-2018-19557 (An issue was discovered in arcms through 2018-03-19. No
authentication ...)
NOT-FOR-US: arcms
-CVE-2018-19556 (zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5
mishandles fi ...)
+CVE-2018-19556 (** DISPUTED ** zb_system/admin/index.php?act=UploadMng in
Z-BlogPHP 1. ...)
NOT-FOR-US: Z-BlogPHP
CVE-2018-19555 (tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to
change any ...)
NOT-FOR-US: tp4a TELEPORT
@@ -27914,8 +27932,8 @@ CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3
build 123214 allows Unre
NOT-FOR-US: Zoho
CVE-2018-18474
RESERVED
-CVE-2018-18473
- RESERVED
+CVE-2018-18473 (A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N
devices ...)
+ TODO: check
CVE-2018-18472
RESERVED
CVE-2018-18471
@@ -30456,48 +30474,48 @@ CVE-2018-17504
RESERVED
CVE-2018-17503
RESERVED
-CVE-2018-17502
- RESERVED
+CVE-2018-17502 (The Receptionist for iPad could allow a local attacker to
obtain sensi ...)
+ TODO: check
CVE-2018-17501
RESERVED
-CVE-2018-17500
- RESERVED
-CVE-2018-17499
- RESERVED
+CVE-2018-17500 (Envoy Passport for Android and Envoy Passport for iPhone could
allow a ...)
+ TODO: check
+CVE-2018-17499 (Envoy Passport for Android and Envoy Passport for iPhone could
allow a ...)
+ TODO: check
CVE-2018-17498
RESERVED
-CVE-2018-17497
- RESERVED
-CVE-2018-17496
- RESERVED
-CVE-2018-17495
- RESERVED
-CVE-2018-17494
- RESERVED
-CVE-2018-17493
- RESERVED
-CVE-2018-17492
- RESERVED
-CVE-2018-17491
- RESERVED
-CVE-2018-17490
- RESERVED
-CVE-2018-17489
- RESERVED
-CVE-2018-17488
- RESERVED
-CVE-2018-17487
- RESERVED
-CVE-2018-17486
- RESERVED
-CVE-2018-17485
- RESERVED
-CVE-2018-17484
- RESERVED
-CVE-2018-17483
- RESERVED
-CVE-2018-17482
- RESERVED
+CVE-2018-17497 (eVisitorPass contains default administrative credentials. An
attacker ...)
+ TODO: check
+CVE-2018-17496 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
+ TODO: check
+CVE-2018-17495 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
+ TODO: check
+CVE-2018-17494 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
+ TODO: check
+CVE-2018-17493 (eVisitorPass could allow a local attacker to gain elevated
privileges ...)
+ TODO: check
+CVE-2018-17492 (EasyLobby Solo contains default administrative credentials. An
attacke ...)
+ TODO: check
+CVE-2018-17491 (EasyLobby Solo could allow a local attacker to gain elevated
privilege ...)
+ TODO: check
+CVE-2018-17490 (EasyLobby Solo is vulnerable to a denial of service. By
visiting the k ...)
+ TODO: check
+CVE-2018-17489 (EasyLobby Solo could allow a local attacker to obtain
sensitive inform ...)
+ TODO: check
+CVE-2018-17488 (Lobby Track Desktop could allow a local attacker to gain
elevated priv ...)
+ TODO: check
+CVE-2018-17487 (Lobby Track Desktop could allow a local attacker to gain
elevated priv ...)
+ TODO: check
+CVE-2018-17486 (Lobby Track Desktop could allow a local attacker to bypass
security re ...)
+ TODO: check
+CVE-2018-17485 (Lobby Track Desktop contains default administrative
credentials. An at ...)
+ TODO: check
+CVE-2018-17484 (Lobby Track Desktop could allow a local attacker to obtain
sensitive i ...)
+ TODO: check
+CVE-2018-17483 (Lobby Track Desktop could allow a local attacker to obtain
sensitive i ...)
+ TODO: check
+CVE-2018-17482 (Lobby Track Desktop could allow a local attacker to obtain
sensitive i ...)
+ TODO: check
CVE-2018-17481 (Incorrect object lifecycle handling in PDFium in Google Chrome
prior t ...)
{DSA-4395-1 DSA-4352-1}
- chromium 71.0.3578.80-1
@@ -35777,8 +35795,8 @@ CVE-2018-15500
RESERVED
CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0,
allow lo ...)
NOT-FOR-US: GEAR Software
-CVE-2018-15498
- RESERVED
+CVE-2018-15498 (YSoft SafeQ Server 6 allows a replay attack. ...)
+ TODO: check
CVE-2018-15497 (The Mitel MiVoice 5330e VoIP device is affected by memory
corruption f ...)
NOT-FOR-US: Mitel
CVE-2018-15496
@@ -56138,9 +56156,9 @@ CVE-2018-7740 (The resv_map_release function in
mm/hugetlb.c in the Linux kernel
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199037
CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass
authenti ...)
NOT-FOR-US: antsle antman
-CVE-2018-7737 (In Z-BlogPHP 1.5.1.1740, there is Web Site physical path
leakage, as d ...)
+CVE-2018-7737 (** DISPUTED ** In Z-BlogPHP 1.5.1.1740, there is Web Site
physical pat ...)
NOT-FOR-US: Z-BlogPHP
-CVE-2018-7736 (In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the
ZC_BLOG_SUBNAME param ...)
+CVE-2018-7736 (** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the
ZC_BLO ...)
NOT-FOR-US: Z-BlogPHP
CVE-2017-18221 (The __munlock_pagevec function in mm/mlock.c in the Linux
kernel befor ...)
- linux 4.11.6-1
@@ -79188,7 +79206,7 @@ CVE-2018-0267 (A vulnerability in the web framework of
Cisco Unified Communicati
CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified
Communications M ...)
NOT-FOR-US: Cisco
CVE-2018-0265
- RESERVED
+ REJECTED
CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for
Advanc ...)
NOT-FOR-US: Cisco
CVE-2018-0263 (A vulnerability in Cisco Meeting Server (CMS) could allow an
unauthent ...)
@@ -79226,7 +79244,7 @@ CVE-2018-0248
CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the
Cisco ...)
NOT-FOR-US: Cisco
CVE-2018-0246
- RESERVED
+ REJECTED
CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series
Wireless ...)
NOT-FOR-US: Cisco
CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower
System Soft ...)
@@ -79246,7 +79264,7 @@ CVE-2018-0238 (A vulnerability in the role-based
resource checking functionality
CVE-2018-0237 (A vulnerability in the file type detection mechanism of the
Cisco Adva ...)
NOT-FOR-US: Cisco
CVE-2018-0236
- RESERVED
+ REJECTED
CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of
the Ci ...)
NOT-FOR-US: Cisco
CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point
Tunneling Prot ...)
@@ -79345,7 +79363,7 @@ CVE-2018-0193 (Multiple vulnerabilities in the CLI
parser of Cisco IOS XE Softwa
CVE-2018-0192
RESERVED
CVE-2018-0191
- RESERVED
+ REJECTED
CVE-2018-0190 (Multiple vulnerabilities in the web-based user interface (web
UI) of C ...)
NOT-FOR-US: Cisco
CVE-2018-0189 (A vulnerability in the Forwarding Information Base (FIB) code
of Cisco ...)
@@ -79421,7 +79439,7 @@ CVE-2018-0155 (A vulnerability in the Bidirectional
Forwarding Detection (BFD) o
CVE-2018-0154 (A vulnerability in the crypto engine of the Cisco Integrated
Services ...)
NOT-FOR-US: Cisco
CVE-2018-0153
- RESERVED
+ REJECTED
CVE-2018-0152 (A vulnerability in the web-based user interface (web UI) of
Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2018-0151 (A vulnerability in the quality of service (QoS) subsystem of
Cisco IOS ...)
@@ -79441,7 +79459,7 @@ CVE-2018-0145 (A vulnerability in the web-based
management interface of the Cisc
CVE-2018-0144 (A vulnerability in the web-based management interface of Cisco
Prime D ...)
NOT-FOR-US: Cisco
CVE-2018-0143
- RESERVED
+ REJECTED
CVE-2018-0142
RESERVED
CVE-2018-0141 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP)
Softwa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/715c6adabf98af0be7b9cbde7584f1e9b7d83fef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/715c6adabf98af0be7b9cbde7584f1e9b7d83fef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
