Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2d70ed20 by security tracker role at 2019-04-26T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -134,8 +134,8 @@ CVE-2019-11495
RESERVED
CVE-2019-11494
RESERVED
-CVE-2019-11493
- RESERVED
+CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution
because pd ...)
+ TODO: check
CVE-2019-11492
RESERVED
CVE-2019-11491
@@ -795,10 +795,10 @@ CVE-2019-11221 (GPAC 0.7.1 has a buffer overflow issue in
gf_import_message() in
[stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/f4616202e5578e65746cf7e7ceeba63bee1b094b
NOTE: https://github.com/gpac/gpac/issues/1203
-CVE-2019-11220
- RESERVED
-CVE-2019-11219
- RESERVED
+CVE-2019-11220 (An authentication flaw in Shenzhen Yunni Technology iLnkP2P
allows rem ...)
+ TODO: check
+CVE-2019-11219 (The algorithm used to generate device IDs (UIDs) for devices
that util ...)
+ TODO: check
CVE-2019-11218 (Improper handling of extra parameters in the AccountController
(User P ...)
NOT-FOR-US: Bonobo Git Server
CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before
6.5.0 a ...)
@@ -1224,8 +1224,8 @@ CVE-2019-11029
RESERVED
CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability
allowing ...)
NOT-FOR-US: GAT-Ship Web Module
-CVE-2015-9284
- RESERVED
+CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to
Cross-Site ...)
+ TODO: check
CVE-2019-11027
RESERVED
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0
has infini ...)
@@ -4774,8 +4774,7 @@ CVE-2019-9815
RESERVED
CVE-2019-9814
RESERVED
-CVE-2019-9813
- RESERVED
+CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type
confusion i ...)
{DSA-4417-1 DLA-1727-1}
- firefox 66.0.1-1
- firefox-esr 60.6.1esr-1
@@ -4785,47 +4784,37 @@ CVE-2019-9812
RESERVED
CVE-2019-9811
RESERVED
-CVE-2019-9810
- RESERVED
+CVE-2019-9810 (Incorrect alias information in IonMonkey JIT compiler for
Array.protot ...)
{DSA-4417-1 DLA-1727-1}
- firefox 66.0.1-1
- firefox-esr 60.6.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9810
-CVE-2019-9809
- RESERVED
+CVE-2019-9809 (If the source for resources on a page is through an FTP
connection, it ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9809
-CVE-2019-9808
- RESERVED
+CVE-2019-9808 (If WebRTC permission is requested from documents with data: or
blob: U ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9808
-CVE-2019-9807
- RESERVED
+CVE-2019-9807 (When arbitrary text is sent over an FTP connection and a page
reload i ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9807
-CVE-2019-9806
- RESERVED
+CVE-2019-9806 (A vulnerability exists during authorization prompting for FTP
transact ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9806
-CVE-2019-9805
- RESERVED
+CVE-2019-9805 (A latent vulnerability exists in the Prio library where data
may be re ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9805
-CVE-2019-9804
- RESERVED
+CVE-2019-9804 (In Firefox Developer Tools it is possible that pasting the
result of t ...)
- firefox <not-affected> (MacOS-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9804
-CVE-2019-9803
- RESERVED
+CVE-2019-9803 (The Upgrade-Insecure-Requests (UIR) specification states that
if UIR i ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9803
-CVE-2019-9802
- RESERVED
+CVE-2019-9802 (If a Sandbox content process is compromised, it can initiate an
FTP do ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9802
-CVE-2019-9801
- RESERVED
+CVE-2019-9801 (Firefox will accept any registered Program ID as an external
protocol ...)
- firefox-esr <not-affected> (Windows-specific)
- firefox <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
@@ -4834,20 +4823,16 @@ CVE-2019-9801
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
CVE-2019-9800
RESERVED
-CVE-2019-9799
- RESERVED
+CVE-2019-9799 (Insufficient bounds checking of data during inter-process
communicatio ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
-CVE-2019-9798
- RESERVED
+CVE-2019-9798 (On Android systems, Firefox can load a library from
APITRACE_LIB, whic ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
-CVE-2019-9797
- RESERVED
+CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin
policy ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
-CVE-2019-9796
- RESERVED
+CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL
animation contr ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4855,8 +4840,7 @@ CVE-2019-9796
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9796
-CVE-2019-9795
- RESERVED
+CVE-2019-9795 (A vulnerability where type-confusion in the IonMonkey
just-in-time (JI ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4864,16 +4848,14 @@ CVE-2019-9795
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9795
-CVE-2019-9794
- RESERVED
+CVE-2019-9794 (A vulnerability was discovered where specific command line
arguments a ...)
- firefox-esr <not-affected> (Windows-specific)
- firefox <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9794
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9794
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9794
-CVE-2019-9793
- RESERVED
+CVE-2019-9793 (A mechanism was discovered that removes some bounds checking
for strin ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4881,8 +4863,7 @@ CVE-2019-9793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9793
-CVE-2019-9792
- RESERVED
+CVE-2019-9792 (The IonMonkey just-in-time (JIT) compiler can leak an internal
JS_OPTI ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4890,8 +4871,7 @@ CVE-2019-9792
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9792
-CVE-2019-9791
- RESERVED
+CVE-2019-9791 (The type inference system allows the compilation of functions
that can ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4899,8 +4879,7 @@ CVE-2019-9791
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9791
-CVE-2019-9790
- RESERVED
+CVE-2019-9790 (A use-after-free vulnerability can occur when a raw pointer to
a DOM e ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -4908,12 +4887,10 @@ CVE-2019-9790
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9790
-CVE-2019-9789
- RESERVED
+CVE-2019-9789 (Mozilla developers and community members reported memory safety
bugs p ...)
- firefox 66.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
-CVE-2019-9788
- RESERVED
+CVE-2019-9788 (Mozilla developers and community members reported memory safety
bugs p ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
@@ -12556,8 +12533,8 @@ CVE-2019-6690 (python-gnupg 0.4.3 allows
context-dependent attackers to trick gn
NOTE:
https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web
framework use ...)
NOT-FOR-US: Jenkins
-CVE-2019-6689
- RESERVED
+CVE-2019-6689 (An issue was discovered in Dillon Kane Tidal Workload
Automation Agent ...)
+ TODO: check
CVE-2019-6688
RESERVED
CVE-2019-6687
@@ -19439,12 +19416,12 @@ CVE-2019-3709 (IsilonSD Management Server 1.1.0
contains a cross-site scripting
NOT-FOR-US: IsilonSD Management Server
CVE-2019-3708 (IsilonSD Management Server 1.1.0 contains a cross-site
scripting vulne ...)
NOT-FOR-US: IsilonSD Management Server
-CVE-2019-3707
- RESERVED
-CVE-2019-3706
- RESERVED
-CVE-2019-3705
- RESERVED
+CVE-2019-3707 (Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an
authentication ...)
+ TODO: check
+CVE-2019-3706 (Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22,
3.22.22.22 a ...)
+ TODO: check
+CVE-2019-3705 (Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions
prior t ...)
+ TODO: check
CVE-2019-3704 (VNX Control Station in Dell EMC VNX2 OE for File versions prior
to 8.1 ...)
NOT-FOR-US: EMC
CVE-2019-3703
@@ -23100,8 +23077,8 @@ CVE-2019-2727
RESERVED
CVE-2019-2726
RESERVED
-CVE-2019-2725
- RESERVED
+CVE-2019-2725 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
+ TODO: check
CVE-2019-2724
RESERVED
CVE-2019-2723 (Vulnerability in the Oracle VM VirtualBox component of Oracle
Virtuali ...)
@@ -30834,8 +30811,8 @@ CVE-2019-0188
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in
distributed mod ...)
- jakarta-jmeter <undetermined>
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743
-CVE-2019-0186
- RESERVED
+CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet
3.0.0 an ...)
+ TODO: check
CVE-2018-19277 (securityScan() in PHPOffice PhpSpreadsheet through 1.5.0
allows a bypa ...)
NOT-FOR-US: PHPOffice
CVE-2018-19276 (OpenMRS before 2.24.0 is affected by an Insecure Object
Deserializatio ...)
@@ -32922,19 +32899,17 @@ CVE-2018-18515
RESERVED
CVE-2018-18514
RESERVED
-CVE-2018-18513
- RESERVED
-CVE-2018-18512
- RESERVED
-CVE-2018-18511
- RESERVED
+CVE-2018-18513 (A crash can occur when processing a crafted S/MIME message or
an XPI p ...)
+ TODO: check
+CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound
notific ...)
+ TODO: check
+CVE-2018-18511 (Cross-origin images can be read from a canvas element in
violation of ...)
- firefox 65.0.1-1
- skia <itp> (bug #818180)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
-CVE-2018-18510
- RESERVED
-CVE-2018-18509
- RESERVED
+CVE-2018-18510 (The about:crashcontent and about:crashparent pages can be
triggered by ...)
+ TODO: check
+CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes
emails ...)
{DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
@@ -40688,6 +40663,7 @@ CVE-2018-15589
CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME
structure in ...)
NOT-FOR-US: MailMate
CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures
being sp ...)
+ {DLA-1766-1}
- evolution <unfixed> (bug #924616)
NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/120
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796424
@@ -40770,14 +40746,14 @@ CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT
proxy credentials to the rem
NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
CVE-2018-15585 (Cross-Site Scripting (XSS) vulnerability in newwinform.php in
GNUBOARD ...)
NOT-FOR-US: GNUBOARD
-CVE-2018-15584
- RESERVED
+CVE-2018-15584 (Cross-Site Scripting (XSS) vulnerability in
adm/boardgroup_form_update ...)
+ TODO: check
CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in
GNUBOARD ...)
NOT-FOR-US: GNUBOARD
CVE-2018-15582
RESERVED
-CVE-2018-15581
- RESERVED
+CVE-2018-15581 (Cross-Site Scripting (XSS) vulnerability in
adm/faqmasterformupdate.ph ...)
+ TODO: check
CVE-2018-15580
RESERVED
CVE-2018-15579
@@ -69679,8 +69655,7 @@ CVE-2018-5181 (If a URL using the "file:" protocol is
dragged and dropped onto a
CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL
operations. Whil ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
-CVE-2018-5179
- RESERVED
+CVE-2018-5179 (A service worker can send the activate event on itself
periodically wh ...)
{DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -69930,8 +69905,7 @@ CVE-2018-5125 (Memory safety bugs were reported in
Firefox 58 and Firefox ESR 52
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5124
- RESERVED
+CVE-2018-5124 (Unsanitized output in the browser UI leaves HTML tags in place
and can ...)
- firefox 58.0.1-1
- firefox-esr <not-affected> (Vulnerable code introduced later than 52)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d70ed2082f95f0214d111bfbb6cd57484a8c757
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d70ed2082f95f0214d111bfbb6cd57484a8c757
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
