[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 07 May 2019 01:10:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eba70500 by security tracker role at 2019-05-07T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a 
cryptograp ...)
+       TODO: check
 CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for 
WordPress allow ...)
        NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress
 CVE-2019-11806
@@ -555,8 +557,8 @@ CVE-2019-11571
        RESERVED
 CVE-2019-11570
        RESERVED
-CVE-2019-11569
-       RESERVED
+CVE-2019-11569 (Veeam ONE Reporter 9.5.0.3201 allows CSRF. ...)
+       TODO: check
 CVE-2019-11568 (An issue was discovered in AikCms v2.0. There is a File upload 
vulnera ...)
        NOT-FOR-US: AikCms
 CVE-2019-11567 (An issue was discovered in AikCms v2.0. There is a SQL 
Injection vulne ...)
@@ -1934,8 +1936,8 @@ CVE-2019-11000
        RESERVED
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
-CVE-2019-10999
-       RESERVED
+CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based 
buffer o ...)
+       TODO: check
 CVE-2019-10998
        RESERVED
 CVE-2019-10997
@@ -31489,7 +31491,7 @@ CVE-2019-0215 (In Apache HTTP Server 2.4 releases 
2.4.37 and 2.4.38, a bug in mo
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0215
 CVE-2019-0214 (In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files 
to the  ...)
        NOT-FOR-US: Apache Archiva
-CVE-2019-0213 (In Apache Archiva before 2.2.4, it is possible to write files 
to the a ...)
+CVE-2019-0213 (In Apache Archiva before 2.2.4, it may be possible to store 
malicious  ...)
        NOT-FOR-US: Apache Archiva
 CVE-2019-0212 (In all previously released Apache HBase 2.x versions 
(2.0.0-2.0.4, 2.1 ...)
        NOT-FOR-US: Apache HBase
@@ -32527,16 +32529,16 @@ CVE-2014-10077 (Hash#slice in 
lib/i18n/core_ext/hash.rb in the i18n gem before 0
        NOTE: 
https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb
 CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in 
Zoho Ma ...)
        NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and 
OpManager
-CVE-2018-18979
-       RESERVED
-CVE-2018-18978
-       RESERVED
-CVE-2018-18977
-       RESERVED
-CVE-2018-18976
-       RESERVED
-CVE-2018-18975
-       RESERVED
+CVE-2018-18979 (An issue was discovered in the Ascensia Contour NEXT ONE 
application f ...)
+       TODO: check
+CVE-2018-18978 (An issue was discovered in the Ascensia Contour NEXT ONE 
application f ...)
+       TODO: check
+CVE-2018-18977 (An issue was discovered in the Ascensia Contour NEXT ONE 
application f ...)
+       TODO: check
+CVE-2018-18976 (An issue was discovered in the Ascensia Contour NEXT ONE 
application f ...)
+       TODO: check
+CVE-2018-18975 (An issue was discovered in the Ascensia Contour NEXT ONE app 
for iOS b ...)
+       TODO: check
 CVE-2018-18974
        RESERVED
 CVE-2018-18973
@@ -52909,22 +52911,17 @@ CVE-2017-18281 (A bool variable in Video function, 
which gets typecasted to int
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18280 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, 
MSM8909W, ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18279
-       RESERVED
+CVE-2017-18279 (Lack of check of buffer length before copying can lead to 
buffer overf ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18278
-       RESERVED
+CVE-2017-18278 (An integer underflow may occur due to lack of check when 
received data ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18277 (When dynamic memory allocation fails, currently the process 
sleeps for ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18276
-       RESERVED
+CVE-2017-18276 (Secure camera logic allows display/secure camera controllers 
to access ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18275
-       RESERVED
+CVE-2017-18275 (A new account can be inserted into simContacts service using 
Android c ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18274
-       RESERVED
+CVE-2017-18274 (While iterating through the models contained in a fixed-size 
array in  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function 
PdfDocument::App ...)
        - libpodofo 0.9.6+dfsg-4 (low; bug #916583)
@@ -65654,8 +65651,7 @@ CVE-2018-1000041 (GNOME librsvg version before commit 
c6ddf2ed4d768fd88adbea2b63
 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function 
in driver ...)
        - linux <not-affected> (Vulnerable code not present)
        NOTE: double-free introduced and fixed in the 4.11 release cycle
-CVE-2017-18173
-       RESERVED
+CVE-2017-18173 (In case of using an invalid android verified boot signature 
with very  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18172 (In a device, with screen size 1440x2560, the check of 
contiguous buffe ...)
        NOT-FOR-US: Qualcomm components for Android
@@ -65687,10 +65683,10 @@ CVE-2017-18159 (In Android releases from CAF using 
the linux kernel (Android for
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in 
Android  ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18157
-       RESERVED
-CVE-2017-18156
-       RESERVED
+CVE-2017-18157 (A Use After Free Condition can occur in Thermal Engine in 
Snapdragon A ...)
+       TODO: check
+CVE-2017-18156 (While processing camera buffers in camera driver, a use after 
free con ...)
+       TODO: check
 CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon 
Automobile and S ...)
        NOT-FOR-US: Snapdragon
 CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in 
MediaServer i ...)
@@ -65740,8 +65736,7 @@ CVE-2017-18133 (In Android before security patch level 
2018-04-05 on Qualcomm Sn
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18132 (In Android before security patch level 2018-04-05 on Qualcomm 
Snapdrag ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18131
-       RESERVED
+CVE-2017-18131 (In QTEE, an incorrect fuse value can be blown in Snapdragon 
Automobile ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18130 (In Android before security patch level 2018-04-05 on Qualcomm 
Snapdrag ...)
        NOT-FOR-US: Qualcomm components for Android
@@ -89433,8 +89428,7 @@ CVE-2017-15843 (Due to a race condition in a bus 
driver, a double free in msm_bu
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the 
mutex b ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15841
-       RESERVED
+CVE-2017-15841 (When HOST sends a Special command ID packet, Controller 
triggers a RAM ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15840
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eba705007593f6da8567b5880a52ae5046028173

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eba705007593f6da8567b5880a52ae5046028173
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to