[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 11 May 2019 01:10:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c645e690 by security tracker role at 2019-05-11T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,4 @@
-CVE-2019-11884 [Bluetooth: hidp: fix buffer overflow]
+CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c 
in the Li ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
 CVE-2019-11883
@@ -1923,8 +1923,8 @@ CVE-2019-1003050 (The f:validateButton form control for 
the Jenkins UI did not p
        NOT-FOR-US: Jenkins
 CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was 
updated t ...)
        NOT-FOR-US: Jenkins
-CVE-2019-11066
-       RESERVED
+CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a 
crafted Open ...)
+       TODO: check
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to 
download ...)
        - gradle <unfixed> (bug #926923)
        [buster] - gradle <no-dsa> (Minor issue)
@@ -1948,8 +1948,8 @@ CVE-2019-11061
        RESERVED
 CVE-2019-11060
        RESERVED
-CVE-2019-11059
-       RESERVED
+CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 
64-bit exte ...)
+       TODO: check
 CVE-2019-11058
        RESERVED
 CVE-2019-11057
@@ -2115,8 +2115,7 @@ CVE-2019-11002 (In Materialize through 1.0.0, XSS is 
possible via the Tooltip fe
        NOT-FOR-US: Materialize
 CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W 
devices th ...)
        NOT-FOR-US: Reolink devices
-CVE-2019-11000
-       RESERVED
+CVE-2019-11000 (An issue was discovered in GitLab Enterprise Edition before 
11.7.11, 1 ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
 CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based 
buffer o ...)
@@ -16119,12 +16118,12 @@ CVE-2019-5679
        RESERVED
 CVE-2019-5678
        RESERVED
-CVE-2019-5677
-       RESERVED
-CVE-2019-5676
-       RESERVED
-CVE-2019-5675
-       RESERVED
+CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all 
versions)  ...)
+       TODO: check
+CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all 
versions)  ...)
+       TODO: check
+CVE-2019-5675 (NVIDIA Windows GPU Display driver software for Windows (all 
versions)  ...)
+       TODO: check
 CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability 
when Sh ...)
        NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver 
(on al ...)
@@ -16485,11 +16484,11 @@ CVE-2019-5498
        RESERVED
 CVE-2019-5497
        RESERVED
-CVE-2019-5496
-       RESERVED
-CVE-2019-5495
-       RESERVED
-CVE-2019-5494 (Oncommand Unified Manager in 7-mode prior to version 5.2.3 
shipped wit ...)
+CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without 
certain HTTP ...)
+       TODO: check
+CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows 
prior  ...)
+       TODO: check
+CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped 
withou ...)
        TODO: check
 CVE-2019-5493
        RESERVED
@@ -16601,10 +16600,10 @@ CVE-2019-5440
        RESERVED
 CVE-2019-5439
        RESERVED
-CVE-2019-5438
-       RESERVED
-CVE-2019-5437
-       RESERVED
+CVE-2019-5438 (Path traversal using symlink in npm harp module versions &lt;= 
0.29.0. ...)
+       TODO: check
+CVE-2019-5437 (Information exposure through the directory listing in npm's 
harp modul ...)
+       TODO: check
 CVE-2019-5436
        RESERVED
 CVE-2019-5435
@@ -20681,8 +20680,8 @@ CVE-2019-3568
        RESERVED
 CVE-2019-3567
        RESERVED
-CVE-2019-3566
-       RESERVED
+CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would 
potentially allo ...)
+       TODO: check
 CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) 
would n ...)
        TODO: check
 CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving 
messages wit ...)
@@ -59672,8 +59671,8 @@ CVE-2018-8814 (Cross-site request forgery (CSRF) 
vulnerability in WolfCMS 0.8.3.
        NOT-FOR-US: WolfCMS
 CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter 
login fun ...)
        NOT-FOR-US: WolfCMS
-CVE-2018-8812
-       RESERVED
+CVE-2018-8812 (An issue was discovered in Avaya one-X Portal for IP Office 
9.1.2.0 an ...)
+       TODO: check
 CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in 
system/workplace/ad ...)
        NOT-FOR-US: OpenCMS
 CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the 
get_iv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c645e690be226e7752e438f5fa922f18a538c5e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c645e690be226e7752e438f5fa922f18a538c5e7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to