[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 17 May 2019 13:12:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
324f1a05 by security tracker role at 2019-05-17T20:12:32Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-12162
+       RESERVED
+CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in 
www/runtest.p ...)
+       TODO: check
+CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...)
+       TODO: check
+CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read 
in the sc ...)
+       TODO: check
+CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer 
overflo ...)
+       TODO: check
+CVE-2019-12157
+       RESERVED
+CVE-2019-12156
+       RESERVED
+CVE-2019-12155
+       RESERVED
+CVE-2019-12154
+       RESERVED
+CVE-2019-12153
+       RESERVED
+CVE-2019-12152
+       RESERVED
 CVE-2019-12151
        RESERVED
 CVE-2019-12150
@@ -146,8 +168,8 @@ CVE-2019-12088
        RESERVED
 CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices 
can becom ...)
        NOT-FOR-US: Samsung devices
-CVE-2019-12086
-       RESERVED
+CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
+       TODO: check
 CVE-2019-12085
        RESERVED
 CVE-2019-12084
@@ -550,8 +572,8 @@ CVE-2019-11888 (Go through 1.12.5 on Windows mishandles 
process creation with a
        - golang-1.12 <not-affected> (Only affects Go on Windows)
        - golang-1.11 <not-affected> (Only affects Go on Windows)
        NOTE: https://go-review.googlesource.com/c/go/+/176619
-CVE-2019-11887
-       RESERVED
+CVE-2019-11887 (SimplyBook.me through 2019-05-11 does not properly restrict 
File Uploa ...)
+       TODO: check
 CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka 
yellow-pencil-visual-theme ...)
        NOT-FOR-US: WaspThemes Visual CSS Style Editor plugin for WordPress
 CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 
0.9.97.21 for ...)
@@ -2385,8 +2407,8 @@ CVE-2019-11116
        RESERVED
 CVE-2019-11115
        RESERVED
-CVE-2019-11114
-       RESERVED
+CVE-2019-11114 (Insufficient input validation in Intel(R) Driver &amp; Support 
Assista ...)
+       TODO: check
 CVE-2019-11113
        RESERVED
 CVE-2019-11112
@@ -2423,12 +2445,12 @@ CVE-2019-11097
        RESERVED
 CVE-2019-11096
        RESERVED
-CVE-2019-11095
-       RESERVED
-CVE-2019-11094
-       RESERVED
-CVE-2019-11093
-       RESERVED
+CVE-2019-11095 (Insufficient access control in Intel(R) Driver &amp; Support 
Assistant ...)
+       TODO: check
+CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) 
NUC Kit ...)
+       TODO: check
+CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS 
Discovery  ...)
+       TODO: check
 CVE-2019-11092
        RESERVED
 CVE-2019-11091 [MDSUM  Microarchitectural Data Sampling Uncacheable Memory]
@@ -2450,8 +2472,7 @@ CVE-2019-11087
        RESERVED
 CVE-2019-11086
        RESERVED
-CVE-2019-11085 [drm/i915/gvt: Fix mmap range check]
-       RESERVED
+CVE-2019-11085 (Insufficient input validation in Kernel Mode Driver in 
Intel(R) i915 G ...)
        - linux 4.19.20-1
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -2546,8 +2567,8 @@ CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 
mishandles the ext4 64-bi
        NOTE: 
https://git.denx.de/?p=u-boot.git;a=commit;h=febbc583319b567fe3d83e521cc2ace9be8d1501
 CVE-2019-11058
        RESERVED
-CVE-2019-11057
-       RESERVED
+CVE-2019-11057 (SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 
allows  ...)
+       TODO: check
 CVE-2019-11056
        RESERVED
 CVE-2019-11055
@@ -4745,8 +4766,8 @@ CVE-2019-10141
        RESERVED
 CVE-2019-10140
        RESERVED
-CVE-2019-10139
-       RESERVED
+CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt 
generates an ans ...)
+       TODO: check
 CVE-2019-10138
        RESERVED
 CVE-2019-10137
@@ -8682,8 +8703,8 @@ CVE-2019-8939 (data/interfaces/default/history.html in 
Tautulli 2.1.26 has XSS v
        NOT-FOR-US: Tautulli
 CVE-2019-8938 (VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext 
parameter ...)
        NOT-FOR-US: VertrigoServ
-CVE-2019-8937
-       RESERVED
+CVE-2019-8937 (HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, 
mese_fine, ori ...)
+       TODO: check
 CVE-2019-8936 (NTP through 4.2.8p12 has a NULL Pointer Dereference. ...)
        [experimental] - ntp 1:4.2.8p13+dfsg-1
        - ntp 1:4.2.8p12+dfsg-4 (bug #924228)
@@ -8711,14 +8732,14 @@ CVE-2019-8931
        RESERVED
 CVE-2019-8930
        RESERVED
-CVE-2019-8929
-       RESERVED
-CVE-2019-8928
-       RESERVED
-CVE-2019-8927
-       RESERVED
-CVE-2019-8926
-       RESERVED
+CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer 
Professi ...)
+       TODO: check
+CVE-2019-8928 (An issue was discovered in Zoho ManageEngine Netflow Analyzer 
Professi ...)
+       TODO: check
+CVE-2019-8927 (An issue was discovered in Zoho ManageEngine Netflow Analyzer 
Professi ...)
+       TODO: check
+CVE-2019-8926 (An issue was discovered in Zoho ManageEngine Netflow Analyzer 
Professi ...)
+       TODO: check
 CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer 
Professi ...)
        NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret 
or titel ...)
@@ -12425,8 +12446,7 @@ CVE-2019-7355
        RESERVED
 CVE-2019-7354
        RESERVED
-CVE-2019-7353 [Leak of Confidential Issue and Merge Request Titles]
-       RESERVED
+CVE-2019-7353 (An Incorrect Access Control issue was discovered in GitLab 
Community a ...)
        - gitlab <not-affected> (Only affects 11.7)
        NOTE: 
https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
 CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder 
through  ...)
@@ -13764,8 +13784,7 @@ CVE-2019-6798 (An issue was discovered in phpMyAdmin 
before 4.8.5. A vulnerabili
        [jessie] - phpmyadmin <not-affected> (Vulnerable code introduced later 
>= 4.5.0)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435
-CVE-2019-6797
-       RESERVED
+CVE-2019-6797 (An information disclosure issue was discovered in GitLab 
Enterprise Ed ...)
        - gitlab <not-affected> (Only affects EE)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6796 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
@@ -13791,8 +13810,7 @@ CVE-2019-6791
        RESERVED
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6790
-       RESERVED
+CVE-2019-6790 (An Incorrect Access Control (issue 2 of 3) issue was discovered 
in Git ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6789
@@ -13803,8 +13821,7 @@ CVE-2019-6788
        RESERVED
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6787
-       RESERVED
+CVE-2019-6787 (An Incorrect Access Control issue was discovered in GitLab 
Community a ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6786
@@ -13827,8 +13844,7 @@ CVE-2019-6782
        RESERVED
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6781
-       RESERVED
+CVE-2019-6781 (An Improper Input Validation issue was discovered in GitLab 
Community  ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6780 (The Wise Chat plugin before 2.7 for WordPress mishandles 
external link ...)
@@ -14435,7 +14451,7 @@ CVE-2019-1003002 (A sandbox bypass vulnerability exists 
in Pipeline: Declarative
        NOT-FOR-US: Jenkins plugin
 CVE-2019-1003001 (A sandbox bypass vulnerability exists in Pipeline: Groovy 
Plugin 2.61  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security 
Plugin 2.49 a ...)
+CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security 
Plugin 1.49 a ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-6501 (In QEMU 3.1, scsi_handle_inquiry_reply in 
hw/scsi/scsi-generic.c allow ...)
        - qemu 1:3.1+dfsg-3 (bug #920222)
@@ -15889,18 +15905,17 @@ CVE-2019-5960
        RESERVED
 CVE-2019-5959
        RESERVED
-CVE-2019-5958
-       RESERVED
-CVE-2019-5957
-       RESERVED
+CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and 
examin ...)
+       TODO: check
+CVE-2019-5957 (Untrusted search path vulnerability in Installer of Electronic 
recepti ...)
+       TODO: check
 CVE-2019-5956
        RESERVED
-CVE-2019-5955
-       RESERVED
-CVE-2019-5954
-       RESERVED
-CVE-2019-5953 [Buffer overflow vulnerability]
-       RESERVED
+CVE-2019-5955 (CREATE SD official App for Android version 1.0.2 and earlier 
allows re ...)
+       TODO: check
+CVE-2019-5954 (JR East Japan train operation information push notification App 
for An ...)
+       TODO: check
+CVE-2019-5953 (Buffer overflow in GNU Wget 1.20.1 and earlier allows remote 
attackers ...)
        {DSA-4425-1 DLA-1760-1}
        - wget 1.20.1-1.1 (bug #926389)
        NOTE: https://jvn.jp/en/jp/JVN25261088/
@@ -15919,46 +15934,46 @@ CVE-2019-5949
        RESERVED
 CVE-2019-5948
        RESERVED
-CVE-2019-5947
-       RESERVED
-CVE-2019-5946
-       RESERVED
-CVE-2019-5945
-       RESERVED
-CVE-2019-5944
-       RESERVED
-CVE-2019-5943
-       RESERVED
-CVE-2019-5942
-       RESERVED
-CVE-2019-5941
-       RESERVED
-CVE-2019-5940
-       RESERVED
-CVE-2019-5939
-       RESERVED
-CVE-2019-5938
-       RESERVED
-CVE-2019-5937
-       RESERVED
-CVE-2019-5936
-       RESERVED
-CVE-2019-5935
-       RESERVED
-CVE-2019-5934
-       RESERVED
-CVE-2019-5933
-       RESERVED
-CVE-2019-5932
-       RESERVED
-CVE-2019-5931
-       RESERVED
-CVE-2019-5930
-       RESERVED
-CVE-2019-5929
-       RESERVED
-CVE-2019-5928
-       RESERVED
+CVE-2019-5947 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 
4.10.1 al ...)
+       TODO: check
+CVE-2019-5946 (Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 
allows re ...)
+       TODO: check
+CVE-2019-5945 (Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain 
the use ...)
+       TODO: check
+CVE-2019-5944 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated 
attackers to ...)
+       TODO: check
+CVE-2019-5943 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated 
attackers to ...)
+       TODO: check
+CVE-2019-5942 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated 
attackers to ...)
+       TODO: check
+CVE-2019-5941 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated 
attackers to ...)
+       TODO: check
+CVE-2019-5940 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 
4.10.1 al ...)
+       TODO: check
+CVE-2019-5939 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 
4.10.1 al ...)
+       TODO: check
+CVE-2019-5938 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 
4.10.1 al ...)
+       TODO: check
+CVE-2019-5937 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 
4.10.1 al ...)
+       TODO: check
+CVE-2019-5936 (Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 
4.10.1 all ...)
+       TODO: check
+CVE-2019-5935 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated 
attackers to ...)
+       TODO: check
+CVE-2019-5934 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 
4.10.0 allow ...)
+       TODO: check
+CVE-2019-5933 (Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated 
attackers to ...)
+       TODO: check
+CVE-2019-5932 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 
4.6.3 all ...)
+       TODO: check
+CVE-2019-5931 (Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to 
alter t ...)
+       TODO: check
+CVE-2019-5930 (Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass 
access  ...)
+       TODO: check
+CVE-2019-5929 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 
4.6.3 all ...)
+       TODO: check
+CVE-2019-5928 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 
4.6.3 all ...)
+       TODO: check
 CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 
3.2.0 an ...)
        NOT-FOR-US: 'an' App for iOS
 CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior 
to 6.5  ...)
@@ -16049,8 +16064,8 @@ CVE-2019-5885 (Matrix Synapse before 0.34.0.1, when the 
macaroon_secret_key auth
        NOTE: 
https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
 CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks 
information if  ...)
        NOT-FOR-US: elFinder
-CVE-2019-5883
-       RESERVED
+CVE-2019-5883 (An Incorrect Access Control issue was discovered in GitLab 
Community a ...)
+       TODO: check
 CVE-2019-5881
        RESERVED
 CVE-2019-5880
@@ -19585,8 +19600,8 @@ CVE-2019-4281
        RESERVED
 CVE-2019-4280
        RESERVED
-CVE-2019-4279
-       RESERVED
+CVE-2019-4279 (IBM WebSphere Application Server 8.5 and 9.0 could allow a 
remote atta ...)
+       TODO: check
 CVE-2019-4278
        RESERVED
 CVE-2019-4277
@@ -19905,8 +19920,8 @@ CVE-2019-4121
        RESERVED
 CVE-2019-4120
        RESERVED
-CVE-2019-4119
-       RESERVED
+CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, 
and 3.1.2 ...)
+       TODO: check
 CVE-2019-4118
        RESERVED
 CVE-2019-4117
@@ -22123,8 +22138,7 @@ CVE-2018-20501 [Missing authorization control merge 
requests]
        RESERVED
        - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20500 [Improper access control CI/CD settings]
-       RESERVED
+CVE-2018-20500 (An insecure permissions issue was discovered in GitLab 
Community and E ...)
        - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20499 [SSRF in project imports with LFS]
@@ -30786,8 +30800,7 @@ CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV 
exists in the mongoose.c mg_
        NOTE: smplayer embeds a copy, which is unused in any released version 
and disabled since 18.5.0~ds1-1
 CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated 
Director ...)
        NOT-FOR-US: Silverpeas
-CVE-2018-19585
-       RESERVED
+CVE-2018-19585 (GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x 
before 11 ...)
        - gitlab 11.3.11+dfsg-1
        NOTE: 
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
 CVE-2018-19584
@@ -32468,12 +32481,12 @@ CVE-2019-0174
        RESERVED
 CVE-2019-0173
        RESERVED
-CVE-2019-0172
-       RESERVED
-CVE-2019-0171
-       RESERVED
-CVE-2019-0170
-       RESERVED
+CVE-2019-0172 (A logic issue in Intel Unite(R) Client for Android prior to 
version 4. ...)
+       TODO: check
+CVE-2019-0171 (Improper directory permissions in the installer for Intel(R) 
Quartus(R ...)
+       TODO: check
+CVE-2019-0170 (Buffer overflow in subsystem in Intel(R) DAL before version 
12.0.35 ma ...)
+       TODO: check
 CVE-2019-0169
        RESERVED
 CVE-2019-0168
@@ -32517,8 +32530,8 @@ CVE-2019-0155
        RESERVED
 CVE-2019-0154
        RESERVED
-CVE-2019-0153
-       RESERVED
+CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME before version 
12.0.35 m ...)
+       TODO: check
 CVE-2019-0152
        RESERVED
 CVE-2019-0151
@@ -32547,8 +32560,8 @@ CVE-2019-0140
        RESERVED
 CVE-2019-0139
        RESERVED
-CVE-2019-0138
-       RESERVED
+CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 
12.0.0.1 ...)
+       TODO: check
 CVE-2019-0137
        RESERVED
 CVE-2019-0136
@@ -32559,8 +32572,8 @@ CVE-2019-0134
        RESERVED
 CVE-2019-0133
        RESERVED
-CVE-2019-0132
-       RESERVED
+CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 
3.3.176.13 may ...)
+       TODO: check
 CVE-2019-0131
        RESERVED
 CVE-2019-0130
@@ -32571,8 +32584,8 @@ CVE-2019-0128
        RESERVED
 CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 
and bef ...)
        NOT-FOR-US: Intel
-CVE-2019-0126
-       RESERVED
+CVE-2019-0126 (Insufficient access control in silicon reference firmware for 
Intel(R) ...)
+       TODO: check
 CVE-2019-0125
        RESERVED
 CVE-2019-0124
@@ -32583,22 +32596,22 @@ CVE-2019-0122 (Double free in Intel(R) SGX SDK for 
Linux before version 2.2 and
        NOT-FOR-US: Intel
 CVE-2019-0121 (Improper permissions in Intel(R) Matrix Storage Manager 
8.9.0.1023 and ...)
        NOT-FOR-US: Intel
-CVE-2019-0120
-       RESERVED
-CVE-2019-0119
-       RESERVED
+CVE-2019-0120 (Insufficient key protection vulnerability in silicon reference 
firmwar ...)
+       TODO: check
+CVE-2019-0119 (Buffer overflow vulnerability in system firmware for Intel(R) 
Xeon(R)  ...)
+       TODO: check
 CVE-2019-0118
        RESERVED
 CVE-2019-0117
        RESERVED
-CVE-2019-0116
-       RESERVED
-CVE-2019-0115
-       RESERVED
-CVE-2019-0114
-       RESERVED
-CVE-2019-0113
-       RESERVED
+CVE-2019-0116 (An out of bound read in KMD module for Intel(R) Graphics Driver 
before ...)
+       TODO: check
+CVE-2019-0115 (Insufficient input validation in KMD module for Intel(R) 
Graphics Driv ...)
+       TODO: check
+CVE-2019-0114 (A race condition in Intel(R) Graphics Drivers before version 
10.18.14. ...)
+       TODO: check
+CVE-2019-0113 (Insufficient bounds checking in Intel(R) Graphics Drivers 
before versi ...)
+       TODO: check
 CVE-2019-0112 (Improper flow control in crypto routines for Intel(R) Data 
Center Mana ...)
        NOT-FOR-US: Intel
 CVE-2019-0111 (Improper file permissions for Intel(R) Data Center Manager SDK 
before  ...)
@@ -32625,34 +32638,34 @@ CVE-2019-0101 (Authentication bypass in the Intel 
Unite(R) solution versions 3.2
        NOT-FOR-US: Intel
 CVE-2019-0100
        RESERVED
-CVE-2019-0099
-       RESERVED
-CVE-2019-0098
-       RESERVED
-CVE-2019-0097
-       RESERVED
-CVE-2019-0096
-       RESERVED
+CVE-2019-0099 (Insufficient access control vulnerability in subsystem in 
Intel(R) SPS ...)
+       TODO: check
+CVE-2019-0098 (Logic bug vulnerability in subsystem for Intel(R) CSME before 
version  ...)
+       TODO: check
+CVE-2019-0097 (Insufficient input validation vulnerability in subsystem for 
Intel(R)  ...)
+       TODO: check
+CVE-2019-0096 (Out of bound write vulnerability in subsystem for Intel(R) AMT 
before  ...)
+       TODO: check
 CVE-2019-0095
        RESERVED
-CVE-2019-0094
-       RESERVED
-CVE-2019-0093
-       RESERVED
-CVE-2019-0092
-       RESERVED
-CVE-2019-0091
-       RESERVED
-CVE-2019-0090
-       RESERVED
-CVE-2019-0089
-       RESERVED
+CVE-2019-0094 (Insufficient input validation vulnerability in subsystem for 
Intel(R)  ...)
+       TODO: check
+CVE-2019-0093 (Insufficient data sanitization vulnerability in HECI subsystem 
for Int ...)
+       TODO: check
+CVE-2019-0092 (Insufficient input validation vulnerability in subsystem for 
Intel(R)  ...)
+       TODO: check
+CVE-2019-0091 (Code injection vulnerability in installer for Intel(R) CSME 
before ver ...)
+       TODO: check
+CVE-2019-0090 (Insufficient access control vulnerability in subsystem for 
Intel(R) CS ...)
+       TODO: check
+CVE-2019-0089 (Improper data sanitization vulnerability in subsystem in 
Intel(R) SPS  ...)
+       TODO: check
 CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility 
for Wind ...)
        NOT-FOR-US: Intel
 CVE-2019-0087
        RESERVED
-CVE-2019-0086
-       RESERVED
+CVE-2019-0086 (Insufficient access control vulnerability in Dynamic 
Application Loade ...)
+       TODO: check
 CVE-2018-19269
        REJECTED
 CVE-2018-19268
@@ -38069,12 +38082,12 @@ CVE-2018-17182 (An issue was discovered in the Linux 
kernel through 4.18.8. The
        - linux 4.18.10-1
        NOTE: 
https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
        NOTE: 
https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
-CVE-2018-17181
-       RESERVED
-CVE-2018-17180
-       RESERVED
-CVE-2018-17179
-       RESERVED
+CVE-2018-17181 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL 
Injection ...)
+       TODO: check
+CVE-2018-17180 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. 
Directory Tra ...)
+       TODO: check
+CVE-2018-17179 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. There 
is SQL  ...)
+       TODO: check
 CVE-2018-17178 (An issue was discovered on Neato Botvac Connected 2.2.0 
devices. They  ...)
        NOT-FOR-US: Neato Botvac Connected devices
 CVE-2018-17177 (An issue was discovered on Neato Botvac Connected 2.2.0 and 
Botvac 85  ...)
@@ -40830,8 +40843,8 @@ CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 
8000 devices before 13.4
        NOT-FOR-US: Eaton Power Xpert Meter
 CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers 
to modif ...)
        NOT-FOR-US: waimai Super Cms
-CVE-2018-16156
-       RESERVED
+CVE-2018-16156 (In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the 
FJTWSVIC ...)
+       TODO: check
 CVE-2018-16155
        RESERVED
 CVE-2018-16154
@@ -75222,8 +75235,8 @@ CVE-2018-3703 (Improper directory permissions in the 
installer for the Intel(R)
        NOT-FOR-US: Intel
 CVE-2018-3702
        RESERVED
-CVE-2018-3701
-       RESERVED
+CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) 
PROSet/Wi ...)
+       TODO: check
 CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 
3.0 eXt ...)
        NOT-FOR-US: Intel
 CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for 
Windows may  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/324f1a058e0f672a5ae1735f0d39a857c3371e7f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/324f1a058e0f672a5ae1735f0d39a857c3371e7f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to