[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 13 Jun 2019 13:11:30 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a6f5ad00 by security tracker role at 2019-06-13T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-12799
+       RESERVED
+CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in 
regexp.c do ...)
+       TODO: check
+CVE-2019-12797
+       RESERVED
+CVE-2019-12796
+       RESERVED
 CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 
1.40.x bef ...)
        - gvfs 1.38.1-5 (bug #930376)
        NOTE: 
https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
@@ -58,7 +66,8 @@ CVE-2019-12781
        RESERVED
 CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in 
the Wemo ...)
        NOT-FOR-US: Belkin Wemo Enabled Crock-Pot
-CVE-2019-5439 [Buffer overflow in libavi_plugin memmove() call]
+CVE-2019-5439 (A Buffer Overflow in VLC Media Player &lt; 3.0.7 causes a crash 
which  ...)
+       {DSA-4459-1}
        - vlc 3.0.7-1 (bug #930276)
        NOTE: https://hackerone.com/reports/484398
        NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
@@ -129,6 +138,7 @@ CVE-2019-12751
 CVE-2019-12750
        RESERVED
 CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 
1.13.12, ...)
+       {DSA-4462-1}
        - dbus 1.12.16-1 (bug #930375)
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2
        NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
@@ -4079,32 +4089,32 @@ CVE-2019-11131
        RESERVED
 CVE-2019-11130
        RESERVED
-CVE-2019-11129
-       RESERVED
-CVE-2019-11128
-       RESERVED
-CVE-2019-11127
-       RESERVED
-CVE-2019-11126
-       RESERVED
-CVE-2019-11125
-       RESERVED
-CVE-2019-11124
-       RESERVED
-CVE-2019-11123
-       RESERVED
+CVE-2019-11129 (Out of bound read/write in system firmware for Intel(R) NUC 
Kit may al ...)
+       TODO: check
+CVE-2019-11128 (Insufficient input validation in system firmware for Intel(R) 
NUC Kit  ...)
+       TODO: check
+CVE-2019-11127 (Buffer overflow in system firmware for Intel(R) NUC Kit may 
allow a pr ...)
+       TODO: check
+CVE-2019-11126 (Pointer corruption in system firmware for Intel(R) NUC Kit may 
allow a ...)
+       TODO: check
+CVE-2019-11125 (Insufficient input validation in system firmware for Intel(R) 
NUC Kit  ...)
+       TODO: check
+CVE-2019-11124 (Out of bound read/write in system firmware for Intel(R) NUC 
Kit may al ...)
+       TODO: check
+CVE-2019-11123 (Insufficient session validation in system firmware for 
Intel(R) NUC Ki ...)
+       TODO: check
 CVE-2019-11122
        RESERVED
 CVE-2019-11121
        RESERVED
 CVE-2019-11120
        RESERVED
-CVE-2019-11119
-       RESERVED
+CVE-2019-11119 (Insufficient session validation in the service API for 
Intel(R) RWC3 v ...)
+       TODO: check
 CVE-2019-11118
        RESERVED
-CVE-2019-11117
-       RESERVED
+CVE-2019-11117 (Improper permissions in the installer for Intel(R) Omni-Path 
Fabric Ma ...)
+       TODO: check
 CVE-2019-11116
        RESERVED
 CVE-2019-11115
@@ -4153,8 +4163,8 @@ CVE-2019-11094 (Insufficient input validation in system 
firmware for Intel (R) N
        NOT-FOR-US: Intel (R) NUC Kit
 CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS 
Discovery  ...)
        NOT-FOR-US: Intel(R) SCS Discovery Utility
-CVE-2019-11092
-       RESERVED
+CVE-2019-11092 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
 CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): 
Uncacheab ...)
        {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
        - intel-microcode 3.20190514.1
@@ -14512,8 +14522,8 @@ CVE-2019-7323 (GUP (generic update process) in 
LightySoft LogMX before 7.4.0 doe
        NOT-FOR-US: LightySoft LogMX
 CVE-2019-7322
        RESERVED
-CVE-2019-7321
-       RESERVED
+CVE-2019-7321 (Usage of an uninitialized variable in the function fz_load_jpeg 
in Art ...)
+       TODO: check
 CVE-2019-7320
        RESERVED
 CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a 
crafted PD ...)
@@ -19047,7 +19057,7 @@ CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) 
and Fusion (10.x before 1
        NOT-FOR-US: VMware
 CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to 
9.5.0.3 up ...)
        NOT-FOR-US: VMware vCloud Director for Service Providers
-CVE-2019-5522 (VMware Tools for Windows (10.x before 10.3.10) update addresses 
an out ...)
+CVE-2019-5522 (VMware Tools for Windows update addresses an out of bounds read 
vulner ...)
        NOT-FOR-US: VMware
 CVE-2019-5521
        RESERVED
@@ -19549,8 +19559,8 @@ CVE-2019-5288
        RESERVED
 CVE-2019-5287
        RESERVED
-CVE-2019-5286
-       RESERVED
+CVE-2019-5286 (There is a reflection XSS vulnerability in the HedEx products. 
Remote  ...)
+       TODO: check
 CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An 
unauthentic ...)
        NOT-FOR-US: Huawei
 CVE-2019-5284 (There is a DoS vulnerability in RTSP module of Leland-AL00A 
Huawei sma ...)
@@ -19631,8 +19641,8 @@ CVE-2019-5247
        RESERVED
 CVE-2019-5246
        RESERVED
-CVE-2019-5245
-       RESERVED
+CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking 
vulner ...)
+       TODO: check
 CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 
8.0.0.361(C636) ve ...)
        NOT-FOR-US: Huawei
 CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. 
An att ...)
@@ -34510,26 +34520,25 @@ CVE-2019-0185
        RESERVED
 CVE-2019-0184
        RESERVED
-CVE-2019-0183
-       RESERVED
-CVE-2019-0182
-       RESERVED
-CVE-2019-0181
-       RESERVED
-CVE-2019-0180
-       RESERVED
-CVE-2019-0179
-       RESERVED
-CVE-2019-0178
-       RESERVED
-CVE-2019-0177
-       RESERVED
+CVE-2019-0183 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
+CVE-2019-0182 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
+CVE-2019-0181 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
+CVE-2019-0180 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
+CVE-2019-0179 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
+CVE-2019-0178 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
+CVE-2019-0177 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
 CVE-2019-0176
        RESERVED
-CVE-2019-0175
-       RESERVED
-CVE-2019-0174
-       RESERVED
+CVE-2019-0175 (Insufficient password protection in the attestation database 
for Open  ...)
+       TODO: check
+CVE-2019-0174 (Logic condition in specific microprocessors may allow an 
authenticated ...)
        NOT-FOR-US: RamBleed hardware vulnerability
        NOTE: https://rambleed.com/
 CVE-2019-0173
@@ -34550,8 +34559,8 @@ CVE-2019-0166
        RESERVED
 CVE-2019-0165
        RESERVED
-CVE-2019-0164
-       RESERVED
+CVE-2019-0164 (Improper permissions in the installer for Intel(R) Turbo Boost 
Max Tec ...)
+       TODO: check
 CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) 
Broadwel ...)
        NOT-FOR-US: Intel
 CVE-2019-0162 (Memory access in virtual memory mapping for some 
microprocessors may a ...)
@@ -34575,8 +34584,8 @@ CVE-2019-0159
        RESERVED
 CVE-2019-0158 (Insufficient path checking in the installation package for 
Intel(R) Gr ...)
        NOT-FOR-US: Intel
-CVE-2019-0157
-       RESERVED
+CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for 
Linux may ...)
+       TODO: check
 CVE-2019-0156
        RESERVED
 CVE-2019-0155
@@ -34617,8 +34626,8 @@ CVE-2019-0138 (Improper directory permissions in 
Intel(R) ACU Wizard version 12.
        NOT-FOR-US: Intel(R) ACU Wizard
 CVE-2019-0137
        RESERVED
-CVE-2019-0136
-       RESERVED
+CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless 
WiFi Softw ...)
+       TODO: check
 CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated 
Storage ...)
        NOT-FOR-US: Intel
 CVE-2019-0134
@@ -34629,12 +34638,12 @@ CVE-2019-0132 (Data Corruption in Intel Unite(R) 
Client before version 3.3.176.1
        NOT-FOR-US: Intel Unite(R) Client
 CVE-2019-0131
        RESERVED
-CVE-2019-0130
-       RESERVED
+CVE-2019-0130 (Reflected XSS in web interface for Intel(R) Accelerated Storage 
Manage ...)
+       TODO: check
 CVE-2019-0129 (Improper permissions for Intel(R) USB 3.0 Creator Utility all 
versions ...)
        NOT-FOR-US: Intel
-CVE-2019-0128
-       RESERVED
+CVE-2019-0128 (Improper permissions in the installer for Intel(R) Chipset 
Device Soft ...)
+       TODO: check
 CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 
and bef ...)
        NOT-FOR-US: Intel
 CVE-2019-0126 (Insufficient access control in silicon reference firmware for 
Intel(R) ...)
@@ -53408,8 +53417,8 @@ CVE-2018-12149 (Buffer overflow in input handling in 
Intel Extreme Tuning Utilit
        NOT-FOR-US: Intel
 CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and 
Support A ...)
        NOT-FOR-US: Intel
-CVE-2018-12147
-       RESERVED
+CVE-2018-12147 (Insufficient input validation in HECI subsystem in Intel(R) 
CSME befor ...)
+       TODO: check
 CVE-2018-12146
        RESERVED
 CVE-2018-12145
@@ -56713,10 +56722,10 @@ CVE-2018-10949 (mailboxd in Zimbra Collaboration 
Suite 8.8 before 8.8.8; 8.7 bef
        NOT-FOR-US: Zimbra
 CVE-2018-10948 (Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 
8.8.0 bet ...)
        NOT-FOR-US: Zimbra
-CVE-2018-10947
-       RESERVED
-CVE-2018-10946
-       RESERVED
+CVE-2018-10947 (An issue was discovered in versions earlier than 1.3.2 for 
Polycom Rea ...)
+       TODO: check
+CVE-2018-10946 (An issue was discovered in versions earlier than 1.3.0-66872 
for Polyc ...)
+       TODO: check
 CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in 
Poppler thr ...)
        {DLA-1562-1}
        [experimental] - poppler 0.65.0-1
@@ -77322,8 +77331,8 @@ CVE-2018-3704 (Improper directory permissions in the 
installer for the Intel Par
        NOT-FOR-US: Intel Parallel Studio
 CVE-2018-3703 (Improper directory permissions in the installer for the 
Intel(R) SSD D ...)
        NOT-FOR-US: Intel
-CVE-2018-3702
-       RESERVED
+CVE-2018-3702 (Improper permissions in the installer for the ITE Tech* 
Consumer Infra ...)
+       TODO: check
 CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) 
PROSet/Wi ...)
        NOT-FOR-US: Intel
 CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 
3.0 eXt ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6f5ad00db2b98991530184c89cc5d929a2cdc91

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6f5ad00db2b98991530184c89cc5d929a2cdc91
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to