Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74ea0bd9 by Salvatore Bonaccorso at 2019-06-14T20:29:16Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2019-12824
CVE-2019-12823
RESERVED
CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before
5.0.1, a he ...)
- TODO: check
+ NOT-FOR-US: Embedthis GoAhead
CVE-2019-12821
RESERVED
CVE-2019-12820
@@ -743,7 +743,7 @@ CVE-2019-12495 (An issue was discovered in Tiny C Compiler
(aka TinyCC or TCC) 0
NOTE:
https://lists.nongnu.org/archive/html/tinycc-devel/2019-05/msg00044.html
NOTE:
https://repo.or.cz/tinycc.git/commit/d04ce7772c2bc2781ab2502e0b1f1964488814b5
CVE-2019-12494 (In Gardener before 0.20.0, incorrect access control in seed
clusters a ...)
- TODO: check
+ NOT-FOR-US: Gardener
CVE-2019-12493 (A stack-based buffer over-read exists in
PostScriptFunction::transform ...)
TODO: check
CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before
7.90.961, and ...)
@@ -3039,7 +3039,7 @@ CVE-2019-11584
CVE-2019-11583
RESERVED
CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree
for Window ...)
- TODO: check
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2019-11581
RESERVED
CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall
development p ...)
@@ -21455,7 +21455,7 @@ CVE-2019-4405
CVE-2019-4404
RESERVED
CVE-2019-4403 (IBM Connections 6.0 is vulnerable to cross-site scripting. This
vulner ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4402
RESERVED
CVE-2019-4401
@@ -21499,7 +21499,7 @@ CVE-2019-4383
CVE-2019-4382
RESERVED
CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain
sensiti ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4380
RESERVED
CVE-2019-4379
@@ -21783,7 +21783,7 @@ CVE-2019-4241
CVE-2019-4240
RESERVED
CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through
3.0.1) stor ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is
vulnerable t ...)
NOT-FOR-US: IBM
CVE-2019-4237
@@ -23569,7 +23569,7 @@ CVE-2018-20657 (The demangle_template function in
cplus-dem.c in GNU libiberty,
CVE-2018-20656
RESERVED
CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size
check when ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP
Basic Au ...)
{DLA-1636-1}
- aria2 1.34.0-4 (low; bug #918058)
@@ -33464,7 +33464,7 @@ CVE-2019-0318
CVE-2019-0317
RESERVED
CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20,
SAP_XITO ...)
- TODO: check
+ NOT-FOR-US: SAP NetWeaver Process Integration
CVE-2019-0315 (Under certain conditions the PI Integration Builder Web UI of
SAP NetW ...)
NOT-FOR-US: SAP
CVE-2019-0314 (SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory
Manager, v ...)
@@ -33490,7 +33490,7 @@ CVE-2019-0305 (Java Server Pages (JSPs) provided by the
SAP NetWeaver Process In
CVE-2019-0304 (FTP Function of SAP NetWeaver AS ABAP Platform, versions-
KRNL32NUC 7. ...)
NOT-FOR-US: SAP NetWeaver AS ABAP Platform
CVE-2019-0303 (SAP BusinessObjects Business Intelligence Platform
(Administration Con ...)
- TODO: check
+ NOT-FOR-US: SAP BusinessObjects Business Intelligence Platform
CVE-2019-0302
RESERVED
CVE-2019-0301 (Under certain conditions, it is possible to request the
modification o ...)
@@ -54047,7 +54047,7 @@ CVE-2018-11949 (Failure to initialize the extra buffer
can lead to an out of buf
CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the
informati ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11947 (The txrx stats req might be double freed in the pdev detach
when the h ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11945 (Improper input validation in wireless service messaging module
for dat ...)
@@ -54057,13 +54057,13 @@ CVE-2018-11944
CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the
firmwar ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-11941
RESERVED
CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function
can lead ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11939 (Use after issue in WLAN function due to multiple ACS scan
requests at ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-11938 (Improper input validation for argument received from HLOS can
lead to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11937 (Lack of input validation before copying can lead to a buffer
over read ...)
@@ -54073,7 +54073,7 @@ CVE-2018-11936 (Index of array is processed in a wrong
way inside a while loop a
CVE-2018-11935 (Improper input validation might result in incorrect app id
returned to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11934 (Possible out of bounds write due to improper input validation
while pr ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-11933
RESERVED
CVE-2018-11932 (Improper input validation can lead RW access to secure
subsystem from ...)
@@ -54083,7 +54083,7 @@ CVE-2018-11931 (Improper access to HLOS is possible
while transferring memory to
CVE-2018-11930 (Improper input validation on input data which is used to
locate and co ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11929 (Lack of input validation in WLAN function can lead to
potential heap o ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow
while proc ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11927 (Improper input validation on input which is used as an array
index wil ...)
@@ -54303,7 +54303,7 @@ CVE-2018-11821 (Possible integer overflow may happen in
WLAN during memory alloc
CVE-2018-11820 (Use of non-time constant memcmp function creates side channel
that lea ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11819 (Use after issue in WLAN function due to multiple ACS scan
requests at ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-11818 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11817
@@ -69831,9 +69831,9 @@ CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive
Iteration in the PdfParser
CVE-2018-6351
RESERVED
CVE-2018-6350 (An out-of-bounds read was possible in WhatsApp due to incorrect
parsin ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2018-6349 (When receiving calls using WhatsApp for Android, a missing size
check ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2018-6348
RESERVED
CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of
headers/trailers ...)
@@ -69853,7 +69853,7 @@ CVE-2018-6341 (React applications which rendered to
HTML using the ReactDOMServe
CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger
an out- ...)
- hhvm <removed>
CVE-2018-6339 (When receiving calls using WhatsApp on Android, a stack
allocation fai ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2018-6338
RESERVED
CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and
child proc ...)
@@ -71388,7 +71388,7 @@ CVE-2018-5913 (A non-time constant function memcmp is
used which creates a side
CVE-2018-5912 (Potential buffer overflow in Video due to lack of input
validation in ...)
NOT-FOR-US: Snapdragon
CVE-2018-5911 (Buffer overflow in WLAN function due to improper check of
buffer size ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5909 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
@@ -71404,7 +71404,7 @@ CVE-2018-5905 (In all android releases (Android for
MSM, Firefox OS for MSM, QRD
CVE-2018-5904 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5903 (Out of bounds read occurs due to improper validation of array
while pr ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-5902
RESERVED
CVE-2018-5901
@@ -71444,7 +71444,7 @@ CVE-2018-5885 (While loading dynamic fonts, a buffer
overflow may occur if the n
CVE-2018-5884 (Improper Access Control in Multimedia in Snapdragon Mobile and
Snapdra ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5883 (Buffer overflow in WLAN driver event handlers due to improper
validati ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a
buffer ove ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device
manage ...)
@@ -78240,7 +78240,7 @@ CVE-2018-3585
CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD
Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3583 (A buffer overflow can occur while processing an extscan hotlist
event ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2018-3582 (Buffer overflow can occur due to improper input validation in
multiple ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3581 (In the WLAN driver in all Android releases from CAF (Android
for MSM, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/74ea0bd980ea66a1bacf4a1d9c46c12e2cfa2e2a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/74ea0bd980ea66a1bacf4a1d9c46c12e2cfa2e2a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
