Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f103e3e by security tracker role at 2019-06-20T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable
to a flu ...)
+ TODO: check
+CVE-2019-12903 (Pydio Cells before 1.5.0, when supplied with a Name field in
an unexpe ...)
+ TODO: check
+CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's
data upon ...)
+ TODO: check
+CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements,
allowing ...)
+ TODO: check
+CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bo ...)
+ TODO: check
+CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write
AV star ...)
+ TODO: check
+CVE-2019-12898 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write
AV star ...)
+ TODO: check
+CVE-2019-12897 (Edraw Max 7.9.3 has a Read Access Violation at the Instruction
Pointer ...)
+ TODO: check
+CVE-2019-12896 (Edraw Max 7.9.3 has Heap Corruption starting at
ntdll!RtlpNtMakeTempor ...)
+ TODO: check
+CVE-2019-12895 (In Alternate Pic View 2.600, the Exception Handler Chain is
Corrupted ...)
+ TODO: check
+CVE-2019-12894 (Alternate Pic View 2.600 has a Read Access Violation at the
Instructio ...)
+ TODO: check
+CVE-2019-12893 (Alternate Pic View 2.600 has a User Mode Write AV starting at
PicViewe ...)
+ TODO: check
CVE-2019-12892
RESERVED
CVE-2019-12891
@@ -4123,6 +4147,7 @@ CVE-2019-11238
CVE-2019-11237
RESERVED
CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF
injection is po ...)
+ {DLA-1828-1}
- python-urllib3 <unfixed> (bug #927172)
NOTE: https://github.com/urllib3/urllib3/issues/1553
NOTE:
https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
@@ -23165,8 +23190,8 @@ CVE-2019-3789 (Cloud Foundry Routing Release, all
versions prior to 0.188.0, con
NOT-FOR-US: Cloud Foundry
CVE-2019-3788 (Cloud Foundry UAA Release, versions prior to 71.0, allows
clients to b ...)
NOT-FOR-US: Cloud Foundry
-CVE-2019-3787
- RESERVED
+CVE-2019-3787 (Cloud Foundry UAA, versions prior to 73.0.0, falls back to
appending & ...)
+ TODO: check
CVE-2019-3786 (Cloud Foundry BOSH Backup and Restore CLI, all versions prior
to 1.5.0 ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-3785 (Cloud Foundry Cloud Controller, versions prior to 1.78.0,
contain an e ...)
@@ -23265,8 +23290,8 @@ CVE-2019-3739
RESERVED
CVE-2019-3738
RESERVED
-CVE-2019-3737
- RESERVED
+CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are
affected by a ...)
+ TODO: check
CVE-2019-3736
RESERVED
CVE-2019-3735
@@ -26999,8 +27024,8 @@ CVE-2019-2731
RESERVED
CVE-2019-2730
RESERVED
-CVE-2019-2729
- RESERVED
+CVE-2019-2729 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
+ TODO: check
CVE-2019-2728
RESERVED
CVE-2019-2727
@@ -28855,80 +28880,57 @@ CVE-2019-2027 (In floor0_inverse1 of floor0.c, there
is a possible out of bounds
NOT-FOR-US: Android Media Framework
CVE-2019-2026 (In updateAssistMenuItems of Editor.java, there is a possible
escape fr ...)
NOT-FOR-US: Android
-CVE-2019-2025 [binder: fix race that allows malicious free of live buffer]
- RESERVED
+CVE-2019-2025 (In binder_thread_read of binder.c, there is a possible
use-after-free ...)
- linux 4.19.9-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/7bada55ab50697861eee6bb7d60b41e68a961a9c (4.20-rc5)
-CVE-2019-2024 [media: em28xx: Fix use-after-free when disconnecting]
- RESERVED
+CVE-2019-2024 (In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible
use afte ...)
{DLA-1799-1}
- linux 4.16.5-1
[stretch] - linux 4.9.144-1
NOTE: Fixed by:
https://git.kernel.org/linus/910b0797fa9e8af09c44a3fa36cb310ba7a7218d (4.16-rc1)
-CVE-2019-2023
- RESERVED
+CVE-2019-2023 (In ServiceManager::add function in the hardware service
manager, there ...)
NOT-FOR-US: Android
-CVE-2019-2022
- RESERVED
+CVE-2019-2022 (In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of
rw_t3t.c ...)
NOT-FOR-US: Android
-CVE-2019-2021
- RESERVED
+CVE-2019-2021 (In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2019-2020
- RESERVED
+CVE-2019-2020 (In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible
out-of ...)
NOT-FOR-US: Android
-CVE-2019-2019
- RESERVED
+CVE-2019-2019 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible
out-of-bound re ...)
NOT-FOR-US: Android
-CVE-2019-2018
- RESERVED
+CVE-2019-2018 (In resetPasswordInternal of DevicePolicyManagerService.java,
there is ...)
NOT-FOR-US: Android
-CVE-2019-2017
- RESERVED
+CVE-2019-2017 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2019-2016
- RESERVED
+CVE-2019-2016 (In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible
out-of-bound ...)
NOT-FOR-US: Android
-CVE-2019-2015
- RESERVED
+CVE-2019-2015 (In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a
possible out-o ...)
NOT-FOR-US: Android
-CVE-2019-2014
- RESERVED
+CVE-2019-2014 (In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a
possible out ...)
NOT-FOR-US: Android
-CVE-2019-2013
- RESERVED
+CVE-2019-2013 (In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible
out-of- ...)
NOT-FOR-US: Android
-CVE-2019-2012
- RESERVED
+CVE-2019-2012 (In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible
out-of- ...)
NOT-FOR-US: Android
-CVE-2019-2011
- RESERVED
+CVE-2019-2011 (In readNullableNativeHandleNoDup of Parcel.cpp, there is a
possible ou ...)
NOT-FOR-US: Android
-CVE-2019-2010
- RESERVED
+CVE-2019-2010 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is
a possi ...)
NOT-FOR-US: Android
-CVE-2019-2009
- RESERVED
+CVE-2019-2009 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of
bounds w ...)
NOT-FOR-US: Android
-CVE-2019-2008
- RESERVED
+CVE-2019-2008 (In createEffect of AudioFlinger.cpp, there is a possible memory
corrup ...)
NOT-FOR-US: Android Media Framework
-CVE-2019-2007
- RESERVED
+CVE-2019-2007 (In getReadIndex and getWriteIndex of FifoControllerBase.cpp,
there is ...)
NOT-FOR-US: Android Media Framework
-CVE-2019-2006
- RESERVED
+CVE-2019-2006 (In serviceDied of HalDeathHandlerHidl.cpp, there is a possible
memory ...)
NOT-FOR-US: Android Media Framework
-CVE-2019-2005
- RESERVED
+CVE-2019-2005 (In onPermissionGrantResult of GrantPermissionsActivity.java,
there is ...)
NOT-FOR-US: Android
-CVE-2019-2004
- RESERVED
+CVE-2019-2004 (In publishKeyEvent, publishMotionEvent and
sendUnchainedFinishedSignal ...)
NOT-FOR-US: Android
-CVE-2019-2003
- RESERVED
+CVE-2019-2003 (In addLinks of Linkify.java, there is a possible phishing
vector due t ...)
NOT-FOR-US: Android
CVE-2019-2002
RESERVED
@@ -28957,11 +28959,9 @@ CVE-2019-1992 (In bta_hl_sdp_query_results of
bta_hl_main.cc, there is a possibl
NOT-FOR-US: Android
CVE-2019-1991 (In btif_dm_data_copy of btif_core.cc, there is a possible out
of bound ...)
NOT-FOR-US: Android
-CVE-2019-1990
- RESERVED
+CVE-2019-1990 (In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is
a poss ...)
NOT-FOR-US: Android Media Framework
-CVE-2019-1989
- RESERVED
+CVE-2019-1989 (In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there
is a p ...)
NOT-FOR-US: Android Media Framework
CVE-2019-1988 (In sample6 of SkSwizzler.cpp, there is a possible out of bounds
write ...)
NOT-FOR-US: Android
@@ -28969,8 +28969,7 @@ CVE-2019-1987 (In onSetSampleX of SkSwizzler.cpp, there
is a possible out of bou
NOT-FOR-US: Android
CVE-2019-1986 (In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a
possible out ...)
NOT-FOR-US: Android
-CVE-2019-1985
- RESERVED
+CVE-2019-1985 (In findAvailSpellCheckerLocked of
TextServicesManagerService.java, the ...)
NOT-FOR-US: Android
CVE-2018-20028 (Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before
4.6.11 ...)
NOT-FOR-US: Contao
@@ -29405,26 +29404,26 @@ CVE-2019-1908
RESERVED
CVE-2019-1907
RESERVED
-CVE-2019-1906
- RESERVED
-CVE-2019-1905
- RESERVED
+CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime
Infrastruc ...)
+ TODO: check
+CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco
AsyncOS Soft ...)
+ TODO: check
CVE-2019-1904
RESERVED
-CVE-2019-1903
- RESERVED
+CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an
unauthenticat ...)
+ TODO: check
CVE-2019-1902
RESERVED
CVE-2019-1901
RESERVED
CVE-2019-1900
RESERVED
-CVE-2019-1899
- RESERVED
-CVE-2019-1898
- RESERVED
-CVE-2019-1897
- RESERVED
+CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W,
and RV21 ...)
+ TODO: check
+CVE-2019-1898 (A vulnerability in the web-based management interface of Cisco
RV110W, ...)
+ TODO: check
+CVE-2019-1897 (A vulnerability in the web-based management interface of Cisco
RV110W, ...)
+ TODO: check
CVE-2019-1896
RESERVED
CVE-2019-1895
@@ -29459,18 +29458,18 @@ CVE-2019-1881 (A vulnerability in the web-based
management interface of Cisco In
NOT-FOR-US: Cisco
CVE-2019-1880 (A vulnerability in the BIOS upgrade utility of Cisco Unified
Computing ...)
NOT-FOR-US: Cisco
-CVE-2019-1879
- RESERVED
-CVE-2019-1878
- RESERVED
+CVE-2019-1879 (A vulnerability in the CLI of Cisco Integrated Management
Controller ( ...)
+ TODO: check
+CVE-2019-1878 (A vulnerability in the Cisco Discovery Protocol (CDP)
implementation f ...)
+ TODO: check
CVE-2019-1877
RESERVED
-CVE-2019-1876
- RESERVED
-CVE-2019-1875
- RESERVED
-CVE-2019-1874
- RESERVED
+CVE-2019-1876 (A vulnerability in the HTTPS proxy feature of Cisco Wide Area
Applicat ...)
+ TODO: check
+CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco
Prime S ...)
+ TODO: check
+CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco
Prime S ...)
+ TODO: check
CVE-2019-1873
RESERVED
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication
Server (VCS) ...)
@@ -29479,8 +29478,8 @@ CVE-2019-1871
RESERVED
CVE-2019-1870 (A vulnerability in the web-based management interface of Cisco
Enterpr ...)
NOT-FOR-US: Cisco
-CVE-2019-1869
- RESERVED
+CVE-2019-1869 (A vulnerability in the internal packet-processing functionality
of the ...)
+ TODO: check
CVE-2019-1868 (A vulnerability in the web-based management interface of Cisco
Webex M ...)
NOT-FOR-US: Cisco
CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services
Controller ( ...)
@@ -29521,8 +29520,8 @@ CVE-2019-1850
RESERVED
CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP)
Multiprotocol Label ...)
NOT-FOR-US: Cisco
-CVE-2019-1848
- RESERVED
+CVE-2019-1848 (A vulnerability in Cisco Digital Network Architecture (DNA)
Center cou ...)
+ TODO: check
CVE-2019-1847
RESERVED
CVE-2019-1846 (A vulnerability in the Multiprotocol Label Switching (MPLS)
Operations ...)
@@ -29531,8 +29530,8 @@ CVE-2019-1845 (A vulnerability in the authentication
service of the Cisco Unifie
NOT-FOR-US: Cisco
CVE-2019-1844 (A vulnerability in certain attachment detection mechanisms of
the Cisc ...)
NOT-FOR-US: Cisco
-CVE-2019-1843
- RESERVED
+CVE-2019-1843 (A vulnerability in the web-based management interface of the
Cisco RV1 ...)
+ TODO: check
CVE-2019-1842 (A vulnerability in the Secure Shell (SSH) authentication
function of C ...)
NOT-FOR-US: Cisco
CVE-2019-1841 (A vulnerability in the Software Image Management feature of
Cisco DNA ...)
@@ -29978,26 +29977,26 @@ CVE-2019-1634
RESERVED
CVE-2019-1633
RESERVED
-CVE-2019-1632
- RESERVED
-CVE-2019-1631
- RESERVED
-CVE-2019-1630
- RESERVED
-CVE-2019-1629
- RESERVED
-CVE-2019-1628
- RESERVED
-CVE-2019-1627
- RESERVED
-CVE-2019-1626
- RESERVED
-CVE-2019-1625
- RESERVED
-CVE-2019-1624
- RESERVED
-CVE-2019-1623
- RESERVED
+CVE-2019-1632 (A vulnerability in the web-based management interface of Cisco
Integra ...)
+ TODO: check
+CVE-2019-1631 (A vulnerability in the web-based management interface of Cisco
Integra ...)
+ TODO: check
+CVE-2019-1630 (A vulnerability in the firmware signature checking program of
Cisco In ...)
+ TODO: check
+CVE-2019-1629 (A vulnerability in the configuration import utility of Cisco
Integrate ...)
+ TODO: check
+CVE-2019-1628 (A vulnerability in the web server of Cisco Integrated
Management Contr ...)
+ TODO: check
+CVE-2019-1627 (A vulnerability in the Server Utilities of Cisco Integrated
Management ...)
+ TODO: check
+CVE-2019-1626 (A vulnerability in the vManage web-based UI (Web UI) of the
Cisco SD-W ...)
+ TODO: check
+CVE-2019-1625 (A vulnerability in the CLI of Cisco SD-WAN Solution could allow
an aut ...)
+ TODO: check
+CVE-2019-1624 (A vulnerability in the vManage web-based UI (Web UI) in the
Cisco SD-W ...)
+ TODO: check
+CVE-2019-1623 (A vulnerability in the CLI configuration shell of Cisco Meeting
Server ...)
+ TODO: check
CVE-2019-1622
RESERVED
CVE-2019-1621
@@ -55038,7 +55037,7 @@ CVE-2018-11690 (The Balbooa Gridbox extension version
2.4.0 and previous version
NOT-FOR-US: Balbooa Gridbox extension for Joomla!
CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is
vulnerable to cr ...)
NOT-FOR-US: Smart Viewer in Samsung Web Viewer for Samsung DVR
-CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site
scripting, ...)
+CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to
cross-site scri ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart
contract ...)
NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR)
@@ -60715,16 +60714,13 @@ CVE-2018-9566 (In process_service_search_rsp of
sdp_discovery.c, there is a poss
NOT-FOR-US: Android
CVE-2018-9565 (In readBytes of xltdecwbxml.c, there is a possible out of
bounds read ...)
NOT-FOR-US: Android
-CVE-2018-9564
- RESERVED
+CVE-2018-9564 (In llcp_util_parse_link_params of llcp_util.cc, there is a
possible ou ...)
NOT-FOR-US: Android
-CVE-2018-9563
- RESERVED
+CVE-2018-9563 (In llcp_util_parse_cc of llcp_util.cc, there is a possible
out-of-boun ...)
NOT-FOR-US: Android
CVE-2018-9562 (In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible
out-of-bound r ...)
NOT-FOR-US: Android
-CVE-2018-9561
- RESERVED
+CVE-2018-9561 (In llcp_util_parse_connect of llcp_util.cc, there is a possible
out-of ...)
NOT-FOR-US: Android
CVE-2018-9560 (In HID_DevAddRecord of hidd_api.cc, there is a possible
out-of-bounds ...)
NOT-FOR-US: Android
@@ -97184,10 +97180,10 @@ CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a
DLL injection vulnerabilit
NOT-FOR-US: AnyDesk
CVE-2017-14396 (In osTicket before 1.10.1, SQL injection is possible by
constructing a ...)
NOT-FOR-US: osTicket
-CVE-2017-14395
- RESERVED
-CVE-2017-14394
- RESERVED
+CVE-2017-14395 (Auth 2.0 Authorization Server of ForgeRock Access Management
(OpenAM) ...)
+ TODO: check
+CVE-2017-14394 (OAuth 2.0 Authorization Server of ForgeRock Access Management
(OpenAM) ...)
+ TODO: check
CVE-2017-14393
REJECTED
CVE-2017-14392
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f103e3ebff3fb6641be48be443e565f3e59f42b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f103e3ebff3fb6641be48be443e565f3e59f42b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
