Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a51fa9cc by security tracker role at 2019-07-25T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-14271
+ RESERVED
+CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through
12.0.0.6 ...)
+ TODO: check
+CVE-2019-14269
+ RESERVED
+CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web
request prox ...)
+ TODO: check
+CVE-2019-14267
+ RESERVED
+CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the
index.php?s=/ucenter/Confi ...)
+ TODO: check
+CVE-2019-14265
+ RESERVED
+CVE-2019-14264
+ RESERVED
+CVE-2019-14263
+ RESERVED
CVE-2019-14262 (MetadataExtractor 2.1.0 allows stack consumption. ...)
NOT-FOR-US: MetadataExtractor
CVE-2019-14261
@@ -707,8 +725,8 @@ CVE-2019-13919
RESERVED
CVE-2019-13918
RESERVED
-CVE-2019-13917
- RESERVED
+CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code
execution ...)
+ {DSA-4488-1}
- exim4 4.92-10
NOTE: https://www.openwall.com/lists/oss-security/2019/07/22/3
CVE-2019-13916
@@ -1337,7 +1355,7 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.
- libsdl2 <unfixed>
- libsdl1.2 <unfixed>
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
-CVE-2019-13615 (VideoLAN VLC media player 3.0.7.1 has a heap-based buffer
over-read in ...)
+CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN
VLC Media ...)
- libebml 1.3.6-1 (low; bug #932241)
[stretch] - libebml <no-dsa> (Minor issue)
NOTE: https://trac.videolan.org/vlc/ticket/22474
@@ -3559,6 +3577,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an
xsl:number with certain forma
CVE-2019-13116
RESERVED
CVE-2019-13115 (In libssh2 before 1.9.0,
kex_method_diffie_hellman_group_exchange_sha2 ...)
+ {DLA-1730-3}
- libssh2 <unfixed> (bug #932329)
[buster] - libssh2 <no-dsa> (Minor issue)
[stretch] - libssh2 <no-dsa> (Minor issue)
@@ -12326,10 +12345,10 @@ CVE-2019-1010185
RESERVED
CVE-2019-1010184
RESERVED
-CVE-2019-1010183
- RESERVED
-CVE-2019-1010182
- RESERVED
+CVE-2019-1010183 (serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled
Recursion ...)
+ TODO: check
+CVE-2019-1010182 (yaml-rust 0.4.0 and earlier is affected by: Uncontrolled
Recursion. Th ...)
+ TODO: check
CVE-2019-1010181
RESERVED
CVE-2019-1010180 (GNU gdb All versions is affected by: Buffer Overflow - Out
of bound me ...)
@@ -12340,16 +12359,16 @@ CVE-2019-1010178 (Fred MODX Revolution <
1.0.0-beta5 is affected by: Incorrec
NOT-FOR-US: Fred MODX Revolution
CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The
impact is: deni ...)
NOT-FOR-US: Jsish
-CVE-2019-1010176
- RESERVED
+CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166
is affecte ...)
+ TODO: check
CVE-2019-1010175
RESERVED
-CVE-2019-1010174
- RESERVED
+CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by:
command inje ...)
+ TODO: check
CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The
impact is ...)
NOT-FOR-US: Jsish
-CVE-2019-1010172
- RESERVED
+CVE-2019-1010172 (Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource
Consumption. ...)
+ TODO: check
CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference.
The impac ...)
NOT-FOR-US: Jsish
CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The
impact is: den ...)
@@ -12370,8 +12389,8 @@ CVE-2019-1010163 (Socusoft Co Photo 2 Video Converter
8.0.0 is affected by: Buff
NOT-FOR-US: Socusoft Co Photo 2 Video Converter
CVE-2019-1010162 (jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer
Dereference. ...)
NOT-FOR-US: Jsish
-CVE-2019-1010161
- RESERVED
+CVE-2019-1010161 (perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect
Access Cont ...)
+ TODO: check
CVE-2019-1010160
RESERVED
CVE-2019-1010159
@@ -12441,8 +12460,8 @@ CVE-2019-1010129 (VCFTools vcfools prior to version
0.1.15 is affected by: Heap
TODO: check
CVE-2019-1010128
RESERVED
-CVE-2019-1010127
- RESERVED
+CVE-2019-1010127 (VCFTools vcftools prior to version 0.1.15 is affected by:
Use-after-fr ...)
+ TODO: check
CVE-2019-1010126
RESERVED
CVE-2019-1010125
@@ -12745,10 +12764,10 @@ CVE-2019-9887
RESERVED
CVE-2019-9886 (Any URLs with download_attachment.php under templates or home
folders ...)
NOT-FOR-US: BroadLearning eClass
-CVE-2019-9885
- RESERVED
-CVE-2019-9884
- RESERVED
+CVE-2019-9885 (eClass platform < ip.2.5.10.2.1 allows an attacker to
execute SQL c ...)
+ TODO: check
+CVE-2019-9884 (eClass platform < ip.2.5.10.2.1 allows an attacker to use
GETS meth ...)
+ TODO: check
CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF
vulnerabi ...)
NOT-FOR-US: MailSherlock
CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF
vulnerabi ...)
@@ -26169,8 +26188,8 @@ CVE-2019-4441
RESERVED
CVE-2019-4440
RESERVED
-CVE-2019-4439
- RESERVED
+CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate
session ...)
+ TODO: check
CVE-2019-4438
RESERVED
CVE-2019-4437
@@ -26217,8 +26236,8 @@ CVE-2019-4417
RESERVED
CVE-2019-4416
RESERVED
-CVE-2019-4415
- RESERVED
+CVE-2019-4415 (IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to
obtain e ...)
+ TODO: check
CVE-2019-4414
RESERVED
CVE-2019-4413
@@ -26623,8 +26642,8 @@ CVE-2019-4214
RESERVED
CVE-2019-4213
RESERVED
-CVE-2019-4212
- RESERVED
+CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request
forger ...)
+ TODO: check
CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site
scripting. Thi ...)
NOT-FOR-US: IBM
CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass
authentication expo ...)
@@ -26815,8 +26834,8 @@ CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and
3.1.2 ibm-mcm-chart coul
NOT-FOR-US: IBM
CVE-2019-4117
RESERVED
-CVE-2019-4116
- RESERVED
+CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly
sensit ...)
+ TODO: check
CVE-2019-4115
RESERVED
CVE-2019-4114
@@ -27434,7 +27453,7 @@ CVE-2019-3860 (An out of bounds read flaw was
discovered in libssh2 before 1.8.1
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
CVE-2019-3859 (An out of bounds read flaw was discovered in libssh2 before
1.8.1 in t ...)
- {DSA-4431-1 DLA-1730-1}
+ {DSA-4431-1 DLA-1730-3 DLA-1730-1}
- libssh2 1.8.0-2.1 (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3859.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
@@ -28080,8 +28099,8 @@ CVE-2019-3623
RESERVED
CVE-2019-3622 (Files or Directories Accessible to External Parties in McAfee
Data Los ...)
NOT-FOR-US: McAfee
-CVE-2019-3621
- RESERVED
+CVE-2019-3621 (Authentication protection bypass vulnerability in McAfee Data
Loss Pre ...)
+ TODO: check
CVE-2019-3620
RESERVED
CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in
McAfee eP ...)
@@ -28466,8 +28485,8 @@ CVE-2019-3488
RESERVED
CVE-2019-3487
RESERVED
-CVE-2019-3486
- RESERVED
+CVE-2019-3486 (Mitigates a stored cross site scripting issue in ArcSight
Security Man ...)
+ TODO: check
CVE-2019-3485 (Mitigates a stored cross site scripting issue in ArcSight
Logger versi ...)
TODO: check
CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger
versions pr ...)
@@ -32843,15 +32862,14 @@ CVE-2019-2348
RESERVED
CVE-2019-2347
RESERVED
-CVE-2019-2346
- RESERVED
+CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan
command ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2345
- RESERVED
+CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in
Snapdragon ...)
+ TODO: check
CVE-2019-2344
RESERVED
-CVE-2019-2343
- RESERVED
+CVE-2019-2343 (Out of bound read and information disclosure in firmware due to
insuff ...)
+ TODO: check
CVE-2019-2342
RESERVED
CVE-2019-2341
@@ -32868,8 +32886,7 @@ CVE-2019-2336
RESERVED
CVE-2019-2335
RESERVED
-CVE-2019-2334
- RESERVED
+CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip
with wrong ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2333
RESERVED
@@ -32877,19 +32894,15 @@ CVE-2019-2332
RESERVED
CVE-2019-2331
RESERVED
-CVE-2019-2330
- RESERVED
+CVE-2019-2330 (improper input validation in allocation request for secure
allocations ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2329
RESERVED
-CVE-2019-2328
- RESERVED
+CVE-2019-2328 (Possible buffer overflow when number of channels passed is more
than s ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2327
- RESERVED
+CVE-2019-2327 (Possible buffer overflow can occur when playing clip with
incorrect el ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2326
- RESERVED
+CVE-2019-2326 (Data token is received from ADSP and is used without validation
as an ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2325
RESERVED
@@ -32897,8 +32910,7 @@ CVE-2019-2324
RESERVED
CVE-2019-2323
RESERVED
-CVE-2019-2322
- RESERVED
+CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is
non-stan ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2321
RESERVED
@@ -32910,32 +32922,29 @@ CVE-2019-2318
RESERVED
CVE-2019-2317
RESERVED
-CVE-2019-2316
- RESERVED
+CVE-2019-2316 (When computing the digest a local variable is used after going
out of ...)
+ TODO: check
CVE-2019-2315
RESERVED
-CVE-2019-2314
- RESERVED
+CVE-2019-2314 (Possible race condition that will cause a use-after-free when
writing ...)
+ TODO: check
CVE-2019-2313
RESERVED
-CVE-2019-2312
- RESERVED
+CVE-2019-2312 (When handling the vendor command there exists a potential
buffer overf ...)
+ TODO: check
CVE-2019-2311
RESERVED
CVE-2019-2310
RESERVED
-CVE-2019-2309
- RESERVED
-CVE-2019-2308
- RESERVED
+CVE-2019-2309 (While storing calibrated data from firmware in cache, An
integer overf ...)
+ TODO: check
+CVE-2019-2308 (User application could potentially make RPC call to the fastrpc
driver ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2307
- RESERVED
+CVE-2019-2307 (Possible integer underflow due to lack of validation before
calculatio ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2306
- RESERVED
-CVE-2019-2305
- RESERVED
+CVE-2019-2306 (Improper casting of structure while handling the buffer leads
to out o ...)
+ TODO: check
+CVE-2019-2305 (Out of bound access when reason code is extracted from frame
data with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2304
RESERVED
@@ -32943,14 +32952,14 @@ CVE-2019-2303
RESERVED
CVE-2019-2302
RESERVED
-CVE-2019-2301
- RESERVED
+CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not
in ran ...)
+ TODO: check
CVE-2019-2300
RESERVED
-CVE-2019-2299
- RESERVED
-CVE-2019-2298
- RESERVED
+CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted
command ...)
+ TODO: check
+CVE-2019-2298 (Protection is missing while accessing md sessions info via
macro which ...)
+ TODO: check
CVE-2019-2297
RESERVED
CVE-2019-2296
@@ -32959,14 +32968,14 @@ CVE-2019-2295
RESERVED
CVE-2019-2294
RESERVED
-CVE-2019-2293
- RESERVED
+CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of
length ...)
+ TODO: check
CVE-2019-2292 (Out of bound access can occur due to buffer copy without
checking size ...)
NOT-FOR-US: Snapdragon
CVE-2019-2291
RESERVED
-CVE-2019-2290
- RESERVED
+CVE-2019-2290 (Multiple open and close from multiple threads will lead camera
driver ...)
+ TODO: check
CVE-2019-2289
RESERVED
CVE-2019-2288
@@ -32983,28 +32992,26 @@ CVE-2019-2283
RESERVED
CVE-2019-2282
RESERVED
-CVE-2019-2281
- RESERVED
+CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and
subsequ ...)
+ TODO: check
CVE-2019-2280
RESERVED
CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to
access be ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2278
- RESERVED
+CVE-2019-2278 (User keystore signature is ignored in boot and can lead to
bypass boot ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on
user c ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2276
- RESERVED
+CVE-2019-2276 (Possible out of bound read occurs while processing beaconing
request d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2275
RESERVED
CVE-2019-2274
RESERVED
-CVE-2019-2273
- RESERVED
-CVE-2019-2272
- RESERVED
+CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial
of serv ...)
+ TODO: check
+CVE-2019-2272 (Buffer overflow can occur in display function due to lack of
validatio ...)
+ TODO: check
CVE-2019-2271
RESERVED
CVE-2019-2270
@@ -33021,8 +33028,8 @@ CVE-2019-2265
RESERVED
CVE-2019-2264 (Null pointer dereference occurs for channel context while
opening glin ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2263
- RESERVED
+CVE-2019-2263 (Access to freed memory can happen while reading from diag
driver due t ...)
+ TODO: check
CVE-2019-2262
RESERVED
CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non
secure sub ...)
@@ -33039,11 +33046,9 @@ CVE-2019-2256 (An unprivileged user can craft a
bitstream such that the payload
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2255 (An unprivileged user can craft a bitstream such that the
payload encod ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2254
- RESERVED
+CVE-2019-2254 (Position determination accuracy may be degraded due to wrongly
decoded ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2253
- RESERVED
+CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a
corrupted ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2252
RESERVED
@@ -33067,26 +33072,19 @@ CVE-2019-2243 (Possible buffer overflow at the end of
iterating loop while getti
NOT-FOR-US: Snapdragon
CVE-2019-2242
RESERVED
-CVE-2019-2241
- RESERVED
+CVE-2019-2241 (While rendering the layout background, Error status check is
not caugh ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2240
- RESERVED
+CVE-2019-2240 (While sending the rendered surface content to the screen, Error
handli ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2239
- RESERVED
+CVE-2019-2239 (Sanity checks are missing in layout which can lead to SUI
Corruption o ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2238
- RESERVED
+CVE-2019-2238 (Lack of check of data type can lead to subsequent
loop-expression pote ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2237
- RESERVED
+CVE-2019-2237 (Failure in taking appropriate action to handle the error case
If keypa ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2236
- RESERVED
+CVE-2019-2236 (Null pointer dereference during secure application termination
using s ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2235
- RESERVED
+CVE-2019-2235 (Buffer overflow occurs when emulated RPMB is used due to sector
size a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2234
RESERVED
@@ -53776,8 +53774,8 @@ CVE-2018-13899 (Processing messages after error may
result in user after free me
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC
in Snap ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13897
- RESERVED
+CVE-2018-13897 (Clients hostname gets added to DNS record on device which is
running d ...)
+ TODO: check
CVE-2018-13896 (XBL_SEC image authentication and other crypto related
validations are ...)
NOT-FOR-US: Snapdragon
CVE-2018-13895 (Due to the missing permissions on several content providers of
the RCS ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a51fa9cc2dcfd853daf7f24a8c0d0f9f7a326be2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a51fa9cc2dcfd853daf7f24a8c0d0f9f7a326be2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
