Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76462ed7 by security tracker role at 2019-08-16T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,166 @@
-CVE-2019-15099 [Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe]
+CVE-2019-15116
+ RESERVED
+CVE-2019-15115
+ RESERVED
+CVE-2019-15114
+ RESERVED
+CVE-2019-15113
+ RESERVED
+CVE-2019-15112
+ RESERVED
+CVE-2019-15111
+ RESERVED
+CVE-2019-15110
+ RESERVED
+CVE-2019-15109
+ RESERVED
+CVE-2019-15108 (An issue was discovered in WSO2 API Manager 2.6.0 before
WSO2-CARBON-P ...)
+ TODO: check
+CVE-2019-15107 (An issue was discovered in Webmin through 1.920. The parameter
old in ...)
+ TODO: check
+CVE-2019-15106 (An issue was discovered in Zoho ManageEngine OpManager through
12.4x. ...)
+ TODO: check
+CVE-2019-15105 (An issue was discovered in Zoho ManageEngine Application
Manager throu ...)
+ TODO: check
+CVE-2019-15104 (An issue was discovered in Zoho ManageEngine OpManager through
12.4x. ...)
+ TODO: check
+CVE-2019-15103
+ RESERVED
+CVE-2019-15102
+ RESERVED
+CVE-2019-15101
+ RESERVED
+CVE-2019-15100
+ RESERVED
+CVE-2019-15097
+ RESERVED
+CVE-2019-15096
+ RESERVED
+CVE-2019-15095 (DWSurvey through 2019-07-22 has reflected XSS via the
design/qu-multi- ...)
+ TODO: check
+CVE-2019-15094
+ RESERVED
+CVE-2019-15093
+ RESERVED
+CVE-2019-15092
+ RESERVED
+CVE-2019-15091
+ RESERVED
+CVE-2019-15089
+ RESERVED
+CVE-2019-15088
+ RESERVED
+CVE-2019-15087
+ RESERVED
+CVE-2019-15086
+ RESERVED
+CVE-2019-15085
+ RESERVED
+CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell
laptops, insta ...)
+ TODO: check
+CVE-2019-15083
+ RESERVED
+CVE-2018-20974
+ RESERVED
+CVE-2018-20973
+ RESERVED
+CVE-2018-20972
+ RESERVED
+CVE-2018-20971
+ RESERVED
+CVE-2018-20970
+ RESERVED
+CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not
block string ...)
+ TODO: check
+CVE-2017-18548
+ RESERVED
+CVE-2017-18547
+ RESERVED
+CVE-2017-18546
+ RESERVED
+CVE-2017-18545
+ RESERVED
+CVE-2017-18544
+ RESERVED
+CVE-2017-18543
+ RESERVED
+CVE-2017-18542
+ RESERVED
+CVE-2017-18541
+ RESERVED
+CVE-2017-18540
+ RESERVED
+CVE-2017-18539
+ RESERVED
+CVE-2017-18538
+ RESERVED
+CVE-2017-18537
+ RESERVED
+CVE-2017-18536
+ RESERVED
+CVE-2017-18535
+ RESERVED
+CVE-2017-18534
+ RESERVED
+CVE-2017-18533
+ RESERVED
+CVE-2017-18532
+ RESERVED
+CVE-2017-18531
+ RESERVED
+CVE-2017-18530
+ RESERVED
+CVE-2017-18529
+ RESERVED
+CVE-2017-18528
+ RESERVED
+CVE-2017-18527
+ RESERVED
+CVE-2017-18526
+ RESERVED
+CVE-2016-10904
+ RESERVED
+CVE-2016-10903
+ RESERVED
+CVE-2016-10902
+ RESERVED
+CVE-2016-10901
+ RESERVED
+CVE-2016-10900
+ RESERVED
+CVE-2016-10899
+ RESERVED
+CVE-2016-10898
+ RESERVED
+CVE-2016-10897
+ RESERVED
+CVE-2016-10896
+ RESERVED
+CVE-2016-10895
+ RESERVED
+CVE-2015-9326
+ RESERVED
+CVE-2015-9325
+ RESERVED
+CVE-2015-9324
+ RESERVED
+CVE-2015-9323
+ RESERVED
+CVE-2015-9322
+ RESERVED
+CVE-2015-9321
+ RESERVED
+CVE-2015-9320
+ RESERVED
+CVE-2014-10376
+ RESERVED
+CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel
through 5.2. ...)
- linux <unfixed>
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/T/#u
-CVE-2019-15098 [Fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe]
+CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel
through 5.2. ...)
- linux <unfixed>
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/T/#u
-CVE-2019-15090 [scsi: qedi: remove memset/memcpy to nfunc and use func instead]
+CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the
Linux k ...)
- linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -67,7 +223,7 @@ CVE-2017-18517
RESERVED
CVE-2017-18516
RESERVED
-CVE-2016-10894 [xtrlock does not block multitouch events]
+CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events.
Consequently, a ...)
- xtrlock <unfixed> (bug #830726)
CVE-2016-10893
RESERVED
@@ -2268,6 +2424,7 @@ CVE-2019-14439 (A Polymorphic Typing issue was discovered
in FasterXML jackson-d
CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker
jobs and ...)
TODO: check, might affect src:gridengine as well
CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in
type1/t1parse.c ...)
+ {DLA-1887-1}
- freetype 2.6.1-0.1
NOTE:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
NOTE: https://savannah.nongnu.org/bugs/?45923
@@ -7430,10 +7587,10 @@ CVE-2019-XXXX [security issues fixed in 1.8.5]
NOTE: Workaround entry for DSA-4473-1/DLA-1837-1 until CVEs assigned
CVE-2019-12793
RESERVED
-CVE-2019-12792
- RESERVED
-CVE-2019-12791
- RESERVED
+CVE-2019-12792 (A command injection vulnerability in UploadHandler.php in
Vesta Contro ...)
+ TODO: check
+CVE-2019-12791 (A directory traversal vulnerability in the v-list-user script
in Vesta ...)
+ TODO: check
CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer
over-read in th ...)
- radare2 <unfixed> (bug #930344)
[buster] - radare2 <no-dsa> (Minor issue)
@@ -8775,15 +8932,15 @@ CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and
vx7 has a Buffer Overflow
NOT-FOR-US: Wind River VxWorks
CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the
TCP compon ...)
NOT-FOR-US: Wind River VxWorks
-CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the
IGMPv3 ...)
+CVE-2019-12259 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array
index error ...)
NOT-FOR-US: Wind River VxWorks
-CVE-2019-12258 (Wind River VxWorks 6.5 through 6.9 and vx7 has Session
Fixation in the ...)
+CVE-2019-12258 (Wind River VxWorks 6.6 through vx7 has Session Fixation in the
TCP com ...)
NOT-FOR-US: Wind River VxWorks
-CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the
DHCP clien ...)
+CVE-2019-12257 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in
the DHCP c ...)
NOT-FOR-US: Wind River VxWorks
CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the
IPv4 compo ...)
NOT-FOR-US: Wind River VxWorks
-CVE-2019-12255 (Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in
the TCP ...)
+CVE-2019-12255 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in
the TCP co ...)
NOT-FOR-US: Wind River VxWorks
CVE-2019-12254
RESERVED
@@ -14531,8 +14688,7 @@ CVE-2019-10082 [mod_http2, read-after-free in h2
connection shutdown]
RESERVED
- apache2 2.4.41-1
NOTE: Affects upstream versions 2.4.18 to 2.4.39
-CVE-2019-10081 [mod_http2, memory corruption on early pushes]
- RESERVED
+CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example
configur ...)
- apache2 2.4.41-1
NOTE: Affects upstream versions 2.4.20 to 2.4.39
CVE-2019-10080
@@ -15898,18 +16054,15 @@ CVE-2019-9854
RESERVED
CVE-2019-9853
RESERVED
-CVE-2019-9852 [Insufficient URL encoding flaw in allowed script location check]
- RESERVED
+CVE-2019-9852 (LibreOffice has a feature where documents can specify that
pre-install ...)
{DSA-4501-1}
- libreoffice 1:6.3.0-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9852/
-CVE-2019-9851 [LibreLogo global-event script execution]
- RESERVED
+CVE-2019-9851 (LibreOffice is typically bundled with LibreLogo, a programmable
turtle ...)
{DSA-4501-1}
- libreoffice 1:6.3.0-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9851/
-CVE-2019-9850 [Insufficient url validation allowing LibreLogo script execution]
- RESERVED
+CVE-2019-9850 (LibreOffice is typically bundled with LibreLogo, a programmable
turtle ...)
{DSA-4501-1}
- libreoffice 1:6.3.0-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9850/
@@ -33121,7 +33274,7 @@ CVE-2018-1000814 (aio-libs aiohttp-session version
2.6.0 and earlier contains a
NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross
Site Scriptin ...)
- backdrop <itp> (bug #914257)
-CVE-2018-1000812 (&#xc1;rtica Soluciones Tecnol&#xf3;gicas Integria
IMS version ...)
+CVE-2018-1000812 (Artica Integria IMS version 5.0 MR56 Package 58, likely
earlier versio ...)
NOT-FOR-US: Integria IMS
CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File
with Dange ...)
NOT-FOR-US: bludit
@@ -56655,8 +56808,8 @@ CVE-2018-14064 (The uc-http service 1.0.0 on
VelotiSmart WiFi B-380 camera devic
NOT-FOR-US: VelotiSmart WiFi B-380 camera devices
CVE-2018-14063 (The increaseApproval function of a smart contract
implementation for T ...)
NOT-FOR-US: smart contract
-CVE-2018-14062
- RESERVED
+CVE-2018-14062 (The COSPAS-SARSAT protocol allows remote attackers to forge
messages, ...)
+ TODO: check
CVE-2018-14061
RESERVED
CVE-2018-14060 (OS command injection in the AP mode settings feature in
/cgi-bin/luci ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/76462ed7d4605f04cbba62d3ee399fe3c88c0858
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/76462ed7d4605f04cbba62d3ee399fe3c88c0858
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
