Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 642cad9a by security tracker role at 2019-01-19T08:10:10Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,27 @@ +CVE-2019-6494 + RESERVED +CVE-2019-6493 + RESERVED +CVE-2019-6492 + RESERVED +CVE-2019-6491 + RESERVED +CVE-2019-6490 + RESERVED +CVE-2019-6489 + RESERVED +CVE-2018-20741 + RESERVED +CVE-2018-20740 + RESERVED +CVE-2018-20739 + RESERVED +CVE-2018-20738 + RESERVED +CVE-2018-20737 + RESERVED +CVE-2018-20736 + RESERVED CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) through ...) - glibc <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24097 @@ -5847,12 +5871,12 @@ CVE-2019-3776 RESERVED CVE-2019-3775 RESERVED -CVE-2019-3774 - RESERVED -CVE-2019-3773 - RESERVED -CVE-2019-3772 - RESERVED +CVE-2019-3774 (Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported ...) + TODO: check +CVE-2019-3773 (Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported ...) + TODO: check +CVE-2019-3772 (Spring Integration (spring-integration-xml and spring-integration-ws ...) + TODO: check CVE-2019-3771 RESERVED CVE-2019-3770 @@ -7979,8 +8003,8 @@ CVE-2018-20235 RESERVED CVE-2018-20234 RESERVED -CVE-2018-20233 - RESERVED +CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...) + TODO: check CVE-2018-20232 RESERVED CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication ...) @@ -26204,8 +26228,8 @@ CVE-2018-15786 REJECTED CVE-2018-15785 REJECTED -CVE-2018-15784 - RESERVED +CVE-2018-15784 (Dell Networking OS10 versions prior to 10.4.3.0 contain a ...) + TODO: check CVE-2018-15783 REJECTED CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...) @@ -34649,10 +34673,10 @@ CVE-2017-18334 RESERVED CVE-2017-18333 RESERVED -CVE-2017-18332 - RESERVED -CVE-2017-18331 - RESERVED +CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or ...) + TODO: check +CVE-2017-18331 (Improper access control on secure display buffers in snapdragon ...) + TODO: check CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...) NOT-FOR-US: snapdragon CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...) @@ -35999,10 +36023,10 @@ CVE-2018-12001 RESERVED CVE-2018-12000 RESERVED -CVE-2018-11999 - RESERVED -CVE-2018-11998 - RESERVED +CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service ...) + TODO: check +CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can ...) + TODO: check CVE-2018-11997 RESERVED CVE-2018-11996 (When a malformed command is sent to the device programmer, an ...) @@ -36011,8 +36035,8 @@ CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD NOT-FOR-US: Qualcomm components for Android CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to access ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11993 - RESERVED +CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT ...) + TODO: check CVE-2018-11992 RESERVED CVE-2018-11991 @@ -37944,8 +37968,7 @@ CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM NOT-FOR-US: Qualcomm components for Android CVE-2018-11289 RESERVED -CVE-2018-11288 - RESERVED +CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11287 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...) NOT-FOR-US: Qualcomm components for Android @@ -37953,8 +37976,8 @@ CVE-2018-11286 (In all android releases (Android for MSM, Firefox OS for MSM, QR NOT-FOR-US: Qualcomm components for Android CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11284 - RESERVED +CVE-2018-11284 (Spoofed SMS can be used to send a large number of messages to the ...) + TODO: check CVE-2018-11283 RESERVED CVE-2018-11282 @@ -37963,8 +37986,8 @@ CVE-2018-11281 (In all android releases (Android for MSM, Firefox OS for MSM, QR NOT-FOR-US: Qualcomm components for Android CVE-2018-11280 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11279 - RESERVED +CVE-2018-11279 (Lack of check of input size can make device memory get corrupted ...) + TODO: check CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, ...) @@ -50742,8 +50765,8 @@ CVE-2017-18162 RESERVED CVE-2017-18161 RESERVED -CVE-2017-18160 - RESERVED +CVE-2017-18160 (AGPS session failure in GNSS module due to cyphersuites are hardcoded ...) + TODO: check CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for MSM, ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android ...) @@ -53346,8 +53369,8 @@ CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper i NOT-FOR-US: Snapdragon CVE-2018-5916 (Buffer overread while decoding PDP modify request or network initiated ...) NOT-FOR-US: Snapdragon -CVE-2018-5915 - RESERVED +CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in snapdragon ...) + TODO: check CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5913 @@ -53414,12 +53437,12 @@ CVE-2018-5883 RESERVED CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-5881 - RESERVED -CVE-2018-5880 - RESERVED -CVE-2018-5879 - RESERVED +CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device ...) + TODO: check +CVE-2018-5880 (Improper data length check while processing an event report indication ...) + TODO: check +CVE-2018-5879 (Improper length check while processing an MQTT message can lead to ...) + TODO: check CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5877 (In the device programmer target-side code for firehose, a string may ...) @@ -53441,12 +53464,12 @@ CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9 NOT-FOR-US: Qualcomm components for Android CVE-2018-5870 (While loading a service image, an untrusted pointer dereference can ...) NOT-FOR-US: Snapdragon -CVE-2018-5869 - RESERVED -CVE-2018-5868 - RESERVED -CVE-2018-5867 - RESERVED +CVE-2018-5869 (Improper input validation in the QTEE keymaster app can lead to ...) + TODO: check +CVE-2018-5868 (Lack of checking input size can lead to buffer overflow In WideVine in ...) + TODO: check +CVE-2018-5867 (Lack of checking input size can lead to buffer overflow In WideVine in ...) + TODO: check CVE-2018-5866 (While processing logs, data is copied into a buffer pointed to by an ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5865 (While processing a debug log event from firmware in all Android ...) @@ -60194,8 +60217,8 @@ CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the lin NOT-FOR-US: Qualcomm components for Android CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-3595 - RESERVED +CVE-2018-3595 (Anti-rollback can be bypassed in replay scenario during app loading ...) + TODO: check CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm ...) @@ -97295,8 +97318,8 @@ CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the NOT-FOR-US: Qualcomm driver for Android CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-8276 - RESERVED +CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in snapdragon ...) + TODO: check CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642cad9a3a7f18dc404ff254d394d807236cbff7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642cad9a3a7f18dc404ff254d394d807236cbff7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits