Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b174f03d by security tracker role at 2019-02-26T08:10:12Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,62 @@ -CVE-2019-9162 [netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs] +CVE-2019-9183 + RESERVED +CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a ...) + TODO: check +CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...) + TODO: check +CVE-2019-9180 + RESERVED +CVE-2019-9179 + RESERVED +CVE-2019-9178 + RESERVED +CVE-2019-9177 + RESERVED +CVE-2019-9176 + RESERVED +CVE-2019-9175 + RESERVED +CVE-2019-9174 + RESERVED +CVE-2019-9173 + RESERVED +CVE-2019-9172 + RESERVED +CVE-2019-9171 + RESERVED +CVE-2019-9170 + RESERVED +CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, ...) + TODO: check +CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...) + TODO: check +CVE-2019-9167 + RESERVED +CVE-2019-9166 + RESERVED +CVE-2019-9165 + RESERVED +CVE-2019-9164 + RESERVED +CVE-2019-9163 + RESERVED +CVE-2019-9161 + RESERVED +CVE-2019-9160 + RESERVED +CVE-2019-9159 + RESERVED +CVE-2019-9158 + RESERVED +CVE-2019-9157 + RESERVED +CVE-2019-9156 + RESERVED +CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, ...) + TODO: check +CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in ...) + TODO: check +CVE-2019-9162 (In the Linux kernel before 4.20.12, ...) - linux <unfixed> [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) @@ -3259,6 +3317,7 @@ CVE-2019-7667 CVE-2019-7666 RESERVED CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...) + {DLA-1689-1} - elfutils 0.176-1 (low; bug #921880) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089 @@ -4650,12 +4709,14 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in ...) NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can ...) + {DLA-1689-1} - elfutils 0.176-1 (low; bug #920909) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 CVE-2019-7149 (A heap-based buffer over-read was discovered in the function ...) + {DLA-1689-1} - elfutils 0.176-1 (low; bug #920910) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102 @@ -6349,7 +6410,7 @@ CVE-2015-9277 (MailEnable before 8.60 allows Directory Traversal for reading the NOT-FOR-US: MailEnable CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS ...) NOT-FOR-US: SmarterTools SmarterMail -CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle ...) +CVE-2019-6446 (** DISPUTED ** ...) - python-numpy 1:1.10.4-1 [jessie] - python-numpy <no-dsa> (Minor issue) NOTE: https://github.com/numpy/numpy/issues/12759 @@ -6793,10 +6854,10 @@ CVE-2019-6268 RESERVED CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for ...) NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress -CVE-2019-6266 - RESERVED -CVE-2019-6265 - RESERVED +CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is ...) + TODO: check +CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware bestinformed ...) + TODO: check CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...) NOT-FOR-US: Joomla! CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...) @@ -16984,8 +17045,8 @@ CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...) - chromium 71.0.3578.80-1 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...) NOT-FOR-US: doorGets -CVE-2018-20063 - RESERVED +CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An ...) + TODO: check CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php ...) NOT-FOR-US: NoneCms CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...) @@ -17062,8 +17123,8 @@ CVE-2018-20035 RESERVED CVE-2018-20034 RESERVED -CVE-2018-20033 - RESERVED +CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon ...) + TODO: check CVE-2018-20032 RESERVED CVE-2018-20031 @@ -25628,12 +25689,14 @@ CVE-2018-18523 CVE-2018-18522 RESERVED CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...) + {DLA-1689-1} - elfutils 0.175-1 (low; bug #911413) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...) + {DLA-1689-1} - elfutils 0.175-1 (low; bug #911414) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787 @@ -26265,6 +26328,7 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87 NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850 CVE-2018-18310 (An invalid memory address dereference was discovered in ...) + {DLA-1689-1} - elfutils 0.175-1 (bug #911083) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752 @@ -32147,6 +32211,7 @@ CVE-2018-16064 CVE-2018-16063 RESERVED CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before ...) + {DLA-1689-1} - elfutils 0.175-1 (bug #907562) [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541 @@ -32885,7 +32950,7 @@ CVE-2018-15779 CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...) NOT-FOR-US: Dell CVE-2018-15777 - RESERVED + REJECTED CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an ...) NOT-FOR-US: EMC iDRAC CVE-2018-15775 @@ -37742,12 +37807,12 @@ CVE-2018-13916 RESERVED CVE-2018-13915 RESERVED -CVE-2018-13914 - RESERVED -CVE-2018-13913 - RESERVED -CVE-2018-13912 - RESERVED +CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...) + TODO: check +CVE-2018-13913 (Improper validation of array index can lead to unauthorized access ...) + TODO: check +CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in ...) + TODO: check CVE-2018-13911 RESERVED CVE-2018-13910 @@ -37760,11 +37825,9 @@ CVE-2018-13907 RESERVED CVE-2018-13906 RESERVED -CVE-2018-13905 - RESERVED +CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource cleanup ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-13904 - RESERVED +CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13903 RESERVED @@ -37772,8 +37835,7 @@ CVE-2018-13902 RESERVED CVE-2018-13901 RESERVED -CVE-2018-13900 - RESERVED +CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13899 RESERVED @@ -42835,15 +42897,13 @@ CVE-2018-11950 (Unapproved TrustZone applications can be loaded and executed in NOT-FOR-US: Qualcomm components for Android CVE-2018-11949 RESERVED -CVE-2018-11948 - RESERVED +CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11947 RESERVED CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11945 - RESERVED +CVE-2018-11945 (Improper input validation in wireless service messaging module for ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11944 RESERVED @@ -42857,25 +42917,21 @@ CVE-2018-11940 RESERVED CVE-2018-11939 RESERVED -CVE-2018-11938 - RESERVED +CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11937 RESERVED CVE-2018-11936 RESERVED -CVE-2018-11935 - RESERVED +CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11934 RESERVED CVE-2018-11933 RESERVED -CVE-2018-11932 - RESERVED +CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11931 - RESERVED +CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11930 RESERVED @@ -43009,8 +43065,7 @@ CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal NOT-FOR-US: Qualcomm components for Android CVE-2018-11865 (Integer overflow may happen when calculating an internal structure ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11864 - RESERVED +CVE-2018-11864 (Bytes can be written to fuses from Secure region which can be read ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Qualcomm components for Android @@ -43048,8 +43103,7 @@ CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by NOT-FOR-US: Qualcomm components for Android CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11845 - RESERVED +CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11844 RESERVED @@ -43099,8 +43153,7 @@ CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory ... NOT-FOR-US: Qualcomm components for Android CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11820 - RESERVED +CVE-2018-11820 (Use of non-time constant memcmp function creates side channel that ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11819 RESERVED @@ -44698,8 +44751,7 @@ CVE-2018-11291 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM NOT-FOR-US: Qualcomm components for Android CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-11289 - RESERVED +CVE-2018-11289 (Data truncation during higher to lower type conversion which causes ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for ...) NOT-FOR-US: Qualcomm components for Android @@ -60288,8 +60340,7 @@ CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that is NOT-FOR-US: Qualcomm components for Android CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the DRM ...) NOT-FOR-US: Qualcomm components for Android -CVE-2018-5839 - RESERVED +CVE-2018-5839 (Improperly configured memory protection allows read/write access to ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in ...) NOT-FOR-US: Qualcomm components for Android @@ -106329,24 +106380,28 @@ CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/ NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8 CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859990) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859991) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859992) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859993) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320 @@ -106359,6 +106414,7 @@ CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compr NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/ CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...) + {DLA-1689-1} - elfutils 0.168-1 (bug #859995) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b174f03d30f148ed39907620b57887551e932935 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b174f03d30f148ed39907620b57887551e932935 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits