[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 2 09:10:27 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2468acc5 by security tracker role at 2019-04-02T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-10690
+	RESERVED
+CVE-2019-10689
+	RESERVED
+CVE-2019-10688
+	RESERVED
+CVE-2019-10687
+	RESERVED
 CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
 	NOT-FOR-US: Ctrip Apollo
 CVE-2019-10685
@@ -4184,8 +4192,8 @@ CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files.
 	NOT-FOR-US: Grin
 CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PH ...)
 	NOT-FOR-US: elFinder
-CVE-2019-9193
-	RESERVED
+CVE-2019-9193 (In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function al ...)
+	TODO: check
 CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) p ...)
 	NOT-FOR-US: ETSI protocol
 CVE-2019-9190
@@ -13219,18 +13227,18 @@ CVE-2019-5521
 	RESERVED
 CVE-2019-5520
 	RESERVED
-CVE-2019-5519
-	RESERVED
-CVE-2019-5518
-	RESERVED
+CVE-2019-5519 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...)
+	TODO: check
+CVE-2019-5518 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...)
+	TODO: check
 CVE-2019-5517
 	RESERVED
 CVE-2019-5516
 	RESERVED
 CVE-2019-5515
 	RESERVED
-CVE-2019-5514
-	RESERVED
+CVE-2019-5514 (VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerab ...)
+	TODO: check
 CVE-2019-5513
 	RESERVED
 CVE-2019-5512
@@ -16871,8 +16879,8 @@ CVE-2019-3794
 	RESERVED
 CVE-2019-3793
 	RESERVED
-CVE-2019-3792
-	RESERVED
+CVE-2019-3792 (Pivotal Concourse versions prior to 5.0.1, contains an API that is vul ...)
+	TODO: check
 CVE-2019-3791
 	RESERVED
 CVE-2019-3790
@@ -17596,8 +17604,8 @@ CVE-2019-3491
 	RESERVED
 CVE-2019-3490
 	RESERVED
-CVE-2019-3489
-	RESERVED
+CVE-2019-3489 (An unauthenticated file upload vulnerability has been identified in th ...)
+	TODO: check
 CVE-2019-3488
 	RESERVED
 CVE-2019-3487
@@ -28998,8 +29006,8 @@ CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when pa
 	NOTE: https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
 CVE-2018-19114 (An issue was discovered in MinDoc through v1.0.2. It allows attackers  ...)
 	NOT-FOR-US: MinDoc
-CVE-2018-19113
-	RESERVED
+CVE-2018-19113 (The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in bef ...)
+	TODO: check
 CVE-2018-19112
 	RESERVED
 CVE-2018-19111 (The Google Cardboard application 1.8 for Android and 1.2 for iOS sends ...)
@@ -32018,10 +32026,10 @@ CVE-2018-17992
 	RESERVED
 CVE-2018-17991
 	RESERVED
-CVE-2018-17990
-	RESERVED
-CVE-2018-17989
-	RESERVED
+CVE-2018-17990 (An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. ...)
+	TODO: check
+CVE-2018-17989 (A stored XSS vulnerability exists in the web interface on D-Link DSL-3 ...)
+	TODO: check
 CVE-2018-17988 (LayerBB 1.1.1 has SQL Injection via the search.php search_query parame ...)
 	NOT-FOR-US: LayerBB
 CVE-2018-17987 (The determineWinner function of a smart contract implementation for Ha ...)
@@ -33027,12 +33035,12 @@ CVE-2018-17567 (Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8
 	NOTE: https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
 CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for SQL inje ...)
 	NOT-FOR-US: ThinkPHP
-CVE-2018-17565
-	RESERVED
-CVE-2018-17564
-	RESERVED
-CVE-2018-17563
-	RESERVED
+CVE-2018-17565 (Shell Metacharacter Injection in the SSH configuration interface on Gr ...)
+	TODO: check
+CVE-2018-17564 (A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx  ...)
+	TODO: check
+CVE-2018-17563 (A Malformed Input String to /cgi-bin/api-get_line_status on Grandstrea ...)
+	TODO: check
 CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_ ...)
 	NOT-FOR-US: Multi-Tech FaxFinder
 CVE-2018-17561
@@ -59897,7 +59905,7 @@ CVE-2018-7449 (SEGGER FTP Server for Windows before 3.22a allows remote attacker
 	NOT-FOR-US: SEGGER embOS/IP FTP Server
 CVE-2018-7448 (Remote code execution vulnerability in /cmsms-2.1.6-install.php/index. ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site  ...)
+CVE-2018-7447 (** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persist ...)
 	NOT-FOR-US: mojoPortal
 CVE-2018-7446
 	RESERVED
@@ -66476,6 +66484,7 @@ CVE-2018-5385 (Navarino Infinity is prone to session fixation attacks. The serve
 CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an unauthent ...)
 	NOT-FOR-US: Navarino Infinity
 CVE-2018-5383 (Bluetooth firmware or operating system software drivers in macOS versi ...)
+	{DLA-1747-1}
 	- firmware-nonfree 20190114-1
 	[stretch] - firmware-nonfree <no-dsa> (non-free not supported)
 	NOTE: http://www.cs.technion.ac.il/~biham/BT/
@@ -70129,8 +70138,8 @@ CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing fun
 	NOT-FOR-US: Atlantis Word Processor
 CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
 	NOT-FOR-US: Canvas Draw
-CVE-2018-3979
-	RESERVED
+CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...)
+	TODO: check
 CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word Do ...)
 	NOT-FOR-US: Atlantis Word Processor
 CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...)
@@ -109659,8 +109668,8 @@ CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitr
 	NOT-FOR-US: RSA Archer GRC Platform
 CVE-2017-8024 (EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2 ...)
 	NOT-FOR-US: EMC
-CVE-2017-8023
-	RESERVED
+CVE-2017-8023 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...)
+	TODO: check
 CVE-2017-8022 (An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all suppor ...)
 	NOT-FOR-US: EMC
 CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumen ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2468acc5fafa655eff65cff55f9a0fa42abaf53c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2468acc5fafa655eff65cff55f9a0fa42abaf53c
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190402/ef92d87f/attachment.html>

More information about the debian-security-tracker-commits mailing list