[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39af65bc by security tracker role at 2019-04-05T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...)
+	TODO: check
+CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...)
+	TODO: check
+CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...)
+	TODO: check
+CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x  ...)
+	TODO: check
+CVE-2019-10875
+	RESERVED
+CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
+	TODO: check
+CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
+	TODO: check
+CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-10870
+	RESERVED
+CVE-2019-10869
+	RESERVED
 CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...)
 	NOT-FOR-US: Pimcore
 CVE-2019-10866
@@ -389,7 +411,7 @@ CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credenti
 	TODO: check
 CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...)
 	TODO: check
-CVE-2019-10868 [Guessing order on field without access]
+CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ...)
 	- tryton-server <unfixed>
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262
 	NOTE: https://bugs.tryton.org/issue8189
@@ -28770,8 +28792,8 @@ CVE-2018-19284
 	RESERVED
 CVE-2018-19283
 	RESERVED
-CVE-2018-19282
-	RESERVED
+CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...)
+	TODO: check
 CVE-2018-19281 (Centreon 3.4.x allows SNMP trap SQL Injection. ...)
 	NOT-FOR-US: Centreon
 CVE-2018-19280 (Centreon 3.4.x has XSS via the resource name or macro expression of a  ...)
@@ -32347,8 +32369,8 @@ CVE-2018-18070 (An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0
 	NOT-FOR-US: Daimler Mercedes-Benz COMAND on Mercedes-Benz C-Class 2018 vehicles
 CVE-2018-18069 (process_forms in the WPML (aka sitepress-multilingual-cms) plugin thro ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2018-18068
-	RESERVED
+CVE-2018-18068 (The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ a ...)
+	TODO: check
 CVE-2018-18067
 	RESERVED
 CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NU ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39af65bc95178fa6247c47abb6bd1aa34f56df0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39af65bc95178fa6247c47abb6bd1aa34f56df0d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190405/00b58196/attachment.html>