[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 8 21:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7829451a by security tracker role at 2019-04-08T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,199 @@
+CVE-2019-11011
+ RESERVED
+CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in ...)
+ TODO: check
+CVE-2019-11009 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
+ TODO: check
+CVE-2019-11008 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
+ TODO: check
+CVE-2019-11007 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
+ TODO: check
+CVE-2019-11006 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
+ TODO: check
+CVE-2019-11005 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buf ...)
+ TODO: check
+CVE-2019-11004 (In Materialize through 1.0.0, XSS is possible via the Toast feature. ...)
+ TODO: check
+CVE-2019-11003 (In Materialize through 1.0.0, XSS is possible via the Autocomplete fea ...)
+ TODO: check
+CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip feature. ...)
+ TODO: check
+CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices th ...)
+ TODO: check
+CVE-2019-11000
+ RESERVED
+CVE-2019-10999
+ RESERVED
+CVE-2019-10998
+ RESERVED
+CVE-2019-10997
+ RESERVED
+CVE-2019-10996
+ RESERVED
+CVE-2019-10995
+ RESERVED
+CVE-2019-10994
+ RESERVED
+CVE-2019-10993
+ RESERVED
+CVE-2019-10992
+ RESERVED
+CVE-2019-10991
+ RESERVED
+CVE-2019-10990
+ RESERVED
+CVE-2019-10989
+ RESERVED
+CVE-2019-10988
+ RESERVED
+CVE-2019-10987
+ RESERVED
+CVE-2019-10986
+ RESERVED
+CVE-2019-10985
+ RESERVED
+CVE-2019-10984
+ RESERVED
+CVE-2019-10983
+ RESERVED
+CVE-2019-10982
+ RESERVED
+CVE-2019-10981
+ RESERVED
+CVE-2019-10980
+ RESERVED
+CVE-2019-10979
+ RESERVED
+CVE-2019-10978
+ RESERVED
+CVE-2019-10977
+ RESERVED
+CVE-2019-10976
+ RESERVED
+CVE-2019-10975
+ RESERVED
+CVE-2019-10974
+ RESERVED
+CVE-2019-10973
+ RESERVED
+CVE-2019-10972
+ RESERVED
+CVE-2019-10971
+ RESERVED
+CVE-2019-10970
+ RESERVED
+CVE-2019-10969
+ RESERVED
+CVE-2019-10968
+ RESERVED
+CVE-2019-10967
+ RESERVED
+CVE-2019-10966
+ RESERVED
+CVE-2019-10965
+ RESERVED
+CVE-2019-10964
+ RESERVED
+CVE-2019-10963
+ RESERVED
+CVE-2019-10962
+ RESERVED
+CVE-2019-10961
+ RESERVED
+CVE-2019-10960
+ RESERVED
+CVE-2019-10959
+ RESERVED
+CVE-2019-10958
+ RESERVED
+CVE-2019-10957
+ RESERVED
+CVE-2019-10956
+ RESERVED
+CVE-2019-10955
+ RESERVED
+CVE-2019-10954
+ RESERVED
+CVE-2019-10953
+ RESERVED
+CVE-2019-10952
+ RESERVED
+CVE-2019-10951
+ RESERVED
+CVE-2019-10950
+ RESERVED
+CVE-2019-10949
+ RESERVED
+CVE-2019-10948
+ RESERVED
+CVE-2019-10947
+ RESERVED
+CVE-2019-10946
+ RESERVED
+CVE-2019-10945
+ RESERVED
+CVE-2019-10944
+ RESERVED
+CVE-2019-10943
+ RESERVED
+CVE-2019-10942
+ RESERVED
+CVE-2019-10941
+ RESERVED
+CVE-2019-10940
+ RESERVED
+CVE-2019-10939
+ RESERVED
+CVE-2019-10938
+ RESERVED
+CVE-2019-10937
+ RESERVED
+CVE-2019-10936
+ RESERVED
+CVE-2019-10935
+ RESERVED
+CVE-2019-10934
+ RESERVED
+CVE-2019-10933
+ RESERVED
+CVE-2019-10932
+ RESERVED
+CVE-2019-10931
+ RESERVED
+CVE-2019-10930
+ RESERVED
+CVE-2019-10929
+ RESERVED
+CVE-2019-10928
+ RESERVED
+CVE-2019-10927
+ RESERVED
+CVE-2019-10926
+ RESERVED
+CVE-2019-10925
+ RESERVED
+CVE-2019-10924
+ RESERVED
+CVE-2019-10923
+ RESERVED
+CVE-2019-10922
+ RESERVED
+CVE-2019-10921
+ RESERVED
+CVE-2019-10920
+ RESERVED
+CVE-2019-10919
+ RESERVED
+CVE-2019-10918
+ RESERVED
+CVE-2019-10917
+ RESERVED
+CVE-2019-10916
+ RESERVED
+CVE-2019-10915
+ RESERVED
+CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure T ...)
+ TODO: check
CVE-2019-10913
RESERVED
CVE-2019-10912
@@ -12,7 +208,7 @@ CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords v
NOT-FOR-US: Airsonic
CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...)
NOT-FOR-US: Airsonic
-CVE-2016-10745 [issue related to CVE-2019-10906, str.format vulnerability]
+CVE-2016-10745 (In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. ...)
- jinja2 2.9.4-1
NOTE: Fixed by: https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
NOTE: Followup bugfix: https://github.com/pallets/jinja/commit/74bd64e56387f5b2931040dc7235a3509cde1611
@@ -165,8 +361,8 @@ CVE-2019-10847
RESERVED
CVE-2019-10846
RESERVED
-CVE-2019-10845
- RESERVED
+CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...)
+ TODO: check
CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
NOT-FOR-US: Sony
CVE-2019-10843
@@ -616,8 +812,8 @@ CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as inse
- domoticz <itp> (bug #899058)
CVE-2019-10677
RESERVED
-CVE-2019-10676
- RESERVED
+CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...)
+ TODO: check
CVE-2019-10675
REJECTED
CVE-2019-10674
@@ -3387,7 +3583,7 @@ CVE-2019-9770 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There i
- libredwg <itp> (bug #595191)
CVE-2019-9769 (PilusCart 1.4.1 is vulnerable to index.php?module=users&action=new ...)
NOT-FOR-US: PilusCart
-CVE-2019-9768 (Thinkst Canarytokens through 2019-03-01 relies on limited variation in ...)
+CVE-2019-9768 (Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies o ...)
NOT-FOR-US: Thinkst Canarytokens
CVE-2019-9767 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting ...)
NOT-FOR-US: Free MP3 CD Ripper
@@ -5256,7 +5452,7 @@ CVE-2019-9044
RESERVED
CVE-2019-9043
RESERVED
-CVE-2019-9042 (An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt= ...)
+CVE-2019-9042 (** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the i ...)
NOT-FOR-US: Sitemagic CMS
CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_templa ...)
NOT-FOR-US: ZZZCMS
@@ -5505,7 +5701,7 @@ CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in th
- linux 4.19.28-1
NOTE: https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/
NOTE: https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/
-CVE-2019-8979 (Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection whe ...)
+CVE-2019-8979 (Kohana through 3.3.6 has SQL Injection when the order_by() parameter c ...)
- libkohana2-php <removed>
[jessie] - libkohana2-php <not-affected> (orderby function properly checks for allowed values)
NOTE: https://github.com/huzr2018/orderby_SQLi/tree/master/kohana
@@ -16515,8 +16711,8 @@ CVE-2019-4212
RESERVED
CVE-2019-4211
RESERVED
-CVE-2019-4210
- RESERVED
+CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...)
+ TODO: check
CVE-2019-4209
RESERVED
CVE-2019-4208
@@ -16625,8 +16821,8 @@ CVE-2019-4157
RESERVED
CVE-2019-4156
RESERVED
-CVE-2019-4155
- RESERVED
+CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted b ...)
+ TODO: check
CVE-2019-4154
RESERVED
CVE-2019-4153
@@ -16649,8 +16845,8 @@ CVE-2019-4145
RESERVED
CVE-2019-4144
RESERVED
-CVE-2019-4143
- RESERVED
+CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 ...)
+ TODO: check
CVE-2019-4142
RESERVED
CVE-2019-4141
@@ -16833,8 +17029,8 @@ CVE-2019-4053
RESERVED
CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthe ...)
NOT-FOR-US: IBM
-CVE-2019-4051
- RESERVED
+CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system spe ...)
+ TODO: check
CVE-2019-4050
RESERVED
CVE-2019-4049
@@ -16845,8 +17041,8 @@ CVE-2019-4047
RESERVED
CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2019-4045
- RESERVED
+CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process Manager 18.0 ...)
+ TODO: check
CVE-2019-4044
RESERVED
CVE-2019-4043 (IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vuln ...)
@@ -17209,6 +17405,7 @@ CVE-2019-3882 [DoS through vfio/type1 DMA mappings]
CVE-2019-3881
RESERVED
CVE-2019-3880 [Save registry file outside share as unprivileged user]
+ RESERVED
{DSA-4427-1}
- samba 2:4.9.5+dfsg-3
NOTE: https://www.samba.org/samba/security/CVE-2019-3880.html
@@ -17244,6 +17441,7 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
CVE-2019-3870 [During the provision of a new Active Directory DC, some files in the ...]
+ RESERVED
- samba 2:4.9.5+dfsg-3
[stretch] - samba <not-affected> (Vulnerable code not present)
[jessie] - samba <not-affected> (Vulnerable code not present)
@@ -19329,8 +19527,8 @@ CVE-2018-20343
RESERVED
CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
NOT-FOR-US: Floureon IP Camera SP012
-CVE-2018-20341
- RESERVED
+CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted Search P ...)
+ TODO: check
CVE-2018-20340 (Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which c ...)
{DSA-4389-1}
- libu2f-host 1.1.7-1 (bug #921726)
@@ -23993,14 +24191,12 @@ CVE-2019-1787 [An out-of-bounds heap read condition when scanning PDF documents]
- clamav 0.101.2+dfsg-1
[stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion in next point release)
NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1786 [An out-of-bounds heap read may occur when scanning malformed PDF documents]
- RESERVED
+CVE-2019-1786 (A vulnerability in the Portable Document Format (PDF) scanning functio ...)
- clamav 0.101.2+dfsg-1
[stretch] - clamav <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
[jessie] - clamav <not-affected> (Vulnerable code introduced later)
NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1785 [A path-traversal write condition may occur when scanning RAR archives]
- RESERVED
+CVE-2019-1785 (A vulnerability in the RAR file scanning functionality of Clam AntiVir ...)
- libclamunrar 0.101.2-1
[stretch] - libclamunrar <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
[jessie] - libclamunrar <not-affected> (Vulnerable code introduced later)
@@ -29978,8 +30174,8 @@ CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05
NOT-FOR-US: TextEditor 2.0 in ABB CP400 Panel Builder
CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the D ...)
NOT-FOR-US: Geutebrueck cameras
-CVE-2018-19006
- RESERVED
+CVE-2018-19006 (OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The ...)
+ TODO: check
CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation ...)
NOT-FOR-US: Cscape
CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds rea ...)
@@ -76730,14 +76926,14 @@ CVE-2018-2002
RESERVED
CVE-2018-2001
RESERVED
-CVE-2018-2000
- RESERVED
-CVE-2018-1999
- RESERVED
+CVE-2018-2000 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...)
+ TODO: check
+CVE-2018-1999 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
+ TODO: check
CVE-2018-1998 (IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inj ...)
NOT-FOR-US: IBM
-CVE-2018-1997
- RESERVED
+CVE-2018-1997 (IBM Business Automation Workflow and Business Process Manager 18.0.0.0 ...)
+ TODO: check
CVE-2018-1996 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...)
NOT-FOR-US: IBM
CVE-2018-1995
@@ -76844,8 +77040,8 @@ CVE-2018-1945 (IBM Security Identity Governance and Intelligence 5.2 through 5.2
NOT-FOR-US: IBM
CVE-2018-1944 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 ...)
NOT-FOR-US: IBM
-CVE-2018-1943
- RESERVED
+CVE-2018-1943 (IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header in ...)
+ TODO: check
CVE-2018-1942
RESERVED
CVE-2018-1941 (IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini ...)
@@ -76960,14 +77156,14 @@ CVE-2018-1887 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0,
NOT-FOR-US: IBM
CVE-2018-1886 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
NOT-FOR-US: IBM
-CVE-2018-1885
- RESERVED
+CVE-2018-1885 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
+ TODO: check
CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3. ...)
NOT-FOR-US: IBM Case Manager
CVE-2018-1883 (A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Co ...)
NOT-FOR-US: IBM
-CVE-2018-1882
- RESERVED
+CVE-2018-1882 (In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, ...)
+ TODO: check
CVE-2018-1881
RESERVED
CVE-2018-1880
@@ -77024,8 +77220,8 @@ CVE-2018-1855
RESERVED
CVE-2018-1854
RESERVED
-CVE-2018-1853
- RESERVED
+CVE-2018-1853 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could al ...)
+ TODO: check
CVE-2018-1852
RESERVED
CVE-2018-1851 (IBM WebSphere Application Server Liberty OpenID Connect could allow a ...)
@@ -77156,8 +77352,8 @@ CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attack
NOT-FOR-US: IBM
CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitiv ...)
NOT-FOR-US: IBM
-CVE-2018-1787
- RESERVED
+CVE-2018-1787 (IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vu ...)
+ TODO: check
CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly ...)
NOT-FOR-US: IBM Spectrum Protect
CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses wea ...)
@@ -110670,8 +110866,8 @@ CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automati
NOT-FOR-US: Rockwell Rockwell PanelView Plus
CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell ...)
NOT-FOR-US: Moxa
-CVE-2017-7912
- RESERVED
+CVE-2017-7912 (Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v ...)
+ TODO: check
CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...)
NOT-FOR-US: CyberVision Kaa IoT Platform
CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Canal St ...)
@@ -190532,8 +190728,8 @@ CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider
NOT-FOR-US: Schneider Electric ProClima
CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in Honeywell ...)
NOT-FOR-US: Honeywell Experion PKS
-CVE-2014-9186
- RESERVED
+CVE-2014-9186 (A file inclusion vulnerability exists in the confd.exe module in Honey ...)
+ TODO: check
CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 a ...)
NOT-FOR-US: Morfy CMS
CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via ...)
@@ -200751,10 +200947,10 @@ CVE-2014-5438 (Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG86
NOT-FOR-US: Arris Touchstone
CVE-2014-5437 (Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS To ...)
NOT-FOR-US: Arris Touchstone
-CVE-2014-5436
- RESERVED
-CVE-2014-5435
- RESERVED
+CVE-2014-5436 (A directory traversal vulnerability exists in the confd.exe module in ...)
+ TODO: check
+CVE-2014-5435 (An arbitrary memory write vulnerability exists in the dual_onsrv.exe m ...)
+ TODO: check
CVE-2014-5434 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5433 (An unauthenticated remote attacker may be able to execute commands to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7829451a349f953f6cc4a8621b6cd1b94d789bc7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7829451a349f953f6cc4a8621b6cd1b94d789bc7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190408/243441a2/attachment.html>
More information about the debian-security-tracker-commits
mailing list