[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 9 21:10:29 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2f4b1c8 by security tracker role at 2019-04-09T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2019-11064
+	RESERVED
+CVE-2019-11063
+	RESERVED
+CVE-2019-11062
+	RESERVED
+CVE-2019-11061
+	RESERVED
+CVE-2019-11060
+	RESERVED
+CVE-2019-11059
+	RESERVED
+CVE-2019-11058
+	RESERVED
+CVE-2019-11057
+	RESERVED
+CVE-2019-11056
+	RESERVED
+CVE-2019-11055
+	RESERVED
+CVE-2019-11054
+	RESERVED
+CVE-2019-11053
+	RESERVED
+CVE-2019-11052
+	RESERVED
+CVE-2019-11051
+	RESERVED
+CVE-2019-11050
+	RESERVED
+CVE-2019-11049
+	RESERVED
+CVE-2019-11048
+	RESERVED
+CVE-2019-11047
+	RESERVED
+CVE-2019-11046
+	RESERVED
+CVE-2019-11045
+	RESERVED
+CVE-2019-11044
+	RESERVED
+CVE-2019-11043
+	RESERVED
+CVE-2019-11042
+	RESERVED
+CVE-2019-11041
+	RESERVED
+CVE-2019-11040
+	RESERVED
+CVE-2019-11039
+	RESERVED
+CVE-2019-11038
+	RESERVED
+CVE-2019-11037
+	RESERVED
+CVE-2019-11036
+	RESERVED
+CVE-2019-11035
+	RESERVED
+CVE-2019-11034
+	RESERVED
+CVE-2019-11033
+	RESERVED
+CVE-2019-11032
+	RESERVED
+CVE-2019-11031
+	RESERVED
+CVE-2019-11030
+	RESERVED
+CVE-2019-11029
+	RESERVED
+CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing  ...)
+	TODO: check
+CVE-2015-9284
+	RESERVED
 CVE-2019-11027
 	RESERVED
 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
@@ -1818,12 +1894,12 @@ CVE-2019-10246
 	RESERVED
 CVE-2019-10245
 	RESERVED
-CVE-2019-10244
-	RESERVED
-CVE-2019-10243
-	RESERVED
-CVE-2019-10242
-	RESERVED
+CVE-2019-10244 (In Eclipse Kura versions up to 4.0.0, the Web UI package and component ...)
+	TODO: check
+CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui W ...)
+	TODO: check
+CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked  ...)
+	TODO: check
 CVE-2019-10241
 	RESERVED
 CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifac ...)
@@ -5289,10 +5365,10 @@ CVE-2019-9136
 	RESERVED
 CVE-2019-9135
 	RESERVED
-CVE-2019-9134
-	RESERVED
-CVE-2019-9133
-	RESERVED
+CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have a Stack ...)
+	TODO: check
+CVE-2019-9133 (When processing subtitles format media file, KMPlayer version 2018.12. ...)
+	TODO: check
 CVE-2019-9132 (Remote code execution vulnerability exists in KaKaoTalk PC messenger w ...)
 	NOT-FOR-US: KaKaoTalk PC messenger
 CVE-2019-9131
@@ -5755,8 +5831,8 @@ CVE-2019-8992
 	RESERVED
 CVE-2019-8991
 	RESERVED
-CVE-2019-8990
-	RESERVED
+CVE-2019-8990 (The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatr ...)
+	TODO: check
 CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-8988 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
@@ -9026,25 +9102,25 @@ CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a r
 	NOT-FOR-US: KindEditor
 CVE-2019-7542
 	RESERVED
-CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_impor ...)
+CVE-2018-20763 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
 	{DLA-1693-1}
 	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
 	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
 	NOTE: https://github.com/gpac/gpac/issues/1188
-CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in  ...)
+CVE-2018-20762 (GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in  ...)
 	{DLA-1693-1}
 	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
 	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1187
-CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in  ...)
+CVE-2018-20761 (GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in  ...)
 	{DLA-1693-1}
 	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
 	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
 	NOTE: https://github.com/gpac/gpac/issues/1186
-CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in l ...)
+CVE-2018-20760 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
 	{DLA-1693-1}
 	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
 	[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
@@ -10036,8 +10112,8 @@ CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in Decode
 	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450
-CVE-2019-7174
-	RESERVED
+CVE-2019-7174 (Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Ren ...)
+	TODO: check
 CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
 	NOT-FOR-US: Croogo
 CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an attacke ...)
@@ -12643,8 +12719,8 @@ CVE-2019-6119
 	RESERVED
 CVE-2019-6118
 	RESERVED
-CVE-2019-6117
-	RESERVED
+CVE-2019-6117 (The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via t ...)
+	TODO: check
 CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...)
 	{DSA-4372-1 DLA-1670-1}
 	- ghostscript 9.26a~dfsg-1
@@ -12685,8 +12761,8 @@ CVE-2019-6109 (An issue was discovered in OpenSSH 7.9. Due to missing character
 	NOTE: Patch: https://bugzilla.mindrot.org/attachment.cgi?id=3228
 	NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
 	NOTE: possibly additionally needed: https://github.com/openssh/openssh-portable/commit/bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb
-CVE-2018-20698
-	RESERVED
+CVE-2018-20698 (The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL  ...)
+	TODO: check
 CVE-2018-20697
 	RESERVED
 CVE-2018-20696
@@ -13957,8 +14033,8 @@ CVE-2019-5617
 	RESERVED
 CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical  ...)
 	NOT-FOR-US: CircuitWerkes Sicon-8
-CVE-2019-5615
-	RESERVED
+CVE-2019-5615 (Users with Site-level permissions can access files containing the user ...)
+	TODO: check
 CVE-2019-5614
 	RESERVED
 CVE-2019-5613
@@ -17347,10 +17423,10 @@ CVE-2019-3943
 	RESERVED
 CVE-2019-3942
 	RESERVED
-CVE-2019-3941
-	RESERVED
-CVE-2019-3940
-	RESERVED
+CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to  ...)
+	TODO: check
+CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via una ...)
+	TODO: check
 CVE-2019-3939
 	RESERVED
 CVE-2019-3938
@@ -17455,8 +17531,7 @@ CVE-2019-3895
 	RESERVED
 CVE-2019-3894
 	RESERVED
-CVE-2019-3893
-	RESERVED
+CVE-2019-3893 (In Foreman it was discovered that the delete compute resource operatio ...)
 	- foreman <itp> (bug #663101)
 CVE-2019-3892 [fix race condition between mmget_not_zero()/get_task_mm() and core dumping]
 	RESERVED
@@ -17477,8 +17552,7 @@ CVE-2019-3889
 	RESERVED
 CVE-2019-3888
 	RESERVED
-CVE-2019-3887 [KVM: x86: nVMX: close leak of L0's x2APIC MSR]
-	RESERVED
+CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine Spec ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
 	NOTE: Fixed by: https://git.kernel.org/linus/c73f4c998e1fd4249b9edfa39e23f4fda2b9b041
@@ -17506,8 +17580,7 @@ CVE-2019-3882 [DoS through vfio/type1 DMA mappings]
 	NOTE: Fixed by: https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c
 CVE-2019-3881
 	RESERVED
-CVE-2019-3880 [Save registry file outside share as unprivileged user]
-	RESERVED
+CVE-2019-3880 (A flaw was found in the way samba implemented an RPC endpoint emulatin ...)
 	{DSA-4427-1}
 	- samba 2:4.9.5+dfsg-3
 	NOTE: https://www.samba.org/samba/security/CVE-2019-3880.html
@@ -17542,8 +17615,7 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before
 	NOTE: https://github.com/PowerDNS/pdns/issues/7573
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
 	NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
-CVE-2019-3870 [During the provision of a new Active Directory DC, some files in the ...]
-	RESERVED
+CVE-2019-3870 (A vulnerability was found in Samba from version (including) 4.9 to ver ...)
 	- samba 2:4.9.5+dfsg-3
 	[stretch] - samba <not-affected> (Vulnerable code not present)
 	[jessie] - samba <not-affected> (Vulnerable code not present)
@@ -17844,13 +17916,13 @@ CVE-2019-3797
 	RESERVED
 CVE-2019-3796
 	RESERVED
-CVE-2019-3795
-	RESERVED
+CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...)
+	TODO: check
 CVE-2019-3794
 	RESERVED
 CVE-2019-3793
 	RESERVED
-CVE-2019-3792 (Pivotal Concourse versions prior to 5.0.1, contains an API that is vul ...)
+CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerable to ...)
 	NOT-FOR-US: Pivotal
 CVE-2019-3791
 	RESERVED
@@ -19049,7 +19121,7 @@ CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline)
 	- nasm <unfixed> (unimportant; bug #918270)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
 	NOTE: Crash in CLI tool, no security impact
-CVE-2018-20534 (There is an illegal address access at src/pool.h (function pool_whatpr ...)
+CVE-2018-20534 (** DISPUTED ** There is an illegal address access at ext/testcase.c in ...)
 	- libsolv <unfixed> (low; bug #923002)
 	[stretch] - libsolv <ignored> (Minor issue)
 	[jessie] - libsolv <ignored> (Minor issue)
@@ -27766,15 +27838,15 @@ CVE-2018-19591 (In the GNU C Library (aka glibc or libc6) through 2.28, attempti
 	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2180fee114b778515b3f560e5ff1e795282e60b0
 CVE-2018-19590
 	RESERVED
-CVE-2018-19589
-	RESERVED
+CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
+	TODO: check
 CVE-2018-19588
 	RESERVED
 CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
-CVE-2018-19586
-	RESERVED
+CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Director ...)
+	TODO: check
 CVE-2018-19585
 	RESERVED
 	- gitlab 11.3.11+dfsg-1
@@ -31491,7 +31563,7 @@ CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a
 	NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes
 CVE-2018-18507
-	RESERVED
+	REJECTED
 CVE-2018-18506 (When proxy auto-detection is enabled, if a web server serves a Proxy A ...)
 	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
 	- firefox 65.0-1
@@ -31922,8 +31994,8 @@ CVE-2018-18367
 	RESERVED
 CVE-2018-18366
 	RESERVED
-CVE-2018-18365
-	RESERVED
+CVE-2018-18365 (Norton Password Manager may be susceptible to an address spoofing issu ...)
+	TODO: check
 CVE-2018-18364 (Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be s ...)
 	NOT-FOR-US: Symantec
 CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass expl ...)
@@ -36802,8 +36874,8 @@ CVE-2018-16532
 	REJECTED
 CVE-2018-16531
 	REJECTED
-CVE-2018-16530
-	RESERVED
+CVE-2018-16530 (A stack-based buffer overflow in Forcepoint Email Security version 8.5 ...)
+	TODO: check
 CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
 	NOT-FOR-US: Forcepoint Email Security
 CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
@@ -39073,8 +39145,8 @@ CVE-2018-15642
 	RESERVED
 CVE-2018-15641
 	RESERVED
-CVE-2018-15640
-	RESERVED
+CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
+	TODO: check
 CVE-2018-15639
 	RESERVED
 CVE-2018-15638
@@ -39083,16 +39155,16 @@ CVE-2018-15637
 	RESERVED
 CVE-2018-15636
 	RESERVED
-CVE-2018-15635
-	RESERVED
+CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
+	TODO: check
 CVE-2018-15634
 	RESERVED
 CVE-2018-15633
 	RESERVED
 CVE-2018-15632
 	RESERVED
-CVE-2018-15631
-	RESERVED
+CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and  ...)
+	TODO: check
 CVE-2018-15630
 	RESERVED
 CVE-2018-15629
@@ -40810,8 +40882,8 @@ CVE-2018-14896
 	RESERVED
 CVE-2018-14895
 	RESERVED
-CVE-2018-14894
-	RESERVED
+CVE-2018-14894 (CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an a ...)
+	TODO: check
 CVE-2018-14893 (A system command injection vulnerability in zyshclient in ZyXEL NSA325 ...)
 	NOT-FOR-US: ZyXEL
 CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the web appl ...)
@@ -44839,8 +44911,8 @@ CVE-2018-13368
 	RESERVED
 CVE-2018-13367
 	RESERVED
-CVE-2018-13366
-	RESERVED
+CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
+	TODO: check
 CVE-2018-13365
 	RESERVED
 CVE-2018-13364
@@ -62133,10 +62205,10 @@ CVE-2018-7120
 	RESERVED
 CVE-2018-7119
 	RESERVED
-CVE-2018-7118
-	RESERVED
-CVE-2018-7117
-	RESERVED
+CVE-2018-7118 (A local access restriction bypass vulnerability was identified in HPE  ...)
+	TODO: check
+CVE-2018-7117 (A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerab ...)
+	TODO: check
 CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
 	NOT-FOR-US: HPE
 CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
@@ -78676,8 +78748,8 @@ CVE-2017-17546
 	RESERVED
 CVE-2017-17545
 	RESERVED
-CVE-2017-17544
-	RESERVED
+CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS all versions  ...)
+	TODO: check
 CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in Fortin ...)
 	NOT-FOR-US: Fortinet FortiClient
 CVE-2017-17542
@@ -82379,8 +82451,8 @@ CVE-2017-17025
 	RESERVED
 CVE-2017-17024
 	RESERVED
-CVE-2017-17023
-	RESERVED
+CVE-2017-17023 (The Sophos UTM VPN endpoint interacts with client software provided by ...)
+	TODO: check
 CVE-2017-17022
 	RESERVED
 CVE-2017-17021
@@ -92212,7 +92284,7 @@ CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineC
 	NOT-FOR-US: dayrui FineCms
 CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCm ...)
 	NOT-FOR-US: dayrui FineCms
-CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 an ...)
+CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up ...)
 	NOT-FOR-US: Fortinet
 CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6. ...)
 	NOT-FOR-US: Fortinet FortiOS
@@ -126387,8 +126459,7 @@ CVE-2017-3140 (If named is configured to use Response Policy Zones (RPZ) an erro
 	NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7
 	NOTE: CVE-2017-3140 is introduced by the upstream change #4377
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4
-CVE-2017-3139
-	RESERVED
+CVE-2017-3139 (A denial of service flaw was found in the way BIND handled DNSSEC vali ...)
 	- bind9 <not-affected> (RHEL6 specific)
 CVE-2017-3138 (named contains a feature which allows operators to issue commands to a ...)
 	{DSA-3854-1 DLA-957-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2f4b1c8896667b2cb6c0fbeee054c8b85abd361

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2f4b1c8896667b2cb6c0fbeee054c8b85abd361
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190409/8e8e5af5/attachment.html>


More information about the debian-security-tracker-commits mailing list