[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 9 21:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c2f4b1c8 by security tracker role at 2019-04-09T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2019-11064
+ RESERVED
+CVE-2019-11063
+ RESERVED
+CVE-2019-11062
+ RESERVED
+CVE-2019-11061
+ RESERVED
+CVE-2019-11060
+ RESERVED
+CVE-2019-11059
+ RESERVED
+CVE-2019-11058
+ RESERVED
+CVE-2019-11057
+ RESERVED
+CVE-2019-11056
+ RESERVED
+CVE-2019-11055
+ RESERVED
+CVE-2019-11054
+ RESERVED
+CVE-2019-11053
+ RESERVED
+CVE-2019-11052
+ RESERVED
+CVE-2019-11051
+ RESERVED
+CVE-2019-11050
+ RESERVED
+CVE-2019-11049
+ RESERVED
+CVE-2019-11048
+ RESERVED
+CVE-2019-11047
+ RESERVED
+CVE-2019-11046
+ RESERVED
+CVE-2019-11045
+ RESERVED
+CVE-2019-11044
+ RESERVED
+CVE-2019-11043
+ RESERVED
+CVE-2019-11042
+ RESERVED
+CVE-2019-11041
+ RESERVED
+CVE-2019-11040
+ RESERVED
+CVE-2019-11039
+ RESERVED
+CVE-2019-11038
+ RESERVED
+CVE-2019-11037
+ RESERVED
+CVE-2019-11036
+ RESERVED
+CVE-2019-11035
+ RESERVED
+CVE-2019-11034
+ RESERVED
+CVE-2019-11033
+ RESERVED
+CVE-2019-11032
+ RESERVED
+CVE-2019-11031
+ RESERVED
+CVE-2019-11030
+ RESERVED
+CVE-2019-11029
+ RESERVED
+CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing ...)
+ TODO: check
+CVE-2015-9284
+ RESERVED
CVE-2019-11027
RESERVED
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
@@ -1818,12 +1894,12 @@ CVE-2019-10246
RESERVED
CVE-2019-10245
RESERVED
-CVE-2019-10244
- RESERVED
-CVE-2019-10243
- RESERVED
-CVE-2019-10242
- RESERVED
+CVE-2019-10244 (In Eclipse Kura versions up to 4.0.0, the Web UI package and component ...)
+ TODO: check
+CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui W ...)
+ TODO: check
+CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked ...)
+ TODO: check
CVE-2019-10241
RESERVED
CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifac ...)
@@ -5289,10 +5365,10 @@ CVE-2019-9136
RESERVED
CVE-2019-9135
RESERVED
-CVE-2019-9134
- RESERVED
-CVE-2019-9133
- RESERVED
+CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have a Stack ...)
+ TODO: check
+CVE-2019-9133 (When processing subtitles format media file, KMPlayer version 2018.12. ...)
+ TODO: check
CVE-2019-9132 (Remote code execution vulnerability exists in KaKaoTalk PC messenger w ...)
NOT-FOR-US: KaKaoTalk PC messenger
CVE-2019-9131
@@ -5755,8 +5831,8 @@ CVE-2019-8992
RESERVED
CVE-2019-8991
RESERVED
-CVE-2019-8990
- RESERVED
+CVE-2019-8990 (The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatr ...)
+ TODO: check
CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
NOT-FOR-US: TIBCO
CVE-2019-8988 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
@@ -9026,25 +9102,25 @@ CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a r
NOT-FOR-US: KindEditor
CVE-2019-7542
RESERVED
-CVE-2018-20763 (In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_impor ...)
+CVE-2018-20763 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
{DLA-1693-1}
- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
NOTE: https://github.com/gpac/gpac/issues/1188
-CVE-2018-20762 (GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in ...)
+CVE-2018-20762 (GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in ...)
{DLA-1693-1}
- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
NOTE: https://github.com/gpac/gpac/issues/1187
-CVE-2018-20761 (GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in ...)
+CVE-2018-20761 (GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in ...)
{DLA-1693-1}
- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
NOTE: https://github.com/gpac/gpac/issues/1186
-CVE-2018-20760 (In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in l ...)
+CVE-2018-20760 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
{DLA-1693-1}
- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
[stretch] - gpac <no-dsa> (Minor issue, will be fixed via point update)
@@ -10036,8 +10112,8 @@ CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in Decode
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450
-CVE-2019-7174
- RESERVED
+CVE-2019-7174 (Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Ren ...)
+ TODO: check
CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
NOT-FOR-US: Croogo
CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an attacke ...)
@@ -12643,8 +12719,8 @@ CVE-2019-6119
RESERVED
CVE-2019-6118
RESERVED
-CVE-2019-6117
- RESERVED
+CVE-2019-6117 (The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via t ...)
+ TODO: check
CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...)
{DSA-4372-1 DLA-1670-1}
- ghostscript 9.26a~dfsg-1
@@ -12685,8 +12761,8 @@ CVE-2019-6109 (An issue was discovered in OpenSSH 7.9. Due to missing character
NOTE: Patch: https://bugzilla.mindrot.org/attachment.cgi?id=3228
NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
NOTE: possibly additionally needed: https://github.com/openssh/openssh-portable/commit/bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb
-CVE-2018-20698
- RESERVED
+CVE-2018-20698 (The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL ...)
+ TODO: check
CVE-2018-20697
RESERVED
CVE-2018-20696
@@ -13957,8 +14033,8 @@ CVE-2019-5617
RESERVED
CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical ...)
NOT-FOR-US: CircuitWerkes Sicon-8
-CVE-2019-5615
- RESERVED
+CVE-2019-5615 (Users with Site-level permissions can access files containing the user ...)
+ TODO: check
CVE-2019-5614
RESERVED
CVE-2019-5613
@@ -17347,10 +17423,10 @@ CVE-2019-3943
RESERVED
CVE-2019-3942
RESERVED
-CVE-2019-3941
- RESERVED
-CVE-2019-3940
- RESERVED
+CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to ...)
+ TODO: check
+CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via una ...)
+ TODO: check
CVE-2019-3939
RESERVED
CVE-2019-3938
@@ -17455,8 +17531,7 @@ CVE-2019-3895
RESERVED
CVE-2019-3894
RESERVED
-CVE-2019-3893
- RESERVED
+CVE-2019-3893 (In Foreman it was discovered that the delete compute resource operatio ...)
- foreman <itp> (bug #663101)
CVE-2019-3892 [fix race condition between mmget_not_zero()/get_task_mm() and core dumping]
RESERVED
@@ -17477,8 +17552,7 @@ CVE-2019-3889
RESERVED
CVE-2019-3888
RESERVED
-CVE-2019-3887 [KVM: x86: nVMX: close leak of L0's x2APIC MSR]
- RESERVED
+CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine Spec ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
NOTE: Fixed by: https://git.kernel.org/linus/c73f4c998e1fd4249b9edfa39e23f4fda2b9b041
@@ -17506,8 +17580,7 @@ CVE-2019-3882 [DoS through vfio/type1 DMA mappings]
NOTE: Fixed by: https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c
CVE-2019-3881
RESERVED
-CVE-2019-3880 [Save registry file outside share as unprivileged user]
- RESERVED
+CVE-2019-3880 (A flaw was found in the way samba implemented an RPC endpoint emulatin ...)
{DSA-4427-1}
- samba 2:4.9.5+dfsg-3
NOTE: https://www.samba.org/samba/security/CVE-2019-3880.html
@@ -17542,8 +17615,7 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before
NOTE: https://github.com/PowerDNS/pdns/issues/7573
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
-CVE-2019-3870 [During the provision of a new Active Directory DC, some files in the ...]
- RESERVED
+CVE-2019-3870 (A vulnerability was found in Samba from version (including) 4.9 to ver ...)
- samba 2:4.9.5+dfsg-3
[stretch] - samba <not-affected> (Vulnerable code not present)
[jessie] - samba <not-affected> (Vulnerable code not present)
@@ -17844,13 +17916,13 @@ CVE-2019-3797
RESERVED
CVE-2019-3796
RESERVED
-CVE-2019-3795
- RESERVED
+CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...)
+ TODO: check
CVE-2019-3794
RESERVED
CVE-2019-3793
RESERVED
-CVE-2019-3792 (Pivotal Concourse versions prior to 5.0.1, contains an API that is vul ...)
+CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerable to ...)
NOT-FOR-US: Pivotal
CVE-2019-3791
RESERVED
@@ -19049,7 +19121,7 @@ CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline)
- nasm <unfixed> (unimportant; bug #918270)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
NOTE: Crash in CLI tool, no security impact
-CVE-2018-20534 (There is an illegal address access at src/pool.h (function pool_whatpr ...)
+CVE-2018-20534 (** DISPUTED ** There is an illegal address access at ext/testcase.c in ...)
- libsolv <unfixed> (low; bug #923002)
[stretch] - libsolv <ignored> (Minor issue)
[jessie] - libsolv <ignored> (Minor issue)
@@ -27766,15 +27838,15 @@ CVE-2018-19591 (In the GNU C Library (aka glibc or libc6) through 2.28, attempti
NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2180fee114b778515b3f560e5ff1e795282e60b0
CVE-2018-19590
RESERVED
-CVE-2018-19589
- RESERVED
+CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
+ TODO: check
CVE-2018-19588
RESERVED
CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
-CVE-2018-19586
- RESERVED
+CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Director ...)
+ TODO: check
CVE-2018-19585
RESERVED
- gitlab 11.3.11+dfsg-1
@@ -31491,7 +31563,7 @@ CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a
NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes
CVE-2018-18507
- RESERVED
+ REJECTED
CVE-2018-18506 (When proxy auto-detection is enabled, if a web server serves a Proxy A ...)
{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
- firefox 65.0-1
@@ -31922,8 +31994,8 @@ CVE-2018-18367
RESERVED
CVE-2018-18366
RESERVED
-CVE-2018-18365
- RESERVED
+CVE-2018-18365 (Norton Password Manager may be susceptible to an address spoofing issu ...)
+ TODO: check
CVE-2018-18364 (Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be s ...)
NOT-FOR-US: Symantec
CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass expl ...)
@@ -36802,8 +36874,8 @@ CVE-2018-16532
REJECTED
CVE-2018-16531
REJECTED
-CVE-2018-16530
- RESERVED
+CVE-2018-16530 (A stack-based buffer overflow in Forcepoint Email Security version 8.5 ...)
+ TODO: check
CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
NOT-FOR-US: Forcepoint Email Security
CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
@@ -39073,8 +39145,8 @@ CVE-2018-15642
RESERVED
CVE-2018-15641
RESERVED
-CVE-2018-15640
- RESERVED
+CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
+ TODO: check
CVE-2018-15639
RESERVED
CVE-2018-15638
@@ -39083,16 +39155,16 @@ CVE-2018-15637
RESERVED
CVE-2018-15636
RESERVED
-CVE-2018-15635
- RESERVED
+CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
+ TODO: check
CVE-2018-15634
RESERVED
CVE-2018-15633
RESERVED
CVE-2018-15632
RESERVED
-CVE-2018-15631
- RESERVED
+CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and ...)
+ TODO: check
CVE-2018-15630
RESERVED
CVE-2018-15629
@@ -40810,8 +40882,8 @@ CVE-2018-14896
RESERVED
CVE-2018-14895
RESERVED
-CVE-2018-14894
- RESERVED
+CVE-2018-14894 (CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an a ...)
+ TODO: check
CVE-2018-14893 (A system command injection vulnerability in zyshclient in ZyXEL NSA325 ...)
NOT-FOR-US: ZyXEL
CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the web appl ...)
@@ -44839,8 +44911,8 @@ CVE-2018-13368
RESERVED
CVE-2018-13367
RESERVED
-CVE-2018-13366
- RESERVED
+CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
+ TODO: check
CVE-2018-13365
RESERVED
CVE-2018-13364
@@ -62133,10 +62205,10 @@ CVE-2018-7120
RESERVED
CVE-2018-7119
RESERVED
-CVE-2018-7118
- RESERVED
-CVE-2018-7117
- RESERVED
+CVE-2018-7118 (A local access restriction bypass vulnerability was identified in HPE ...)
+ TODO: check
+CVE-2018-7117 (A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerab ...)
+ TODO: check
CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
NOT-FOR-US: HPE
CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
@@ -78676,8 +78748,8 @@ CVE-2017-17546
RESERVED
CVE-2017-17545
RESERVED
-CVE-2017-17544
- RESERVED
+CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS all versions ...)
+ TODO: check
CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in Fortin ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2017-17542
@@ -82379,8 +82451,8 @@ CVE-2017-17025
RESERVED
CVE-2017-17024
RESERVED
-CVE-2017-17023
- RESERVED
+CVE-2017-17023 (The Sophos UTM VPN endpoint interacts with client software provided by ...)
+ TODO: check
CVE-2017-17022
RESERVED
CVE-2017-17021
@@ -92212,7 +92284,7 @@ CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineC
NOT-FOR-US: dayrui FineCms
CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCm ...)
NOT-FOR-US: dayrui FineCms
-CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 an ...)
+CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up ...)
NOT-FOR-US: Fortinet
CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6. ...)
NOT-FOR-US: Fortinet FortiOS
@@ -126387,8 +126459,7 @@ CVE-2017-3140 (If named is configured to use Response Policy Zones (RPZ) an erro
NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7
NOTE: CVE-2017-3140 is introduced by the upstream change #4377
NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4
-CVE-2017-3139
- RESERVED
+CVE-2017-3139 (A denial of service flaw was found in the way BIND handled DNSSEC vali ...)
- bind9 <not-affected> (RHEL6 specific)
CVE-2017-3138 (named contains a feature which allows operators to issue commands to a ...)
{DSA-3854-1 DLA-957-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2f4b1c8896667b2cb6c0fbeee054c8b85abd361
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2f4b1c8896667b2cb6c0fbeee054c8b85abd361
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190409/8e8e5af5/attachment.html>
More information about the debian-security-tracker-commits
mailing list