[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 10 21:10:33 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4531d201 by security tracker role at 2019-04-10T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-11067
+ RESERVED
+CVE-2019-1003050
+ RESERVED
+CVE-2019-1003049
+ RESERVED
CVE-2019-11066
RESERVED
CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
@@ -264,10 +270,10 @@ CVE-2019-10948
RESERVED
CVE-2019-10947
RESERVED
-CVE-2019-10946
- RESERVED
-CVE-2019-10945
- RESERVED
+CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh list of ...)
+ TODO: check
+CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manager com ...)
+ TODO: check
CVE-2019-10944
RESERVED
CVE-2019-10943
@@ -545,7 +551,7 @@ CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When e
CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
NOT-FOR-US: Sony
CVE-2019-10843
- RESERVED
+ REJECTED
CVE-2019-10842 (Arbitrary code execution (via backdoor code) was discovered in bootstr ...)
NOT-FOR-US: backdoored version of bootstrap-sass
CVE-2019-10841
@@ -5202,7 +5208,7 @@ CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files.
NOT-FOR-US: Grin
CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PH ...)
NOT-FOR-US: elFinder
-CVE-2019-9193 (In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function al ...)
+CVE-2019-9193 (** DISPUTED ** Third parties claim/state this is not an issue because ...)
- postgresql-11 <unfixed> (unimportant)
- postgresql-9.6 <removed> (unimportant)
- postgresql-9.4 <removed> (unimportant)
@@ -9116,8 +9122,8 @@ CVE-2019-7553
RESERVED
CVE-2019-7552
RESERVED
-CVE-2019-7551
- RESERVED
+CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4 ...)
+ TODO: check
CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whe ...)
NOT-FOR-US: JForum
CVE-2019-7549
@@ -10264,8 +10270,8 @@ CVE-2019-7141
RESERVED
CVE-2019-7140
RESERVED
-CVE-2019-7139
- RESERVED
+CVE-2019-7139 (An unauthenticated user can execute arbitrary code through an SQL inje ...)
+ TODO: check
CVE-2019-7138
RESERVED
CVE-2019-7137
@@ -12313,8 +12319,8 @@ CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 al
NOT-FOR-US: DedeCMS
CVE-2019-6288
RESERVED
-CVE-2019-6287
- RESERVED
+CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued access ...)
+ TODO: check
CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
- libsass <unfixed> (low)
[stretch] - libsass <no-dsa> (Minor issue)
@@ -12663,12 +12669,12 @@ CVE-2019-6158
RESERVED
CVE-2019-6157
RESERVED
-CVE-2019-6156
- RESERVED
+CVE-2019-6156 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
+ TODO: check
CVE-2019-6155
RESERVED
-CVE-2019-6154
- RESERVED
+CVE-2019-6154 (A DLL search path vulnerability was reported in Lenovo Bootable Genera ...)
+ TODO: check
CVE-2019-6153
RESERVED
CVE-2019-6152
@@ -14458,12 +14464,12 @@ CVE-2019-5428
RESERVED
CVE-2019-5427
RESERVED
-CVE-2019-5426
- RESERVED
-CVE-2019-5425
- RESERVED
-CVE-2019-5424
- RESERVED
+CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated ...)
+ TODO: check
+CVE-2019-5425 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated u ...)
+ TODO: check
+CVE-2019-5424 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user ...)
+ TODO: check
CVE-2019-5423 (Path traversal vulnerability in http-live-simulator npm package versio ...)
NOT-FOR-US: http-live-simulator node module
CVE-2019-5422 (XSS in buttle npm package version 0.2.0 causes execution of attacker-p ...)
@@ -17322,8 +17328,8 @@ CVE-2019-4015 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
-CVE-2019-4013
- RESERVED
+CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to upload a ...)
+ TODO: check
CVE-2019-4012
RESERVED
CVE-2019-4011
@@ -19793,8 +19799,8 @@ CVE-2018-20323 (www/soap/application/MCSoap/Logs.php in MailCleaner Community Ed
NOT-FOR-US: MailCleaner
CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulner ...)
- limesurvey <itp> (bug #472802)
-CVE-2018-20321
- RESERVED
+CVE-2018-20321 (An issue was discovered in Rancher 2 through 2.1.5. Any project member ...)
+ TODO: check
CVE-2018-20320
RESERVED
CVE-2018-20319
@@ -29435,7 +29441,7 @@ CVE-2019-0210
CVE-2019-0209
RESERVED
CVE-2019-0208
- RESERVED
+ REJECTED
CVE-2019-0207
RESERVED
CVE-2019-0206
@@ -29452,8 +29458,7 @@ CVE-2019-0201
RESERVED
CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...)
- qpid-java <itp> (bug #840131)
-CVE-2019-0199 [HTTP/2 DoS]
- RESERVED
+CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...)
- tomcat9 9.0.16-1
- tomcat8 8.5.38-1
[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
@@ -77164,8 +77169,8 @@ CVE-2018-1996 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could pro
NOT-FOR-US: IBM
CVE-2018-1995
RESERVED
-CVE-2018-1994
- RESERVED
+CVE-2018-1994 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL i ...)
+ TODO: check
CVE-2018-1993 (IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 ...)
NOT-FOR-US: IBM
CVE-2018-1992 (The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is ...)
@@ -77346,8 +77351,8 @@ CVE-2018-1905 (IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulne
NOT-FOR-US: IBM
CVE-2018-1904 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow re ...)
NOT-FOR-US: IBM
-CVE-2018-1903
- RESERVED
+CVE-2018-1903 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could all ...)
+ TODO: check
CVE-2018-1902 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
CVE-2018-1901 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4531d201d7ad9a7637e6f5735f9fe197e718c6b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4531d201d7ad9a7637e6f5735f9fe197e718c6b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190410/3f632ed4/attachment.html>
More information about the debian-security-tracker-commits
mailing list