[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 11 09:10:25 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b74c2fed by security tracker role at 2019-04-11T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,53 @@
-CVE-2019-11067
+CVE-2019-11084
+ RESERVED
+CVE-2019-11083
+ RESERVED
+CVE-2019-11082
+ RESERVED
+CVE-2019-11081
+ RESERVED
+CVE-2019-11080
+ RESERVED
+CVE-2019-11079
+ RESERVED
+CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the uc ...)
+ TODO: check
+CVE-2019-11077 (FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new a ...)
+ TODO: check
+CVE-2019-11076
+ RESERVED
+CVE-2019-11075
RESERVED
-CVE-2019-1003050
+CVE-2019-11074
RESERVED
-CVE-2019-1003049
+CVE-2019-11073
RESERVED
+CVE-2019-11072 (lighttpd before 1.4.54 has a signed integer overflow, which might allo ...)
+ TODO: check
+CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly ap ...)
+ TODO: check
+CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard conformi ...)
+ TODO: check
+CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
+ TODO: check
+CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
+ TODO: check
+CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version ...)
+ TODO: check
+CVE-2019-11067
+ RESERVED
+CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly ...)
+ TODO: check
+CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
+ TODO: check
CVE-2019-11066
RESERVED
CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
- gradle <unfixed>
[stretch] - gradle <no-dsa> (Minor issue)
NOTE: https://github.com/gradle/gradle/pull/8927
-CVE-2019-11071 [arbitrary code execution by any identified visitor]
+CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ...)
+ {DSA-4429-1}
- spip 3.2.4-1 (bug #926764)
[jessie] - spip <not-affected> (SPIP 3.0 and earlier are not affected)
NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html
@@ -3981,8 +4018,8 @@ CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible
NOT-FOR-US: Symantec
CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
NOT-FOR-US: Norton Core
-CVE-2019-9694
- RESERVED
+CVE-2019-9694 (Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptibl ...)
+ TODO: check
CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...)
NOT-FOR-US: CMS Made Simple
CVE-2019-9692 (class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 doe ...)
@@ -4510,16 +4547,19 @@ CVE-2019-9500
RESERVED
CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element]
RESERVED
+ {DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
NOTE: Patches: https://w1.fi/security/2019-4/
CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element]
RESERVED
+ {DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
NOTE: Patches: https://w1.fi/security/2019-4/
CVE-2019-9497 [EAP-pwd server not checking for reflection attack]
RESERVED
+ {DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
NOTE: Patches: https://w1.fi/security/2019-4/
@@ -4533,6 +4573,7 @@ CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP]
NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
CVE-2019-9495 [cache attack against EAP-pwd]
RESERVED
+ {DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
NOTE: Patches: https://w1.fi/security/2019-2/
@@ -11585,8 +11626,8 @@ CVE-2019-6558
RESERVED
CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...)
NOT-FOR-US: Moxa
-CVE-2019-6556
- RESERVED
+CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...)
+ TODO: check
CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
NOT-FOR-US: Cscape
CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...)
@@ -17475,8 +17516,8 @@ CVE-2019-3945
RESERVED
CVE-2019-3944
RESERVED
-CVE-2019-3943
- RESERVED
+CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...)
+ TODO: check
CVE-2019-3942
RESERVED
CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to ...)
@@ -18341,8 +18382,8 @@ CVE-2019-3614
RESERVED
CVE-2019-3613
RESERVED
-CVE-2019-3612
- RESERVED
+CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
+ TODO: check
CVE-2019-3611
RESERVED
CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...)
@@ -28487,22 +28528,22 @@ CVE-2019-0287
RESERVED
CVE-2019-0286
RESERVED
-CVE-2019-0285
- RESERVED
-CVE-2019-0284
- RESERVED
-CVE-2019-0283
- RESERVED
-CVE-2019-0282
- RESERVED
+CVE-2019-0285 (The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio ( ...)
+ TODO: check
+CVE-2019-0284 (SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not suf ...)
+ TODO: check
+CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in versions ...)
+ TODO: check
+CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...)
+ TODO: check
CVE-2019-0281
RESERVED
CVE-2019-0280
RESERVED
-CVE-2019-0279
- RESERVED
-CVE-2019-0278
- RESERVED
+CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...)
+ TODO: check
+CVE-2019-0278 (Under certain conditions the Monitoring Servlet of the SAP NetWeaver P ...)
+ TODO: check
CVE-2019-0277 (SAP HANA extended application services, version 1, advanced does not s ...)
NOT-FOR-US: SAP
CVE-2019-0276 (Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Finan ...)
@@ -28907,8 +28948,8 @@ CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb
CVE-2018-19454
RESERVED
-CVE-2018-19453
- RESERVED
+CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
+ TODO: check
CVE-2018-19452
RESERVED
CVE-2018-19451
@@ -29387,8 +29428,7 @@ CVE-2019-0231
RESERVED
CVE-2019-0230
RESERVED
-CVE-2019-0229
- RESERVED
+CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)
- airflow <itp> (bug #819700)
CVE-2019-0228
RESERVED
@@ -29424,8 +29464,7 @@ CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condit
- apache2 2.4.38-3
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
NOTE: https://svn.apache.org/r1855298
-CVE-2019-0216
- RESERVED
+CVE-2019-0216 (A malicious admin user could edit the state of objects in the Airflow ...)
- airflow <itp> (bug #819700)
CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...)
- apache2 2.4.38-3
@@ -32435,40 +32474,40 @@ CVE-2019-0046
RESERVED
CVE-2019-0045
RESERVED
-CVE-2019-0044
- RESERVED
-CVE-2019-0043
- RESERVED
-CVE-2019-0042
- RESERVED
-CVE-2019-0041
- RESERVED
-CVE-2019-0040
- RESERVED
-CVE-2019-0039
- RESERVED
-CVE-2019-0038
- RESERVED
-CVE-2019-0037
- RESERVED
-CVE-2019-0036
- RESERVED
-CVE-2019-0035
- RESERVED
-CVE-2019-0034
- RESERVED
-CVE-2019-0033
- RESERVED
-CVE-2019-0032
- RESERVED
-CVE-2019-0031
- RESERVED
+CVE-2019-0044 (Receipt of a specific packet on the out-of-band management interface f ...)
+ TODO: check
+CVE-2019-0043 (In MPLS environments, receipt of a specific SNMP packet may cause the ...)
+ TODO: check
+CVE-2019-0042 (Juniper Identity Management Service (JIMS) for Windows versions prior ...)
+ TODO: check
+CVE-2019-0041 (On EX4300-MP Series devices with any lo0 filters applied, transit netw ...)
+ TODO: check
+CVE-2019-0040 (On Junos OS, rpcbind should only be listening to port 111 on the inter ...)
+ TODO: check
+CVE-2019-0039 (If REST API is enabled, the Junos OS login credentials are vulnerable ...)
+ TODO: check
+CVE-2019-0038 (Crafted packets destined to the management interface (fxp0) of an SRX3 ...)
+ TODO: check
+CVE-2019-0037 (In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environmen ...)
+ TODO: check
+CVE-2019-0036 (When configuring a stateless firewall filter in Junos OS, terms named ...)
+ TODO: check
+CVE-2019-0035 (When "set system ports console insecure" is enabled, root login is dis ...)
+ TODO: check
+CVE-2019-0034 (Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface s ...)
+ TODO: check
+CVE-2019-0033 (A firewall bypass vulnerability in the proxy ARP service of Juniper Ne ...)
+ TODO: check
+CVE-2019-0032 (A password management issue exists where the Organization authenticati ...)
+ TODO: check
+CVE-2019-0031 (Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a ...)
+ TODO: check
CVE-2019-0030 (Juniper ATP uses DES and a hardcoded salt for password hashing, allowi ...)
NOT-FOR-US: Juniper
CVE-2019-0029 (Juniper ATP Series Splunk credentials are logged in a file readable by ...)
NOT-FOR-US: Juniper
-CVE-2019-0028
- RESERVED
+CVE-2019-0028 (On Junos devices with the BGP graceful restart helper mode enabled or ...)
+ TODO: check
CVE-2019-0027 (A persistent cross-site scripting (XSS) vulnerability in the Snort Rul ...)
NOT-FOR-US: Juniper
CVE-2019-0026 (A persistent cross-site scripting (XSS) vulnerability in the Zone conf ...)
@@ -32485,8 +32524,8 @@ CVE-2019-0021 (On Juniper ATP, secret passphrase CLI inputs, such as "set mcm",
NOT-FOR-US: Juniper
CVE-2019-0020 (Juniper ATP ships with hard coded credentials in the Web Collector ins ...)
NOT-FOR-US: Juniper
-CVE-2019-0019
- RESERVED
+CVE-2019-0019 (When BGP tracing is enabled an incoming BGP message may cause the Juno ...)
+ TODO: check
CVE-2019-0018 (A persistent cross-site scripting (XSS) vulnerability in the file uplo ...)
NOT-FOR-US: Juniper
CVE-2019-0017 (The Junos Space application, which allows Device Image files to be upl ...)
@@ -32507,8 +32546,8 @@ CVE-2019-0010 (An SRX Series Service Gateway configured for Unified Threat Manag
NOT-FOR-US: Juniper
CVE-2019-0009 (On EX2300 and EX3400 series, high disk I/O operations may disrupt the ...)
NOT-FOR-US: Juniper
-CVE-2019-0008
- RESERVED
+CVE-2019-0008 (A certain sequence of valid BGP or IPv6 BFD packets may trigger a stac ...)
+ TODO: check
CVE-2019-0007 (The vMX Series software uses a predictable IP ID Sequence Number. This ...)
NOT-FOR-US: Juniper
CVE-2019-0006 (A certain crafted HTTP packet can trigger an uninitialized function po ...)
@@ -41510,8 +41549,8 @@ CVE-2018-14685 (The add function in www/Lib/Lib/Action/Admin/TplAction.class.php
NOT-FOR-US: Gxlcms
CVE-2018-14684
RESERVED
-CVE-2018-14683
- RESERVED
+CVE-2018-14683 (PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. ...)
+ TODO: check
CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used i ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.14-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b74c2fed360024e87ac9eaf4556e8dfbdcf87cab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b74c2fed360024e87ac9eaf4556e8dfbdcf87cab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190411/74678d2c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list