[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 11 21:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b7125b1 by security tracker role at 2019-04-11T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2019-11188
+ RESERVED
+CVE-2019-11187
+ RESERVED
+CVE-2019-11186
+ RESERVED
+CVE-2019-11185
+ RESERVED
+CVE-2019-11184
+ RESERVED
+CVE-2019-11183
+ RESERVED
+CVE-2019-11182
+ RESERVED
+CVE-2019-11181
+ RESERVED
+CVE-2019-11180
+ RESERVED
+CVE-2019-11179
+ RESERVED
+CVE-2019-11178
+ RESERVED
+CVE-2019-11177
+ RESERVED
+CVE-2019-11176
+ RESERVED
+CVE-2019-11175
+ RESERVED
+CVE-2019-11174
+ RESERVED
+CVE-2019-11173
+ RESERVED
+CVE-2019-11172
+ RESERVED
+CVE-2019-11171
+ RESERVED
+CVE-2019-11170
+ RESERVED
+CVE-2019-11169
+ RESERVED
+CVE-2019-11168
+ RESERVED
+CVE-2019-11167
+ RESERVED
+CVE-2019-11166
+ RESERVED
+CVE-2019-11165
+ RESERVED
+CVE-2019-11164
+ RESERVED
+CVE-2019-11163
+ RESERVED
+CVE-2019-11162
+ RESERVED
+CVE-2019-11161
+ RESERVED
+CVE-2019-11160
+ RESERVED
+CVE-2019-11159
+ RESERVED
+CVE-2019-11158
+ RESERVED
+CVE-2019-11157
+ RESERVED
+CVE-2019-11156
+ RESERVED
+CVE-2019-11155
+ RESERVED
+CVE-2019-11154
+ RESERVED
+CVE-2019-11153
+ RESERVED
+CVE-2019-11152
+ RESERVED
+CVE-2019-11151
+ RESERVED
+CVE-2019-11150
+ RESERVED
+CVE-2019-11149
+ RESERVED
+CVE-2019-11148
+ RESERVED
+CVE-2019-11147
+ RESERVED
+CVE-2019-11146
+ RESERVED
+CVE-2019-11145
+ RESERVED
+CVE-2019-11144
+ RESERVED
+CVE-2019-11143
+ RESERVED
+CVE-2019-11142
+ RESERVED
+CVE-2019-11141
+ RESERVED
+CVE-2019-11140
+ RESERVED
+CVE-2019-11139
+ RESERVED
+CVE-2019-11138
+ RESERVED
+CVE-2019-11137
+ RESERVED
+CVE-2019-11136
+ RESERVED
+CVE-2019-11135
+ RESERVED
+CVE-2019-11134
+ RESERVED
+CVE-2019-11133
+ RESERVED
+CVE-2019-11132
+ RESERVED
+CVE-2019-11131
+ RESERVED
+CVE-2019-11130
+ RESERVED
+CVE-2019-11129
+ RESERVED
+CVE-2019-11128
+ RESERVED
+CVE-2019-11127
+ RESERVED
+CVE-2019-11126
+ RESERVED
+CVE-2019-11125
+ RESERVED
+CVE-2019-11124
+ RESERVED
+CVE-2019-11123
+ RESERVED
+CVE-2019-11122
+ RESERVED
+CVE-2019-11121
+ RESERVED
+CVE-2019-11120
+ RESERVED
+CVE-2019-11119
+ RESERVED
+CVE-2019-11118
+ RESERVED
+CVE-2019-11117
+ RESERVED
+CVE-2019-11116
+ RESERVED
+CVE-2019-11115
+ RESERVED
+CVE-2019-11114
+ RESERVED
+CVE-2019-11113
+ RESERVED
+CVE-2019-11112
+ RESERVED
+CVE-2019-11111
+ RESERVED
+CVE-2019-11110
+ RESERVED
+CVE-2019-11109
+ RESERVED
+CVE-2019-11108
+ RESERVED
+CVE-2019-11107
+ RESERVED
+CVE-2019-11106
+ RESERVED
+CVE-2019-11105
+ RESERVED
+CVE-2019-11104
+ RESERVED
+CVE-2019-11103
+ RESERVED
+CVE-2019-11102
+ RESERVED
+CVE-2019-11101
+ RESERVED
+CVE-2019-11100
+ RESERVED
+CVE-2019-11099
+ RESERVED
+CVE-2019-11098
+ RESERVED
+CVE-2019-11097
+ RESERVED
+CVE-2019-11096
+ RESERVED
+CVE-2019-11095
+ RESERVED
+CVE-2019-11094
+ RESERVED
+CVE-2019-11093
+ RESERVED
+CVE-2019-11092
+ RESERVED
+CVE-2019-11091
+ RESERVED
+CVE-2019-11090
+ RESERVED
+CVE-2019-11089
+ RESERVED
+CVE-2019-11088
+ RESERVED
+CVE-2019-11087
+ RESERVED
+CVE-2019-11086
+ RESERVED
+CVE-2019-11085
+ RESERVED
CVE-2019-11084
RESERVED
CVE-2019-11083
@@ -2524,12 +2732,12 @@ CVE-2019-9978 (The social-warfare plugin before 3.5.3 for WordPress has stored X
NOT-FOR-US: social-warfare plugin for WordPress
CVE-2019-9977 (The renderer process in the entertainment system on Tesla Model 3 vehi ...)
NOT-FOR-US: entertainment system on Tesla Model 3 vehicles
-CVE-2019-9976
- RESERVED
-CVE-2019-9975
- RESERVED
-CVE-2019-9974
- RESERVED
+CVE-2019-9976 (The Boa server configuration on DASAN H660RM devices with firmware 1.0 ...)
+ TODO: check
+CVE-2019-9975 (DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for ...)
+ TODO: check
+CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lac ...)
+ TODO: check
CVE-2019-9973
RESERVED
CVE-2019-10013
@@ -3936,8 +4144,8 @@ CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenSt
NOTE: https://launchpad.net/bugs/1818385
CVE-2019-9734
RESERVED
-CVE-2019-9733
- RESERVED
+CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
+ TODO: check
CVE-2019-9732
RESERVED
CVE-2019-9731
@@ -5264,7 +5472,7 @@ CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files.
NOT-FOR-US: Grin
CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PH ...)
NOT-FOR-US: elFinder
-CVE-2019-9193 (** DISPUTED ** Third parties claim/state this is not an issue because ...)
+CVE-2019-9193 (** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGR ...)
- postgresql-11 <unfixed> (unimportant)
- postgresql-9.6 <removed> (unimportant)
- postgresql-9.4 <removed> (unimportant)
@@ -10159,8 +10367,8 @@ CVE-2019-7221 (The KVM implementation in the Linux kernel through 4.20.5 has a U
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
CVE-2019-7220
RESERVED
-CVE-2019-7219
- RESERVED
+CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa ...)
+ TODO: check
CVE-2019-7218
RESERVED
CVE-2019-7217
@@ -11572,8 +11780,8 @@ CVE-2019-6612
RESERVED
CVE-2019-6611
RESERVED
-CVE-2019-6610
- RESERVED
+CVE-2019-6610 (On versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11 ...)
+ TODO: check
CVE-2019-6609
RESERVED
CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14 ...)
@@ -12312,8 +12520,8 @@ CVE-2019-6320
RESERVED
CVE-2019-6319
RESERVED
-CVE-2019-6318
- RESERVED
+CVE-2019-6318 (HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP L ...)
+ TODO: check
CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
NOT-FOR-US: ABB Relion 630 devices
CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. ...)
@@ -13990,8 +14198,8 @@ CVE-2019-5716 (In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. T
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-01.html
-CVE-2019-5715
- RESERVED
+CVE-2019-5715 (All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versi ...)
+ TODO: check
CVE-2019-5714
RESERVED
CVE-2019-5713
@@ -14074,10 +14282,10 @@ CVE-2019-5675
RESERVED
CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
NOT-FOR-US: NVIDIA GeForce Experience
-CVE-2019-5673
- RESERVED
-CVE-2019-5672
- RESERVED
+CVE-2019-5673 (NVIDIA Tegra kernel driver contains a vulnerability in the ARM System ...)
+ TODO: check
+CVE-2019-5672 (NVIDIA Linux for Tegra (L4T) contains a vulnerability where the Secure ...)
+ TODO: check
CVE-2019-5671 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5670 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
@@ -15385,8 +15593,8 @@ CVE-2019-5026
REJECTED
CVE-2019-5025
REJECTED
-CVE-2019-5024
- RESERVED
+CVE-2019-5024 (A restricted environment escape vulnerability exists in the "kiosk mod ...)
+ TODO: check
CVE-2019-5023
RESERVED
CVE-2019-5022
@@ -17630,12 +17838,12 @@ CVE-2019-3918 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54
NOT-FOR-US: Alcatel Lucent
CVE-2019-3917 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
NOT-FOR-US: Alcatel Lucent
-CVE-2019-3916
- RESERVED
-CVE-2019-3915
- RESERVED
-CVE-2019-3914
- RESERVED
+CVE-2019-3916 (Information disclosure vulnerability in Verizon Fios Quantum Gateway ( ...)
+ TODO: check
+CVE-2019-3915 (Authentication Bypass by Capture-replay vulnerability in Verizon Fios ...)
+ TODO: check
+CVE-2019-3914 (Remote command injection vulnerability in Verizon Fios Quantum Gateway ...)
+ TODO: check
CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before 18.3.0- ...)
NOT-FOR-US: LabKey Server
CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community Edition befo ...)
@@ -17862,8 +18070,7 @@ CVE-2019-3847 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5,
- moodle <removed>
CVE-2019-3846
RESERVED
-CVE-2019-3845
- RESERVED
+CVE-2019-3845 (A lack of access control was found in the message queues maintained by ...)
NOT-FOR-US: qpid dispatch router
CVE-2019-3844
RESERVED
@@ -17892,8 +18099,7 @@ CVE-2019-3838 (It was found that the forceput operator could be extracted from t
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd95bb01f0768bf273b2526732e381202319
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700576
-CVE-2019-3837
- RESERVED
+CVE-2019-3837 (It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kern ...)
- linux 3.13.4-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77873803363c
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bced397510a
@@ -18869,13 +19075,11 @@ CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport
CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a ...)
{DSA-4365-1 DLA-1640-1}
- tmpreaper 1.6.14 (bug #918956)
-CVE-2019-3460 [Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp]
- RESERVED
+CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/
NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
-CVE-2019-3459 [Heap address infoleak in use of l2cap_get_conf_opt]
- RESERVED
+CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
NOTE: https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
@@ -29423,8 +29627,8 @@ CVE-2018-19302
RESERVED
CVE-2018-19301 (tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted us ...)
NOT-FOR-US: tp4a TELEPORT
-CVE-2018-19300
- RESERVED
+CVE-2018-19300 (On D-Link DAP-1530 (All A revisions) before firmware version 1.06b01, ...)
+ TODO: check
CVE-2018-19299
RESERVED
CVE-2018-19298
@@ -31066,7 +31270,7 @@ CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the
NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-18763 (SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuario ...)
NOT-FOR-US: SaltOS
-CVE-2018-18762 (SaltOS 3.1 r8126 allows CSRF. ...)
+CVE-2018-18762 (SaltOS 3.1 r8126 contains a database download vulnerability. ...)
NOT-FOR-US: SaltOS
CVE-2018-18761 (SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] S ...)
NOT-FOR-US: SaltOS
@@ -34915,8 +35119,8 @@ CVE-2018-17307
RESERVED
CVE-2018-17306
RESERVED
-CVE-2018-17305
- RESERVED
+CVE-2018-17305 (UiPath Orchestrator through 2018.2.4 allows any authenticated user to ...)
+ TODO: check
CVE-2018-17304
RESERVED
CVE-2018-17303
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b7125b1bfb150369654d6a9a07a4cc52382d9db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b7125b1bfb150369654d6a9a07a4cc52382d9db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190411/c4040d76/attachment.html>
More information about the debian-security-tracker-commits
mailing list