[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 12 09:10:30 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b85d9732 by security tracker role at 2019-04-12T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,31 @@
-CVE-2019-11191 [ASLR bypass for setuid binaries (for fs/binfmt_aout.c)]
+CVE-2019-11202
+ RESERVED
+CVE-2019-11201
+ RESERVED
+CVE-2019-11200
+ RESERVED
+CVE-2019-11199
+ RESERVED
+CVE-2019-11198
+ RESERVED
+CVE-2019-11197
+ RESERVED
+CVE-2019-11196 (An authentication bypass vulnerability in all versions of ValuePLUS In ...)
+ TODO: check
+CVE-2019-11195
+ RESERVED
+CVE-2019-11194
+ RESERVED
+CVE-2019-11193
+ RESERVED
+CVE-2019-11192
+ RESERVED
+CVE-2019-11189
+ RESERVED
+CVE-2019-11191 (The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and i ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
-CVE-2019-11190 [binfmt_elf: switch to new creds when switching to new mm]
+CVE-2019-11190 (The Linux kernel before 4.8 allows local users to bypass ASLR on setui ...)
- linux 4.8.5-1
NOTE: https://git.kernel.org/linus/9f834ec18defc369d73ccf9e87a2790bfa05bf46 (4.8-rc5)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
@@ -4460,8 +4484,7 @@ CVE-2019-9630
RESERVED
CVE-2019-9629
RESERVED
-CVE-2019-9628 [XML parser class fails to trap exceptions on malformed XML declaration]
- RESERVED
+CVE-2019-9628 (The XMLTooling library all versions prior to V3.0.4, provided with the ...)
{DSA-4407-1 DLA-1710-1}
- xmltooling 3.0.4-1 (bug #924346)
NOTE: https://shibboleth.net/community/advisories/secadv_20190311.txt
@@ -5910,8 +5933,8 @@ CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administ
NOT-FOR-US: CMS Made Simple
CVE-2019-9057 (An issue was discovered in CMS Made Simple 2.2.8. In the module FilePi ...)
NOT-FOR-US: CMS Made Simple
-CVE-2019-9056
- RESERVED
+CVE-2019-9056 (An issue was discovered in CMS Made Simple 2.2.8. In the module FrontE ...)
+ TODO: check
CVE-2019-9055 (An issue was discovered in CMS Made Simple 2.2.8. In the module Design ...)
NOT-FOR-US: CMS Made Simple
CVE-2019-9054
@@ -9169,8 +9192,8 @@ CVE-2019-7646 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763
NOT-FOR-US: CentOS Web Panel
CVE-2019-7645
RESERVED
-CVE-2019-7644
- RESERVED
+CVE-2019-7644 (Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signat ...)
+ TODO: check
CVE-2019-7643
RESERVED
CVE-2019-7642 (D-Link routers with the mydlink feature have some web interfaces witho ...)
@@ -11365,8 +11388,7 @@ CVE-2019-6797
RESERVED
- gitlab <not-affected> (Only affects EE)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6796
- RESERVED
+CVE-2019-6796 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6795
@@ -11957,8 +11979,8 @@ CVE-2019-6536 (Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS
NOT-FOR-US: LCDS
CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and pri ...)
NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs
-CVE-2019-6534
- RESERVED
+CVE-2019-6534 (The uncontrolled search path element vulnerability in Gemalto Sentinel ...)
+ TODO: check
CVE-2019-6533 (Registers used to store Modbus values can be read and written from the ...)
NOT-FOR-US: PR100088 Modbus
CVE-2019-6532
@@ -11975,8 +11997,7 @@ CVE-2019-6527 (PR100088 Modbus gateway versions prior to Release R02 (or Softwar
NOT-FOR-US: PR100088 Modbus
CVE-2019-6526
RESERVED
-CVE-2019-6525
- RESERVED
+CVE-2019-6525 (AVEVA Wonderware System Platform 2017 Update 2 and prior uses an Arche ...)
NOT-FOR-US: AVEVA Wonderware System Platform
CVE-2019-6524 (Moxa IKS and EDS do not implement sufficient measures to prevent multi ...)
NOT-FOR-US: Moxa
@@ -12069,8 +12090,8 @@ CVE-2019-6495
RESERVED
CVE-2019-6494
RESERVED
-CVE-2019-6493
- RESERVED
+CVE-2019-6493 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
+ TODO: check
CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
NOT-FOR-US: IObit Smart Defrag
CVE-2019-6491 (RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. ...)
@@ -14308,9 +14329,9 @@ CVE-2019-5675
RESERVED
CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
NOT-FOR-US: NVIDIA GeForce Experience
-CVE-2019-5673 (NVIDIA Tegra kernel driver contains a vulnerability in the ARM System ...)
+CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where ...)
NOT-FOR-US: Nvidia Tegra
-CVE-2019-5672 (NVIDIA Linux for Tegra (L4T) contains a vulnerability where the Secure ...)
+CVE-2019-5672 (NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Teg ...)
NOT-FOR-US: Nvidia Tegra
CVE-2019-5671 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
NOT-FOR-US: Nvidia drivers on Windows
@@ -19669,8 +19690,8 @@ CVE-2018-20488 [Secret CI variable exposure]
RESERVED
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20487
- RESERVED
+CVE-2018-20487 (An issue was discovered in the firewall3 component in Inteno IOPSYS 1. ...)
+ TODO: check
CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php ...)
NOT-FOR-US: MetInfo
CVE-2018-20485 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in ...)
@@ -29649,7 +29670,7 @@ CVE-2018-19302
RESERVED
CVE-2018-19301 (tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted us ...)
NOT-FOR-US: tp4a TELEPORT
-CVE-2018-19300 (On D-Link DAP-1530 (All A revisions) before firmware version 1.06b01, ...)
+CVE-2018-19300 (On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) ...)
NOT-FOR-US: D-Link
CVE-2018-19299
RESERVED
@@ -30234,8 +30255,8 @@ CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote authent
NOT-FOR-US: PRTG Network Monitor
CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2018-19202
- RESERVED
+CVE-2018-19202 (A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.1 ...)
+ TODO: check
CVE-2018-19201 (A reflected XSS vulnerability in the ModCP Profile Editor in MyBB befo ...)
NOT-FOR-US: MyBB
CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c allows ...)
@@ -39752,7 +39773,7 @@ CVE-2018-1000645 (LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authent
NOT-FOR-US: LibreHealthIO
CVE-2018-1000644 (Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External E ...)
NOT-FOR-US: Eclipse RDF4j
-CVE-2018-1000643 (OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site S ...)
+CVE-2018-1000643 (** DISPUTED ** OWASP OWASP ANTISAMY version 1.5.7 and earlier contains ...)
NOT-FOR-US: OWASP OWASP ANTISAMY
CVE-2018-1000642 (FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting ...)
NOT-FOR-US: FlightAirMap
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b85d9732abec8ad0365082e4b3e863889903b269
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b85d9732abec8ad0365082e4b3e863889903b269
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190412/a9ab4634/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list