[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 23 09:10:25 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d20b38ca by security tracker role at 2019-04-23T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows FaultTempl ...)
+ TODO: check
+CVE-2019-11468
+ RESERVED
+CVE-2019-11467
+ RESERVED
+CVE-2019-11466
+ RESERVED
+CVE-2019-11465
+ RESERVED
+CVE-2019-11464
+ RESERVED
+CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read_suppo ...)
+ TODO: check
+CVE-2019-11462
+ RESERVED
+CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.3 ...)
+ TODO: check
+CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 pr ...)
+ TODO: check
+CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...)
+ TODO: check
+CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...)
+ TODO: check
CVE-2019-11458
RESERVED
CVE-2019-11457
@@ -156,10 +180,10 @@ CVE-2019-11386
RESERVED
CVE-2019-11385
RESERVED
-CVE-2019-11384
- RESERVED
-CVE-2019-11383
- RESERVED
+CVE-2019-11384 (The Zalora application 6.15.1 for Android stores confidential informat ...)
+ TODO: check
+CVE-2019-11383 (An issue was discovered in the Medha WiFi FTP Server application 1.8.3 ...)
+ TODO: check
CVE-2019-11382
RESERVED
CVE-2019-11381
@@ -2820,12 +2844,12 @@ CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plug
NOT-FOR-US: Jenkins plugin
CVE-2019-10249
RESERVED
-CVE-2019-10248
- RESERVED
-CVE-2019-10247
- RESERVED
-CVE-2019-10246
- RESERVED
+CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...)
+ TODO: check
+CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...)
+ TODO: check
+CVE-2019-10246 (In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server runnin ...)
+ TODO: check
CVE-2019-10245 (In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verif ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-10244 (In Eclipse Kura versions up to 4.0.0, the Web UI package and component ...)
@@ -2834,8 +2858,8 @@ CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlyin
NOT-FOR-US: Eclipse Kura
CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked ...)
NOT-FOR-US: Eclipse Kura
-CVE-2019-10241
- RESERVED
+CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...)
+ TODO: check
CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifac ...)
NOT-FOR-US: Eclipse hawkBit
CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a d ...)
@@ -3466,8 +3490,8 @@ CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overfl
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1523
NOTE: https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90401e430840c5ff31ad870f4370bbda1318ac94
-CVE-2019-9955
- RESERVED
+CVE-2019-9955 (On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, ...)
+ TODO: check
CVE-2019-9954
RESERVED
CVE-2019-9953
@@ -8007,8 +8031,8 @@ CVE-2019-8454
RESERVED
CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are ta ...)
NOT-FOR-US: Check Point ZoneAlarm
-CVE-2019-8452
- RESERVED
+CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up ...)
+ TODO: check
CVE-2019-8451
RESERVED
CVE-2019-8450
@@ -14123,7 +14147,7 @@ CVE-2019-5954
RESERVED
CVE-2019-5953 [Buffer overflow vulnerability]
RESERVED
- {DSA-4425-1}
+ {DSA-4425-1 DLA-1760-1}
- wget 1.20.1-1.1 (bug #926389)
NOTE: https://jvn.jp/en/jp/JVN25261088/
NOTE: https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html
@@ -15429,10 +15453,10 @@ CVE-2019-5430
RESERVED
CVE-2019-5429
RESERVED
-CVE-2019-5428
- RESERVED
-CVE-2019-5427
- RESERVED
+CVE-2019-5428 (A prototype pollution vulnerability exists in jQuery versions < 3.4 ...)
+ TODO: check
+CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack ...)
+ TODO: check
CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated ...)
NOT-FOR-US: Ubiquiti
CVE-2019-5425 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated u ...)
@@ -30491,8 +30515,7 @@ CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
NOTE: https://svn.apache.org/r1855751
CVE-2019-0219
RESERVED
-CVE-2019-0218
- RESERVED
+CVE-2019-0218 (A vulnerability was discovered wherein a specially crafted URL could e ...)
NOT-FOR-US: Apache Pony Mail
CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition i ...)
{DSA-4422-1 DLA-1748-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d20b38ca30a0f53271775543f9aa33416ee503d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d20b38ca30a0f53271775543f9aa33416ee503d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190423/c8372b94/attachment.html>
More information about the debian-security-tracker-commits
mailing list