[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 23 21:10:35 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d0c0018 by security tracker role at 2019-04-23T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-11485
+ RESERVED
+CVE-2019-11484
+ RESERVED
+CVE-2019-11483
+ RESERVED
+CVE-2019-11482
+ RESERVED
+CVE-2019-11481
+ RESERVED
+CVE-2019-11480
+ RESERVED
+CVE-2019-11479
+ RESERVED
+CVE-2019-11478
+ RESERVED
+CVE-2019-11477
+ RESERVED
+CVE-2019-11476
+ RESERVED
+CVE-2019-11475
+ RESERVED
+CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
+ TODO: check
+CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
+ TODO: check
+CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
+ TODO: check
+CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_al ...)
+ TODO: check
+CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
+ TODO: check
+CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...)
+ TODO: check
+CVE-2018-20821 (The parsing component in LibSass through 3.5.5 allows attackers to cau ...)
+ TODO: check
+CVE-2018-20820 (read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to c ...)
+ TODO: check
+CVE-2018-20819 (io/ZlibCompression.cc in the decompression component in Dropbox Lepton ...)
+ TODO: check
CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows FaultTempl ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-11468
@@ -858,8 +898,8 @@ CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via
NOT-FOR-US: MKCMS
CVE-2019-11077 (FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new a ...)
NOT-FOR-US: FastAdmin
-CVE-2019-11076
- RESERVED
+CVE-2019-11076 (Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via a ...)
+ TODO: check
CVE-2019-11075
RESERVED
CVE-2019-11074
@@ -1445,8 +1485,8 @@ CVE-2019-10866
RESERVED
CVE-2019-10865
RESERVED
-CVE-2019-10864
- RESERVED
+CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...)
+ TODO: check
CVE-2019-10863 (A command injection vulnerability exists in TeemIp versions before 2.4 ...)
NOT-FOR-US: TeemIp IPAM
CVE-2019-10862
@@ -1877,8 +1917,8 @@ CVE-2019-10712
RESERVED
CVE-2019-10711
RESERVED
-CVE-2019-10710
- RESERVED
+CVE-2019-10710 (Insecure permissions in the Web management portal on all IP cameras ba ...)
+ TODO: check
CVE-2019-10709
RESERVED
CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike i ...)
@@ -9614,8 +9654,8 @@ CVE-2019-7729 (An issue was discovered in the Bosch Smart Camera App before 1.3.
NOT-FOR-US: Bosch Smart Camera App
CVE-2019-7728 (An issue was discovered in the Bosch Smart Camera App before 1.3.1 for ...)
NOT-FOR-US: Bosch Smart Camera App
-CVE-2019-7727
- RESERVED
+CVE-2019-7727 (In NICE Engage through 6.5, the default configuration binds an unauthe ...)
+ TODO: check
CVE-2019-7726
RESERVED
CVE-2019-7725
@@ -10869,14 +10909,13 @@ CVE-2019-7305 [extplorer exposes /usr and /etc/extplorer over HTTP]
RESERVED
- extplorer <removed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/extplorer/+bug/1822013
-CVE-2019-7304 [Local privilege escalation via snapd socket]
- RESERVED
+CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed socket own ...)
- snapd 2.37.1-1
[stretch] - snapd <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.launchpad.net/snapd/+bug/1813365
NOTE: Introduced in 2.28, fixed in 2.37.1
-CVE-2019-7303
- RESERVED
+CVE-2019-7303 (A vulnerability in the seccomp filters of Canonical snapd before versi ...)
+ TODO: check
CVE-2019-7302
RESERVED
CVE-2019-7301 (Zen Load Balancer 3.10.1 allows remote authenticated admin users to ex ...)
@@ -18807,7 +18846,7 @@ CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt before
CVE-2019-3839
RESERVED
CVE-2019-3838 (It was found that the forceput operator could be extracted from the De ...)
- {DSA-4432-1}
+ {DSA-4432-1 DLA-1761-1}
[experimental] - ghostscript 9.27~~dc1~dfsg-1
- ghostscript 9.27~dfsg-1 (bug #925257)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -18827,7 +18866,7 @@ CVE-2019-3836 (It was discovered in gnutls before version 3.6.7 upstream that th
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
NOTE: Upstream versions affected are 3.6.3 and later before 3.6.7
CVE-2019-3835 (It was found that the superexec operator was available in the internal ...)
- {DSA-4432-1}
+ {DSA-4432-1 DLA-1761-1}
[experimental] - ghostscript 9.27~~dc1~dfsg-1
- ghostscript 9.27~dfsg-1 (bug #925256)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -21322,7 +21361,7 @@ CVE-2018-20202
RESERVED
CVE-2018-20201 (There is a stack-based buffer over-read in the jsfNameFromString funct ...)
NOT-FOR-US: Espruino 2V00
-CVE-2018-20200 (CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the- ...)
+CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 all ...)
- libokhttp-java <unfixed> (unimportant)
NOTE: https://github.com/square/okhttp/issues/4967
NOTE: No practicable security imapacting relevance
@@ -22844,22 +22883,19 @@ CVE-2019-2725
RESERVED
CVE-2019-2724
RESERVED
-CVE-2019-2723
- RESERVED
+CVE-2019-2723 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2722
- RESERVED
+CVE-2019-2722 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2721
- RESERVED
+CVE-2019-2721 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2720
- RESERVED
-CVE-2019-2719
- RESERVED
+CVE-2019-2720 (Vulnerability in the Oracle Data Integrator component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2719 (Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM ( ...)
+ TODO: check
CVE-2019-2718
RESERVED
CVE-2019-2717
@@ -22870,385 +22906,331 @@ CVE-2019-2715
RESERVED
CVE-2019-2714
RESERVED
-CVE-2019-2713
- RESERVED
-CVE-2019-2712
- RESERVED
+CVE-2019-2713 (Vulnerability in the Oracle Commerce Merchandising component of Oracle ...)
+ TODO: check
+CVE-2019-2712 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...)
+ TODO: check
CVE-2019-2711
RESERVED
CVE-2019-2710
RESERVED
-CVE-2019-2709
- RESERVED
-CVE-2019-2708
- RESERVED
-CVE-2019-2707
- RESERVED
-CVE-2019-2706
- RESERVED
-CVE-2019-2705
- RESERVED
-CVE-2019-2704
- RESERVED
-CVE-2019-2703
- RESERVED
+CVE-2019-2709 (Vulnerability in the Oracle Transportation Management component of Ora ...)
+ TODO: check
+CVE-2019-2708 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
+ TODO: check
+CVE-2019-2707 (Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Man ...)
+ TODO: check
+CVE-2019-2706 (Vulnerability in the Oracle Business Process Management Suite componen ...)
+ TODO: check
+CVE-2019-2705 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2019-2704 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
+ TODO: check
+CVE-2019-2703 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2702
- RESERVED
-CVE-2019-2701
- RESERVED
-CVE-2019-2700
- RESERVED
-CVE-2019-2699
- RESERVED
+CVE-2019-2702 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...)
+ TODO: check
+CVE-2019-2701 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2019-2700 (Vulnerability in the PeopleSoft Enterprise ELM component of Oracle Peo ...)
+ TODO: check
+CVE-2019-2699 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
- openjdk-8 <not-affected> (Windows-specific)
-CVE-2019-2698
- RESERVED
+CVE-2019-2698 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
- openjdk-7 <removed> (low)
- openjdk-8 <removed> (low)
- openjdk-11 11.0.3+7-1 (low)
-CVE-2019-2697
- RESERVED
+CVE-2019-2697 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
- openjdk-7 <removed> (low)
- openjdk-8 <removed> (low)
-CVE-2019-2696
- RESERVED
+CVE-2019-2696 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2695
- RESERVED
+CVE-2019-2695 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2694
- RESERVED
+CVE-2019-2694 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2693
- RESERVED
+CVE-2019-2693 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2692
- RESERVED
+CVE-2019-2692 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
- mysql-connector-java <not-affected> (Only affects 8.x)
TODO: check if this is actually true or only 8.x listed because supported
-CVE-2019-2691
- RESERVED
+CVE-2019-2691 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2690
- RESERVED
+CVE-2019-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2689
- RESERVED
+CVE-2019-2689 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2688
- RESERVED
+CVE-2019-2688 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2687
- RESERVED
+CVE-2019-2687 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2686
- RESERVED
+CVE-2019-2686 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2685
- RESERVED
+CVE-2019-2685 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2684
- RESERVED
+CVE-2019-2684 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
- openjdk-7 <removed>
- openjdk-8 <removed>
- openjdk-11 11.0.3+7-1
-CVE-2019-2683
- RESERVED
+CVE-2019-2683 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2682
- RESERVED
-CVE-2019-2681
- RESERVED
+CVE-2019-2682 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
+ TODO: check
+CVE-2019-2681 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2680
- RESERVED
+CVE-2019-2680 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2679
- RESERVED
+CVE-2019-2679 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2678
- RESERVED
+CVE-2019-2678 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2677
- RESERVED
-CVE-2019-2676
- RESERVED
-CVE-2019-2675
- RESERVED
-CVE-2019-2674
- RESERVED
-CVE-2019-2673
- RESERVED
+CVE-2019-2677 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
+ TODO: check
+CVE-2019-2676 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
+ TODO: check
+CVE-2019-2675 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
+ TODO: check
+CVE-2019-2674 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
+CVE-2019-2673 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
+ TODO: check
CVE-2019-2672
RESERVED
-CVE-2019-2671
- RESERVED
-CVE-2019-2670
- RESERVED
-CVE-2019-2669
- RESERVED
+CVE-2019-2671 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
+ TODO: check
+CVE-2019-2670 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
+ TODO: check
+CVE-2019-2669 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
+ TODO: check
CVE-2019-2668
RESERVED
CVE-2019-2667
RESERVED
CVE-2019-2666
RESERVED
-CVE-2019-2665
- RESERVED
-CVE-2019-2664
- RESERVED
-CVE-2019-2663
- RESERVED
-CVE-2019-2662
- RESERVED
-CVE-2019-2661
- RESERVED
-CVE-2019-2660
- RESERVED
-CVE-2019-2659
- RESERVED
-CVE-2019-2658
- RESERVED
-CVE-2019-2657
- RESERVED
+CVE-2019-2665 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
+ TODO: check
+CVE-2019-2664 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
+ TODO: check
+CVE-2019-2663 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
+ TODO: check
+CVE-2019-2662 (Vulnerability in the Oracle Territory Management component of Oracle E ...)
+ TODO: check
+CVE-2019-2661 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
+ TODO: check
+CVE-2019-2660 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
+ TODO: check
+CVE-2019-2659 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...)
+ TODO: check
+CVE-2019-2658 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2657 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2656
- RESERVED
+CVE-2019-2656 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2655
- RESERVED
-CVE-2019-2654
- RESERVED
-CVE-2019-2653
- RESERVED
-CVE-2019-2652
- RESERVED
-CVE-2019-2651
- RESERVED
-CVE-2019-2650
- RESERVED
-CVE-2019-2649
- RESERVED
-CVE-2019-2648
- RESERVED
-CVE-2019-2647
- RESERVED
-CVE-2019-2646
- RESERVED
-CVE-2019-2645
- RESERVED
-CVE-2019-2644
- RESERVED
+CVE-2019-2655 (Vulnerability in the Oracle Interaction Center Intelligence component ...)
+ TODO: check
+CVE-2019-2654 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
+CVE-2019-2653 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
+CVE-2019-2652 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
+ TODO: check
+CVE-2019-2651 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
+ TODO: check
+CVE-2019-2650 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2649 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2648 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2647 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2646 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2645 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2644 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2643
- RESERVED
-CVE-2019-2642
- RESERVED
-CVE-2019-2641
- RESERVED
-CVE-2019-2640
- RESERVED
-CVE-2019-2639
- RESERVED
-CVE-2019-2638
- RESERVED
-CVE-2019-2637
- RESERVED
-CVE-2019-2636
- RESERVED
+CVE-2019-2643 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
+ TODO: check
+CVE-2019-2642 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
+ TODO: check
+CVE-2019-2641 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
+ TODO: check
+CVE-2019-2640 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
+ TODO: check
+CVE-2019-2639 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
+ TODO: check
+CVE-2019-2638 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
+ TODO: check
+CVE-2019-2637 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
+ TODO: check
+CVE-2019-2636 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2635
- RESERVED
+CVE-2019-2635 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2634
- RESERVED
+CVE-2019-2634 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2633
- RESERVED
-CVE-2019-2632
- RESERVED
+CVE-2019-2633 (Vulnerability in the Oracle Work in Process component of Oracle E-Busi ...)
+ TODO: check
+CVE-2019-2632 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2631
- RESERVED
+CVE-2019-2631 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2630
- RESERVED
+CVE-2019-2630 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2629
- RESERVED
-CVE-2019-2628
- RESERVED
+CVE-2019-2629 (Vulnerability in the Oracle Health Sciences Data Management Workbench ...)
+ TODO: check
+CVE-2019-2628 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2627
- RESERVED
+CVE-2019-2627 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2626
- RESERVED
+CVE-2019-2626 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2625
- RESERVED
+CVE-2019-2625 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2624
- RESERVED
+CVE-2019-2624 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2623
- RESERVED
+CVE-2019-2623 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2622
- RESERVED
-CVE-2019-2621
- RESERVED
-CVE-2019-2620
- RESERVED
+CVE-2019-2622 (Vulnerability in the Oracle Service Contracts component of Oracle E-Bu ...)
+ TODO: check
+CVE-2019-2621 (Vulnerability in the Oracle Application Object Library component of Or ...)
+ TODO: check
+CVE-2019-2620 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2619
- RESERVED
-CVE-2019-2618
- RESERVED
-CVE-2019-2617
- RESERVED
+CVE-2019-2619 (Vulnerability in the Portable Clusterware component of Oracle Database ...)
+ TODO: check
+CVE-2019-2618 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2617 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2616
- RESERVED
-CVE-2019-2615
- RESERVED
-CVE-2019-2614
- RESERVED
+CVE-2019-2616 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
+ TODO: check
+CVE-2019-2615 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2614 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2613
- RESERVED
-CVE-2019-2612
- RESERVED
-CVE-2019-2611
- RESERVED
-CVE-2019-2610
- RESERVED
-CVE-2019-2609
- RESERVED
-CVE-2019-2608
- RESERVED
-CVE-2019-2607
- RESERVED
+CVE-2019-2613 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2019-2612 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2019-2611 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2019-2610 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2019-2609 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2019-2608 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2019-2607 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2606
- RESERVED
+CVE-2019-2606 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2605
- RESERVED
-CVE-2019-2604
- RESERVED
-CVE-2019-2603
- RESERVED
-CVE-2019-2602
- RESERVED
+CVE-2019-2605 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
+ TODO: check
+CVE-2019-2604 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
+ TODO: check
+CVE-2019-2603 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
+CVE-2019-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
- openjdk-7 <removed>
- openjdk-8 <removed>
- openjdk-11 11.0.3+7-1
-CVE-2019-2601
- RESERVED
-CVE-2019-2600
- RESERVED
+CVE-2019-2601 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
+ TODO: check
+CVE-2019-2600 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
+ TODO: check
CVE-2019-2599
RESERVED
-CVE-2019-2598
- RESERVED
-CVE-2019-2597
- RESERVED
-CVE-2019-2596
- RESERVED
+CVE-2019-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
+ TODO: check
+CVE-2019-2597 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
+ TODO: check
+CVE-2019-2596 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2595
- RESERVED
-CVE-2019-2594
- RESERVED
-CVE-2019-2593
- RESERVED
+CVE-2019-2595 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
+ TODO: check
+CVE-2019-2594 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
+ TODO: check
+CVE-2019-2593 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2592
- RESERVED
+CVE-2019-2592 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2591
- RESERVED
-CVE-2019-2590
- RESERVED
-CVE-2019-2589
- RESERVED
+CVE-2019-2591 (Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle Pe ...)
+ TODO: check
+CVE-2019-2590 (Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Mana ...)
+ TODO: check
+CVE-2019-2589 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2588
- RESERVED
-CVE-2019-2587
- RESERVED
+CVE-2019-2588 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
+ TODO: check
+CVE-2019-2587 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2586
- RESERVED
-CVE-2019-2585
- RESERVED
+CVE-2019-2586 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
+ TODO: check
+CVE-2019-2585 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2584
- RESERVED
+CVE-2019-2584 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2583
- RESERVED
-CVE-2019-2582
- RESERVED
-CVE-2019-2581
- RESERVED
+CVE-2019-2583 (Vulnerability in the Oracle iSupplier Portal component of Oracle E-Bus ...)
+ TODO: check
+CVE-2019-2582 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
+CVE-2019-2581 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2580
- RESERVED
+CVE-2019-2580 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2579
- RESERVED
-CVE-2019-2578
- RESERVED
-CVE-2019-2577
- RESERVED
-CVE-2019-2576
- RESERVED
-CVE-2019-2575
- RESERVED
-CVE-2019-2574
- RESERVED
+CVE-2019-2579 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2578 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2577 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
+ TODO: check
+CVE-2019-2576 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...)
+ TODO: check
+CVE-2019-2575 (Vulnerability in the Oracle AutoVue 3D Professional Advanced component ...)
+ TODO: check
+CVE-2019-2574 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2573
- RESERVED
-CVE-2019-2572
- RESERVED
-CVE-2019-2571
- RESERVED
-CVE-2019-2570
- RESERVED
+CVE-2019-2573 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
+ TODO: check
+CVE-2019-2572 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...)
+ TODO: check
+CVE-2019-2571 (Vulnerability in the RDBMS DataPump component of Oracle Database Serve ...)
+ TODO: check
+CVE-2019-2570 (Vulnerability in the Siebel Core - Server BizLogic Script component of ...)
+ TODO: check
CVE-2019-2569
RESERVED
-CVE-2019-2568
- RESERVED
-CVE-2019-2567
- RESERVED
-CVE-2019-2566
- RESERVED
+CVE-2019-2568 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2019-2567 (Vulnerability in the Oracle Configurator component of Oracle Supply Ch ...)
+ TODO: check
+CVE-2019-2566 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #927308)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
-CVE-2019-2565
- RESERVED
-CVE-2019-2564
- RESERVED
+CVE-2019-2565 (Vulnerability in the JD Edwards World Technical Foundation component o ...)
+ TODO: check
+CVE-2019-2564 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
+ TODO: check
CVE-2019-2563
RESERVED
CVE-2019-2562
@@ -23259,10 +23241,10 @@ CVE-2019-2560
RESERVED
CVE-2019-2559
RESERVED
-CVE-2019-2558
- RESERVED
-CVE-2019-2557
- RESERVED
+CVE-2019-2558 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...)
+ TODO: check
+CVE-2019-2557 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
+ TODO: check
CVE-2019-2556 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 5.2.24-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -23278,8 +23260,8 @@ CVE-2019-2553 (Vulnerability in the Oracle VM VirtualBox component of Oracle Vir
CVE-2019-2552 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 5.2.24-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2551
- RESERVED
+CVE-2019-2551 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
CVE-2019-2550 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
NOT-FOR-US: Oracle
CVE-2019-2549 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
@@ -23364,12 +23346,12 @@ CVE-2019-2520 (Vulnerability in the Oracle VM VirtualBox component of Oracle Vir
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2519 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component ...)
NOT-FOR-US: Oracle
-CVE-2019-2518
- RESERVED
-CVE-2019-2517
- RESERVED
-CVE-2019-2516
- RESERVED
+CVE-2019-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ TODO: check
+CVE-2019-2517 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
+CVE-2019-2516 (Vulnerability in the Portable Clusterware component of Oracle Database ...)
+ TODO: check
CVE-2019-2515
RESERVED
CVE-2019-2514
@@ -23574,8 +23556,8 @@ CVE-2019-2426 (Vulnerability in the Java SE component of Oracle Java SE (subcomp
- openjdk-11 <not-affected> (Specific to Java on Windows)
CVE-2019-2425 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
NOT-FOR-US: Oracle
-CVE-2019-2424
- RESERVED
+CVE-2019-2424 (Vulnerability in the Oracle Retail Convenience Store Back Office compo ...)
+ TODO: check
CVE-2019-2423 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
NOT-FOR-US: Oracle
CVE-2019-2422 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
@@ -30516,8 +30498,8 @@ CVE-2019-0225 (A specially crafted url could be used to access files under the R
- jspwiki <removed>
CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could ex ...)
- jspwiki <removed>
-CVE-2019-0223
- RESERVED
+CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under some cir ...)
+ TODO: check
CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...)
- activemq <unfixed> (bug #925964)
[jessie] - activemq <not-affected> (MQTT support not enabled)
@@ -36298,8 +36280,8 @@ CVE-2018-17171
RESERVED
CVE-2018-17170
RESERVED
-CVE-2018-17169
- RESERVED
+CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 ...)
+ TODO: check
CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored ...)
@@ -75075,12 +75057,12 @@ CVE-2018-3316
RESERVED
CVE-2018-3315
RESERVED
-CVE-2018-3314
- RESERVED
+CVE-2018-3314 (Vulnerability in the MICROS Relate CRM Software component of Oracle Re ...)
+ TODO: check
CVE-2018-3313
RESERVED
-CVE-2018-3312
- RESERVED
+CVE-2018-3312 (Vulnerability in the Oracle Retail Customer Engagement component of Or ...)
+ TODO: check
CVE-2018-3311 (Vulnerability in the Oracle Retail Xstore Payment component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-3310
@@ -75585,15 +75567,14 @@ CVE-2018-3125 (Vulnerability in the Oracle Retail Merchandising System component
NOT-FOR-US: Oracle
CVE-2018-3124
RESERVED
-CVE-2018-3123
- RESERVED
+CVE-2018-3123 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 5.7.25-1
CVE-2018-3122 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
NOT-FOR-US: Oracle
CVE-2018-3121
RESERVED
-CVE-2018-3120
- RESERVED
+CVE-2018-3120 (Vulnerability in the MICROS Lucas component of Oracle Retail Applicati ...)
+ TODO: check
CVE-2018-3119
RESERVED
CVE-2018-3118
@@ -76119,8 +76100,8 @@ CVE-2018-2882 (Vulnerability in the MICROS Retail-J component of Oracle Retail A
NOT-FOR-US: Oracle
CVE-2018-2881 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
NOT-FOR-US: Oracle
-CVE-2018-2880
- RESERVED
+CVE-2018-2880 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
+ TODO: check
CVE-2018-2879 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2018-2878 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components compo ...)
@@ -80351,8 +80332,7 @@ CVE-2018-1330 (When parsing a malformed JSON payload, libprocess in Apache Mesos
- apache-mesos <itp> (bug #760315)
CVE-2018-1329
REJECTED
-CVE-2018-1328
- RESERVED
+CVE-2018-1328 (Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permiss ...)
NOT-FOR-US: Apache Zeppelin
CVE-2018-1327 (The Apache Struts REST Plugin is using XStream library which is vulner ...)
- libstruts1.2-java <not-affected> (Specific to 2.x)
@@ -80390,8 +80370,7 @@ CVE-2018-1318 (Adding method ACLs in remap.config can cause a segfault when the
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/3
NOTE: https://github.com/apache/trafficserver/pull/3195
NOTE: https://github.com/apache/trafficserver/commit/e6dfda305acf85250861ecfa14a7bd6bb2fad5c3
-CVE-2018-1317
- RESERVED
+CVE-2018-1317 (In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by de ...)
NOT-FOR-US: Apache Zeppelin
CVE-2018-1316 (The ODE process deployment web service was sensible to deployment mess ...)
NOT-FOR-US: Apache ODE
@@ -88771,7 +88750,7 @@ CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak t
CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the org.apache.sling ...)
NOT-FOR-US: Apache Sling
CVE-2017-15716
- RESERVED
+ REJECTED
CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in <Files ...)
{DSA-4164-1}
- apache2 2.4.33-1
@@ -98415,8 +98394,7 @@ CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom
NOTE: http://www.openwall.com/lists/oss-security/2017/09/27/6
CVE-2017-12620 (When loading models or dictionaries that contain XML it is possible to ...)
NOT-FOR-US: Apache OpenNLP
-CVE-2017-12619
- RESERVED
+CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation whic ...)
NOT-FOR-US: Apache Zeppelin
CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to val ...)
{DLA-1163-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d0c001877974554bee1b5e20f1b65e0cda6eb0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d0c001877974554bee1b5e20f1b65e0cda6eb0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190423/675d3544/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list