[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 24 21:10:33 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88482bd8 by security tracker role at 2019-04-24T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-11501
+ RESERVED
+CVE-2019-11500
+ RESERVED
+CVE-2019-11499
+ RESERVED
CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...)
TODO: check
CVE-2019-11497
@@ -940,8 +946,8 @@ CVE-2019-11083
RESERVED
CVE-2019-11082
RESERVED
-CVE-2019-11081
- RESERVED
+CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.2 and pos ...)
+ TODO: check
CVE-2019-11080
RESERVED
CVE-2019-11079
@@ -1078,8 +1084,8 @@ CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions 7.
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77753
CVE-2019-11033
RESERVED
-CVE-2019-11032
- RESERVED
+CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the Candida ...)
+ TODO: check
CVE-2019-11031
RESERVED
CVE-2019-11030
@@ -2011,8 +2017,7 @@ CVE-2019-10693
RESERVED
CVE-2019-10692 (In the wp-google-maps plugin before 7.11.18 for WordPress, includes/cl ...)
NOT-FOR-US: wp-google-maps plugin for WordPress
-CVE-2019-10691 [assert-crash in JSON encoder]
- RESERVED
+CVE-2019-10691 (The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeate ...)
- dovecot 1:2.3.4.1-4
[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
@@ -2972,8 +2977,8 @@ CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build a
NOT-FOR-US: Eclipse hawkBit
CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a d ...)
NOT-FOR-US: GitHub Enterprise
-CVE-2019-10239
- RESERVED
+CVE-2019-10239 (Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently ...)
+ TODO: check
CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the file ...)
NOT-FOR-US: Sitemagic CMS
CVE-2019-10237 (S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via th ...)
@@ -3543,8 +3548,8 @@ CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League Commo
NOT-FOR-US: PHP League CommonMark library
CVE-2019-10009
RESERVED
-CVE-2019-10008
- RESERVED
+CVE-2019-10008 (Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privile ...)
+ TODO: check
CVE-2019-10007
RESERVED
CVE-2019-10006
@@ -3606,10 +3611,10 @@ CVE-2019-9953
RESERVED
CVE-2019-9952
RESERVED
-CVE-2019-9951
- RESERVED
-CVE-2019-9950
- RESERVED
+CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
+ TODO: check
+CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
+ TODO: check
CVE-2019-9949
RESERVED
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
@@ -3679,8 +3684,8 @@ CVE-2019-9930
RESERVED
CVE-2019-9929
RESERVED
-CVE-2019-9928
- RESERVED
+CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP c ...)
+ TODO: check
CVE-2019-9927 (Caret before 2019-02-22 allows Remote Code Execution. ...)
NOT-FOR-US: Caret editor
CVE-2019-9926
@@ -4941,8 +4946,8 @@ CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenSt
- neutron 2:13.0.2-13 (bug #924508)
[jessie] - neutron <not-affected> (Vulnerable code not present, all supported protocols are handled correctly)
NOTE: https://launchpad.net/bugs/1818385
-CVE-2019-9734
- RESERVED
+CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (i ...)
+ TODO: check
CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
NOT-FOR-US: JFrog Artifactory
CVE-2019-9732
@@ -4961,8 +4966,8 @@ CVE-2019-9726
RESERVED
CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devi ...)
NOT-FOR-US: Korenix JetPort devices
-CVE-2019-9724
- RESERVED
+CVE-2019-9724 (aquaverde Aquarius CMS through 4.3.5 allows Information Exposure throu ...)
+ TODO: check
CVE-2019-9723
RESERVED
CVE-2019-9722
@@ -5170,8 +5175,8 @@ CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by:
NOTE: https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
NOTE: https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be (3.7.x)
NOTE: https://github.com/python/cpython/commit/e37ef41289b77e0f0bb9a6aedb0360664c55bdd5 (2.7.x)
-CVE-2019-9635
- RESERVED
+CVE-2019-9635 (NULL pointer dereference in Google TensorFlow before 1.12.2 could caus ...)
+ TODO: check
CVE-2019-1003039 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-1003038 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
@@ -11183,14 +11188,14 @@ CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucke
NOT-FOR-US: FileChucker
CVE-2019-7215
RESERVED
-CVE-2019-7214
- RESERVED
-CVE-2019-7213
- RESERVED
-CVE-2019-7212
- RESERVED
-CVE-2019-7211
- RESERVED
+CVE-2019-7214 (SmarterTools SmarterMail 16.x before build 6985 allows deserialization ...)
+ TODO: check
+CVE-2019-7213 (SmarterTools SmarterMail 16.x before build 6985 allows directory trave ...)
+ TODO: check
+CVE-2019-7212 (SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret k ...)
+ TODO: check
+CVE-2019-7211 (SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaSc ...)
+ TODO: check
CVE-2019-7210
RESERVED
CVE-2019-7209
@@ -11761,7 +11766,7 @@ CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library
NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77270
NOTE: Proposed patch: https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
-CVE-2019-6976 (libvips before 8.7.4 writes to uninitialized memory locations in unspe ...)
+CVE-2019-6976 (libvips before 8.7.4 generates output images from uninitialized memory ...)
- vips 8.7.4-1 (low)
[stretch] - vips <no-dsa> (Minor issue)
[jessie] - vips <ignored> (Minor Issue)
@@ -12646,7 +12651,7 @@ CVE-2019-6581
RESERVED
CVE-2019-6580
RESERVED
-CVE-2019-6579 (A vulnerability has been identified in Spectrum Power™ 4 (with W ...)
+CVE-2019-6579 (A vulnerability has been identified in Spectrum Power 4 (with Web Offi ...)
NOT-FOR-US: Spectrum Power
CVE-2019-6578
RESERVED
@@ -18767,8 +18772,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by wor
- 389-ds-base <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
NOTE: https://pagure.io/389-ds-base/issue/50329
-CVE-2019-3882 [DoS through vfio/type1 DMA mappings]
- RESERVED
+CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
@@ -18818,8 +18822,7 @@ CVE-2019-3870 (A vulnerability was found in Samba from version (including) 4.9 t
NOTE: https://www.samba.org/samba/security/CVE-2019-3870.html
CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, applicatio ...)
NOT-FOR-US: Ansible Tower
-CVE-2019-3868
- RESERVED
+CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access or id t ...)
NOT-FOR-US: Keycloak
CVE-2019-3867
RESERVED
@@ -18909,7 +18912,7 @@ CVE-2019-3844
CVE-2019-3843
RESERVED
CVE-2019-3842 (In systemd before v242-rc4, it was discovered that pam_systemd does no ...)
- {DSA-4428-1}
+ {DSA-4428-1 DLA-1762-1}
- systemd 241-3
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
NOTE: https://bugs.launchpad.net/bugs/1812316
@@ -19122,22 +19125,22 @@ CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.
NOTE: https://github.com/spring-projects/spring-security/commit/6f02f690ac65ccf99d8df47ac3d730a68f87c569
CVE-2019-3794
RESERVED
-CVE-2019-3793
- RESERVED
+CVE-2019-3793 (Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, vers ...)
+ TODO: check
CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerable to ...)
NOT-FOR-US: Pivotal
CVE-2019-3791
RESERVED
CVE-2019-3790
RESERVED
-CVE-2019-3789
- RESERVED
+CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0, contains ...)
+ TODO: check
CVE-2019-3788
RESERVED
CVE-2019-3787
RESERVED
-CVE-2019-3786
- RESERVED
+CVE-2019-3786 (Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0 ...)
+ TODO: check
CVE-2019-3785 (Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an e ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-3784 (Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure s ...)
@@ -45997,8 +46000,8 @@ CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerab
NOT-FOR-US: SeaCMS
CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability ...)
NOT-FOR-US: SeaCMS
-CVE-2018-13443
- RESERVED
+CVE-2018-13443 (EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted was ...)
+ TODO: check
CVE-2018-13442
RESERVED
CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL po ...)
@@ -55460,8 +55463,8 @@ CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5
NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
CVE-2018-10056
RESERVED
-CVE-2018-10055
- RESERVED
+CVE-2018-10055 (Invalid memory access and/or a heap buffer overflow in the TensorFlow ...)
+ TODO: check
CVE-2018-10054 (H2 1.4.197, as used in Datomic before 0.9.5697 and other products, all ...)
NOT-FOR-US: H2 (different from src:python-h2)
CVE-2018-10053
@@ -61827,8 +61830,8 @@ CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6
NOT-FOR-US: YzmCMS
CVE-2018-7578
RESERVED
-CVE-2018-7577
- RESERVED
+CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ...)
+ TODO: check
CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...)
TODO: check
CVE-2018-7575
@@ -65841,6 +65844,7 @@ CVE-2017-18079 (drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 al
[wheezy] - linux 3.2.96-1
NOTE: Fixed by: https://git.kernel.org/linus/340d394a789518018f834ff70f7534fc463d3226
CVE-2017-18078 (systemd-tmpfiles in systemd before 237 attempts to support ownership/p ...)
+ {DLA-1762-1}
- systemd 237-1 (unimportant)
NOTE: https://github.com/systemd/systemd/issues/7736
NOTE: https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada (v237)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88482bd8e7ae815dd4fc5802c8af56dc9180e1dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88482bd8e7ae815dd4fc5802c8af56dc9180e1dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190424/812903b0/attachment.html>
More information about the debian-security-tracker-commits
mailing list