[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 25 09:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09527ef7 by security tracker role at 2019-04-25T08:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...)
+ TODO: check
+CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mis ...)
+ TODO: check
+CVE-2019-11513 (The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS v ...)
+ TODO: check
+CVE-2019-11512
+ RESERVED
+CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the ...)
+ TODO: check
+CVE-2019-11510
+ RESERVED
+CVE-2019-11509
+ RESERVED
+CVE-2019-11508
+ RESERVED
+CVE-2019-11507
+ RESERVED
+CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, the ...)
+ TODO: check
+CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, ther ...)
+ TODO: check
+CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
+ TODO: check
+CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard against sy ...)
+ TODO: check
+CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership of a s ...)
+ TODO: check
+CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...)
+ TODO: check
CVE-2019-11501
RESERVED
CVE-2019-11500
@@ -677,10 +707,10 @@ CVE-2019-11220
RESERVED
CVE-2019-11219
RESERVED
-CVE-2019-11218
- RESERVED
-CVE-2019-11217
- RESERVED
+CVE-2019-11218 (Improper handling of extra parameters in the AccountController (User P ...)
+ TODO: check
+CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 a ...)
+ TODO: check
CVE-2019-11216
RESERVED
CVE-2019-11215
@@ -707,8 +737,8 @@ CVE-2019-11205
RESERVED
CVE-2019-11204
RESERVED
-CVE-2019-11203
- RESERVED
+CVE-2019-11203 (The workspace client, openspace client, app development client, and RE ...)
+ TODO: check
CVE-2019-11202
RESERVED
CVE-2019-11201
@@ -3770,12 +3800,12 @@ CVE-2019-9900
CVE-2019-9899
RESERVED
CVE-2019-9898 (Potential recycling of random numbers used in cryptography exists with ...)
- {DSA-4423-1}
+ {DSA-4423-1 DLA-1763-1}
- putty 0.70-6
NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html
NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=320bf8479ff5bcbad239db4f9f4aa63656b0675e
CVE-2019-9897 (Multiple denial-of-service attacks that can be triggered by writing to ...)
- {DSA-4423-1}
+ {DSA-4423-1 DLA-1763-1}
- putty 0.70-6
NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-one-column-cjk.html
NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=03777723e553024e94d8bfcf182f3a2e92ffb914
@@ -3792,7 +3822,7 @@ CVE-2019-9895 (In PuTTY versions before 0.71 on Unix, a remotely triggerable buf
NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-fd-set-overflow.html
NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c926d9ea4a9e0a0a2384f06c7583648cdff3ed6
CVE-2019-9894 (A remotely triggerable memory overwrite in RSA key exchange in PuTTY b ...)
- {DSA-4423-1}
+ {DSA-4423-1 DLA-1763-1}
- putty 0.70-6
NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html
NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f
@@ -6929,16 +6959,16 @@ CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Manag
NOT-FOR-US: BlackBerry
CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set ...)
NOT-FOR-US: Signiant
-CVE-2019-8995
- RESERVED
-CVE-2019-8994
- RESERVED
-CVE-2019-8993
- RESERVED
-CVE-2019-8992
- RESERVED
-CVE-2019-8991
- RESERVED
+CVE-2019-8995 (The workspace client, openspace client, and app development client of ...)
+ TODO: check
+CVE-2019-8994 (The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, ...)
+ TODO: check
+CVE-2019-8993 (The administrative web server component of TIBCO Software Inc.'s TIBCO ...)
+ TODO: check
+CVE-2019-8992 (The administrative server component of TIBCO Software Inc.'s TIBCO Act ...)
+ TODO: check
+CVE-2019-8991 (The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveM ...)
+ TODO: check
CVE-2019-8990 (The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatr ...)
NOT-FOR-US: TIBCO
CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
@@ -20667,8 +20697,8 @@ CVE-2018-20436 (** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for A
NOT-FOR-US: Telegram for Android
CVE-2018-20435
RESERVED
-CVE-2018-20434
- RESERVED
+CVE-2018-20434 (LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands ...)
+ TODO: check
CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mcha ...)
{DLA-1621-1}
- c3p0 0.9.1.2-10 (bug #917257)
@@ -33562,8 +33592,8 @@ CVE-2018-18253 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CAL
NOT-FOR-US: CapMon Access Manager
CVE-2018-18252 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunEle ...)
NOT-FOR-US: CapMon Access Manager
-CVE-2018-18251
- RESERVED
+CVE-2018-18251 (Deltek Vision 7.x before 7.6 permits the execution of any attacker sup ...)
+ TODO: check
CVE-2019-0085
RESERVED
CVE-2019-0084
@@ -61849,10 +61879,10 @@ CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used
TODO: check
CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...)
TODO: check
-CVE-2018-7575
- RESERVED
-CVE-2018-7574
- RESERVED
+CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow v ...)
+ TODO: check
+CVE-2018-7574 (Google TensorFlow 1.6.x and earlier is affected by a Null Pointer Dere ...)
+ TODO: check
CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server ca ...)
NOT-FOR-US: FTPShell Client
CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09527ef7c3695dfba968c7032e53cbb7f160e800
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09527ef7c3695dfba968c7032e53cbb7f160e800
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190425/25120243/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list