[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 27 09:10:22 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13719c7a by security tracker role at 2019-04-27T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-11564
+	RESERVED
+CVE-2019-11563
+	RESERVED
+CVE-2019-11562
+	RESERVED
+CVE-2019-11561
+	RESERVED
+CVE-2019-11560
+	RESERVED
+CVE-2019-11559
+	RESERVED
+CVE-2019-11558
+	RESERVED
+CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress  ...)
+	TODO: check
+CVE-2019-11556
+	RESERVED
 CVE-2019-11554
 	RESERVED
 CVE-2019-11553
@@ -40,8 +58,8 @@ CVE-2019-11535
 	RESERVED
 CVE-2019-11534
 	RESERVED
-CVE-2019-11533
-	RESERVED
+CVE-2019-11533 (Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 a ...)
+	TODO: check
 CVE-2019-11532
 	RESERVED
 CVE-2019-11531
@@ -136,8 +154,8 @@ CVE-2019-11494
 	RESERVED
 CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pd ...)
 	NOT-FOR-US: VeryPDF
-CVE-2019-11492
-	RESERVED
+CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server logs. ...)
+	TODO: check
 CVE-2019-11491
 	RESERVED
 CVE-2019-11490 (An issue was discovered in Npcap 0.992. Sending a malformed .pcap file ...)
@@ -259,9 +277,11 @@ CVE-2019-11457
 CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
 	NOT-FOR-US: Gila CMS
 CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...)
+	{DLA-1767-1}
 	- monit <unfixed> (bug #927775)
 	NOTE: https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
 CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash  ...)
+	{DLA-1767-1}
 	- monit <unfixed> (bug #927775)
 	NOTE: https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
 	NOTE: https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
@@ -504,7 +524,7 @@ CVE-2019-11347
 	RESERVED
 CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of Duty ga ...)
 	NOT-FOR-US: Activision
-CVE-2019-11555 [EAP-pwd message reassembly issue with unexpected fragment]
+CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_ ...)
 	- wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463)
 	NOTE: https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
 	NOTE: Patches: https://w1.fi/security/2019-5/
@@ -10517,8 +10537,8 @@ CVE-2019-7478
 	RESERVED
 CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...)
 	NOT-FOR-US: SonicWall
-CVE-2019-7476
-	RESERVED
+CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...)
+	TODO: check
 CVE-2019-7475 (A vulnerability in SonicWall SonicOS and SonicOSv with management enab ...)
 	NOT-FOR-US: SonicWall
 CVE-2019-7474 (A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated ...)
@@ -11028,6 +11048,7 @@ CVE-2019-7319
 CVE-2019-7318
 	RESERVED
 CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free because  ...)
+	{DSA-4435-1}
 	- libpng1.6 1.6.36-4 (bug #921355)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
 	NOTE: https://github.com/glennrp/libpng/issues/275
@@ -19026,10 +19047,10 @@ CVE-2019-3846
 	RESERVED
 CVE-2019-3845 (A lack of access control was found in the message queues maintained by ...)
 	NOT-FOR-US: qpid dispatch router
-CVE-2019-3844
-	RESERVED
-CVE-2019-3843
-	RESERVED
+CVE-2019-3844 (It was discovered that a systemd service that uses DynamicUser propert ...)
+	TODO: check
+CVE-2019-3843 (It was discovered that a systemd service that uses DynamicUser propert ...)
+	TODO: check
 CVE-2019-3842 (In systemd before v242-rc4, it was discovered that pam_systemd does no ...)
 	{DSA-4428-1 DLA-1762-1}
 	- systemd 241-3
@@ -32900,9 +32921,11 @@ CVE-2018-18515
 CVE-2018-18514
 	RESERVED
 CVE-2018-18513 (A crash can occur when processing a crafted S/MIME message or an XPI p ...)
+	{DSA-4392-1 DLA-1678-1}
 	- thunderbird 1:60.5.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18513
 CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound notific ...)
+	{DSA-4392-1 DLA-1678-1}
 	- thunderbird 1:60.5.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
 CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of  ...)
@@ -33600,8 +33623,8 @@ CVE-2018-18278
 	RESERVED
 CVE-2018-18277
 	RESERVED
-CVE-2018-18276
-	RESERVED
+CVE-2018-18276 (XSS exists in the ProFiles 1.5 component for Joomla! via the name or p ...)
+	TODO: check
 CVE-2018-18275
 	RESERVED
 CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer overflo ...)
@@ -40752,12 +40775,12 @@ CVE-2018-15584 (Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_
 	TODO: check
 CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD ...)
 	NOT-FOR-US: GNUBOARD
-CVE-2018-15582
-	RESERVED
+CVE-2018-15582 (Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_wri ...)
+	TODO: check
 CVE-2018-15581 (Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.ph ...)
 	TODO: check
-CVE-2018-15580
-	RESERVED
+CVE-2018-15580 (Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php  ...)
+	TODO: check
 CVE-2018-15579
 	RESERVED
 CVE-2018-15578



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13719c7ad8aee9d5a37c8f99f877d5b0515ff7ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13719c7ad8aee9d5a37c8f99f877d5b0515ff7ed
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190427/133eafa3/attachment.html>
