[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 29 21:10:35 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ceb4a24 by security tracker role at 2019-04-29T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,44 @@
-CVE-2019-11591
+CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...)
+ TODO: check
+CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found in th ...)
+ TODO: check
+CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows filter-li ...)
+ TODO: check
+CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows filter-lis ...)
+ TODO: check
+CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows filter ...)
+ TODO: check
+CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews ...)
+ TODO: check
+CVE-2019-11589
+ RESERVED
+CVE-2019-11588
+ RESERVED
+CVE-2019-11587
+ RESERVED
+CVE-2019-11586
+ RESERVED
+CVE-2019-11585
+ RESERVED
+CVE-2019-11584
+ RESERVED
+CVE-2019-11583
+ RESERVED
+CVE-2019-11582
+ RESERVED
+CVE-2019-11581
+ RESERVED
+CVE-2019-11580
+ RESERVED
+CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
+ TODO: check
+CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress allows C ...)
NOT-FOR-US: WordPress plugin contact-form-maker
-CVE-2019-11590
+CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF vi ...)
NOT-FOR-US: WordPress plugin form-maker
CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp ...)
- dhcpcd5 <unfixed> (bug #928105)
@@ -3497,7 +3535,7 @@ CVE-2018-20815 [device_tree: heap buffer overflow while loading device tree blob
- qemu-kvm <removed>
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
NOTE: https://www.openwall.com/lists/oss-security/2019/03/27/1
-CVE-2016-10749
+CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-r ...)
- cjson <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/DaveGamble/cJSON/issues/30
NOTE: https://www.openwall.com/lists/oss-security/2016/11/07/2
@@ -3896,6 +3934,7 @@ CVE-2019-9930
CVE-2019-9929
RESERVED
CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP c ...)
+ {DLA-1770-1 DLA-1769-1}
[experimental] - gst-plugins-base1.0 1.15.90-1
- gst-plugins-base1.0 <unfixed> (bug #927978)
- gst-plugins-base0.10 <removed>
@@ -8336,8 +8375,8 @@ CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common con
NOT-FOR-US: Check Point
CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm up to 1 ...)
NOT-FOR-US: Check Point ZoneAlarm
-CVE-2019-8454
- RESERVED
+CVE-2019-8454 (A local attacker can create a hard-link between a file to which the Ch ...)
+ TODO: check
CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are ta ...)
NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up ...)
@@ -15662,8 +15701,8 @@ CVE-2019-5494
RESERVED
CVE-2019-5493
RESERVED
-CVE-2019-5492
- RESERVED
+CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...)
+ TODO: check
CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the NetApp ...)
@@ -15788,8 +15827,8 @@ CVE-2019-5431
RESERVED
CVE-2019-5430
RESERVED
-CVE-2019-5429
- RESERVED
+CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
+ TODO: check
CVE-2019-5428
REJECTED
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack ...)
@@ -18601,8 +18640,8 @@ CVE-2019-4049
RESERVED
CVE-2019-4048
RESERVED
-CVE-2019-4047
- RESERVED
+CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated us ...)
+ TODO: check
CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process Manager 18.0 ...)
@@ -19838,14 +19877,14 @@ CVE-2019-3565
RESERVED
CVE-2019-3564
RESERVED
-CVE-2019-3563
- RESERVED
-CVE-2019-3562
- RESERVED
-CVE-2019-3561
- RESERVED
-CVE-2019-3560
- RESERVED
+CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...)
+ TODO: check
+CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...)
+ TODO: check
+CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functions al ...)
+ TODO: check
+CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
+ TODO: check
CVE-2019-3559
RESERVED
CVE-2019-3558
@@ -20073,8 +20112,8 @@ CVE-2018-20625
RESERVED
CVE-2018-20624
RESERVED
-CVE-2019-3493
- RESERVED
+CVE-2019-3493 (A potential security vulnerability has been identified in Micro Focus ...)
+ TODO: check
CVE-2019-3492
RESERVED
CVE-2019-3491
@@ -49110,8 +49149,7 @@ CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used fo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385
-CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible ClientHello]
- RESERVED
+CVE-2018-12384 (When handling a SSLv2-compatible ClientHello request, the server doesn ...)
- nss 2:3.39-1 (low; bug #908332)
[stretch] - nss <postponed> (Minor issue, can be fixed along in future DSA)
[jessie] - nss <postponed> (Minor issue, can be fixed along in future DSA)
@@ -49651,7 +49689,7 @@ CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist T
NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-12205 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
NOT-FOR-US: Intel
-CVE-2018-12204 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
+CVE-2018-12204 (Improper memory initialization in Platform Sample/Silicon Reference fi ...)
NOT-FOR-US: Intel
CVE-2018-12203 (Denial of service vulnerability in Platform Sample/ Silicon Reference ...)
NOT-FOR-US: Intel
@@ -70040,8 +70078,7 @@ CVE-2018-5124 (Unsanitized output in the browser UI leaves HTML tags in place an
- firefox 58.0.1-1
- firefox-esr <not-affected> (Vulnerable code introduced later than 52)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
-CVE-2018-5123
- RESERVED
+CVE-2018-5123 (A third party website can access information available to a user with ...)
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
CVE-2018-5122 (A potential integer overflow in the "DoCrypt" function of WebCrypto wa ...)
@@ -78596,14 +78633,14 @@ CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an informatio
NOT-FOR-US: IBM
CVE-2018-2008
RESERVED
-CVE-2018-2007
- RESERVED
+CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected crypto ...)
+ TODO: check
CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
NOT-FOR-US: IBM
CVE-2018-2005
RESERVED
-CVE-2018-2004
- RESERVED
+CVE-2018-2004 (IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cr ...)
+ TODO: check
CVE-2018-2003
RESERVED
CVE-2018-2002
@@ -78688,8 +78725,8 @@ CVE-2018-1963
RESERVED
CVE-2018-1962 (IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalid ...)
NOT-FOR-US: IBM
-CVE-2018-1961
- RESERVED
+CVE-2018-1961 (IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose se ...)
+ TODO: check
CVE-2018-1960
RESERVED
CVE-2018-1959 (IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-co ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ceb4a245deff2dec929b224be4bce6c33118a2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ceb4a245deff2dec929b224be4bce6c33118a2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190429/8647737f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list