[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Apr 29 21:10:35 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ceb4a24 by security tracker role at 2019-04-29T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,44 @@
-CVE-2019-11591
+CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...)
+	TODO: check
+CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found in th ...)
+	TODO: check
+CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows filter-li ...)
+	TODO: check
+CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows filter-lis ...)
+	TODO: check
+CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows filter ...)
+	TODO: check
+CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews ...)
+	TODO: check
+CVE-2019-11589
+	RESERVED
+CVE-2019-11588
+	RESERVED
+CVE-2019-11587
+	RESERVED
+CVE-2019-11586
+	RESERVED
+CVE-2019-11585
+	RESERVED
+CVE-2019-11584
+	RESERVED
+CVE-2019-11583
+	RESERVED
+CVE-2019-11582
+	RESERVED
+CVE-2019-11581
+	RESERVED
+CVE-2019-11580
+	RESERVED
+CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
+	TODO: check
+CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress allows C ...)
 	NOT-FOR-US: WordPress plugin contact-form-maker
-CVE-2019-11590
+CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF vi ...)
 	NOT-FOR-US: WordPress plugin form-maker
 CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp ...)
 	- dhcpcd5 <unfixed> (bug #928105)
@@ -3497,7 +3535,7 @@ CVE-2018-20815 [device_tree: heap buffer overflow while loading device tree blob
 	- qemu-kvm <removed>
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/27/1
-CVE-2016-10749
+CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-r ...)
 	- cjson <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/DaveGamble/cJSON/issues/30
 	NOTE: https://www.openwall.com/lists/oss-security/2016/11/07/2
@@ -3896,6 +3934,7 @@ CVE-2019-9930
 CVE-2019-9929
 	RESERVED
 CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP c ...)
+	{DLA-1770-1 DLA-1769-1}
 	[experimental] - gst-plugins-base1.0 1.15.90-1
 	- gst-plugins-base1.0 <unfixed> (bug #927978)
 	- gst-plugins-base0.10 <removed>
@@ -8336,8 +8375,8 @@ CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common con
 	NOT-FOR-US: Check Point
 CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm up to 1 ...)
 	NOT-FOR-US: Check Point ZoneAlarm
-CVE-2019-8454
-	RESERVED
+CVE-2019-8454 (A local attacker can create a hard-link between a file to which the Ch ...)
+	TODO: check
 CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are ta ...)
 	NOT-FOR-US: Check Point ZoneAlarm
 CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up  ...)
@@ -15662,8 +15701,8 @@ CVE-2019-5494
 	RESERVED
 CVE-2019-5493
 	RESERVED
-CVE-2019-5492
-	RESERVED
+CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...)
+	TODO: check
 CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...)
 	NOT-FOR-US: Clustered Data ONTAP
 CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the NetApp  ...)
@@ -15788,8 +15827,8 @@ CVE-2019-5431
 	RESERVED
 CVE-2019-5430
 	RESERVED
-CVE-2019-5429
-	RESERVED
+CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
+	TODO: check
 CVE-2019-5428
 	REJECTED
 CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack  ...)
@@ -18601,8 +18640,8 @@ CVE-2019-4049
 	RESERVED
 CVE-2019-4048
 	RESERVED
-CVE-2019-4047
-	RESERVED
+CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated us ...)
+	TODO: check
 CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process Manager 18.0 ...)
@@ -19838,14 +19877,14 @@ CVE-2019-3565
 	RESERVED
 CVE-2019-3564
 	RESERVED
-CVE-2019-3563
-	RESERVED
-CVE-2019-3562
-	RESERVED
-CVE-2019-3561
-	RESERVED
-CVE-2019-3560
-	RESERVED
+CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...)
+	TODO: check
+CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...)
+	TODO: check
+CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functions al ...)
+	TODO: check
+CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
+	TODO: check
 CVE-2019-3559
 	RESERVED
 CVE-2019-3558
@@ -20073,8 +20112,8 @@ CVE-2018-20625
 	RESERVED
 CVE-2018-20624
 	RESERVED
-CVE-2019-3493
-	RESERVED
+CVE-2019-3493 (A potential security vulnerability has been identified in Micro Focus  ...)
+	TODO: check
 CVE-2019-3492
 	RESERVED
 CVE-2019-3491
@@ -49110,8 +49149,7 @@ CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used fo
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385
-CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible ClientHello]
-	RESERVED
+CVE-2018-12384 (When handling a SSLv2-compatible ClientHello request, the server doesn ...)
 	- nss 2:3.39-1 (low; bug #908332)
 	[stretch] - nss <postponed> (Minor issue, can be fixed along in future DSA)
 	[jessie] - nss <postponed> (Minor issue, can be fixed along in future DSA)
@@ -49651,7 +49689,7 @@ CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist T
 	NOT-FOR-US: Intel QuickAssist Technology for Linux
 CVE-2018-12205 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
 	NOT-FOR-US: Intel
-CVE-2018-12204 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
+CVE-2018-12204 (Improper memory initialization in Platform Sample/Silicon Reference fi ...)
 	NOT-FOR-US: Intel
 CVE-2018-12203 (Denial of service vulnerability in Platform Sample/ Silicon Reference  ...)
 	NOT-FOR-US: Intel
@@ -70040,8 +70078,7 @@ CVE-2018-5124 (Unsanitized output in the browser UI leaves HTML tags in place an
 	- firefox 58.0.1-1
 	- firefox-esr <not-affected> (Vulnerable code introduced later than 52)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
-CVE-2018-5123
-	RESERVED
+CVE-2018-5123 (A third party website can access information available to a user with  ...)
 	- bugzilla4 <itp> (bug #669643)
 	- bugzilla <removed>
 CVE-2018-5122 (A potential integer overflow in the "DoCrypt" function of WebCrypto wa ...)
@@ -78596,14 +78633,14 @@ CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an informatio
 	NOT-FOR-US: IBM
 CVE-2018-2008
 	RESERVED
-CVE-2018-2007
-	RESERVED
+CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected crypto ...)
+	TODO: check
 CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
 	NOT-FOR-US: IBM
 CVE-2018-2005
 	RESERVED
-CVE-2018-2004
-	RESERVED
+CVE-2018-2004 (IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cr ...)
+	TODO: check
 CVE-2018-2003
 	RESERVED
 CVE-2018-2002
@@ -78688,8 +78725,8 @@ CVE-2018-1963
 	RESERVED
 CVE-2018-1962 (IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalid ...)
 	NOT-FOR-US: IBM
-CVE-2018-1961
-	RESERVED
+CVE-2018-1961 (IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose se ...)
+	TODO: check
 CVE-2018-1960
 	RESERVED
 CVE-2018-1959 (IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ceb4a245deff2dec929b224be4bce6c33118a2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ceb4a245deff2dec929b224be4bce6c33118a2a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190429/8647737f/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list