[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 2 21:11:04 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3ad6017e by security tracker role at 2019-08-02T20:10:44Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-14535
+ RESERVED
+CVE-2019-14534
+ RESERVED
+CVE-2019-14533
+ RESERVED
+CVE-2019-14532 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...)
+ TODO: check
+CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out ...)
+ TODO: check
+CVE-2019-14530
+ RESERVED
+CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...)
+ TODO: check
+CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...)
+ TODO: check
+CVE-2019-14527
+ RESERVED
+CVE-2019-14526
+ RESERVED
+CVE-2019-14525
+ RESERVED
+CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
+ TODO: check
+CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
+ TODO: check
CVE-2019-14522
RESERVED
CVE-2019-14521
@@ -350,170 +376,170 @@ CVE-2017-18465
RESERVED
CVE-2017-18464
RESERVED
-CVE-2017-18463
- RESERVED
+CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of the root ...)
+ TODO: check
CVE-2017-18462
RESERVED
-CVE-2017-18461
- RESERVED
-CVE-2017-18460
- RESERVED
-CVE-2017-18459
- RESERVED
-CVE-2017-18458
- RESERVED
-CVE-2017-18457
- RESERVED
-CVE-2017-18456
- RESERVED
-CVE-2017-18455
- RESERVED
-CVE-2017-18454
- RESERVED
-CVE-2017-18453
- RESERVED
-CVE-2017-18452
- RESERVED
-CVE-2017-18451
- RESERVED
-CVE-2017-18450
- RESERVED
-CVE-2017-18449
- RESERVED
-CVE-2017-18448
- RESERVED
-CVE-2017-18447
- RESERVED
-CVE-2017-18446
- RESERVED
-CVE-2017-18445
- RESERVED
-CVE-2017-18444
- RESERVED
-CVE-2017-18443
- RESERVED
-CVE-2017-18442
- RESERVED
-CVE-2017-18441
- RESERVED
-CVE-2017-18440
- RESERVED
-CVE-2017-18439
- RESERVED
-CVE-2017-18438
- RESERVED
-CVE-2017-18437
- RESERVED
-CVE-2017-18436
- RESERVED
-CVE-2017-18435
- RESERVED
-CVE-2017-18434
- RESERVED
-CVE-2017-18433
- RESERVED
-CVE-2017-18432
- RESERVED
-CVE-2017-18431
- RESERVED
-CVE-2017-18430
- RESERVED
-CVE-2017-18429
- RESERVED
-CVE-2017-18428
- RESERVED
-CVE-2017-18427
- RESERVED
-CVE-2017-18426
- RESERVED
-CVE-2017-18425
- RESERVED
-CVE-2017-18424
- RESERVED
-CVE-2017-18423
- RESERVED
-CVE-2017-18422
- RESERVED
-CVE-2017-18421
- RESERVED
-CVE-2017-18420
- RESERVED
-CVE-2017-18419
- RESERVED
-CVE-2017-18418
- RESERVED
-CVE-2017-18417
- RESERVED
-CVE-2017-18416
- RESERVED
-CVE-2017-18415
- RESERVED
-CVE-2017-18414
- RESERVED
-CVE-2017-18413
- RESERVED
-CVE-2017-18412
- RESERVED
-CVE-2017-18411
- RESERVED
-CVE-2017-18410
- RESERVED
-CVE-2017-18409
- RESERVED
-CVE-2017-18408
- RESERVED
-CVE-2017-18407
- RESERVED
-CVE-2017-18406
- RESERVED
-CVE-2017-18405
- RESERVED
-CVE-2017-18404
- RESERVED
-CVE-2017-18403
- RESERVED
-CVE-2017-18402
- RESERVED
-CVE-2017-18401
- RESERVED
-CVE-2017-18400
- RESERVED
-CVE-2017-18399
- RESERVED
-CVE-2017-18398
- RESERVED
-CVE-2017-18397
- RESERVED
-CVE-2017-18396
- RESERVED
-CVE-2017-18395
- RESERVED
-CVE-2017-18394
- RESERVED
-CVE-2017-18393
- RESERVED
-CVE-2017-18392
- RESERVED
-CVE-2017-18391
- RESERVED
-CVE-2017-18390
- RESERVED
-CVE-2017-18389
- RESERVED
-CVE-2017-18388
- RESERVED
-CVE-2017-18387
- RESERVED
-CVE-2017-18386
- RESERVED
-CVE-2017-18385
- RESERVED
-CVE-2017-18384
- RESERVED
-CVE-2017-18383
- RESERVED
-CVE-2017-18382
- RESERVED
+CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy questio ...)
+ TODO: check
+CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during automatic ...)
+ TODO: check
+CVE-2017-18459 (cPanel before 62.0.17 allows arbitrary code execution during account m ...)
+ TODO: check
+CVE-2017-18458 (cPanel before 62.0.17 allows file overwrite when renaming an account ( ...)
+ TODO: check
+CVE-2017-18457 (cPanel before 62.0.17 allows arbitrary file-read operations via WHM /s ...)
+ TODO: check
+CVE-2017-18456 (cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity ...)
+ TODO: check
+CVE-2017-18455 (In cPanel before 62.0.17, addon domain conversion did not require a pa ...)
+ TODO: check
+CVE-2017-18454 (cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install in ...)
+ TODO: check
+CVE-2017-18453 (cPanel before 64.0.21 does not preserve supplemental groups across acc ...)
+ TODO: check
+CVE-2017-18452 (cPanel before 64.0.21 allows code execution via Rails configuration fi ...)
+ TODO: check
+CVE-2017-18451 (cPanel before 64.0.21 allows attackers to read a user's crontab file d ...)
+ TODO: check
+CVE-2017-18450 (cPanel before 64.0.21 allows certain file-chmod operations via /script ...)
+ TODO: check
+CVE-2017-18449 (cPanel before 64.0.21 allows certain file-rename operations in the con ...)
+ TODO: check
+CVE-2017-18448 (cPanel before 64.0.21 allows certain file-read operations via a Server ...)
+ TODO: check
+CVE-2017-18447 (cPanel before 64.0.21 allows demo accounts to execute code via the Cla ...)
+ TODO: check
+CVE-2017-18446 (cPanel before 64.0.21 allows file-read and file-write operations for d ...)
+ TODO: check
+CVE-2017-18445 (cPanel before 64.0.21 does not enforce demo restrictions for SSL API c ...)
+ TODO: check
+CVE-2017-18444 (cPanel before 64.0.21 allows demo accounts to execute SSH API commands ...)
+ TODO: check
+CVE-2017-18443 (cPanel before 64.0.21 allows demo and suspended accounts to use SSH po ...)
+ TODO: check
+CVE-2017-18442 (cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI AP ...)
+ TODO: check
+CVE-2017-18441 (cPanel before 64.0.21 allows demo accounts to redirect web traffic (SE ...)
+ TODO: check
+CVE-2017-18440 (cPanel before 64.0.21 allows demo users to execute traceroute via api2 ...)
+ TODO: check
+CVE-2017-18439 (cPanel before 64.0.21 allows demo accounts to execute code via an Imag ...)
+ TODO: check
+CVE-2017-18438 (cPanel before 64.0.21 allows demo accounts to execute code via Encodin ...)
+ TODO: check
+CVE-2017-18437 (cPanel before 64.0.21 allows a Webmail account to execute code via for ...)
+ TODO: check
+CVE-2017-18436 (cPanel before 64.0.21 allows demo accounts to read files via a Fileman ...)
+ TODO: check
+CVE-2017-18435 (cPanel before 64.0.21 allows demo accounts to execute code via the Box ...)
+ TODO: check
+CVE-2017-18434 (cPanel before 64.0.21 allows code execution in the context of the root ...)
+ TODO: check
+CVE-2017-18433 (cPanel before 64.0.21 allows code execution by webmail and demo accoun ...)
+ TODO: check
+CVE-2017-18432 (In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a ...)
+ TODO: check
+CVE-2017-18431 (cPanel before 66.0.1 does not reliably perform suspend/unsuspend opera ...)
+ TODO: check
+CVE-2017-18430 (In cPanel before 66.0.2, user and group ownership may be incorrectly s ...)
+ TODO: check
+CVE-2017-18429 (In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persis ...)
+ TODO: check
+CVE-2017-18428 (In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily ...)
+ TODO: check
+CVE-2017-18427 (In cPanel before 66.0.2, weak log-file permissions can occur after acc ...)
+ TODO: check
+CVE-2017-18426 (cPanel before 66.0.2 allows resellers to read other accounts' domain l ...)
+ TODO: check
+CVE-2017-18425 (In cPanel before 66.0.2, the cpdavd_error_log file can be created with ...)
+ TODO: check
+CVE-2017-18424 (In cPanel before 66.0.2, the Apache HTTP Server configuration file is ...)
+ TODO: check
+CVE-2017-18423 (In cPanel before 66.0.2, domain log files become readable after log pr ...)
+ TODO: check
+CVE-2017-18422 (In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog owne ...)
+ TODO: check
+CVE-2017-18421 (cPanel before 66.0.2 allows demo accounts to create databases and user ...)
+ TODO: check
+CVE-2017-18420 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing ...)
+ TODO: check
+CVE-2017-18419 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallat ...)
+ TODO: check
+CVE-2017-18418 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operat ...)
+ TODO: check
+CVE-2017-18417 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons installatio ...)
+ TODO: check
+CVE-2017-18416 (cPanel before 67.9999.103 allows arbitrary file-overwrite operations d ...)
+ TODO: check
+CVE-2017-18415 (cPanel before 67.9999.103 allows code execution in the context of the ...)
+ TODO: check
+CVE-2017-18414 (cPanel before 67.9999.103 allows an open redirect in /unprotected/redi ...)
+ TODO: check
+CVE-2017-18413 (In cPanel before 67.9999.103, the backup system overwrites root's home ...)
+ TODO: check
+CVE-2017-18412 (cPanel before 67.9999.103 allows Apache HTTP Server log files to becom ...)
+ TODO: check
+CVE-2017-18411 (The "addon domain conversion" feature in cPanel before 67.9999.103 can ...)
+ TODO: check
+CVE-2017-18410 (In cPanel before 67.9999.103, a user account's backup archive could co ...)
+ TODO: check
+CVE-2017-18409 (In cPanel before 67.9999.103, the backup interface could return a back ...)
+ TODO: check
+CVE-2017-18408 (cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Chan ...)
+ TODO: check
+CVE-2017-18407 (cPanel before 67.9999.103 does not enforce SSL hostname verification f ...)
+ TODO: check
+CVE-2017-18406 (cPanel before 67.9999.103 allows SQL injection during eximstats proces ...)
+ TODO: check
+CVE-2017-18405 (cPanel before 68.0.15 allows arbitrary file-read operations because of ...)
+ TODO: check
+CVE-2017-18404 (cPanel before 68.0.15 allows domain data to be deleted for domains wit ...)
+ TODO: check
+CVE-2017-18403 (cPanel before 68.0.15 allows code execution in the context of the nobo ...)
+ TODO: check
+CVE-2017-18402 (cPanel before 68.0.15 allows stored XSS during a cpaddons moderated up ...)
+ TODO: check
+CVE-2017-18401 (cPanel before 68.0.15 allows user accounts to be partially created wit ...)
+ TODO: check
+CVE-2017-18400 (cPanel before 68.0.15 allows local root code execution via cpdavd (SEC ...)
+ TODO: check
+CVE-2017-18399 (cPanel before 68.0.15 allows attackers to read root's crontab file dur ...)
+ TODO: check
+CVE-2017-18398 (DnsUtils in cPanel before 68.0.15 allows zone creation for hostname an ...)
+ TODO: check
+CVE-2017-18397 (cPanel before 68.0.15 does not preserve permissions for local backup t ...)
+ TODO: check
+CVE-2017-18396 (cPanel before 68.0.15 allows arbitrary file-read operations via Exim v ...)
+ TODO: check
+CVE-2017-18395 (cPanel before 68.0.15 does not block a username of ssl (SEC-328). ...)
+ TODO: check
+CVE-2017-18394 (cPanel before 68.0.15 does not have a sufficient list of reserved user ...)
+ TODO: check
+CVE-2017-18393 (cPanel before 68.0.15 does not block a username of postmaster, which m ...)
+ TODO: check
+CVE-2017-18392 (cPanel before 68.0.15 allows collisions because PostgreSQL databases c ...)
+ TODO: check
+CVE-2017-18391 (cPanel before 68.0.15 allows attackers to read backup files because th ...)
+ TODO: check
+CVE-2017-18390 (cPanel before 68.0.15 allows code execution in the context of the root ...)
+ TODO: check
+CVE-2017-18389 (cPanel before 68.0.15 allows string format injection in dovecot-xaps-p ...)
+ TODO: check
+CVE-2017-18388 (cPanel before 68.0.15 can perform unsafe file operations because Jails ...)
+ TODO: check
+CVE-2017-18387 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
+ TODO: check
+CVE-2017-18386 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
+ TODO: check
+CVE-2017-18385 (cPanel before 68.0.15 allows unprivileged users to access restricted d ...)
+ TODO: check
+CVE-2017-18384 (cPanel before 68.0.15 allows jailed accounts to restore files that are ...)
+ TODO: check
+CVE-2017-18383 (cPanel before 68.0.15 writes home-directory backups to an incorrect lo ...)
+ TODO: check
+CVE-2017-18382 (cPanel before 68.0.15 allows use of an unreserved e-mail address in DN ...)
+ TODO: check
CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the ...)
NOT-FOR-US: cPanel
CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...)
@@ -1305,8 +1331,7 @@ CVE-2019-14237
RESERVED
CVE-2019-14236
RESERVED
-CVE-2019-14235 [Potential memory exhaustion in django.utils.encoding.uri_to_iri()]
- RESERVED
+CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x)
@@ -1317,14 +1342,12 @@ CVE-2019-14234 [SQL injection possibility in key and index lookups for JSONField
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x)
NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x)
-CVE-2019-14233 [the behavior of the underlying HTMLParser leading to DoS]
- RESERVED
+CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x)
NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x)
-CVE-2019-14232 [backtracking in a regular expression in django.utils.text.Truncator leads to DoS]
- RESERVED
+CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x)
@@ -8381,7 +8404,7 @@ CVE-2019-11732
CVE-2019-11731
RESERVED
CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTML file ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8458,7 +8481,7 @@ CVE-2019-11718 (Activity Stream can display content from sent from the Snippet S
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718
CVE-2019-11717 (A vulnerability exists where the caret ("^") character is improperly e ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8469,7 +8492,7 @@ CVE-2019-11716 (Until explicitly accessed by script, window.globalThis is not en
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716
CVE-2019-11715 (Due to an error while parsing page content, it is possible for properl ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8480,7 +8503,7 @@ CVE-2019-11714 (Necko can access a child on the wrong thread during UDP connecti
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714
CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8488,7 +8511,7 @@ CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a cached
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11713
CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that receive a sta ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8496,7 +8519,7 @@ CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that receive
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11712
CVE-2019-11711 (When an inner window is reused, it does not consider the use of docume ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8507,7 +8530,7 @@ CVE-2019-11710 (Mozilla developers and community members reported memory safety
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710
CVE-2019-11709 (Mozilla developers and community members reported memory safety bugs p ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -10529,8 +10552,8 @@ CVE-2019-10963
RESERVED
CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1. ...)
NOT-FOR-US: BD Alaris Gateway
-CVE-2019-10961
- RESERVED
+CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
+ TODO: check
CVE-2019-10960
RESERVED
CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
@@ -10575,8 +10598,8 @@ CVE-2019-10940
RESERVED
CVE-2019-10939
RESERVED
-CVE-2019-10938
- RESERVED
+CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communication ...)
+ TODO: check
CVE-2019-10937
RESERVED
CVE-2019-10936
@@ -12490,8 +12513,7 @@ CVE-2019-10178
RESERVED
CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in the PDF ...)
NOT-FOR-US: Red Hat CloudForms
-CVE-2019-10176
- RESERVED
+CVE-2019-10176 (A flaw was found in OpenShift Container Platform, versions 3.11 and la ...)
NOT-FOR-US: OpenShift
CVE-2019-10175 (A flaw was found in the containerized-data-importer in virt-cdi-cloner ...)
NOT-FOR-US: KubeVirt
@@ -12505,30 +12527,26 @@ CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 intro
NOTE: Regression introduced and present only in 1.4.10.
CVE-2019-10172
RESERVED
-CVE-2019-10171
- RESERVED
+CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base, versions ...)
- 389-ds-base <not-affected> (Incomplete RHEL backport)
CVE-2019-10170
RESERVED
CVE-2019-10169
RESERVED
-CVE-2019-10168 [arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs]
- RESERVED
+CVE-2019-10168 (The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ...)
- libvirt 5.0.0-4
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720118
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bf6c2830b6c338b1f5699b095df36f374777b291
-CVE-2019-10167 [arbitrary command execution via virConnectGetDomainCapabilities API]
- RESERVED
+CVE-2019-10167 (The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...)
{DSA-4469-1 DLA-1832-1}
- libvirt 5.0.0-4
NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720117
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26
-CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed to readonly clients]
- RESERVED
+CVE-2019-10166 (It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ...)
- libvirt 5.0.0-4
[stretch] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
[jessie] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
@@ -12793,12 +12811,10 @@ CVE-2019-10096
RESERVED
CVE-2019-10095
RESERVED
-CVE-2019-10094 [StackOverflow from Crafted Package/Compressed Files in Apache Tika's RecursiveParserWrapper]
- RESERVED
+CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...)
- tika <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4
-CVE-2019-10093 [Denial of Service in Apache Tika's 2003ml and 2006ml Parsers]
- RESERVED
+CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file ...)
- tika <unfixed> (bug #933745)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3
CVE-2019-10092
@@ -12809,8 +12825,7 @@ CVE-2019-10090
RESERVED
CVE-2019-10089
RESERVED
-CVE-2019-10088 [OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper]
- RESERVED
+CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...)
- tika <unfixed> (bug #933744)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
CVE-2019-10087
@@ -14371,7 +14386,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus
CVE-2019-9812
RESERVED
CVE-2019-9811 (As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -16193,8 +16208,8 @@ CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursio
NOTE: https://github.com/Exiv2/exiv2/issues/711
CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...)
NOT-FOR-US: b3log Symphony (aka Sym)
-CVE-2019-9141
- RESERVED
+CVE-2019-9141 (ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains ...)
+ TODO: check
CVE-2019-9140 (When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earl ...)
TODO: check
CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
@@ -25346,8 +25361,8 @@ CVE-2019-5503
RESERVED
CVE-2019-5502
RESERVED
-CVE-2019-5501
- RESERVED
+CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...)
+ TODO: check
CVE-2019-5500
RESERVED
CVE-2019-5499
@@ -25362,8 +25377,8 @@ CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows p
NOT-FOR-US: OnCommand Unified Manager for VMware vSphere, Linux and Windows / Netapp
CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...)
NOT-FOR-US: OnCommand Unified Manager 7-Mode / Netapp
-CVE-2019-5493
- RESERVED
+CVE-2019-5493 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptib ...)
+ TODO: check
CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...)
NOT-FOR-US: NetApp HCI Compute Node
CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...)
@@ -27911,8 +27926,8 @@ CVE-2019-4277
RESERVED
CVE-2019-4276
RESERVED
-CVE-2019-4275
- RESERVED
+CVE-2019-4275 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allo ...)
+ TODO: check
CVE-2019-4274
RESERVED
CVE-2019-4273
@@ -88595,8 +88610,8 @@ CVE-2018-1989
RESERVED
CVE-2018-1988
RESERVED
-CVE-2018-1987
- RESERVED
+CVE-2018-1987 (IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if ...)
+ TODO: check
CVE-2018-1986
RESERVED
CVE-2018-1985
@@ -206013,8 +206028,7 @@ CVE-2014-8186
REJECTED
CVE-2014-8185
REJECTED
-CVE-2014-8184 [stack-based buffer overflow in findTable()]
- RESERVED
+CVE-2014-8184 (A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A ...)
- liblouis 2.6.2-1 (bug #880621)
[jessie] - liblouis 2.5.3-3+deb8u1
[wheezy] - liblouis <not-affected> (Vulnerable code introduced in 2.5.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ad6017ecbc0b338dc53d26e798acda828cf9515
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ad6017ecbc0b338dc53d26e798acda828cf9515
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190802/d6278c0d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list