[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 1 20:10:29 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da2b9a05 by security tracker role at 2019-02-01T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-7307
+ RESERVED
+CVE-2019-7306
+ RESERVED
+CVE-2019-7305
+ RESERVED
+CVE-2019-7304
+ RESERVED
+CVE-2019-7303
+ RESERVED
+CVE-2019-7302
+ RESERVED
+CVE-2019-7301 (Zen Load Balancer 3.10.1 allows remote authenticated admin users to ...)
+ TODO: check
+CVE-2019-7300 (Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2019-7299
+ RESERVED
+CVE-2017-18361 (In Pylons Colander through 1.6, the URL validator allows an attacker to ...)
+ TODO: check
CVE-2019-7298 (An issue was discovered on D-Link DIR-823G devices with firmware ...)
NOT-FOR-US: D-Link
CVE-2019-7297 (An issue was discovered on D-Link DIR-823G devices with firmware ...)
@@ -673,7 +693,7 @@ CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of
- zoneminder <unfixed> (bug #921001)
NOTE: https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2444
-CVE-2016-10741 [xfs: BUG_ON in __xfs_get_blocks() with xfstests generic/446]
+CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...)
- linux 4.9.6-1
NOTE: Fixed by: https://git.kernel.org/linus/04197b341f23b908193308b8d63d17ff23232598
CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1 allow remote ...)
@@ -1824,6 +1844,7 @@ CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) th
CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 ...)
NOT-FOR-US: TP-Link
CVE-2019-6486 (Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 ...)
+ {DSA-4380-1 DSA-4379-1}
- golang-1.12 1.12~beta2-2 (bug #920548)
- golang-1.11 1.11.5-1
- golang-1.10 <removed>
@@ -2472,6 +2493,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling
- svgpp 1.2.3+dfsg1-5 (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in ...)
+ {DLA-1656-1}
- agg <unfixed> (bug #919322)
- svgpp <unfixed> (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
@@ -8105,8 +8127,8 @@ CVE-2019-3606
RESERVED
CVE-2019-3605
RESERVED
-CVE-2019-3604
- RESERVED
+CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) ...)
+ TODO: check
CVE-2019-3603
RESERVED
CVE-2019-3602
@@ -11879,6 +11901,7 @@ CVE-2019-2539 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2019-2538 (Vulnerability in the Oracle Managed File Transfer component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2537 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1655-1}
- mysql-5.7 5.7.25-1 (bug #919817)
- mariadb-10.3 <unfixed> (bug #920933)
- mariadb-10.1 <removed>
@@ -11899,6 +11922,7 @@ CVE-2019-2531 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2019-2530 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2529 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1655-1}
- mysql-5.7 5.7.25-1 (bug #919817)
- mariadb-10.1 <removed>
- mariadb-10.0 <removed>
@@ -19893,8 +19917,8 @@ CVE-2018-19006
RESERVED
CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation ...)
NOT-FOR-US: Cscape
-CVE-2018-19004
- RESERVED
+CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds ...)
+ TODO: check
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to ...)
NOT-FOR-US: GE Mark
CVE-2018-19002
@@ -19925,8 +19949,8 @@ CVE-2018-18990
RESERVED
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
NOT-FOR-US: CX-One
-CVE-2018-18988
- RESERVED
+CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of ...)
+ TODO: check
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...)
NOT-FOR-US: VT-Designer
CVE-2018-18986
@@ -26394,36 +26418,36 @@ CVE-2018-16495
RESERVED
CVE-2018-16494
RESERVED
-CVE-2018-16493
- RESERVED
-CVE-2018-16492
- RESERVED
-CVE-2018-16491
- RESERVED
-CVE-2018-16490
- RESERVED
-CVE-2018-16489
- RESERVED
+CVE-2018-16493 (A path traversal vulnerability was found in module ...)
+ TODO: check
+CVE-2018-16492 (A prototype pollution vulnerability was found in module extend <2.0.2, ...)
+ TODO: check
+CVE-2018-16491 (A prototype pollution vulnerability was found in node.extend <1.1.7, ...)
+ TODO: check
+CVE-2018-16490 (A prototype pollution vulnerability was found in module mpath <0.5.1 ...)
+ TODO: check
+CVE-2018-16489 (A prototype pollution vulnerability was found in just-extend <4.0.0 ...)
+ TODO: check
CVE-2018-16488
RESERVED
-CVE-2018-16487
- RESERVED
-CVE-2018-16486
- RESERVED
-CVE-2018-16485
- RESERVED
-CVE-2018-16484
- RESERVED
-CVE-2018-16483
- RESERVED
-CVE-2018-16482
- RESERVED
-CVE-2018-16481
- RESERVED
-CVE-2018-16480
- RESERVED
-CVE-2018-16479
- RESERVED
+CVE-2018-16487 (A prototype pollution vulnerability was found in lodash <4.17.11 where ...)
+ TODO: check
+CVE-2018-16486 (A prototype pollution vulnerability was found in defaults-deep <=0.2.4 ...)
+ TODO: check
+CVE-2018-16485 (Path Traversal vulnerability in module m-server <1.4.1 allows ...)
+ TODO: check
+CVE-2018-16484 (A XSS vulnerability was found in module m-server <1.4.2 that allows ...)
+ TODO: check
+CVE-2018-16483 (A deficiency in the access control in module express-cart <=1.1.5 ...)
+ TODO: check
+CVE-2018-16482 (A server directory traversal vulnerability was found on node module ...)
+ TODO: check
+CVE-2018-16481 (A XSS vulnerability was found in html-page <=2.1.1 that allows ...)
+ TODO: check
+CVE-2018-16480 (A XSS vulnerability was found in module public <0.1.4 that allows ...)
+ TODO: check
+CVE-2018-16479 (Path traversal vulnerability in http-live-simulator <1.0.7 causes ...)
+ TODO: check
CVE-2018-16478 (A Path Traversal in simplehttpserver versions <=0.2.1 allows to list ...)
NOT-FOR-US: simplehttpserver
CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud ...)
@@ -26456,7 +26480,7 @@ CVE-2018-16470 (There is a possible DoS vulnerability in the multipart parser in
- ruby-rack <not-affected> (Only affects >= 2.0.4)
NOTE: Introduced by: https://github.com/rack/rack/commit/c43217a81917de03aa6ceb1aa485ae69b8bb4598 (2.0.4)
NOTE: Fixed by: https://github.com/rack/rack/commit/37c1160b2360074d20858792f23a7eb3afeabebd (2.0.6)
-CVE-2018-16469 (The merge.recursive function in the merge package v <1.2 can be ...)
+CVE-2018-16469 (The merge.recursive function in the merge package <1.2.1 can be ...)
NOT-FOR-US: merge package v
CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ...)
{DSA-4364-1}
@@ -28617,8 +28641,8 @@ CVE-2018-15619
RESERVED
CVE-2018-15618
RESERVED
-CVE-2018-15617
- RESERVED
+CVE-2018-15617 (A vulnerability in the "capro" (Call Processor) process component of ...)
+ TODO: check
CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System Platform ...)
NOT-FOR-US: Avaya Aura System Platform
CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management ...)
@@ -51247,7 +51271,7 @@ CVE-2018-7189
CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an ...)
NOT-FOR-US: Tiki
CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure ...)
- {DLA-1294-1}
+ {DSA-4380-1 DSA-4379-1 DLA-1294-1}
- golang-1.10 1.10.1-1
- golang-1.9 <removed> (bug #895663)
- golang-1.8 <removed> (bug #895664)
@@ -53081,6 +53105,7 @@ CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id ..
CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for ...)
NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before ...)
+ {DSA-4380-1}
- golang-1.10 1.10~rc2-1
- golang-1.9 1.9.4-1
- golang-1.8 <removed>
@@ -56587,8 +56612,8 @@ CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1
NOT-FOR-US: F5 BIG-IP
CVE-2018-5499
RESERVED
-CVE-2018-5498
- RESERVED
+CVE-2018-5498 (Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a ...)
+ TODO: check
CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...)
@@ -71106,8 +71131,8 @@ CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appl
NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...)
NOT-FOR-US: Q'center Virtual Appliance
-CVE-2018-0722
- RESERVED
+CVE-2018-0722 (Path Traversal vulnerability in Photo Station versions: 5.7.2 and ...)
+ TODO: check
CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and ...)
NOT-FOR-US: QNAP QTS
CVE-2018-0720
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2b9a0574e2055e95cb410162c0e3d6f652ed48
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2b9a0574e2055e95cb410162c0e3d6f652ed48
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190201/3cf3ee17/attachment.html>
More information about the debian-security-tracker-commits
mailing list