[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 8 08:10:23 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f6fc2ed by security tracker role at 2019-02-08T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-7634
+	RESERVED
+CVE-2019-7633
+	RESERVED
+CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow ...)
+	TODO: check
+CVE-2019-7631
+	RESERVED
+CVE-2019-7630
+	RESERVED
+CVE-2019-7629
+	RESERVED
+CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail ...)
+	TODO: check
 CVE-2019-7627
 	RESERVED
 CVE-2019-7626
@@ -544,8 +558,8 @@ CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attack
 	NOT-FOR-US: PHPMyWind
 CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in ...)
 	NOT-FOR-US: PHPMyWind
-CVE-2019-7401
-	RESERVED
+CVE-2019-7401 (NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based ...)
+	TODO: check
 CVE-2017-1000000
 	RESERVED
 CVE-2014-1000000
@@ -3417,8 +3431,8 @@ CVE-2019-6244 (An issue was discovered in UsualToolCMS 8.0. ...)
 	NOT-FOR-US: UsualToolCMS
 CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot password page (aka the ...)
 	NOT-FOR-US: Frog CMS
-CVE-2019-6242
-	RESERVED
+CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read ...)
+	TODO: check
 CVE-2019-6241
 	RESERVED
 CVE-2019-6240 [Arbitrary repo read in Gitlab project import]
@@ -3629,8 +3643,8 @@ CVE-2019-6141
 	RESERVED
 CVE-2019-6140
 	RESERVED
-CVE-2019-6139
-	RESERVED
+CVE-2019-6139 (Forcepoint User ID (FUID) server versions up to 1.2 have a remote ...)
+	TODO: check
 CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and ...)
 	NOT-FOR-US: libIEC61850
 CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in ...)
@@ -15211,28 +15225,28 @@ CVE-2019-1682
 	RESERVED
 CVE-2019-1681
 	RESERVED
-CVE-2019-1680
-	RESERVED
-CVE-2019-1679
-	RESERVED
-CVE-2019-1678
-	RESERVED
+CVE-2019-1680 (A vulnerability in Cisco Webex Business Suite could allow an ...)
+	TODO: check
+CVE-2019-1679 (A vulnerability in the web interface of Cisco TelePresence Conductor, ...)
+	TODO: check
+CVE-2019-1678 (A vulnerability in Cisco Meeting Server could allow an authenticated, ...)
+	TODO: check
 CVE-2019-1677 (A vulnerability in Cisco Webex Meetings for Android could allow an ...)
 	TODO: check
 CVE-2019-1676
 	RESERVED
-CVE-2019-1675
-	RESERVED
+CVE-2019-1675 (A vulnerability in the default configuration of the Cisco Aironet ...)
+	TODO: check
 CVE-2019-1674
 	RESERVED
 CVE-2019-1673
 	RESERVED
 CVE-2019-1672
 	RESERVED
-CVE-2019-1671
-	RESERVED
-CVE-2019-1670
-	RESERVED
+CVE-2019-1671 (A vulnerability in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2019-1670 (A vulnerability in the web-based management interface of Cisco Unified ...)
+	TODO: check
 CVE-2019-1669 (A vulnerability in the data acquisition (DAQ) component of Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1668 (A vulnerability in the chat feed feature of Cisco SocialMiner could ...)
@@ -15249,10 +15263,10 @@ CVE-2019-1663
 	RESERVED
 CVE-2019-1662
 	RESERVED
-CVE-2019-1661
-	RESERVED
-CVE-2019-1660
-	RESERVED
+CVE-2019-1661 (A vulnerability in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2019-1660 (A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco ...)
+	TODO: check
 CVE-2019-1659
 	RESERVED
 CVE-2019-1658 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -63140,7 +63154,7 @@ CVE-2017-17836 (In Apache Airflow 1.8.2 and earlier, an experimental Airflow fea
 CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for ...)
 	NOT-FOR-US: Apache Airflow
 CVE-2017-17834
-	RESERVED
+	REJECTED
 CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a ...)
 	{DLA-1364-1}
 	- openslp-dfsg <removed> (low)
@@ -69377,8 +69391,7 @@ CVE-2017-17461
 	REJECTED
 CVE-2017-17460
 	RESERVED
-CVE-2018-1340 [Secure flag missing from session cookie]
-	RESERVED
+CVE-2018-1340 (Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage ...)
 	- guacamole-client <unfixed> (bug #920796)
 	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
 	- guacamole <removed>
@@ -69562,8 +69575,7 @@ CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x a
 	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
-CVE-2018-1296
-	RESERVED
+CVE-2018-1296 (In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and ...)
 	- hadoop <itp> (bug #793644)
 CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism does not ...)
 	NOT-FOR-US: Apache Ignite



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f6fc2ed21cfd2504962d43bd0d649d72e9c98ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f6fc2ed21cfd2504962d43bd0d649d72e9c98ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190208/e7c4021a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list