[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 16 08:10:38 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
278af59b by security tracker role at 2019-01-16T08:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,267 @@
+CVE-2019-6446 (An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle ...)
+ TODO: check
+CVE-2019-6445 (An issue was discovered in NTPsec before 1.1.3. An authenticated ...)
+ TODO: check
+CVE-2019-6444 (An issue was discovered in NTPsec before 1.1.3. process_control() in ...)
+ TODO: check
+CVE-2019-6443 (An issue was discovered in NTPsec before 1.1.3. Because of a bug in ...)
+ TODO: check
+CVE-2019-6442 (An issue was discovered in NTPsec before 1.1.3. An authenticated ...)
+ TODO: check
+CVE-2019-6441
+ RESERVED
+CVE-2019-6440 (Zemana AntiMalware before 3.0.658 Beta mishandles update logic. ...)
+ TODO: check
+CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through ...)
+ TODO: check
+CVE-2019-6438
+ RESERVED
+CVE-2019-6437
+ RESERVED
+CVE-2019-6436
+ RESERVED
+CVE-2019-6435
+ RESERVED
+CVE-2019-6434
+ RESERVED
+CVE-2019-6433
+ RESERVED
+CVE-2019-6432
+ RESERVED
+CVE-2019-6431
+ RESERVED
+CVE-2019-6430
+ RESERVED
+CVE-2019-6429
+ RESERVED
+CVE-2019-6428
+ RESERVED
+CVE-2019-6427
+ RESERVED
+CVE-2019-6426
+ RESERVED
+CVE-2019-6425
+ RESERVED
+CVE-2019-6424
+ RESERVED
+CVE-2019-6423
+ RESERVED
+CVE-2019-6422
+ RESERVED
+CVE-2019-6421
+ RESERVED
+CVE-2019-6420
+ RESERVED
+CVE-2019-6419
+ RESERVED
+CVE-2019-6418
+ RESERVED
+CVE-2019-6417
+ RESERVED
+CVE-2019-6416
+ RESERVED
+CVE-2019-6415
+ RESERVED
+CVE-2019-6414
+ RESERVED
+CVE-2019-6413
+ RESERVED
+CVE-2019-6412
+ RESERVED
+CVE-2019-6411
+ RESERVED
+CVE-2019-6410
+ RESERVED
+CVE-2019-6409
+ RESERVED
+CVE-2019-6408
+ RESERVED
+CVE-2019-6407
+ RESERVED
+CVE-2019-6406
+ RESERVED
+CVE-2019-6405
+ RESERVED
+CVE-2019-6404
+ RESERVED
+CVE-2019-6403
+ RESERVED
+CVE-2019-6402
+ RESERVED
+CVE-2019-6401
+ RESERVED
+CVE-2019-6400
+ RESERVED
+CVE-2019-6399
+ RESERVED
+CVE-2019-6398
+ RESERVED
+CVE-2019-6397
+ RESERVED
+CVE-2019-6396
+ RESERVED
+CVE-2019-6395
+ RESERVED
+CVE-2019-6394
+ RESERVED
+CVE-2019-6393
+ RESERVED
+CVE-2019-6392
+ RESERVED
+CVE-2019-6391
+ RESERVED
+CVE-2019-6390
+ RESERVED
+CVE-2019-6389
+ RESERVED
+CVE-2019-6388
+ RESERVED
+CVE-2019-6387
+ RESERVED
+CVE-2019-6386
+ RESERVED
+CVE-2019-6385
+ RESERVED
+CVE-2019-6384
+ RESERVED
+CVE-2019-6383
+ RESERVED
+CVE-2019-6382
+ RESERVED
+CVE-2019-6381
+ RESERVED
+CVE-2019-6380
+ RESERVED
+CVE-2019-6379
+ RESERVED
+CVE-2019-6378
+ RESERVED
+CVE-2019-6377
+ RESERVED
+CVE-2019-6376
+ RESERVED
+CVE-2019-6375
+ RESERVED
+CVE-2019-6374
+ RESERVED
+CVE-2019-6373
+ RESERVED
+CVE-2019-6372
+ RESERVED
+CVE-2019-6371
+ RESERVED
+CVE-2019-6370
+ RESERVED
+CVE-2019-6369
+ RESERVED
+CVE-2019-6368
+ RESERVED
+CVE-2019-6367
+ RESERVED
+CVE-2019-6366
+ RESERVED
+CVE-2019-6365
+ RESERVED
+CVE-2019-6364
+ RESERVED
+CVE-2019-6363
+ RESERVED
+CVE-2019-6362
+ RESERVED
+CVE-2019-6361
+ RESERVED
+CVE-2019-6360
+ RESERVED
+CVE-2019-6359
+ RESERVED
+CVE-2019-6358
+ RESERVED
+CVE-2019-6357
+ RESERVED
+CVE-2019-6356
+ RESERVED
+CVE-2019-6355
+ RESERVED
+CVE-2019-6354
+ RESERVED
+CVE-2019-6353
+ RESERVED
+CVE-2019-6352
+ RESERVED
+CVE-2019-6351
+ RESERVED
+CVE-2019-6350
+ RESERVED
+CVE-2019-6349
+ RESERVED
+CVE-2019-6348
+ RESERVED
+CVE-2019-6347
+ RESERVED
+CVE-2019-6346
+ RESERVED
+CVE-2019-6345
+ RESERVED
+CVE-2019-6344
+ RESERVED
+CVE-2019-6343
+ RESERVED
+CVE-2019-6342
+ RESERVED
+CVE-2019-6341
+ RESERVED
+CVE-2019-6340
+ RESERVED
+CVE-2019-6339
+ RESERVED
+CVE-2019-6338
+ RESERVED
+CVE-2019-6337
+ RESERVED
+CVE-2019-6336
+ RESERVED
+CVE-2019-6335
+ RESERVED
+CVE-2019-6334
+ RESERVED
+CVE-2019-6333
+ RESERVED
+CVE-2019-6332
+ RESERVED
+CVE-2019-6331
+ RESERVED
+CVE-2019-6330
+ RESERVED
+CVE-2019-6329
+ RESERVED
+CVE-2019-6328
+ RESERVED
+CVE-2019-6327
+ RESERVED
+CVE-2019-6326
+ RESERVED
+CVE-2019-6325
+ RESERVED
+CVE-2019-6324
+ RESERVED
+CVE-2019-6323
+ RESERVED
+CVE-2019-6322
+ RESERVED
+CVE-2019-6321
+ RESERVED
+CVE-2019-6320
+ RESERVED
+CVE-2019-6319
+ RESERVED
+CVE-2019-6318
+ RESERVED
+CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and ...)
+ TODO: check
+CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. ...)
+ TODO: check
+CVE-2016-10737 (Serendipity 2.0.4 has XSS via the serendipity_admin.php ...)
+ TODO: check
CVE-2019-XXXX [instability and crash due to crafted message flooding]
- mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bug #919249)
NOTE: https://github.com/mumble-voip/mumble/issues/3505
@@ -154,14 +418,14 @@ CVE-2019-6266
RESERVED
CVE-2019-6265
RESERVED
-CVE-2019-6264
- RESERVED
-CVE-2019-6263
- RESERVED
-CVE-2019-6262
- RESERVED
-CVE-2019-6261
- RESERVED
+CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...)
+ TODO: check
+CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...)
+ TODO: check
+CVE-2019-6262 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...)
+ TODO: check
+CVE-2019-6261 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...)
+ TODO: check
CVE-2019-6260
RESERVED
CVE-2019-6259 (An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL ...)
@@ -5863,14 +6127,14 @@ CVE-2019-3559
RESERVED
CVE-2019-3558
RESERVED
-CVE-2019-3557
- RESERVED
+CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly ...)
+ TODO: check
CVE-2019-3556
RESERVED
CVE-2019-3555
RESERVED
-CVE-2019-3554
- RESERVED
+CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when ...)
+ TODO: check
CVE-2019-3553
RESERVED
CVE-2019-3552
@@ -19439,66 +19703,66 @@ CVE-2019-0032
RESERVED
CVE-2019-0031
RESERVED
-CVE-2019-0030
- RESERVED
-CVE-2019-0029
- RESERVED
+CVE-2019-0030 (Juniper ATP uses DES and a hardcoded salt for password hashing, ...)
+ TODO: check
+CVE-2019-0029 (Juniper ATP Series Splunk credentials are logged in a file readable by ...)
+ TODO: check
CVE-2019-0028
RESERVED
-CVE-2019-0027
- RESERVED
-CVE-2019-0026
- RESERVED
-CVE-2019-0025
- RESERVED
-CVE-2019-0024
- RESERVED
-CVE-2019-0023
- RESERVED
-CVE-2019-0022
- RESERVED
-CVE-2019-0021
- RESERVED
-CVE-2019-0020
- RESERVED
+CVE-2019-0027 (A persistent cross-site scripting (XSS) vulnerability in the Snort ...)
+ TODO: check
+CVE-2019-0026 (A persistent cross-site scripting (XSS) vulnerability in the Zone ...)
+ TODO: check
+CVE-2019-0025 (A persistent cross-site scripting (XSS) vulnerability in RADIUS ...)
+ TODO: check
+CVE-2019-0024 (A persistent cross-site scripting (XSS) vulnerability in the Email ...)
+ TODO: check
+CVE-2019-0023 (A persistent cross-site scripting (XSS) vulnerability in the Golden VM ...)
+ TODO: check
+CVE-2019-0022 (Juniper ATP ships with hard coded credentials in the Cyphort Core ...)
+ TODO: check
+CVE-2019-0021 (On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are ...)
+ TODO: check
+CVE-2019-0020 (Juniper ATP ships with hard coded credentials in the Web Collector ...)
+ TODO: check
CVE-2019-0019
RESERVED
-CVE-2019-0018
- RESERVED
-CVE-2019-0017
- RESERVED
-CVE-2019-0016
- RESERVED
-CVE-2019-0015
- RESERVED
-CVE-2019-0014
- RESERVED
-CVE-2019-0013
- RESERVED
-CVE-2019-0012
- RESERVED
-CVE-2019-0011
- RESERVED
-CVE-2019-0010
- RESERVED
-CVE-2019-0009
- RESERVED
+CVE-2019-0018 (A persistent cross-site scripting (XSS) vulnerability in the file ...)
+ TODO: check
+CVE-2019-0017 (The Junos Space application, which allows Device Image files to be ...)
+ TODO: check
+CVE-2019-0016 (A malicious authenticated user may be able to delete a device from the ...)
+ TODO: check
+CVE-2019-0015 (A vulnerability in the SRX Series Service Gateway allows deleted ...)
+ TODO: check
+CVE-2019-0014 (On QFX and PTX Series, receipt of a malformed packet for J-Flow ...)
+ TODO: check
+CVE-2019-0013 (The routing protocol daemon (RPD) process will crash and restart when ...)
+ TODO: check
+CVE-2019-0012 (A Denial of Service (DoS) vulnerability in BGP in Juniper Networks ...)
+ TODO: check
+CVE-2019-0011 (The Junos OS kernel crashes after processing a specific incoming ...)
+ TODO: check
+CVE-2019-0010 (An SRX Series Service Gateway configured for Unified Threat Management ...)
+ TODO: check
+CVE-2019-0009 (On EX2300 and EX3400 series, high disk I/O operations may disrupt the ...)
+ TODO: check
CVE-2019-0008
RESERVED
-CVE-2019-0007
- RESERVED
-CVE-2019-0006
- RESERVED
-CVE-2019-0005
- RESERVED
-CVE-2019-0004
- RESERVED
-CVE-2019-0003
- RESERVED
-CVE-2019-0002
- RESERVED
-CVE-2019-0001
- RESERVED
+CVE-2019-0007 (The vMX Series software uses a predictable IP ID Sequence Number. This ...)
+ TODO: check
+CVE-2019-0006 (A certain crafted HTTP packet can trigger an uninitialized function ...)
+ TODO: check
+CVE-2019-0005 (On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter ...)
+ TODO: check
+CVE-2019-0004 (On Juniper ATP, the API key and the device key are logged in a file ...)
+ TODO: check
+CVE-2019-0003 (When a specific BGP flowspec configuration is enabled and upon receipt ...)
+ TODO: check
+CVE-2019-0002 (On EX2300 and EX3400 series, stateless firewall filter configuration ...)
+ TODO: check
+CVE-2019-0001 (Receipt of a malformed packet on MX Series devices with dynamic vlan ...)
+ TODO: check
CVE-2018-18250 (Icinga Web 2 before 2.6.2 allows parameters that break navigation ...)
- icingaweb2 2.6.2-1
NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt
@@ -26558,8 +26822,8 @@ CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive
NOT-FOR-US: Cisco
CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) ...)
NOT-FOR-US: Cisco
-CVE-2018-15463
- RESERVED
+CVE-2018-15463 (A vulnerability in the web-based management interface of Cisco ...)
+ TODO: check
CVE-2018-15462
RESERVED
CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...)
@@ -26604,8 +26868,8 @@ CVE-2018-15442 (A vulnerability in the update service of Cisco Webex Meetings De
NOT-FOR-US: Cisco
CVE-2018-15441 (A vulnerability in the web framework code of Cisco Prime License ...)
NOT-FOR-US: Cisco
-CVE-2018-15440
- RESERVED
+CVE-2018-15440 (A vulnerability in the web-based management interface of Cisco ...)
+ TODO: check
CVE-2018-15439 (A vulnerability in the Cisco Small Business Switches software could ...)
NOT-FOR-US: Cisco
CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco Prime ...)
@@ -28411,8 +28675,7 @@ CVE-2018-14663 (An issue has been found in PowerDNS DNSDist before 1.3.3 allowin
- dnsdist 1.3.3-1 (bug #913231)
[stretch] - dnsdist <no-dsa> (Minor issue)
NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
-CVE-2018-14662 [authenticated user with read only permissions can steal dm-crypt / LUKS key]
- RESERVED
+CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph users ...)
- ceph <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
@@ -47176,8 +47439,8 @@ CVE-2018-7605
RESERVED
CVE-2018-7604
RESERVED
-CVE-2018-7603
- RESERVED
+CVE-2018-7603 (In Drupal's 3rd party module search auto complete prior to versions ...)
+ TODO: check
CVE-2018-7602 (A remote code execution vulnerability exists within multiple ...)
{DSA-4180-1 DLA-1365-1}
- drupal7 <removed> (bug #896701)
@@ -51338,8 +51601,8 @@ CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of headers/tra
NOT-FOR-US: Facebook Proxygen
CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of ...)
NOT-FOR-US: Facebook Proxygen
-CVE-2018-6345
- RESERVED
+CVE-2018-6345 (The function number_format is vulnerable to a heap overflow issue when ...)
+ TODO: check
CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP packet ...)
NOT-FOR-US: Whatsapp
CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set before ...)
@@ -101529,8 +101792,7 @@ CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with permiss
CVE-2017-6925 (In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-CORE-2017-004
-CVE-2017-6924 [REST API can bypass comment approval - Access Bypass]
- RESERVED
+CVE-2017-6924 (In Drupal 8 prior to 8.3.7; When using the REST API, users without the ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6923 [Views - Access Bypass]
@@ -101544,8 +101806,7 @@ CVE-2017-6922 [Files uploaded by anonymous users into a private file system can
- drupal7 7.56-1 (bug #865498)
NOTE: https://www.drupal.org/SA-CORE-2017-003
NOTE: http://cgit.drupalcode.org/drupal/diff/?h=7.x&id=600c1346ed976e6f35fc2b0f907a7837f0f7c145&id2=9eebe462d1e93e785e6c028dc6cf689623c4d936
-CVE-2017-6921 [File REST resource does not properly validate]
- RESERVED
+CVE-2017-6921 (In Drupal 8 prior to 8.3.4; The file REST resource does not properly ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-CORE-2017-003
CVE-2017-6920 (Drupal core 8 before versions 8.3.4 allows remote attackers to execute ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/278af59bf22dd03414023022808dd4eab246c0fc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/278af59bf22dd03414023022808dd4eab246c0fc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190116/a25acbfe/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list