[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jan 23 20:10:36 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d759325 by security tracker role at 2019-01-23T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-6709
+	RESERVED
+CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the admin.php?mod=order state ...)
+	TODO: check
+CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state ...)
+	TODO: check
+CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For ...)
+	TODO: check
+CVE-2019-6705
+	RESERVED
+CVE-2019-6704
+	RESERVED
+CVE-2019-6703
+	RESERVED
+CVE-2019-6702
+	RESERVED
+CVE-2019-6701
+	RESERVED
+CVE-2019-6700
+	RESERVED
+CVE-2019-6699
+	RESERVED
+CVE-2019-6698
+	RESERVED
+CVE-2019-6697
+	RESERVED
+CVE-2019-6696
+	RESERVED
+CVE-2019-6695
+	RESERVED
+CVE-2019-6694
+	RESERVED
+CVE-2019-6693
+	RESERVED
+CVE-2019-6692
+	RESERVED
+CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the ...)
+	TODO: check
+CVE-2019-6690
+	RESERVED
 CVE-2018-1000997
 	NOT-FOR-US: Jenkins
 CVE-2019-6689
@@ -6701,14 +6741,14 @@ CVE-2019-3589
 	RESERVED
 CVE-2019-3588
 	RESERVED
-CVE-2019-3587
-	RESERVED
+CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client ...)
+	TODO: check
 CVE-2019-3586
 	RESERVED
 CVE-2019-3585
 	RESERVED
-CVE-2019-3584
-	RESERVED
+CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in ...)
+	TODO: check
 CVE-2019-3583
 	RESERVED
 CVE-2019-3582
@@ -8443,8 +8483,7 @@ CVE-2018-20247 (In Foxit Quick PDF Library (all versions prior to 16.12), issue
 	NOT-FOR-US: Foxit Quick PDF Library
 CVE-2018-20246
 	RESERVED
-CVE-2018-20245
-	RESERVED
+CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior ...)
 	NOT-FOR-US: Apache Airflow
 CVE-2018-20244
 	RESERVED
@@ -27113,8 +27152,8 @@ CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System Pla
 	NOT-FOR-US: Avaya Aura System Platform
 CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management ...)
 	NOT-FOR-US: Avaya
-CVE-2018-15614
-	RESERVED
+CVE-2018-15614 (A vulnerability in the one-x Portal component of IP Office could allow ...)
+	TODO: check
 CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime Config ...)
 	NOT-FOR-US: Avaya
 CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya Aura ...)
@@ -60579,11 +60618,9 @@ CVE-2017-17838
 	REJECTED
 CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...)
 	NOT-FOR-US: Apache DeltaSpike-JSF module
-CVE-2017-17836
-	RESERVED
+CVE-2017-17836 (In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature ...)
 	NOT-FOR-US: Apache Airflow
-CVE-2017-17835
-	RESERVED
+CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for ...)
 	NOT-FOR-US: Apache Airflow
 CVE-2017-17834
 	RESERVED
@@ -64796,8 +64833,8 @@ CVE-2018-2028
 	RESERVED
 CVE-2018-2027
 	RESERVED
-CVE-2018-2026
-	RESERVED
+CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments could ...)
+	TODO: check
 CVE-2018-2025
 	RESERVED
 CVE-2018-2024
@@ -65346,8 +65383,8 @@ CVE-2018-1753 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an e
 	NOT-FOR-US: IBM
 CVE-2018-1752
 	RESERVED
-CVE-2018-1751
-	RESERVED
+CVE-2018-1751 (IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker ...)
+	TODO: check
 CVE-2018-1750 (IBM Security Key Lifecycle Manager 3.0 specifies permissions for a ...)
 	NOT-FOR-US: IBM
 CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete ...)
@@ -75272,8 +75309,7 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP me
 	- irssi 1.0.5-1 (bug #879521)
 	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
 	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
-CVE-2017-15720
-	RESERVED
+CVE-2017-15720 (In Apache Airflow 1.8.2 and earlier, an authenticated user can execute ...)
 	NOT-FOR-US: Apache Airflow
 CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and ...)
 	NOT-FOR-US: Wicket jQuery UI



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d759325686fa91a10d846277b09bc698475cc0c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d759325686fa91a10d846277b09bc698475cc0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190123/7eb2e108/attachment.html>

More information about the debian-security-tracker-commits mailing list