[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 30 08:10:28 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d6b76ec by security tracker role at 2019-01-30T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2019-7215
+ RESERVED
+CVE-2019-7214
+ RESERVED
+CVE-2019-7213
+ RESERVED
+CVE-2019-7212
+ RESERVED
+CVE-2019-7211
+ RESERVED
+CVE-2019-7210
+ RESERVED
+CVE-2019-7209
+ RESERVED
+CVE-2019-7208
+ RESERVED
+CVE-2019-7207
+ RESERVED
+CVE-2019-7206
+ RESERVED
+CVE-2019-7205
+ RESERVED
+CVE-2019-7204
+ RESERVED
+CVE-2019-7203
+ RESERVED
+CVE-2019-7202
+ RESERVED
+CVE-2019-7201
+ RESERVED
+CVE-2019-7200
+ RESERVED
+CVE-2019-7199
+ RESERVED
+CVE-2019-7198
+ RESERVED
+CVE-2019-7197
+ RESERVED
+CVE-2019-7196
+ RESERVED
+CVE-2019-7195
+ RESERVED
+CVE-2019-7194
+ RESERVED
+CVE-2019-7193
+ RESERVED
+CVE-2019-7192
+ RESERVED
+CVE-2019-7191
+ RESERVED
+CVE-2019-7190
+ RESERVED
+CVE-2019-7189
+ RESERVED
+CVE-2019-7188
+ RESERVED
+CVE-2019-7187
+ RESERVED
+CVE-2019-7186
+ RESERVED
+CVE-2019-7185
+ RESERVED
+CVE-2019-7184
+ RESERVED
+CVE-2019-7183
+ RESERVED
+CVE-2019-7182
+ RESERVED
+CVE-2019-7181
+ RESERVED
+CVE-2019-7180
+ RESERVED
+CVE-2019-7179
+ RESERVED
+CVE-2018-20747
+ RESERVED
+CVE-2018-20746
+ RESERVED
CVE-2019-7178
RESERVED
CVE-2019-7177
@@ -11637,6 +11715,7 @@ CVE-2019-2504 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...
- virtualbox 5.2.24-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2503 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1570-1}
- mysql-5.7 5.7.25-1 (bug #919817)
- mariadb-10.0 <removed>
NOTE: Fixed in MariaDB: 10.0.37
@@ -14374,8 +14453,8 @@ CVE-2018-19860
RESERVED
CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a relative ...)
NOT-FOR-US: OpenRefine
-CVE-2018-19858
- RESERVED
+CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack ...)
+ TODO: check
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player ...)
{DSA-4366-1}
- vlc 3.0.4-4 (bug #915760)
@@ -14578,8 +14657,8 @@ CVE-2018-19784 (The str_rot_pass function in ...)
NOT-FOR-US: PHP-Proxy
CVE-2018-19783
RESERVED
-CVE-2018-19782
- RESERVED
+CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET requests in ...)
+ TODO: check
CVE-2018-19781
RESERVED
CVE-2018-19780
@@ -18137,8 +18216,8 @@ CVE-2018-19442
RESERVED
CVE-2018-19441
RESERVED
-CVE-2018-19440
- RESERVED
+CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
+ TODO: check
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global ...)
NOT-FOR-US: Oracle
CVE-2018-19438
@@ -19794,8 +19873,8 @@ CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory lea
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
CVE-2018-18896
RESERVED
-CVE-2018-18895
- RESERVED
+CVE-2018-18895 (A version of Castor XML, as used in Cisco WebEx Meetings Server before ...)
+ TODO: check
CVE-2018-18894
RESERVED
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to ...)
@@ -23614,8 +23693,8 @@ CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...)
- hdf5 <undetermined>
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
-CVE-2018-17431
- RESERVED
+CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote ...)
+ TODO: check
CVE-2018-17430
RESERVED
CVE-2018-17429
@@ -24150,6 +24229,7 @@ CVE-2018-17200
RESERVED
CVE-2018-17199 [mod_session_cookie does not respect expiry time]
RESERVED
+ {DLA-1647-1}
- apache2 2.4.38-1 (bug #920303)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
NOTE: 2.4.x http://svn.apache.org/r1851409
@@ -29413,8 +29493,8 @@ CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ...)
NOT-FOR-US: Ericsson-LG iPECS NMS 30M
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...)
NOT-FOR-US: CeLa Link CLR-M20 devices
-CVE-2018-15136
- RESERVED
+CVE-2018-15136 (TitanHQ SpamTitan before 7.01 has Improper input validation. This ...)
+ TODO: check
CVE-2018-15135
RESERVED
CVE-2018-15134
@@ -35843,12 +35923,12 @@ CVE-2018-12613 (An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in whi
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-4/
CVE-2018-12612
RESERVED
-CVE-2018-12611
- RESERVED
-CVE-2018-12610
- RESERVED
-CVE-2018-12609
- RESERVED
+CVE-2018-12611 (OX App Suite 7.8.4 and earlier allows Directory Traversal. ...)
+ TODO: check
+CVE-2018-12610 (OX App Suite 7.8.4 and earlier allows Information Exposure. ...)
+ TODO: check
+CVE-2018-12609 (OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. ...)
+ TODO: check
CVE-2018-12608 (An issue was discovered in Docker Moby before 17.06.0. The Docker ...)
- docker.io 18.03.1+dfsg1-2
NOTE: https://github.com/moby/moby/pull/33182
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d6b76ec18f7a128cce70002a2d4717b0678e311
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d6b76ec18f7a128cce70002a2d4717b0678e311
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190130/66072d05/attachment.html>
More information about the debian-security-tracker-commits
mailing list