[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jul 6 09:10:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3efc21db by security tracker role at 2019-07-06T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-13360
+	RESERVED
+CVE-2019-13359
+	RESERVED
+CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows  ...)
+	TODO: check
+CVE-2019-13357
+	RESERVED
+CVE-2019-13356
+	RESERVED
+CVE-2019-13355
+	RESERVED
+CVE-2019-13354
+	RESERVED
+CVE-2019-13353
+	RESERVED
+CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic  ...)
+	TODO: check
+CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as dist ...)
+	TODO: check
 CVE-2019-13350
 	RESERVED
 CVE-2019-13349
@@ -955,8 +975,8 @@ CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) libr
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24689
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
 	NOTE: binutils not covered by security support
-CVE-2019-12971
-	RESERVED
+CVE-2019-12971 (BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload ...)
+	TODO: check
 CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...)
 	- squirrelmail <removed>
 	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt
@@ -6969,12 +6989,10 @@ CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Re
 CVE-2019-10640 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
 	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10639
-	RESERVED
+CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows I ...)
 	- linux 4.19.37-1
 	NOTE: https://arxiv.org/pdf/1906.10478.pdf
-CVE-2019-10638
-	RESERVED
+CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by an attack ...)
 	- linux <unfixed>
 	NOTE: https://arxiv.org/pdf/1906.10478.pdf
 CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
@@ -30642,14 +30660,14 @@ CVE-2019-1935
 	RESERVED
 CVE-2019-1934
 	RESERVED
-CVE-2019-1933
-	RESERVED
-CVE-2019-1932
-	RESERVED
-CVE-2019-1931
-	RESERVED
-CVE-2019-1930
-	RESERVED
+CVE-2019-1933 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
+	TODO: check
+CVE-2019-1932 (A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoin ...)
+	TODO: check
+CVE-2019-1931 (Multiple vulnerabilities in the RSS dashboard in the web-based managem ...)
+	TODO: check
+CVE-2019-1930 (Multiple vulnerabilities in the RSS dashboard in the web-based managem ...)
+	TODO: check
 CVE-2019-1929
 	RESERVED
 CVE-2019-1928
@@ -30664,10 +30682,10 @@ CVE-2019-1924
 	RESERVED
 CVE-2019-1923
 	RESERVED
-CVE-2019-1922
-	RESERVED
-CVE-2019-1921
-	RESERVED
+CVE-2019-1922 (A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 ...)
+	TODO: check
+CVE-2019-1921 (A vulnerability in the attachment scanning of Cisco AsyncOS Software f ...)
+	TODO: check
 CVE-2019-1920
 	RESERVED
 CVE-2019-1919
@@ -30686,12 +30704,12 @@ CVE-2019-1913
 	RESERVED
 CVE-2019-1912
 	RESERVED
-CVE-2019-1911
-	RESERVED
+CVE-2019-1911 (A vulnerability in the CLI of Cisco Unified Communications Domain Mana ...)
+	TODO: check
 CVE-2019-1910
 	RESERVED
-CVE-2019-1909
-	RESERVED
+CVE-2019-1909 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
+	TODO: check
 CVE-2019-1908
 	RESERVED
 CVE-2019-1907
@@ -30720,22 +30738,22 @@ CVE-2019-1896
 	RESERVED
 CVE-2019-1895
 	RESERVED
-CVE-2019-1894
-	RESERVED
-CVE-2019-1893
-	RESERVED
-CVE-2019-1892
-	RESERVED
-CVE-2019-1891
-	RESERVED
+CVE-2019-1894 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
+	TODO: check
+CVE-2019-1893 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
+	TODO: check
+CVE-2019-1892 (A vulnerability in the Secure Sockets Layer (SSL) input packet process ...)
+	TODO: check
+CVE-2019-1891 (A vulnerability in the web interface of Cisco Small Business 200, 300, ...)
+	TODO: check
 CVE-2019-1890 (A vulnerability in the fabric infrastructure VLAN connection establish ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1889 (A vulnerability in the REST API for software device management in Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1888
 	RESERVED
-CVE-2019-1887
-	RESERVED
+CVE-2019-1887 (A vulnerability in the Session Initiation Protocol (SIP) protocol impl ...)
+	TODO: check
 CVE-2019-1886 (A vulnerability in the HTTPS decryption feature of Cisco Web Security  ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1885
@@ -44024,8 +44042,8 @@ CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote atta
 	NOT-FOR-US: e107
 CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF v ...)
 	NOT-FOR-US: Elefant CMS
-CVE-2018-16386
-	RESERVED
+CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log i ...)
+	TODO: check
 CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...)
@@ -48051,8 +48069,8 @@ CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-
 	NOT-FOR-US: cloudwu PBC
 CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite  ...)
 	NOT-FOR-US: Hitachi
-CVE-2018-14733
-	RESERVED
+CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header module makes ...)
+	TODO: check
 CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 all ...)
 	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
 	- linux 4.17.14-1
@@ -48798,10 +48816,10 @@ CVE-2018-14531 (An issue was discovered in Bento4 1.5.1-624. There is an unspeci
 	NOT-FOR-US: Bento4
 CVE-2018-14530
 	RESERVED
-CVE-2018-14529
-	RESERVED
-CVE-2018-14528
-	RESERVED
+CVE-2018-14529 (Invoxia NVX220 devices allow access to /bin/sh via escape from a restr ...)
+	TODO: check
+CVE-2018-14528 (Invoxia NVX220 devices allow TELNET access as admin with a default pas ...)
+	TODO: check
 CVE-2018-14527 (Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection m ...)
 	NOT-FOR-US: Xiao5uCompany
 CVE-2018-14526 (An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 throug ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3efc21db029b1a199be0aa66b7883d10a9133b79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3efc21db029b1a199be0aa66b7883d10a9133b79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190706/5977ff6b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list