[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jul 12 21:10:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a8f2e0a by security tracker role at 2019-07-12T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-13575
+	RESERVED
 CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...)
 	- ruby-mini-magick <unfixed> (bug #931932)
 CVE-2019-13573
@@ -1295,8 +1297,8 @@ CVE-2019-13029 (Multiple stored Cross-site scripting (XSS) issues in the admin p
 	NOT-FOR-US: REDCap
 CVE-2019-13028 (An incorrect implementation of a local web server in eID client (Windo ...)
 	NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic)
-CVE-2019-13027
-	RESERVED
+CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has S ...)
+	TODO: check
 CVE-2019-13026
 	RESERVED
 CVE-2019-13025
@@ -2106,8 +2108,8 @@ CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows
 	NOTE: neovim pull request: https://github.com/neovim/neovim/pull/10082
 CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby allows XSS. ...)
 	NOT-FOR-US: Chartkick Ruby gem
-CVE-2019-12731
-	RESERVED
+CVE-2019-12731 (The Windows versions of Snapview Mikogo, versions before 5.10.2 are af ...)
+	TODO: check
 CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not ...)
 	{DSA-4449-1}
 	- ffmpeg <unfixed> (low)
@@ -5567,22 +5569,22 @@ CVE-2019-11393 (An issue was discovered in /admin/users/update in M/Monit before
 	NOT-FOR-US: M/Monit
 CVE-2019-11392 (BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndic ...)
 	NOT-FOR-US: BlogEngine.NET
-CVE-2019-11391 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
+CVE-2019-11391 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
 	- modsecurity-crs <unfixed> (unimportant; bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
 	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
 	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
-CVE-2019-11390 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
+CVE-2019-11390 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
 	- modsecurity-crs <unfixed> (unimportant; bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358
 	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
 	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
-CVE-2019-11389 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
+CVE-2019-11389 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
 	- modsecurity-crs <unfixed> (unimportant; bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356
 	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
 	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
-CVE-2019-11388 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
+CVE-2019-11388 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
 	- modsecurity-crs <unfixed> (unimportant; bug #928053)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354
 	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
@@ -5666,8 +5668,8 @@ CVE-2019-11365 (An issue was discovered in atftpd in atftp 0.7.1. A remote attac
 	- atftp 0.7.git20120829-3.1 (bug #927553)
 	NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
 	NOTE: https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/
-CVE-2019-11360
-	RESERVED
+CVE-2019-11360 (A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allo ...)
+	TODO: check
 CVE-2019-11359 (Cross-site scripting (XSS) vulnerability in display.php in I, Libraria ...)
 	- i-librarian <itp> (bug #649291)
 CVE-2019-11357
@@ -5945,8 +5947,8 @@ CVE-2019-11244 (In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl i
 CVE-2019-11243 (In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientCon ...)
 	- kubernetes <not-affected> (Only affects v1.12.0-v1.12.4 and v1.13.0 upstream)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/76797
-CVE-2019-11242
-	RESERVED
+CVE-2019-11242 (A man-in-the-middle vulnerability related to vCenter access was found  ...)
+	TODO: check
 CVE-2019-11241
 	RESERVED
 CVE-2019-11240
@@ -9463,14 +9465,14 @@ CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS).
 	- gitea <removed>
 CVE-2019-1010313
 	RESERVED
-CVE-2019-1010312
-	RESERVED
-CVE-2019-1010311
-	RESERVED
-CVE-2019-1010310
-	RESERVED
-CVE-2019-1010309
-	RESERVED
+CVE-2019-1010312 (Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Ove ...)
+	TODO: check
+CVE-2019-1010311 (Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site ...)
+	TODO: check
+CVE-2019-1010310 (GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection  ...)
+	TODO: check
+CVE-2019-1010309 (pacman prior to version 5.1.3 is affected by: Directory Traversal. The ...)
+	TODO: check
 CVE-2019-1010308
 	RESERVED
 CVE-2019-1010307
@@ -12627,8 +12629,8 @@ CVE-2019-9000
 	RESERVED
 CVE-2019-8999 (An XML External Entity vulnerability in the UEM Core of BlackBerry UEM ...)
 	NOT-FOR-US: BlackBerry
-CVE-2019-8998
-	RESERVED
+CVE-2019-8998 (An information disclosure vulnerability leading to a potential local e ...)
+	TODO: check
 CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...)
 	NOT-FOR-US: BlackBerry
 CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a8f2e0a0de3ca4f626393f034f6fc34a57be88c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a8f2e0a0de3ca4f626393f034f6fc34a57be88c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190712/de6ff1fa/attachment.html>

More information about the debian-security-tracker-commits mailing list