[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 26 09:10:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e97043c8 by security tracker role at 2019-07-26T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-14282 (The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org ...)
+ TODO: check
+CVE-2019-14281 (The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, inclu ...)
+ TODO: check
+CVE-2019-14280 (In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't ...)
+ TODO: check
+CVE-2019-14279
+ RESERVED
+CVE-2019-14278
+ RESERVED
+CVE-2019-14277 (Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain ...)
+ TODO: check
+CVE-2019-14276
+ RESERVED
+CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arro ...)
+ TODO: check
+CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function i ...)
+ TODO: check
+CVE-2019-14273
+ RESERVED
+CVE-2019-14272
+ RESERVED
CVE-2019-14271
RESERVED
CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6 ...)
@@ -1272,13 +1294,13 @@ CVE-2019-13649
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
- linux <unfixed>
NOTE: https://patchwork.ozlabs.org/patch/1133904/
-CVE-2018-20856 [block: blk_init_allocated_queue() set q->fq as NULL in the fail case]
+CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...)
- linux 4.18.8-1
NOTE: Fixed by: https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
-CVE-2018-20855 [IB/mlx5: Fix leaking stack memory to userspace]
+CVE-2018-20855 (An issue was discovered in the Linux kernel before 4.18.7. In create_q ...)
- linux 4.18.8-1
NOTE: Fixed by: https://git.kernel.org/linus/0625b4ba1a5d4703c7fb01c497bd6c156908af00
-CVE-2018-20854 [phy: ocelot-serdes: fix out-of-bounds read]
+CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20. drivers/phy/m ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
CVE-2018-20853
@@ -1308,6 +1330,7 @@ CVE-2019-13639
RESERVED
CVE-2019-13638 [shell command injection]
RESERVED
+ {DLA-1864-1}
- patch 2.7.6-5
NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
CVE-2019-13637 (In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbit ...)
@@ -2667,8 +2690,8 @@ CVE-2019-13484
RESERVED
- xymon 4.3.29-1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13483
- RESERVED
+CVE-2019-13483 (Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signa ...)
+ TODO: check
CVE-2019-13482 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...)
NOT-FOR-US: D-Link
CVE-2019-13481 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...)
@@ -6650,10 +6673,10 @@ CVE-2019-11924
RESERVED
CVE-2019-11923
RESERVED
-CVE-2019-11922
- RESERVED
-CVE-2019-11921
- RESERVED
+CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...)
+ TODO: check
+CVE-2019-11921 (An out of bounds write is possible via a specially crafted packet in c ...)
+ TODO: check
CVE-2019-11920
RESERVED
CVE-2019-11919
@@ -9202,16 +9225,16 @@ CVE-2019-10978
RESERVED
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
NOT-FOR-US: Mitsubishi
-CVE-2019-10976
- RESERVED
+CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...)
+ TODO: check
CVE-2019-10975 (An out-of-bounds read vulnerability has been identified in Fuji Electr ...)
NOT-FOR-US: Fuji Electric
-CVE-2019-10974
- RESERVED
+CVE-2019-10974 (NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The appli ...)
+ TODO: check
CVE-2019-10973 (Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, all ...)
NOT-FOR-US: Quest KACE
-CVE-2019-10972
- RESERVED
+CVE-2019-10972 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...)
+ TODO: check
CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41 and pr ...)
NOT-FOR-US: Omron
CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions manufactured befor ...)
@@ -9781,8 +9804,8 @@ CVE-2019-10746 [prototype pollution]
NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6
CVE-2019-10745
RESERVED
-CVE-2019-10744
- RESERVED
+CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ...)
+ TODO: check
CVE-2019-10743
RESERVED
CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a denial of ...)
@@ -11153,8 +11176,7 @@ CVE-2019-10186
RESERVED
CVE-2019-10185
RESERVED
-CVE-2019-10184 [Information leak in requests for directories without trailing slashes]
- RESERVED
+CVE-2019-10184 (undertow before version 2.0.23.Final is vulnerable to an information l ...)
- undertow <unfixed>
NOTE: https://issues.jboss.org/browse/UNDERTOW-1578
NOTE: https://github.com/undertow-io/undertow/pull/794
@@ -12447,8 +12469,8 @@ CVE-2019-1010149 (zzcms version 8.3 and earlier is affected by: File Delete to C
NOT-FOR-US: zzcms
CVE-2019-1010148 (zzcms version 8.3 and earlier is affected by: SQL Injection. The impac ...)
NOT-FOR-US: zzcms
-CVE-2019-1010147
- RESERVED
+CVE-2019-1010147 (Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: In ...)
+ TODO: check
CVE-2019-1010146
RESERVED
CVE-2019-1010145
@@ -23786,16 +23808,16 @@ CVE-2019-5609
RESERVED
CVE-2019-5608
RESERVED
-CVE-2019-5607
- RESERVED
-CVE-2019-5606
- RESERVED
-CVE-2019-5605
- RESERVED
-CVE-2019-5604
- RESERVED
-CVE-2019-5603
- RESERVED
+CVE-2019-5607 (In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5606 (In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5605 (In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEAS ...)
+ TODO: check
+CVE-2019-5604 (In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5603 (In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
CVE-2019-5602 (In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc
@@ -34795,7 +34817,7 @@ CVE-2019-1581
RESERVED
CVE-2019-1580
RESERVED
-CVE-2019-1579 (Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and ...)
+CVE-2019-1579 (Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 a ...)
NOT-FOR-US: PAN-OS
CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks MineMeld vers ...)
NOT-FOR-US: Palo Alto Networks MineMeld
@@ -39394,8 +39416,7 @@ CVE-2019-0204 (A specifically crafted Docker image running under the root user c
- apache-mesos <itp> (bug #760315)
CVE-2019-0203
RESERVED
-CVE-2019-0202
- RESERVED
+CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to ...)
NOT-FOR-US: Apache Storm
CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...)
{DSA-4461-1 DLA-1801-1}
@@ -59372,8 +59393,7 @@ CVE-2018-11780 (A potential Remote Code Execution bug exists with the PDFInfo pl
- spamassassin 3.4.2-1 (bug #908970)
[stretch] - spamassassin 3.4.2-1~deb9u1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
-CVE-2018-11779
- RESERVED
+CVE-2018-11779 (In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the st ...)
NOT-FOR-US: Apache Storm
CVE-2018-11778 (UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correc ...)
NOT-FOR-US: Apache Ranger
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e97043c842e587969528aca380ab293a837aa318
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e97043c842e587969528aca380ab293a837aa318
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190726/e854948f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list