[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 31 09:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d80c7fda by security tracker role at 2019-07-31T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
+ TODO: check
+CVE-2019-14451
+ RESERVED
+CVE-2019-14450
+ RESERVED
+CVE-2019-14449
+ RESERVED
+CVE-2019-14448
+ RESERVED
+CVE-2019-14447
+ RESERVED
+CVE-2019-14446
+ RESERVED
+CVE-2007-6763
+ RESERVED
CVE-2019-14445
RESERVED
CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...)
@@ -4337,8 +4353,8 @@ CVE-2019-13028 (An incorrect implementation of a local web server in eID client
NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic)
CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has S ...)
NOT-FOR-US: Realization Concerto Critical Chain Planner
-CVE-2019-13026
- RESERVED
+CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Inject ...)
+ TODO: check
CVE-2019-13025
RESERVED
CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...)
@@ -11730,28 +11746,24 @@ CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed to readonly clients]
NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720114
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a
-CVE-2019-10165
- RESERVED
+CVE-2019-10165 (OpenShift Container Platform before version 4.1.3 writes OAuth tokens ...)
NOT-FOR-US: OpenShift
CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are ...)
- postgresql-11 11.4-1
- postgresql-9.6 <not-affected> (Only affects 10.x and later)
- postgresql-9.4 <not-affected> (Only affects 10.x and later)
NOTE: https://www.postgresql.org/about/news/1949/
-CVE-2019-10163 [Denial of service via NOTIFY packets]
- RESERVED
+CVE-2019-10163 (A Vulnerability has been found in PowerDNS Authoritative Server before ...)
{DSA-4470-1 DLA-1843-1}
- pdns 4.1.6-3
NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html
-CVE-2019-10162 [Denial of service via crafted zone records]
- RESERVED
+CVE-2019-10162 (A vulnerability has been found in PowerDNS Authoritative Server before ...)
{DSA-4470-1 DLA-1843-1}
- pdns 4.1.6-3
NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html
-CVE-2019-10161 [arbitrary file read/exec via virDomainSaveImageGetXMLDesc API]
- RESERVED
+CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...)
{DSA-4469-1 DLA-1832-1}
- libvirt 5.0.0-4
NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
@@ -11780,8 +11792,7 @@ CVE-2019-10158
NOT-FOR-US: infinispan
CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did ...)
NOT-FOR-US: Keycloak
-CVE-2019-10156 [templating causing an unexpected key file to be set on remote node]
- RESERVED
+CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...)
- ansible <unfixed> (low; bug #930065)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
@@ -11796,16 +11807,14 @@ CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processin
NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan
CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web service f ...)
- moodle <removed>
-CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields]
- RESERVED
+CVE-2019-10153 (A flaw was discovered in fence-agents, prior to version 4.3.4, where u ...)
- fence-agents 4.3.3-2 (low; bug #930887)
[stretch] - fence-agents <no-dsa> (Minor issue)
[jessie] - fence-agents <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460
NOTE: https://github.com/ClusterLabs/fence-agents/pull/255
NOTE: https://github.com/ClusterLabs/fence-agents/pull/272
-CVE-2019-10152
- RESERVED
+CVE-2019-10152 (A path traversal vulnerability has been discovered in podman before ve ...)
NOT-FOR-US: Podman
CVE-2019-10151
RESERVED
@@ -19088,19 +19097,19 @@ CVE-2019-7618
RESERVED
CVE-2019-7617
RESERVED
-CVE-2019-7616
- RESERVED
-CVE-2019-7615
- RESERVED
-CVE-2019-7614
- RESERVED
+CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...)
+ TODO: check
+CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM agent for R ...)
+ TODO: check
+CVE-2019-7614 (A race condition flaw was found in the response headers Elasticsearch ...)
+ TODO: check
CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient loggin ...)
NOT-FOR-US: Winlogbeat
CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash version ...)
- logstash <itp> (bug #664841)
CVE-2019-7611 (A permission issue was found in Elasticsearch versions before 5.6.15 a ...)
- elasticsearch <removed>
-CVE-2019-7610 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...)
+CVE-2019-7610 (Kibana versions before 6.6.1 contain an arbitrary code execution flaw ...)
- kibana <itp> (bug #700337)
CVE-2019-7609 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...)
- kibana <itp> (bug #700337)
@@ -24637,32 +24646,32 @@ CVE-2019-5461 [GitHub Integration SSRF]
RESERVED
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5460
- RESERVED
-CVE-2019-5459
- RESERVED
-CVE-2019-5458
- RESERVED
-CVE-2019-5457
- RESERVED
-CVE-2019-5456
- RESERVED
-CVE-2019-5455
- RESERVED
-CVE-2019-5454
- RESERVED
-CVE-2019-5453
- RESERVED
-CVE-2019-5452
- RESERVED
-CVE-2019-5451
- RESERVED
-CVE-2019-5450
- RESERVED
-CVE-2019-5449
- RESERVED
-CVE-2019-5448
- RESERVED
+CVE-2019-5460 (Double Free in VLC versions <= 3.0.6 leads to a crash. ...)
+ TODO: check
+CVE-2019-5459 (An Integer underflow in VLC Media Player versions < 3.0.7 leads to ...)
+ TODO: check
+CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...)
+ TODO: check
+CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...)
+ TODO: check
+CVE-2019-5456 (SMTP MITM refers to a malicious actor setting up an SMTP proxy server ...)
+ TODO: check
+CVE-2019-5455 (Bypassing lock protection exists in Nextcloud Android app 3.6.0 when c ...)
+ TODO: check
+CVE-2019-5454 (SQL Injection in the Nextcloud Android app prior to version 3.0.0 allo ...)
+ TODO: check
+CVE-2019-5453 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
+ TODO: check
+CVE-2019-5452 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
+ TODO: check
+CVE-2019-5451 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
+ TODO: check
+CVE-2019-5450 (Improper sanitization of HTML in directory names in the Nextcloud Andr ...)
+ TODO: check
+CVE-2019-5449 (A missing check in the Nextcloud Server prior to version 15.0.1 causes ...)
+ TODO: check
+CVE-2019-5448 (Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...)
+ TODO: check
CVE-2019-5447 (A path traversal vulnerability in <= v0.2.6 of http-file-server npm ...)
NOT-FOR-US: http-file-server Node.js module
CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d80c7fdad0332d4f2e84c454a777433d22b9bd86
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d80c7fdad0332d4f2e84c454a777433d22b9bd86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190731/009b5f2d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list