[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 3 21:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92969bfe by security tracker role at 2019-06-03T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-12601
+ RESERVED
+CVE-2019-12600
+ RESERVED
+CVE-2019-12599
+ RESERVED
+CVE-2019-12598
+ RESERVED
+CVE-2019-12597
+ RESERVED
+CVE-2019-12596
+ RESERVED
+CVE-2019-12595
+ RESERVED
+CVE-2019-12594
+ RESERVED
+CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file inclusion ...)
+ TODO: check
+CVE-2019-12592
+ RESERVED
+CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote a ...)
+ TODO: check
+CVE-2019-12590
+ RESERVED
CVE-2019-12588
RESERVED
CVE-2019-12587
@@ -11,7 +35,7 @@ CVE-2019-12584 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 an
CVE-2019-12583
RESERVED
CVE-2019-12582
- RESERVED
+ REJECTED
CVE-2019-12581
RESERVED
CVE-2019-12580
@@ -635,12 +659,11 @@ CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal vi
NOT-FOR-US: osClass
CVE-2019-12311
RESERVED
-CVE-2019-12310
- RESERVED
+CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monit ...)
+ TODO: check
CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by ...)
NOT-FOR-US: dotCMS
-CVE-2019-12308 [AdminURLFieldWidget XSS]
- RESERVED
+CVE-2019-12308 (An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1. ...)
- python-django <unfixed> (bug #929927)
NOTE: https://github.com/django/django/commit/deeba6d92006999fee9adfbd8be79bf0a59e8008 (master)
NOTE: https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b (1.1.21)
@@ -2168,8 +2191,8 @@ CVE-2019-11648
RESERVED
CVE-2019-11647
RESERVED
-CVE-2019-11646
- RESERVED
+CVE-2019-11646 (Remote unauthorized command execution and unauthorized disclosure of i ...)
+ TODO: check
CVE-2019-11645
RESERVED
CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ...)
@@ -2360,8 +2383,8 @@ CVE-2019-11582
RESERVED
CVE-2019-11581
RESERVED
-CVE-2019-11580
- RESERVED
+CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall development p ...)
+ TODO: check
CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
NOT-FOR-US: esoTalk
CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress allows C ...)
@@ -3713,6 +3736,7 @@ CVE-2019-11041
RESERVED
CVE-2019-11040 [heap-buffer-overflow on php_jpg_get16]
RESERVED
+ {DLA-1813-1}
- php7.3 7.3.6-1
- php7.0 <removed>
- php5 <removed>
@@ -3720,6 +3744,7 @@ CVE-2019-11040 [heap-buffer-overflow on php_jpg_get16]
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
CVE-2019-11039 [Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow]
RESERVED
+ {DLA-1813-1}
- php7.3 7.3.6-1
- php7.0 <removed>
- php5 <removed>
@@ -5891,20 +5916,17 @@ CVE-2019-10149
RESERVED
CVE-2019-10148
RESERVED
-CVE-2019-10147 [processes run with rkt enter are not limited by cgroups during stage 2]
- RESERVED
+CVE-2019-10147 (rkt through version 1.30.0 does not isolate processes in containers th ...)
- rkt <unfixed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
CVE-2019-10146
RESERVED
-CVE-2019-10145 [processes run with rkt enter do not have seccomp filtering during stage 2]
- RESERVED
+CVE-2019-10145 (rkt through version 1.30.0 does not isolate processes in containers th ...)
- rkt <unfixed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
-CVE-2019-10144 [rkt: processes run with `rkt enter` are given all capabilities during stage 2]
- RESERVED
+CVE-2019-10144 (rkt through version 1.30.0 does not isolate processes in containers th ...)
- rkt <unfixed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
@@ -7245,10 +7267,10 @@ CVE-2019-9885
RESERVED
CVE-2019-9884
RESERVED
-CVE-2019-9883
- RESERVED
-CVE-2019-9882
- RESERVED
+CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
+ TODO: check
+CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
+ TODO: check
CVE-2019-9881
RESERVED
CVE-2019-9880
@@ -7704,8 +7726,8 @@ CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.
[stretch] - tcc <no-dsa> (Minor issue)
[jessie] - tcc <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html
-CVE-2019-9753
- RESERVED
+CVE-2019-9753 (An issue was discovered in Open Ticket Request System (OTRS) 7.x befor ...)
+ TODO: check
CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...)
{DLA-1721-1}
- otrs2 6.0.16-1
@@ -15189,82 +15211,82 @@ CVE-2019-6775
RESERVED
CVE-2019-6774
RESERVED
-CVE-2019-6773
- RESERVED
-CVE-2019-6772
- RESERVED
-CVE-2019-6771
- RESERVED
-CVE-2019-6770
- RESERVED
-CVE-2019-6769
- RESERVED
-CVE-2019-6768
- RESERVED
-CVE-2019-6767
- RESERVED
-CVE-2019-6766
- RESERVED
-CVE-2019-6765
- RESERVED
-CVE-2019-6764
- RESERVED
-CVE-2019-6763
- RESERVED
-CVE-2019-6762
- RESERVED
-CVE-2019-6761
- RESERVED
-CVE-2019-6760
- RESERVED
-CVE-2019-6759
- RESERVED
-CVE-2019-6758
- RESERVED
-CVE-2019-6757
- RESERVED
-CVE-2019-6756
- RESERVED
-CVE-2019-6755
- RESERVED
-CVE-2019-6754
- RESERVED
-CVE-2019-6753
- RESERVED
-CVE-2019-6752
- RESERVED
-CVE-2019-6751
- RESERVED
-CVE-2019-6750
- RESERVED
-CVE-2019-6749
- RESERVED
-CVE-2019-6748
- RESERVED
-CVE-2019-6747
- RESERVED
-CVE-2019-6746
- RESERVED
+CVE-2019-6773 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6772 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6771 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6770 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6769 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6768 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6767 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6766 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6765 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6764 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6763 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6762 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6761 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6760 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6759 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6758 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6757 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6756 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6755 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6754 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6753 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6752 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-6751 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6750 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6749 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6748 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6747 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6746 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
CVE-2019-6745
RESERVED
CVE-2019-6744
RESERVED
-CVE-2019-6743
- RESERVED
-CVE-2019-6742
- RESERVED
-CVE-2019-6741
- RESERVED
-CVE-2019-6740
- RESERVED
-CVE-2019-6739
- RESERVED
-CVE-2019-6738
- RESERVED
-CVE-2019-6737
- RESERVED
-CVE-2019-6736
- RESERVED
+CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6741 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6740 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6739 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6738 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6737 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6736 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2019-6735 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Foxit Reader
CVE-2019-6734 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -21705,8 +21727,7 @@ CVE-2019-3897
NOT-FOR-US: redhat-certification
CVE-2019-3896
RESERVED
-CVE-2019-3895
- RESERVED
+CVE-2019-3895 (An access-control flaw was found in the Octavia service when the cloud ...)
- octavia <not-affected> (Fixed before initial upload to the archive)
NOTE: https://bugs.launchpad.net/octavia/+bug/1620629
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694608
@@ -21905,8 +21926,7 @@ CVE-2019-3848 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5
- moodle <removed>
CVE-2019-3847 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...)
- moodle <removed>
-CVE-2019-3846 [Buffer overflow / read checks in mwifiex]
- RESERVED
+CVE-2019-3846 (A flaw that allowed an attacker to corrupt memory and possibly escalat ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-wireless/20190529125220.17066-1-tiwai@suse.de/
CVE-2019-3845 (A lack of access control was found in the message queues maintained by ...)
@@ -22136,8 +22156,8 @@ CVE-2019-3804 (It was found that cockpit before version 184 used glib's base64 d
NOTE: https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
CVE-2019-3803 (Pivotal Concourse, all versions prior to 4.2.2, puts the user access t ...)
NOT-FOR-US: Pivotal Concourse
-CVE-2019-3802
- RESERVED
+CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 2.1.6, 2. ...)
+ TODO: check
CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-3800
@@ -22631,8 +22651,8 @@ CVE-2019-3569
RESERVED
CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote ...)
NOT-FOR-US: Whatsapp
-CVE-2019-3567
- RESERVED
+CVE-2019-3567 (In some configurations an attacker can inject a new executable path in ...)
+ TODO: check
CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...)
NOT-FOR-US: WhatsApp for Android
CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...)
@@ -24260,8 +24280,8 @@ CVE-2019-3399 (The BrowseProjects.jspa resource in Jira before version 7.13.2, a
NOT-FOR-US: Atlassian
CVE-2019-3398 (Confluence Server and Data Center had a path traversal vulnerability i ...)
NOT-FOR-US: Confluence Server and Data Center
-CVE-2019-3397
- RESERVED
+CVE-2019-3397 (Atlassian Bitbucket Data Center licensed instances starting with versi ...)
+ TODO: check
CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before versi ...)
NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data Center bef ...)
@@ -71950,12 +71970,12 @@ CVE-2018-5407 (Simultaneous Multi-threading (SMT) in processors can enable local
NOTE: https://github.com/bbbrumley/portsmash
NOTE: This is not an issue in software but in a hardware issue. Issue can be
NOTE: mitigated e.g. for OpenSSL.
-CVE-2018-5406
- RESERVED
-CVE-2018-5405
- RESERVED
-CVE-2018-5404
- RESERVED
+CVE-2018-5406 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a re ...)
+ TODO: check
+CVE-2018-5405 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an a ...)
+ TODO: check
+CVE-2018-5404 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an a ...)
+ TODO: check
CVE-2018-5403 (Imperva SecureSphere gateway (GW) running v13, for both pre-First Time ...)
NOT-FOR-US: Imperva SecureSphere
CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
@@ -94779,16 +94799,16 @@ CVE-2017-14856
RESERVED
CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of servic ...)
NOT-FOR-US: Red Lion HMI
-CVE-2017-14854
- RESERVED
-CVE-2017-14853
- RESERVED
-CVE-2017-14852
- RESERVED
-CVE-2017-14851
- RESERVED
-CVE-2017-14850
- RESERVED
+CVE-2017-14854 (A stack buffer overflow exists in one of the Orpak SiteOmat CGI compon ...)
+ TODO: check
+CVE-2017-14853 (The Orpak SiteOmat OrCU component is vulnerable to code injection, for ...)
+ TODO: check
+CVE-2017-14852 (An insecure communication was found between a user and the Orpak SiteO ...)
+ TODO: check
+CVE-2017-14851 (A SQL injection vulnerability exists in all Orpak SiteOmat versions pr ...)
+ TODO: check
+CVE-2017-14850 (All known versions of the Orpak SiteOmat web management console is vul ...)
+ TODO: check
CVE-2017-14849 (Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...)
- nodejs <not-affected> (Vulnerable code introduced in 8.5.0)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
@@ -95091,8 +95111,8 @@ CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descript
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22170
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
-CVE-2017-14728
- RESERVED
+CVE-2017-14728 (An authentication bypass was found in an unknown area of the SiteOmat ...)
+ TODO: check
CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ...)
{DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
@@ -235015,7 +235035,7 @@ CVE-2013-1753
NOTE: http://bugs.python.org/issue16043
NOTE: preliminary patch: http://bugs.python.org/file28796/xmlrpc_gzip_27.patch
CVE-2013-1752
- RESERVED
+ REJECTED
- python2.5 <removed> (low)
- python2.6 <removed> (low)
- python2.7 2.7.9-1 (low; bug #742929)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92969bfe2f613f875824bea68db7b49f6adcfc59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92969bfe2f613f875824bea68db7b49f6adcfc59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190603/fa1c5a94/attachment.html>
More information about the debian-security-tracker-commits
mailing list