[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jun 5 09:10:25 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0850fe01 by security tracker role at 2019-06-05T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -230,8 +230,8 @@ CVE-2019-12618
 	RESERVED
 CVE-2019-12617
 	RESERVED
-CVE-2019-12616
-	RESERVED
+CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
+	TODO: check
 CVE-2019-12613
 	RESERVED
 CVE-2019-12612
@@ -1193,10 +1193,10 @@ CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIF
 CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...)
 	- freeimage <unfixed> (bug #929597)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
-CVE-2019-12210
-	RESERVED
-CVE-2019-12209
-	RESERVED
+CVE-2019-12210 (In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug ...)
+	TODO: check
+CVE-2019-12209 (Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (defa ...)
+	TODO: check
 CVE-2019-12208 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in  ...)
 	NOT-FOR-US: njs
 CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in ...)
@@ -2142,8 +2142,8 @@ CVE-2019-11770
 	RESERVED
 CVE-2019-11769
 	RESERVED
-CVE-2019-11768
-	RESERVED
+CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability  ...)
+	TODO: check
 CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...)
 	- phpbb3 <removed>
 	[jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to disable the remote avatar function)
@@ -5145,8 +5145,8 @@ CVE-2019-10638
 	RESERVED
 CVE-2019-10637
 	RESERVED
-CVE-2019-10636
-	RESERVED
+CVE-2019-10636 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
+	TODO: check
 CVE-2019-10635
 	RESERVED
 CVE-2019-10634 (An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allow ...)
@@ -18541,12 +18541,12 @@ CVE-2019-5590
 	RESERVED
 CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
 	NOT-FOR-US: FortiGuard
-CVE-2019-5588
-	RESERVED
-CVE-2019-5587
-	RESERVED
-CVE-2019-5586
-	RESERVED
+CVE-2019-5588 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
+	TODO: check
+CVE-2019-5587 (Lack of root file system integrity checking in Fortinet FortiOS VM app ...)
+	TODO: check
+CVE-2019-5586 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
+	TODO: check
 CVE-2019-5585 (An improper access control vulnerability in FortiClientMac before 6.0. ...)
 	NOT-FOR-US: Fortiguard FortiClientMac
 CVE-2019-5584
@@ -49571,18 +49571,18 @@ CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree for
 	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for macOS  ...)
 	NOT-FOR-US: Atlassian Sourcetree
-CVE-2018-13384
-	RESERVED
+CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS all versio ...)
+	TODO: check
 CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in ...)
 	NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13382
-	RESERVED
-CVE-2018-13381
-	RESERVED
-CVE-2018-13380
-	RESERVED
-CVE-2018-13379
-	RESERVED
+CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6 ...)
+	TODO: check
+CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5. ...)
+	TODO: check
+CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...)
+	TODO: check
+CVE-2018-13379 (An Improper Limitation of a Pathname to a Restricted Directory ("Path  ...)
+	TODO: check
 CVE-2018-13378 (An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 an ...)
 	NOT-FOR-US: Fortinet FortiSIEM
 CVE-2018-13377



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0850fe0108eb8bca472132e43d1307fc5fc48719

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0850fe0108eb8bca472132e43d1307fc5fc48719
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190605/c7e7fc2c/attachment.html>

More information about the debian-security-tracker-commits mailing list