[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 25 21:10:33 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1703b5ad by security tracker role at 2019-06-25T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-12965
+ RESERVED
+CVE-2019-12964 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php ...)
+ TODO: check
+CVE-2019-12963 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php C ...)
+ TODO: check
+CVE-2019-12962 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.p ...)
+ TODO: check
+CVE-2019-12961 (LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the ...)
+ TODO: check
+CVE-2019-12960 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in func ...)
+ TODO: check
+CVE-2019-12959
+ RESERVED
CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in F ...)
TODO: check
CVE-2019-12957 (In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C:: ...)
@@ -16,8 +30,8 @@ CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt(
TODO: check
CVE-2019-12950
RESERVED
-CVE-2019-12949
- RESERVED
+CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...)
+ TODO: check
CVE-2019-12948
RESERVED
CVE-2019-12947
@@ -312,8 +326,7 @@ CVE-2019-12821
RESERVED
CVE-2019-12820
RESERVED
-CVE-2019-12817 [powerpc: Unrelated processes may be able to read/write to each other's virtual memory]
- RESERVED
+CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1. ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -2984,6 +2997,7 @@ CVE-2019-11709
RESERVED
CVE-2019-11708 [sandbox escape using Prompt:Open]
RESERVED
+ {DSA-4471-1 DLA-1836-1}
- firefox 67.0.4-1
- firefox-esr 60.7.2esr-1
- thunderbird 1:60.7.2-1
@@ -2991,7 +3005,7 @@ CVE-2019-11708 [sandbox escape using Prompt:Open]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11708
CVE-2019-11707
RESERVED
- {DSA-4466-1 DLA-1829-1}
+ {DSA-4471-1 DSA-4466-1 DLA-1836-1 DLA-1829-1}
- firefox 67.0.3-1
- firefox-esr 60.7.1esr-1
- thunderbird 1:60.7.2-1
@@ -17474,10 +17488,10 @@ CVE-2019-6331
RESERVED
CVE-2019-6330
RESERVED
-CVE-2019-6329
- RESERVED
-CVE-2019-6328
- RESERVED
+CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
+ TODO: check
+CVE-2019-6328 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
+ TODO: check
CVE-2019-6327 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
NOT-FOR-US: HP
CVE-2019-6326 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
@@ -21941,8 +21955,8 @@ CVE-2019-4384 (IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to trav
NOT-FOR-US: IBM
CVE-2019-4383
RESERVED
-CVE-2019-4382
- RESERVED
+CVE-2019-4382 (IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized us ...)
+ TODO: check
CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain sensiti ...)
NOT-FOR-US: IBM
CVE-2019-4380
@@ -21951,8 +21965,8 @@ CVE-2019-4379
RESERVED
CVE-2019-4378
RESERVED
-CVE-2019-4377
- RESERVED
+CVE-2019-4377 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive info ...)
+ TODO: check
CVE-2019-4376
RESERVED
CVE-2019-4375
@@ -22389,24 +22403,24 @@ CVE-2019-4160
RESERVED
CVE-2019-4159
RESERVED
-CVE-2019-4158
- RESERVED
-CVE-2019-4157
- RESERVED
-CVE-2019-4156
- RESERVED
+CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a ...)
+ TODO: check
+CVE-2019-4157 (IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross ...)
+ TODO: check
+CVE-2019-4156 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expec ...)
+ TODO: check
CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted b ...)
NOT-FOR-US: IBM
CVE-2019-4154
RESERVED
-CVE-2019-4153
- RESERVED
-CVE-2019-4152
- RESERVED
-CVE-2019-4151
- RESERVED
-CVE-2019-4150
- RESERVED
+CVE-2019-4153 (IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote a ...)
+ TODO: check
+CVE-2019-4152 (IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate se ...)
+ TODO: check
+CVE-2019-4151 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expec ...)
+ TODO: check
+CVE-2019-4150 (IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or ...)
+ TODO: check
CVE-2019-4149
RESERVED
CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
@@ -22415,8 +22429,8 @@ CVE-2019-4147
RESERVED
CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...)
NOT-FOR-US: IBM
-CVE-2019-4145
- RESERVED
+CVE-2019-4145 (IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly se ...)
+ TODO: check
CVE-2019-4144
RESERVED
CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 ...)
@@ -22435,8 +22449,8 @@ CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is
NOT-FOR-US: IBM
CVE-2019-4136 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vu ...)
NOT-FOR-US: IBM
-CVE-2019-4135
- RESERVED
+CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a secur ...)
+ TODO: check
CVE-2019-4134
RESERVED
CVE-2019-4133
@@ -82746,12 +82760,12 @@ CVE-2018-2015 (IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attack
NOT-FOR-US: IBM
CVE-2018-2014
RESERVED
-CVE-2018-2013
- RESERVED
+CVE-2018-2013 (IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive inf ...)
+ TODO: check
CVE-2018-2012
RESERVED
-CVE-2018-2011
- RESERVED
+CVE-2018-2011 (IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to o ...)
+ TODO: check
CVE-2018-2010
RESERVED
CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an information dis ...)
@@ -83056,8 +83070,8 @@ CVE-2018-1860
RESERVED
CVE-2018-1859 (IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticat ...)
NOT-FOR-US: IBM
-CVE-2018-1858
- RESERVED
+CVE-2018-1858 (IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site re ...)
+ TODO: check
CVE-2018-1857 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2018-1856
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1703b5ad7a61543a88e85b2fa1b7386d527e294b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1703b5ad7a61543a88e85b2fa1b7386d527e294b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190625/269c25b1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list