[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 5 20:10:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8eab8d56 by security tracker role at 2019-03-05T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-9572 (SchoolCMS version 2.3.1 allows file upload via the theme upload feature ...)
+ TODO: check
+CVE-2019-9571
+ RESERVED
+CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text ...)
+ TODO: check
+CVE-2019-9569
+ RESERVED
CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 ...)
NOT-FOR-US: WordPress plugin forminator
CVE-2019-9567 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 ...)
@@ -2973,18 +2981,18 @@ CVE-2019-8265
RESERVED
CVE-2019-8264
RESERVED
-CVE-2019-8263
- RESERVED
-CVE-2019-8262
- RESERVED
-CVE-2019-8261
- RESERVED
-CVE-2019-8260
- RESERVED
-CVE-2019-8259
- RESERVED
-CVE-2019-8258
- RESERVED
+CVE-2019-8263 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC ...)
+ TODO: check
+CVE-2019-8262 (UltraVNC revision 1203 has multiple heap buffer overflow ...)
+ TODO: check
+CVE-2019-8261 (UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC ...)
+ TODO: check
+CVE-2019-8260 (UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC ...)
+ TODO: check
+CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC ...)
+ TODO: check
+CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...)
+ TODO: check
CVE-2019-8257
RESERVED
CVE-2019-8256
@@ -7883,94 +7891,85 @@ CVE-2019-6236
RESERVED
CVE-2019-6235 (A memory corruption issue was addressed with improved validation. This ...)
NOT-FOR-US: Apple
-CVE-2019-6234
- RESERVED
+CVE-2019-6234 (A memory corruption issue was addressed with improved memory handling. ...)
- webkit2gtk 2.22.4-1 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6233
- RESERVED
+CVE-2019-6233 (A memory corruption issue was addressed with improved memory handling. ...)
- webkit2gtk 2.22.4-1 (unimportant)
NOTE: Not covered by security support
CVE-2019-6232
RESERVED
-CVE-2019-6231
- RESERVED
-CVE-2019-6230
- RESERVED
-CVE-2019-6229
- RESERVED
+CVE-2019-6231 (An out-of-bounds read was addressed with improved bounds checking. ...)
+ TODO: check
+CVE-2019-6230 (A memory initialization issue was addressed with improved memory ...)
+ TODO: check
+CVE-2019-6229 (A logic issue was addressed with improved validation. This issue is ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6228
- RESERVED
-CVE-2019-6227
- RESERVED
+CVE-2019-6228 (A cross-site scripting issue existed in Safari. This issue was ...)
+ TODO: check
+CVE-2019-6227 (A memory corruption issue was addressed with improved memory handling. ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6226
- RESERVED
+CVE-2019-6226 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6225
- RESERVED
-CVE-2019-6224
- RESERVED
-CVE-2019-6223
- RESERVED
+CVE-2019-6225 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2019-6224 (A buffer overflow issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2019-6223 (A logic issue existed in the handling of Group FaceTime calls. The ...)
+ TODO: check
CVE-2019-6222
RESERVED
-CVE-2019-6221
- RESERVED
-CVE-2019-6220
- RESERVED
-CVE-2019-6219
- RESERVED
-CVE-2019-6218
- RESERVED
-CVE-2019-6217
- RESERVED
+CVE-2019-6221 (An out-of-bounds read was addressed with improved bounds checking. ...)
+ TODO: check
+CVE-2019-6220 (An out-of-bounds read was addressed with improved input validation. ...)
+ TODO: check
+CVE-2019-6219 (A denial of service issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2019-6218 (A memory corruption issue was addressed with improved input ...)
+ TODO: check
+CVE-2019-6217 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6216
- RESERVED
+CVE-2019-6216 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6215
- RESERVED
+CVE-2019-6215 (A type confusion issue was addressed with improved memory handling. ...)
- webkit2gtk 2.22.6-1 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6214
- RESERVED
-CVE-2019-6213
- RESERVED
-CVE-2019-6212
- RESERVED
+CVE-2019-6214 (A type confusion issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2019-6213 (A buffer overflow was addressed with improved bounds checking. This ...)
+ TODO: check
+CVE-2019-6212 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.6-1 (unimportant)
NOTE: Not covered by security support
-CVE-2019-6211
- RESERVED
-CVE-2019-6210
- RESERVED
-CVE-2019-6209
- RESERVED
-CVE-2019-6208
- RESERVED
+CVE-2019-6211 (A memory corruption issue was addressed with improved state ...)
+ TODO: check
+CVE-2019-6210 (A memory corruption issue was addressed with improved input ...)
+ TODO: check
+CVE-2019-6209 (An out-of-bounds read issue existed that led to the disclosure of ...)
+ TODO: check
+CVE-2019-6208 (A memory initialization issue was addressed with improved memory ...)
+ TODO: check
CVE-2019-6207
RESERVED
CVE-2019-6206 (An issue existed with autofill resuming after it was canceled. The ...)
NOT-FOR-US: autofill in iOS
-CVE-2019-6205
- RESERVED
+CVE-2019-6205 (A memory corruption issue was addressed with improved lock state ...)
+ TODO: check
CVE-2019-6204
RESERVED
CVE-2019-6203
RESERVED
-CVE-2019-6202
- RESERVED
+CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds checking. ...)
+ TODO: check
CVE-2019-6201
RESERVED
-CVE-2019-6200
- RESERVED
+CVE-2019-6200 (An out-of-bounds read was addressed with improved input validation. ...)
+ TODO: check
CVE-2019-6199
RESERVED
CVE-2019-6198
@@ -12570,8 +12569,8 @@ CVE-2019-4065
RESERVED
CVE-2019-4064
RESERVED
-CVE-2019-4063
- RESERVED
+CVE-2019-4063 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition ...)
+ TODO: check
CVE-2019-4062
RESERVED
CVE-2019-4061 (IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the ...)
@@ -12632,18 +12631,18 @@ CVE-2019-4034
RESERVED
CVE-2019-4033
RESERVED
-CVE-2019-4032
- RESERVED
+CVE-2019-4032 (IBM Financial Transaction Manager for Digital Payments for ...)
+ TODO: check
CVE-2019-4031
RESERVED
CVE-2019-4030
RESERVED
-CVE-2019-4029
- RESERVED
-CVE-2019-4028
- RESERVED
-CVE-2019-4027
- RESERVED
+CVE-2019-4029 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to ...)
+ TODO: check
+CVE-2019-4028 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to ...)
+ TODO: check
+CVE-2019-4027 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to ...)
+ TODO: check
CVE-2019-4026
RESERVED
CVE-2019-4025
@@ -20877,16 +20876,16 @@ CVE-2018-19642
RESERVED
CVE-2018-19641
RESERVED
-CVE-2018-19640
- RESERVED
-CVE-2018-19639
- RESERVED
-CVE-2018-19638
- RESERVED
-CVE-2018-19637
- RESERVED
-CVE-2018-19636
- RESERVED
+CVE-2018-19640 (If the attacker manages to create files in the directory used to ...)
+ TODO: check
+CVE-2018-19639 (If supportutils before version 3.1-5.7.1 is run with -v to perform rpm ...)
+ TODO: check
+CVE-2018-19638 (In supportutils, before version 3.1-5.7.1 and if pacemaker is ...)
+ TODO: check
+CVE-2018-19637 (Supportutils, before version 3.1-5.7.1, wrote data to static file ...)
+ TODO: check
+CVE-2018-19636 (Supportutils, before version 3.1-5.7.1, when run with command line ...)
+ TODO: check
CVE-2018-19635 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can ...)
NOT-FOR-US: CA Service Desk Manager
CVE-2018-19634 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can ...)
@@ -34944,8 +34943,8 @@ CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Tren
NOT-FOR-US: Trend Micro
CVE-2018-15362 (XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 ...)
NOT-FOR-US: GE Proficy Cimplicity GDS
-CVE-2018-15361
- RESERVED
+CVE-2018-15361 (UltraVNC revision 1198 has a buffer underflow vulnerability in VNC ...)
+ TODO: check
CVE-2018-15360 (An attacker without authentication can login with default credentials ...)
NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15359 (An authenticated attacker with low privileges can use insecure sudo ...)
@@ -72276,12 +72275,12 @@ CVE-2018-1941 (IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain a
NOT-FOR-US: IBM
CVE-2018-1940
RESERVED
-CVE-2018-1939
- RESERVED
-CVE-2018-1938
- RESERVED
-CVE-2018-1937
- RESERVED
+CVE-2018-1939 (IBM Cloud Private 3.1.1 could allow a remote attacker to conduct ...)
+ TODO: check
+CVE-2018-1938 (IBM Cloud Private 3.1.1 could alllow a local user with administrator ...)
+ TODO: check
+CVE-2018-1937 (IBM Cloud Private 3.1.1 could alllow a local user with administrator ...)
+ TODO: check
CVE-2018-1936
RESERVED
CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to ...)
@@ -72356,8 +72355,8 @@ CVE-2018-1901 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote
NOT-FOR-US: IBM
CVE-2018-1900 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
NOT-FOR-US: IBM
-CVE-2018-1899
- RESERVED
+CVE-2018-1899 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an ...)
+ TODO: check
CVE-2018-1898
RESERVED
CVE-2018-1897 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 ...)
@@ -72404,8 +72403,8 @@ CVE-2018-1877 (IBM Robotic Process Automation with Automation Anywhere 11 could
NOT-FOR-US: IBM
CVE-2018-1876 (IBM Robotic Process Automation with Automation Anywhere 11 could under ...)
NOT-FOR-US: IBM
-CVE-2018-1875
- RESERVED
+CVE-2018-1875 (IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 ...)
+ TODO: check
CVE-2018-1874
RESERVED
CVE-2018-1873
@@ -83589,7 +83588,7 @@ CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
NOTE: https://github.com/mansr/sox/commit/001c337552912d286ba68086ac378f6fdc1e8b50
CVE-2017-15371 (There is a reachable assertion abort in the function ...)
- {DLA-1197-1}
+ {DLA-1705-1 DLA-1197-1}
- sox 14.4.2-2 (bug #878809)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
@@ -95916,14 +95915,14 @@ CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
- {DLA-1197-1}
+ {DLA-1705-1 DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
NOTE: https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60
CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...)
- {DLA-1197-1}
+ {DLA-1705-1 DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
@@ -96058,7 +96057,7 @@ CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org li
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
- {DLA-1197-1}
+ {DLA-1705-1 DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8eab8d566832f8e8d92c2aaddc1a085c7a7c3d5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8eab8d566832f8e8d92c2aaddc1a085c7a7c3d5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190305/afc4ff5c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list