[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 13 08:10:28 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61940580 by security tracker role at 2019-03-13T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection is ...)
+	TODO: check
+CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ...)
+	TODO: check
+CVE-2019-9739
+	RESERVED
+CVE-2019-9738 (jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED ...)
+	TODO: check
+CVE-2019-9737 (Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED ...)
+	TODO: check
+CVE-2019-9736 (DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving ...)
+	TODO: check
+CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenStack ...)
+	TODO: check
+CVE-2019-9734
+	RESERVED
+CVE-2019-9733
+	RESERVED
+CVE-2019-9732
+	RESERVED
+CVE-2019-9731
+	RESERVED
+CVE-2019-9730
+	RESERVED
+CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows ...)
+	TODO: check
+CVE-2019-9728
+	RESERVED
+CVE-2019-9727
+	RESERVED
+CVE-2019-9726
+	RESERVED
+CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f ...)
+	TODO: check
+CVE-2019-9724
+	RESERVED
 CVE-2019-9723
 	RESERVED
 CVE-2019-9722
@@ -268,6 +304,7 @@ CVE-2019-9629
 	RESERVED
 CVE-2019-9628 [XML parser class fails to trap exceptions on malformed XML declaration]
 	RESERVED
+	{DSA-4407-1}
 	- xmltooling <unfixed> (bug #924346)
 	NOTE: https://shibboleth.net/community/advisories/secadv_20190311.txt
 	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-143
@@ -442,8 +479,8 @@ CVE-2019-9560
 	RESERVED
 CVE-2019-9559
 	RESERVED
-CVE-2019-9558
-	RESERVED
+CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site ...)
+	TODO: check
 CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) ...)
 	TODO: check
 CVE-2019-9556
@@ -9069,24 +9106,24 @@ CVE-2019-5927
 	RESERVED
 CVE-2019-5926
 	RESERVED
-CVE-2019-5925
-	RESERVED
-CVE-2019-5924
-	RESERVED
-CVE-2019-5923
-	RESERVED
-CVE-2019-5922
-	RESERVED
-CVE-2019-5921
-	RESERVED
-CVE-2019-5920
-	RESERVED
-CVE-2019-5919
-	RESERVED
-CVE-2019-5918
-	RESERVED
-CVE-2019-5917
-	RESERVED
+CVE-2019-5925 (Cross-site scripting vulnerability in Dradis Community Edition Dradis ...)
+	TODO: check
+CVE-2019-5924 (Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 ...)
+	TODO: check
+CVE-2019-5923 (Directory traversal vulnerability in iChain Insurance Wallet App for ...)
+	TODO: check
+CVE-2019-5922 (Untrusted search path vulnerability in The installer of Microsoft ...)
+	TODO: check
+CVE-2019-5921 (Untrusted search path vulnerability in Windows 7 allows an attacker to ...)
+	TODO: check
+CVE-2019-5920 (Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and ...)
+	TODO: check
+CVE-2019-5919 (An incomplete cryptography of the data store function by using hidden ...)
+	TODO: check
+CVE-2019-5918 (Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML ...)
+	TODO: check
+CVE-2019-5917 (azure-umqtt-c (available through GitHub prior to 2017 October 6) ...)
+	TODO: check
 CVE-2019-5916 (Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and ...)
 	NOT-FOR-US: POWER EGG
 CVE-2019-5915 (Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 ...)
@@ -14062,8 +14099,8 @@ CVE-2019-3617
 	RESERVED
 CVE-2019-3616
 	RESERVED
-CVE-2019-3615
-	RESERVED
+CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee ...)
+	TODO: check
 CVE-2019-3614
 	RESERVED
 CVE-2019-3613
@@ -14611,8 +14648,8 @@ CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjaspe
 	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/193
-CVE-2018-20621
-	RESERVED
+CVE-2018-20621 (An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe ...)
+	TODO: check
 CVE-2018-20620
 	RESERVED
 CVE-2018-20619
@@ -22971,7 +23008,7 @@ CVE-2019-0805
 	RESERVED
 CVE-2019-0804
 	RESERVED
-	{DLA-1709-1}
+	{DSA-4406-1 DLA-1709-1}
 	- waagent 2.2.34-3
 CVE-2019-0803
 	RESERVED
@@ -24166,26 +24203,26 @@ CVE-2019-0279
 	RESERVED
 CVE-2019-0278
 	RESERVED
-CVE-2019-0277
-	RESERVED
-CVE-2019-0276
-	RESERVED
-CVE-2019-0275
-	RESERVED
-CVE-2019-0274
-	RESERVED
+CVE-2019-0277 (SAP HANA extended application services, version 1, advanced does not ...)
+	TODO: check
+CVE-2019-0276 (Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA ...)
+	TODO: check
+CVE-2019-0275 (SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server ...)
+	TODO: check
+CVE-2019-0274 (SAP Mobile Platform SDK allows an attacker to prevent legitimate users ...)
+	TODO: check
 CVE-2019-0273
 	RESERVED
 CVE-2019-0272
 	RESERVED
-CVE-2019-0271
-	RESERVED
-CVE-2019-0270
-	RESERVED
-CVE-2019-0269
-	RESERVED
-CVE-2019-0268
-	RESERVED
+CVE-2019-0271 (ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does ...)
+	TODO: check
+CVE-2019-0270 (ABAP Server of SAP NetWeaver and ABAP Platform fail to perform ...)
+	TODO: check
+CVE-2019-0269 (SAP BusinessObjects Business Intelligence Platform (BI Workspace), ...)
+	TODO: check
+CVE-2019-0268 (SAP BusinessObjects Business Intelligence Platform (CMC Module), ...)
+	TODO: check
 CVE-2019-0267 (SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 ...)
 	NOT-FOR-US: SAP
 CVE-2019-0266 (Under certain conditions SAP HANA Extended Application Services, ...)
@@ -44016,7 +44053,7 @@ CVE-2018-12105
 	RESERVED
 CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 ...)
 	NOT-FOR-US: Airbnb Knowledge Repo
-CVE-2018-12103 (An issue was discovered on D-Link DIR-890L A2 devices. Due to the ...)
+CVE-2018-12103 (An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 ...)
 	NOT-FOR-US: D-Link
 CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
 	NOT-FOR-US: md4c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61940580d490256bb439727f0b6c76c0d09e5ef2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61940580d490256bb439727f0b6c76c0d09e5ef2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190313/7953ebbe/attachment.html>

More information about the debian-security-tracker-commits mailing list