[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 21 20:10:29 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66cd08f9 by security tracker role at 2019-03-21T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-9907
+ RESERVED
+CVE-2019-9906
+ RESERVED
+CVE-2019-9905
+ RESERVED
+CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...)
+ TODO: check
+CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...)
+ TODO: check
+CVE-2019-9902
+ RESERVED
+CVE-2019-9901
+ RESERVED
+CVE-2019-9900
+ RESERVED
+CVE-2019-9899
+ RESERVED
CVE-2019-9898 (Potential recycling of random numbers used in cryptography exists with ...)
- putty 0.70-6
CVE-2019-9897 (Multiple denial-of-service attacks that can be triggered by writing to ...)
@@ -916,14 +934,14 @@ CVE-2019-9797
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
CVE-2019-9796
RESERVED
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
CVE-2019-9795
RESERVED
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795
@@ -936,28 +954,28 @@ CVE-2019-9794
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9794
CVE-2019-9793
RESERVED
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
CVE-2019-9792
RESERVED
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
CVE-2019-9791
RESERVED
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
CVE-2019-9790
RESERVED
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790
@@ -968,7 +986,7 @@ CVE-2019-9789
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
CVE-2019-9788
RESERVED
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox-esr 60.6.0esr-1
- firefox 66.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9798
@@ -1185,14 +1203,17 @@ CVE-2019-9708
CVE-2019-9707
RESERVED
CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
+ {DLA-1723-1}
- cron 3.0pl1-133 (low)
[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/26814a26
CVE-2019-9706 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
+ {DLA-1723-1}
- cron 3.0pl1-133 (bug #809167)
[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/40791b93
CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
+ {DLA-1723-1}
- cron 3.0pl1-133 (low)
[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/f2525567
@@ -3045,8 +3066,8 @@ CVE-2019-8999
RESERVED
CVE-2019-8998
RESERVED
-CVE-2019-8997
- RESERVED
+CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...)
+ TODO: check
CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set ...)
NOT-FOR-US: Signiant
CVE-2019-8995
@@ -7111,8 +7132,8 @@ CVE-2019-7240
RESERVED
CVE-2019-7239
RESERVED
-CVE-2019-7238
- RESERVED
+CVE-2019-7238 (Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access C ...)
+ TODO: check
CVE-2019-7237 (An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/e ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-7236 (An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admin ...)
@@ -8829,8 +8850,8 @@ CVE-2019-6493
RESERVED
CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
NOT-FOR-US: IObit Smart Defrag
-CVE-2019-6491
- RESERVED
+CVE-2019-6491 (RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. ...)
+ TODO: check
CVE-2019-6490
RESERVED
CVE-2019-6489 (Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-0 ...)
@@ -11408,8 +11429,8 @@ CVE-2019-5492
RESERVED
CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...)
NOT-FOR-US: Clustered Data ONTAP
-CVE-2019-5490
- RESERVED
+CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the NetApp ...)
+ TODO: check
CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac= ...)
NOT-FOR-US: EARCLINK ESPCMS-P8
CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux kernel throu ...)
@@ -12372,8 +12393,8 @@ CVE-2019-5013
RESERVED
CVE-2019-5012
RESERVED
-CVE-2019-5011
- RESERVED
+CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
+ TODO: check
CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certificate]
RESERVED
{DLA-1663-1}
@@ -26395,7 +26416,7 @@ CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid Broker
CVE-2019-0199
RESERVED
CVE-2019-0198
- RESERVED
+ REJECTED
CVE-2019-0197
RESERVED
CVE-2019-0196
@@ -28523,7 +28544,7 @@ CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a
CVE-2018-18507
RESERVED
CVE-2018-18506 (When proxy auto-detection is enabled, if a web server serves a Proxy A ...)
- {DSA-4411-1}
+ {DSA-4411-1 DLA-1722-1}
- firefox 65.0-1
- firefox-esr 60.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2018-18506
@@ -33707,8 +33728,8 @@ CVE-2018-16565
RESERVED
CVE-2018-16564
RESERVED
-CVE-2018-16563
- RESERVED
+CVE-2018-16563 (A vulnerability has been identified in Firmware variant IEC 61850 for ...)
+ TODO: check
CVE-2018-16562
RESERVED
CVE-2018-16561
@@ -40903,8 +40924,8 @@ CVE-2018-13800 (A vulnerability has been identified in SIMATIC S7-1200 CPU famil
NOT-FOR-US: SIMATIC
CVE-2018-13799 (A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prio ...)
NOT-FOR-US: SIMATIC
-CVE-2018-13798
- RESERVED
+CVE-2018-13798 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
+ TODO: check
CVE-2018-13796 (An issue was discovered in GNU Mailman before 2.1.28. A crafted URL ca ...)
{DLA-1442-1}
- mailman 1:2.1.27-1.1 (bug #903674)
@@ -67991,12 +68012,10 @@ CVE-2018-4061
RESERVED
CVE-2018-4060
RESERVED
-CVE-2018-4059
- RESERVED
+CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...)
{DSA-4373-1 DLA-1671-1}
- coturn 4.5.1.0-1
-CVE-2018-4058
- RESERVED
+CVE-2018-4058 (An exploitable unsafe default configuration vulnerability exists in th ...)
{DSA-4373-1 DLA-1671-1}
- coturn 4.5.1.0-1
CVE-2018-4057
@@ -68054,8 +68073,8 @@ CVE-2018-4032 (An exploitable privilege escalation vulnerability exists in the w
NOT-FOR-US: Clean My Mac X
CVE-2018-4031
RESERVED
-CVE-2018-4030
- RESERVED
+CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function of the ...)
+ TODO: check
CVE-2018-4029
RESERVED
CVE-2018-4028
@@ -68099,8 +68118,8 @@ CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP pa
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
CVE-2018-4012 (An exploitable buffer overflow vulnerability exists in the HTTP header ...)
NOT-FOR-US: Webroot BrightCloud SDK
-CVE-2018-4011
- RESERVED
+CVE-2018-4011 (An exploitable integer underflow vulnerability exists in the mdnscap b ...)
+ TODO: check
CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect func ...)
NOT-FOR-US: ProtonVPN client
CVE-2018-4009
@@ -68115,8 +68134,8 @@ CVE-2018-4005
RESERVED
CVE-2018-4004
RESERVED
-CVE-2018-4003
- RESERVED
+CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the mdnscap binar ...)
+ TODO: check
CVE-2018-4002
RESERVED
CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in the Offic ...)
@@ -68151,8 +68170,8 @@ CVE-2018-3987
RESERVED
CVE-2018-3986 (An exploitable information disclosure vulnerability exists in the "Sec ...)
NOT-FOR-US: Telegram Android
-CVE-2018-3985
- RESERVED
+CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap binary ...)
+ TODO: check
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the Wo ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3983
@@ -68190,10 +68209,10 @@ CVE-2018-3971 (An exploitable arbitrary write vulnerability exists in the 0x2222
NOT-FOR-US: Sophos
CVE-2018-3970 (An exploitable memory disclosure vulnerability exists in the 0x222000 ...)
NOT-FOR-US: Sophos
-CVE-2018-3969
- RESERVED
-CVE-2018-3968
- RESERVED
+CVE-2018-3969 (An exploitable vulnerability exists in the verified boot protection of ...)
+ TODO: check
+CVE-2018-3968 (An exploitable vulnerability exists in the verified boot protection of ...)
+ TODO: check
CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3966 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
@@ -68202,8 +68221,8 @@ CVE-2018-3965 (An exploitable use-after-free vulnerability exists in the JavaScr
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3964 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
-CVE-2018-3963
- RESERVED
+CVE-2018-3963 (An exploitable command injection vulnerability exists in the DHCP daem ...)
+ TODO: check
CVE-2018-3962 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3961 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -74059,8 +74078,8 @@ CVE-2018-1994
RESERVED
CVE-2018-1993 (IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 ...)
NOT-FOR-US: IBM
-CVE-2018-1992
- RESERVED
+CVE-2018-1992 (The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is ...)
+ TODO: check
CVE-2018-1991
RESERVED
CVE-2018-1990
@@ -82786,12 +82805,12 @@ CVE-2017-16257
RESERVED
CVE-2017-16256
RESERVED
-CVE-2017-16255
- RESERVED
-CVE-2017-16254
- RESERVED
-CVE-2017-16253
- RESERVED
+CVE-2017-16255 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
+ TODO: check
+CVE-2017-16254 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
+ TODO: check
+CVE-2017-16253 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
+ TODO: check
CVE-2017-16252 (Specially crafted commands sent through the PubNub service in Insteon ...)
NOT-FOR-US: Insteon Hub
CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, releas ...)
@@ -103130,6 +103149,7 @@ CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html
CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-1 ...)
+ {DLA-1723-1}
- cron 3.0pl1-129 (bug #864466)
[stretch] - cron <no-dsa> (Minor issue)
[wheezy] - cron <no-dsa> (Minor issue)
@@ -126966,8 +126986,8 @@ CVE-2017-1715 (IBM Rational Quality Manager and IBM Rational Collaborative Lifec
NOT-FOR-US: IBM
CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated loca ...)
NOT-FOR-US: IBM Notes and Domino NSD
-CVE-2017-1713
- RESERVED
+CVE-2017-1713 (IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic a ...)
+ TODO: check
CVE-2017-1712
RESERVED
CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicio ...)
@@ -142877,8 +142897,8 @@ CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0
NOT-FOR-US: Huawei HiSuite
CVE-2016-5820
REJECTED
-CVE-2016-5819
- RESERVED
+CVE-2016-5819 (Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G ...)
+ TODO: check
CVE-2016-5818 (An issue was discovered in Schneider Electric PowerLogic PM8ECC device ...)
NOT-FOR-US: Schneider
CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess ...)
@@ -142915,8 +142935,8 @@ CVE-2016-5802 (An issue was discovered in Delta Electronics WPLSoft, Versions pr
NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5801 (An issue was discovered in OmniMetrix OmniView, Version 1.2. Insuffici ...)
NOT-FOR-US: OmniMetrix OmniView
-CVE-2016-5800
- RESERVED
+CVE-2016-5800 (A malicious attacker can trigger a remote buffer overflow in the Commu ...)
+ TODO: check
CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3 ...)
NOT-FOR-US: Moxa
CVE-2016-5798 (An issue was discovered in Fatek Automation PM Designer V3 Version 2.1 ...)
@@ -168274,10 +168294,10 @@ CVE-2015-6464 (The administrative web interface on Moxa EDS-405A and EDS-408A sw
NOT-FOR-US: Moxa switches
CVE-2015-6463 (CodeWrights HART Comm DTM components, as used with Endress+Hauser Fiel ...)
NOT-FOR-US: CodeWrights HART Comm DTM components
-CVE-2015-6462
- RESERVED
-CVE-2015-6461
- RESERVED
+CVE-2015-6462 (Reflected Cross-Site Scripting (nonpersistent) allows an attacker to c ...)
+ TODO: check
+CVE-2015-6461 (Remote file inclusion allows an attacker to craft a specific URL refer ...)
+ TODO: check
CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Serve ...)
NOT-FOR-US: CODESYS Gateway Server
CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in FileD ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66cd08f992254c83dca2236e5440004c7774ced6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66cd08f992254c83dca2236e5440004c7774ced6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190321/444360ab/attachment.html>
More information about the debian-security-tracker-commits
mailing list