[Git][security-tracker-team/security-tracker][master] automatic update

Wed Mar 27 08:10:30 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad49533f by security tracker role at 2019-03-27T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel  ...)
+	TODO: check
+CVE-2019-10124 (An issue was discovered in the hwpoison implementation in mm/memory-fa ...)
+	TODO: check
+CVE-2019-10123
+	RESERVED
+CVE-2019-10122
+	RESERVED
+CVE-2019-10121
+	RESERVED
+CVE-2019-10120
+	RESERVED
+CVE-2019-10119
+	RESERVED
+CVE-2019-10118 (Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and ...)
+	TODO: check
+CVE-2019-10117
+	RESERVED
+CVE-2019-10116
+	RESERVED
+CVE-2019-10115
+	RESERVED
+CVE-2019-10114
+	RESERVED
+CVE-2019-10113
+	RESERVED
+CVE-2019-10112
+	RESERVED
+CVE-2019-10111
+	RESERVED
+CVE-2019-10110
+	RESERVED
+CVE-2019-10109
+	RESERVED
+CVE-2019-10108
+	RESERVED
+CVE-2019-10107 (CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" f ...)
+	TODO: check
+CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name fiel ...)
+	TODO: check
+CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Des ...)
+	TODO: check
+CVE-2019-10104
+	RESERVED
+CVE-2019-10103
+	RESERVED
+CVE-2019-10102
+	RESERVED
+CVE-2019-10101
+	RESERVED
+CVE-2019-10100
+	RESERVED
+CVE-2019-1000031
+	RESERVED
+CVE-2018-20815
+	RESERVED
+CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...)
+	TODO: check
 CVE-2019-10099
 	RESERVED
 CVE-2019-10098
@@ -400,8 +458,7 @@ CVE-2019-9919
 	RESERVED
 CVE-2019-9918
 	RESERVED
-CVE-2019-9917 [crash on invalid encoding]
-	RESERVED
+CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial  ...)
 	- znc 1.7.2-2 (bug #925285)
 	NOTE: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
 CVE-2019-9916
@@ -1547,10 +1604,10 @@ CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused b
 	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
 CVE-2019-9745
 	RESERVED
-CVE-2019-9744
-	RESERVED
-CVE-2019-9743
-	RESERVED
+CVE-2019-9744 (An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN ...)
+	TODO: check
+CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211- ...)
+	TODO: check
 CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attac ...)
 	NOT-FOR-US: G Data Total Security
 CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ...)
@@ -7808,8 +7865,8 @@ CVE-2019-7169 (A stored-self XSS exists in Croogo through v3.0.5, allowing an at
 	NOT-FOR-US: Croogo
 CVE-2019-7168 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
 	NOT-FOR-US: Croogo
-CVE-2019-7167
-	RESERVED
+CVE-2019-7167 (Zcash, before the Sapling network upgrade (2018-10-28), had a counterf ...)
+	TODO: check
 CVE-2019-7166
 	RESERVED
 CVE-2019-7165
@@ -9186,8 +9243,8 @@ CVE-2019-6571
 	RESERVED
 CVE-2019-6570
 	RESERVED
-CVE-2019-6569
-	RESERVED
+CVE-2019-6569 (A vulnerability has been identified in Scalance X-200 (All versions),  ...)
+	TODO: check
 CVE-2019-6568
 	RESERVED
 CVE-2019-6567
@@ -22419,13 +22476,13 @@ CVE-2019-1574
 CVE-2019-1573
 	RESERVED
 CVE-2019-1572
-	RESERVED
-CVE-2019-1571
-	RESERVED
-CVE-2019-1570
-	RESERVED
-CVE-2019-1569
-	RESERVED
+	REJECTED
+CVE-2019-1571 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
+	TODO: check
+CVE-2019-1570 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
+	TODO: check
+CVE-2019-1569 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
+	TODO: check
 CVE-2019-1568
 	RESERVED
 CVE-2019-1567
@@ -66761,7 +66818,7 @@ CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic &
 	NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic < V ...)
 	NOT-FOR-US: Siemens / TeleControl Server Basic
-CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers C ...)
+CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...)
 	NOT-FOR-US: Desigo
 CVE-2018-4833 (A vulnerability has been identified in RFID 181-EIP (All versions), RU ...)
 	NOT-FOR-US: Siemens
@@ -115175,7 +115232,6 @@ CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows r
 CVE-2017-5968
 	RESERVED
 CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIME ...)
-	{DLA-1731-1}
 	- linux 4.9.13-1 (low)
 CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...)
 	NOT-FOR-US: Sitecore
@@ -116911,7 +116967,6 @@ CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compare
 	NOTE: https://github.com/achernya/hesiod/pull/9
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508
 CVE-2016-10150 (Use-after-free vulnerability in the kvm_ioctl_create_device function i ...)
-	{DLA-1731-1}
 	- linux 4.8.15-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad49533f21d447763ba18d3737b279687dd4ec1a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad49533f21d447763ba18d3737b279687dd4ec1a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190327/fbeef868/attachment-0001.html>
