[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 28 08:10:22 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e8e24e88 by security tracker role at 2019-03-28T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-10249
+ RESERVED
+CVE-2019-10248
+ RESERVED
+CVE-2019-10247
+ RESERVED
+CVE-2019-10246
+ RESERVED
+CVE-2019-10245
+ RESERVED
+CVE-2019-10244
+ RESERVED
+CVE-2019-10243
+ RESERVED
+CVE-2019-10242
+ RESERVED
+CVE-2019-10241
+ RESERVED
+CVE-2019-10240
+ RESERVED
+CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a d ...)
+ TODO: check
CVE-2019-10239
RESERVED
CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the file ...)
@@ -22285,58 +22307,58 @@ CVE-2019-1764 (A vulnerability in the web-based management interface of Session
NOT-FOR-US: Cisco
CVE-2019-1763 (A vulnerability in the web-based management interface of Session Initi ...)
NOT-FOR-US: Cisco
-CVE-2019-1762
- RESERVED
-CVE-2019-1761
- RESERVED
-CVE-2019-1760
- RESERVED
-CVE-2019-1759
- RESERVED
-CVE-2019-1758
- RESERVED
-CVE-2019-1757
- RESERVED
-CVE-2019-1756
- RESERVED
-CVE-2019-1755
- RESERVED
-CVE-2019-1754
- RESERVED
-CVE-2019-1753
- RESERVED
-CVE-2019-1752
- RESERVED
-CVE-2019-1751
- RESERVED
-CVE-2019-1750
- RESERVED
-CVE-2019-1749
- RESERVED
-CVE-2019-1748
- RESERVED
-CVE-2019-1747
- RESERVED
-CVE-2019-1746
- RESERVED
-CVE-2019-1745
- RESERVED
+CVE-2019-1762 (A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE ...)
+ TODO: check
+CVE-2019-1761 (A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of ...)
+ TODO: check
+CVE-2019-1760 (A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS ...)
+ TODO: check
+CVE-2019-1759 (A vulnerability in access control list (ACL) functionality of the Giga ...)
+ TODO: check
+CVE-2019-1758 (A vulnerability in 802.1x function of Cisco IOS Software on the Cataly ...)
+ TODO: check
+CVE-2019-1757 (A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and ...)
+ TODO: check
+CVE-2019-1756 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ TODO: check
+CVE-2019-1755 (A vulnerability in the Web Services Management Agent (WSMA) function o ...)
+ TODO: check
+CVE-2019-1754 (A vulnerability in the authorization subsystem of Cisco IOS XE Softwar ...)
+ TODO: check
+CVE-2019-1753 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2019-1752 (A vulnerability in the ISDN functions of Cisco IOS Software and Cisco ...)
+ TODO: check
+CVE-2019-1751 (A vulnerability in the Network Address Translation 64 (NAT64) function ...)
+ TODO: check
+CVE-2019-1750 (A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IO ...)
+ TODO: check
+CVE-2019-1749 (A vulnerability in the ingress traffic validation of Cisco IOS XE Soft ...)
+ TODO: check
+CVE-2019-1748 (A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisc ...)
+ TODO: check
+CVE-2019-1747 (A vulnerability in the implementation of the Short Message Service (SM ...)
+ TODO: check
+CVE-2019-1746 (A vulnerability in the Cluster Management Protocol (CMP) processing co ...)
+ TODO: check
+CVE-2019-1745 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ TODO: check
CVE-2019-1744
RESERVED
-CVE-2019-1743
- RESERVED
-CVE-2019-1742
- RESERVED
-CVE-2019-1741
- RESERVED
-CVE-2019-1740
- RESERVED
-CVE-2019-1739
- RESERVED
-CVE-2019-1738
- RESERVED
-CVE-2019-1737
- RESERVED
+CVE-2019-1743 (A vulnerability in the web UI framework of Cisco IOS XE Software could ...)
+ TODO: check
+CVE-2019-1742 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2019-1741 (A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature ...)
+ TODO: check
+CVE-2019-1740 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...)
+ TODO: check
+CVE-2019-1739 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...)
+ TODO: check
+CVE-2019-1738 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...)
+ TODO: check
+CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement (SLA) ...)
+ TODO: check
CVE-2019-1736
RESERVED
CVE-2019-1735
@@ -23528,8 +23550,8 @@ CVE-2019-1535
RESERVED
CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPor ...)
NOT-FOR-US: InfoVista VistaPortal
-CVE-2018-19648
- RESERVED
+CVE-2018-19648 (An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETC ...)
+ TODO: check
CVE-2018-19647
RESERVED
CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10 ...)
@@ -27351,10 +27373,9 @@ CVE-2019-0163
RESERVED
CVE-2019-0162
RESERVED
-CVE-2019-0161
- RESERVED
-CVE-2019-0160 [buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media]
- RESERVED
+CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...)
+ TODO: check
+CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthenticate ...)
- edk2 0~20181115.85588389-1
NOTE: https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370
NOTE: https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219
@@ -38885,8 +38906,8 @@ CVE-2018-14816 (Advantech WebAccess 8.3.1 and earlier has several stack-based bu
NOT-FOR-US: Advantech WebAccess
CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14814
- RESERVED
+CVE-2018-14814 (WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio ...)
+ TODO: check
CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) vulnerability has ...)
@@ -44866,8 +44887,8 @@ CVE-2018-12546 (In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a cli
[jessie] - mosquitto <ignored> (Minor issue)
NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
NOTE: https://mosquitto.org/files/cve/2018-12546
-CVE-2018-12545
- RESERVED
+CVE-2018-12545 (In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to ...)
+ TODO: check
CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML ...)
NOT-FOR-US: Eclipse Vert.x
CVE-2018-12543 (In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is ...)
@@ -46001,18 +46022,16 @@ CVE-2018-12185 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME b
NOT-FOR-US: Intel
CVE-2018-12184
RESERVED
-CVE-2018-12183
- RESERVED
-CVE-2018-12182
- RESERVED
-CVE-2018-12181 [Stack buffer overflow with corrupted BMP]
- RESERVED
+CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an unauthenticated user ...)
+ TODO: check
+CVE-2018-12182 (Insufficient memory write check in SMM service for EDK II may allow an ...)
+ TODO: check
+CVE-2018-12181 (Stack overflow in corrupted bmp for EDK II may allow unprivileged user ...)
- edk2 0~20181115.85588389-3 (bug #924615)
[stretch] - edk2 <no-dsa> (Minor issue, will be fixed via point update)
[jessie] - edk2 <end-of-life> (non-free is not supported)
NOTE: https://lists.01.org/pipermail/edk2-devel/2019-March/037626.html
-CVE-2018-12180 [Buffer Overflow in BlockIo service for RAM disk]
- RESERVED
+CVE-2018-12180 (Buffer overflow in BlockIo service for EDK II may allow an unauthentic ...)
- edk2 0~20181115.85588389-3 (bug #924615)
[stretch] - edk2 <no-dsa> (Minor issue, will be fixed via point update)
[jessie] - edk2 <end-of-life> (non-free is not supported)
@@ -46021,10 +46040,9 @@ CVE-2018-12180 [Buffer Overflow in BlockIo service for RAM disk]
NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037250.html
NOTE: https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f
NOTE: https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
-CVE-2018-12179
- RESERVED
-CVE-2018-12178 [improper DNS packet size check]
- RESERVED
+CVE-2018-12179 (Improper configuration in system firmware for EDK II may allow unauthe ...)
+ TODO: check
+CVE-2018-12178 (Buffer overflow in network stack for EDK II may allow unprivileged use ...)
- edk2 0~20181115.85588389-3 (bug #924615)
[stretch] - edk2 <no-dsa> (Minor issue, will be fixed via point update)
[jessie] - edk2 <end-of-life> (non-free is not supported)
@@ -70210,8 +70228,7 @@ CVE-2018-3614
RESERVED
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=751
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html
-CVE-2018-3613
- RESERVED
+CVE-2018-3613 (Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2 ...)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=415
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=44
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html
@@ -103695,8 +103712,8 @@ CVE-2017-9628 (An Information Exposure issue was discovered in Saia Burgess Cont
NOT-FOR-US: Saia Burgess Controls
CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...)
NOT-FOR-US: Schneider Electric
-CVE-2017-9626
- RESERVED
+CVE-2017-9626 (Systems using the Marel Food Processing Systems Pluto platform do not ...)
+ TODO: check
CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech EnviDAS Ul ...)
NOT-FOR-US: Envitech EnviDAS Ultimate
CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...)
@@ -110019,8 +110036,8 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurat
- jetty9 9.2.25-1 (low; bug #902953)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
-CVE-2017-7655
- RESERVED
+CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...)
+ TODO: check
CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability w ...)
{DSA-4325-1 DLA-1525-1}
- mosquitto 1.5.4-1 (bug #911265)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e24e88743744b31b58701e6b56d96f4139b4d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e24e88743744b31b58701e6b56d96f4139b4d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190328/5ba1a416/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list