[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 29 08:10:31 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
755ea048 by security tracker role at 2019-03-29T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-10276 (Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via t ...)
+ TODO: check
+CVE-2019-10275
+ RESERVED
+CVE-2019-10274
+ RESERVED
+CVE-2019-10273
+ RESERVED
+CVE-2019-10272
+ RESERVED
+CVE-2019-10271
+ RESERVED
+CVE-2019-10270
+ RESERVED
+CVE-2019-10269 (BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based b ...)
+ TODO: check
+CVE-2019-10268
+ RESERVED
+CVE-2019-10267
+ RESERVED
+CVE-2019-10266
+ RESERVED
+CVE-2019-10265
+ RESERVED
+CVE-2019-10264
+ RESERVED
+CVE-2019-10263
+ RESERVED
+CVE-2019-10262 (A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_ ...)
+ TODO: check
CVE-2019-1002101 [Mishandling of symlinks allows for arbitrary file write via `kubectl cp`]
- kubernetes <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://github.com/kubernetes/kubernetes/commit/b1f85e2dfec6e64d8e1bc272251277df0058ab20
@@ -3361,10 +3391,10 @@ CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, proceed_n
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...)
NOT-FOR-US: WooCommerce
-CVE-2019-9167
- RESERVED
-CVE-2019-9166
- RESERVED
+CVE-2019-9167 (Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 al ...)
+ TODO: check
+CVE-2019-9166 (Privilege escalation in Nagios XI before 5.5.11 allows local attackers ...)
+ TODO: check
CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows attacker ...)
TODO: check
CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...)
@@ -3933,7 +3963,7 @@ CVE-2019-8987 (The application server component of TIBCO Software Inc.'s TIBCO D
TODO: check
CVE-2019-8986 (The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO Ja ...)
NOT-FOR-US: TIBCO
-CVE-2019-8985 (On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based b ...)
+CVE-2019-8985 (On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices ...)
NOT-FOR-US: Netis devices
CVE-2019-8984 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2) ...)
NOT-FOR-US: MDaemon Webmail
@@ -9504,20 +9534,20 @@ CVE-2019-6610
RESERVED
CVE-2019-6609
RESERVED
-CVE-2019-6608
- RESERVED
-CVE-2019-6607
- RESERVED
-CVE-2019-6606
- RESERVED
-CVE-2019-6605
- RESERVED
-CVE-2019-6604
- RESERVED
-CVE-2019-6603
- RESERVED
-CVE-2019-6602
- RESERVED
+CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14 ...)
+ TODO: check
+CVE-2019-6607 (On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1 ...)
+ TODO: check
+CVE-2019-6606 (On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0. ...)
+ TODO: check
+CVE-2019-6605 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed seq ...)
+ TODO: check
+CVE-2019-6604 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1 ...)
+ TODO: check
+CVE-2019-6603 (In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0 ...)
+ TODO: check
+CVE-2019-6602 (In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility l ...)
+ TODO: check
CVE-2019-6601 (In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6600 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11 ...)
@@ -27289,16 +27319,14 @@ CVE-2019-0227
RESERVED
CVE-2019-0226
RESERVED
-CVE-2019-0225
- RESERVED
+CVE-2019-0225 (A specially crafted url could be used to access files under the ROOT d ...)
- jspwiki <removed>
-CVE-2019-0224
- RESERVED
+CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could ex ...)
- jspwiki <removed>
CVE-2019-0223
RESERVED
-CVE-2019-0222
- RESERVED
+CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...)
+ TODO: check
CVE-2019-0221
RESERVED
CVE-2019-0220
@@ -27317,8 +27345,8 @@ CVE-2019-0214
RESERVED
CVE-2019-0213
RESERVED
-CVE-2019-0212
- RESERVED
+CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1 ...)
+ TODO: check
CVE-2019-0211
RESERVED
CVE-2019-0210
@@ -64208,16 +64236,19 @@ CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...)
+ {DLA-1734-1}
- libraw 0.19.1-1
[stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...)
+ {DLA-1734-1}
- libraw 0.19.1-1
[stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...)
+ {DLA-1734-1}
- libraw 0.19.1-1
[stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
@@ -64266,6 +64297,7 @@ CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcr
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...)
+ {DLA-1734-1}
- libraw 0.18.11-1
[stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
@@ -64295,18 +64327,21 @@ CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.1
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...)
+ {DLA-1734-1}
- libraw 0.18.7-1
[stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...)
+ {DLA-1734-1}
- libraw 0.18.7-1
[stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...)
+ {DLA-1734-1}
- libraw 0.18.7-1
[stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/755ea048feaaf6e04d60ba8db0182d85ca229295
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/755ea048feaaf6e04d60ba8db0182d85ca229295
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190329/68255f0b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list