[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon May 6 21:10:34 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a7e2567 by security tracker role at 2019-05-06T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...)
+ TODO: check
+CVE-2019-11806
+ RESERVED
+CVE-2019-11805
+ RESERVED
+CVE-2019-11804
+ RESERVED
+CVE-2019-11803
+ RESERVED
+CVE-2019-11802
+ RESERVED
+CVE-2019-11801
+ RESERVED
+CVE-2019-11800
+ RESERVED
+CVE-2019-11799
+ RESERVED
+CVE-2019-11798
+ RESERVED
+CVE-2019-11797
+ RESERVED
+CVE-2019-11796
+ RESERVED
+CVE-2019-11795
+ RESERVED
+CVE-2019-11794
+ RESERVED
+CVE-2019-11793
+ RESERVED
+CVE-2019-11792
+ RESERVED
+CVE-2019-11791
+ RESERVED
+CVE-2019-11790
+ RESERVED
+CVE-2019-11789
+ RESERVED
+CVE-2019-11788
+ RESERVED
+CVE-2019-11787
+ RESERVED
+CVE-2019-11786
+ RESERVED
+CVE-2019-11785
+ RESERVED
+CVE-2019-11784
+ RESERVED
+CVE-2019-11783
+ RESERVED
+CVE-2019-11782
+ RESERVED
+CVE-2019-11781
+ RESERVED
+CVE-2019-11780
+ RESERVED
+CVE-2019-11779
+ RESERVED
+CVE-2019-11778
+ RESERVED
+CVE-2019-11777
+ RESERVED
+CVE-2019-11776
+ RESERVED
+CVE-2019-11775
+ RESERVED
+CVE-2019-11774
+ RESERVED
+CVE-2019-11773
+ RESERVED
+CVE-2019-11772
+ RESERVED
+CVE-2019-11771
+ RESERVED
+CVE-2019-11770
+ RESERVED
+CVE-2019-11769
+ RESERVED
+CVE-2019-11768
+ RESERVED
CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...)
- phpbb3 <removed>
[jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to disable the remote avatar function)
@@ -2029,6 +2109,7 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se
NOTE: https://github.com/matrixssl/matrixssl/issues/26
CVE-2019-10913
RESERVED
+ {DLA-1778-1}
- symfony 3.4.22+dfsg-2
NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
CVE-2019-10912
@@ -2038,18 +2119,21 @@ CVE-2019-10912
NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
CVE-2019-10911
RESERVED
+ {DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
CVE-2019-10910
RESERVED
+ {DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
CVE-2019-10909
RESERVED
+ {DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
@@ -3635,8 +3719,8 @@ CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plu
NOT-FOR-US: Jenkins plugin
CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10249
- RESERVED
+CVE-2019-10249 (All Xtext & Xtend versions prior to 2.18.0 were built using HTTP i ...)
+ TODO: check
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...)
NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...)
@@ -16305,16 +16389,16 @@ CVE-2019-5436
RESERVED
CVE-2019-5435
RESERVED
-CVE-2019-5434
- RESERVED
-CVE-2019-5433
- RESERVED
-CVE-2019-5432
- RESERVED
-CVE-2019-5431
- RESERVED
-CVE-2019-5430
- RESERVED
+CVE-2019-5434 (An attacker could send a specifically crafted payload to the XML-RPC i ...)
+ TODO: check
+CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance could be ...)
+ TODO: check
+CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT Brokers us ...)
+ TODO: check
+CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-0911. T ...)
+ TODO: check
+CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...)
+ TODO: check
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
- filezilla <unfixed> (low; bug #928282)
[stretch] - filezilla <no-dsa> (Minor issue)
@@ -19507,6 +19591,7 @@ CVE-2019-3884
RESERVED
NOT-FOR-US: atomic-openshift
CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...)
+ {DLA-1779-1}
- 389-ds-base <unfixed> (bug #927939)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
NOTE: https://pagure.io/389-ds-base/issue/50329
@@ -19877,12 +19962,12 @@ CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain jav
NOT-FOR-US: Cloud Foundry
CVE-2019-3800
RESERVED
-CVE-2019-3799
- RESERVED
+CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...)
+ TODO: check
CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, ...)
NOT-FOR-US: Cloud Foundry
-CVE-2019-3797
- RESERVED
+CVE-2019-3797 (This affects Spring Data JPA in versions up to and including 2.1.5, 2. ...)
+ TODO: check
CVE-2019-3796
RESERVED
CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...)
@@ -20369,10 +20454,10 @@ CVE-2019-3567
RESERVED
CVE-2019-3566
RESERVED
-CVE-2019-3565
- RESERVED
-CVE-2019-3564
- RESERVED
+CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...)
+ TODO: check
+CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...)
+ TODO: check
CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...)
NOT-FOR-US: Facebook Wangle
CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...)
@@ -20381,10 +20466,10 @@ CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functio
- hhvm <removed>
CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
NOT-FOR-US: Fizz
-CVE-2019-3559
- RESERVED
-CVE-2019-3558
- RESERVED
+CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving messages w ...)
+ TODO: check
+CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving messages ...)
+ TODO: check
CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...)
- hhvm <removed>
CVE-2019-3556
@@ -20395,8 +20480,8 @@ CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acc
NOT-FOR-US: Facebook Wangle
CVE-2019-3553
RESERVED
-CVE-2019-3552
- RESERVED
+CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...)
+ TODO: check
CVE-2019-3551
RESERVED
CVE-2019-3550
@@ -37064,11 +37149,9 @@ CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.
NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17203
REJECTED
-CVE-2018-17202
- RESERVED
+CVE-2018-17202 (Certain input files could make the code to enter into an infinite loop ...)
NOTE: Apache Commons Imaging
-CVE-2018-17201
- RESERVED
+CVE-2018-17201 (Certain input files could make the code hang when Apache Sanselan 0.97 ...)
NOTE: Apache Commons Imaging
CVE-2018-17200
RESERVED
@@ -45592,8 +45675,7 @@ CVE-2018-13992
CVE-2018-13991
RESERVED
NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13990
- RESERVED
+CVE-2018-13990 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior ...)
NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13989 (Grundig Smart Inter at ctive TV 3.0 devices allow CSRF attacks via a POST ...)
NOT-FOR-US: Grundig Smart Inter at ctive TV 3.0 devices
@@ -45611,8 +45693,8 @@ CVE-2018-13985
RESERVED
CVE-2018-13984
RESERVED
-CVE-2018-13983
- RESERVED
+CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...)
+ TODO: check
CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...)
- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
[jessie] - smarty3 <not-affected> (vulnerable code not present)
@@ -73093,32 +73175,32 @@ CVE-2018-4075
RESERVED
CVE-2018-4074
RESERVED
-CVE-2018-4073
- RESERVED
-CVE-2018-4072
- RESERVED
-CVE-2018-4071
- RESERVED
-CVE-2018-4070
- RESERVED
-CVE-2018-4069
- RESERVED
-CVE-2018-4068
- RESERVED
-CVE-2018-4067
- RESERVED
-CVE-2018-4066
- RESERVED
-CVE-2018-4065
- RESERVED
+CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
+ TODO: check
+CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
+ TODO: check
+CVE-2018-4071 (An exploitable Information Disclosure vulnerability exists in the ACEM ...)
+ TODO: check
+CVE-2018-4070 (An exploitable Information Disclosure vulnerability exists in the ACEM ...)
+ TODO: check
+CVE-2018-4069 (An information disclosure vulnerability exists in the ACEManager authe ...)
+ TODO: check
+CVE-2018-4068 (An exploitable information disclosure vulnerability exists in the ACEM ...)
+ TODO: check
+CVE-2018-4067 (An exploitable information disclosure vulnerability exists in the ACEM ...)
+ TODO: check
+CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in the ...)
+ TODO: check
+CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...)
+ TODO: check
CVE-2018-4064
RESERVED
-CVE-2018-4063
- RESERVED
-CVE-2018-4062
- RESERVED
-CVE-2018-4061
- RESERVED
+CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...)
+ TODO: check
+CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...)
+ TODO: check
+CVE-2018-4061 (An exploitable command injection vulnerability exists in the ACEManage ...)
+ TODO: check
CVE-2018-4060
RESERVED
CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a7e2567411d5d8bff362c760ce52e906e0c30d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a7e2567411d5d8bff362c760ce52e906e0c30d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190506/5e7e7926/attachment.html>
More information about the debian-security-tracker-commits
mailing list