[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 8 21:10:35 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50f667ce by security tracker role at 2019-05-08T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,38 @@
-CVE-2019-11815 [net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock()]
+CVE-2019-11829
+ RESERVED
+CVE-2019-11828
+ RESERVED
+CVE-2019-11827
+ RESERVED
+CVE-2019-11826
+ RESERVED
+CVE-2019-11825
+ RESERVED
+CVE-2019-11824
+ RESERVED
+CVE-2019-11823
+ RESERVED
+CVE-2019-11822
+ RESERVED
+CVE-2019-11821
+ RESERVED
+CVE-2019-11820
+ RESERVED
+CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro ...)
+ TODO: check
+CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross site sc ...)
+ TODO: check
+CVE-2019-11817
+ RESERVED
+CVE-2019-11816
+ RESERVED
+CVE-2019-11814 (An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.1 ...)
+ TODO: check
+CVE-2019-11813 (An issue was discovered in app/View/Elements/Events/View/value_field.c ...)
+ TODO: check
+CVE-2019-11812 (A persistent XSS issue was discovered in app/View/Helper/CommandHelper ...)
+ TODO: check
+CVE-2019-11815 (An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the L ...)
- linux 4.19.37-1
NOTE: Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63
CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4. There is a u ...)
@@ -365,10 +399,10 @@ CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/g
[stretch] - groonga <no-dsa> (Minor issue, can be fixed via point release)
CVE-2019-11644
RESERVED
-CVE-2019-11643
- RESERVED
-CVE-2019-11642
- RESERVED
+CVE-2019-11643 (Persistent XSS has been found in the OneShield Policy (Dragon Core) fr ...)
+ TODO: check
+CVE-2019-11642 (A log poisoning vulnerability has been discovered in the OneShield Pol ...)
+ TODO: check
CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerpri ...)
NOT-FOR-US: Anomali Agave
CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...)
@@ -583,14 +617,14 @@ CVE-2019-11566
RESERVED
CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog plugin ...)
NOT-FOR-US: Print My Blog plugin for WordPress
-CVE-2019-11564
- RESERVED
+CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows rem ...)
+ TODO: check
CVE-2019-11563
RESERVED
CVE-2019-11562
RESERVED
-CVE-2019-11561
- RESERVED
+CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...)
+ TODO: check
CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...)
NOT-FOR-US: hisilicon
CVE-2019-11559
@@ -609,8 +643,8 @@ CVE-2019-11552
RESERVED
CVE-2019-11551
RESERVED
-CVE-2019-11550
- RESERVED
+CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before ...)
+ TODO: check
CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly]
RESERVED
- gitlab 11.8.9+dfsg-1 (bug #928221)
@@ -703,14 +737,14 @@ CVE-2019-11512
RESERVED
CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2019-11510
- RESERVED
+CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
+ TODO: check
CVE-2019-11509
RESERVED
-CVE-2019-11508
- RESERVED
-CVE-2019-11507
- RESERVED
+CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
+ TODO: check
+CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9. ...)
+ TODO: check
CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, the ...)
- graphicsmagick 1.4~hg15968-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
@@ -735,8 +769,7 @@ CVE-2019-11501
RESERVED
CVE-2019-11500
RESERVED
-CVE-2019-11499 [Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent]
- RESERVED
+CVE-2019-11499 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...)
- dovecot 1:2.3.4.1-5 (bug #928235)
[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
@@ -753,8 +786,7 @@ CVE-2019-11496
RESERVED
CVE-2019-11495
RESERVED
-CVE-2019-11494 [Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting.]
- RESERVED
+CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...)
- dovecot 1:2.3.4.1-5 (bug #928235)
[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
@@ -878,8 +910,8 @@ CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() fun
CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...)
- linux 3.11.7-1
NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
-CVE-2019-11458
- RESERVED
+CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserial ...)
+ TODO: check
CVE-2019-11457
RESERVED
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
@@ -989,8 +1021,8 @@ CVE-2019-11408
RESERVED
CVE-2019-11407
RESERVED
-CVE-2019-11406
- RESERVED
+CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, o ...)
+ TODO: check
CVE-2019-11405 (OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses ...)
NOT-FOR-US: OpenAPI Tools OpenAPI Generator
CVE-2019-11404 (arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compi ...)
@@ -1005,8 +1037,8 @@ CVE-2019-11400
RESERVED
CVE-2019-11399
RESERVED
-CVE-2019-11398
- RESERVED
+CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 a ...)
+ TODO: check
CVE-2019-11397
RESERVED
CVE-2019-11396
@@ -5853,8 +5885,8 @@ CVE-2019-9700
RESERVED
CVE-2019-9699
RESERVED
-CVE-2019-9698
- RESERVED
+CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...)
+ TODO: check
CVE-2019-9697
RESERVED
CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible to a ...)
@@ -6384,8 +6416,8 @@ CVE-2019-9507
RESERVED
CVE-2019-9506
RESERVED
-CVE-2019-9505
- RESERVED
+CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and includi ...)
+ TODO: check
CVE-2019-9504
RESERVED
CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
@@ -9117,8 +9149,8 @@ CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer fe
NOT-FOR-US: Musicloud
CVE-2019-8388
RESERVED
-CVE-2019-8387
- RESERVED
+CVE-2019-8387 (MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, r ...)
+ TODO: check
CVE-2019-8386
RESERVED
CVE-2019-8385
@@ -9211,8 +9243,8 @@ CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 c
NOT-FOR-US: Heimdal Thor Agent
CVE-2019-8350
RESERVED
-CVE-2019-8349
- RESERVED
+CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 all ...)
+ TODO: check
CVE-2019-8348
RESERVED
CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via ...)
@@ -9412,8 +9444,8 @@ CVE-2019-8287
RESERVED
CVE-2019-8286
RESERVED
-CVE-2019-8285
- RESERVED
+CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-b ...)
+ TODO: check
CVE-2019-8284
RESERVED
CVE-2019-8283
@@ -17264,8 +17296,8 @@ CVE-2019-5023
RESERVED
CVE-2019-5022
REJECTED
-CVE-2019-5021
- RESERVED
+CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...)
+ TODO: check
CVE-2019-5020
RESERVED
CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint document ...)
@@ -17278,8 +17310,8 @@ CVE-2019-5016
RESERVED
CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS X vers ...)
NOT-FOR-US: Apple
-CVE-2019-5014
- RESERVED
+CVE-2019-5014 (An exploitable improper access control vulnerability exists in the blu ...)
+ TODO: check
CVE-2019-5013
RESERVED
CVE-2019-5012
@@ -25625,30 +25657,30 @@ CVE-2019-2056
RESERVED
CVE-2019-2055
RESERVED
-CVE-2019-2054
- RESERVED
-CVE-2019-2053
- RESERVED
-CVE-2019-2052
- RESERVED
-CVE-2019-2051
- RESERVED
-CVE-2019-2050
- RESERVED
-CVE-2019-2049
- RESERVED
+CVE-2019-2054 (In the seccomp implementation prior to kernel version 4.8, there is a ...)
+ TODO: check
+CVE-2019-2053 (In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible ou ...)
+ TODO: check
+CVE-2019-2052 (In VisitPointers of heap.cc, there is a possible out-of-bounds read du ...)
+ TODO: check
+CVE-2019-2051 (In heap of spaces.h, there is a possible out of bounds read due to imp ...)
+ TODO: check
+CVE-2019-2050 (In tearDownClientInterface of WificondControl.java, there is a possibl ...)
+ TODO: check
+CVE-2019-2049 (In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is ...)
+ TODO: check
CVE-2019-2048
RESERVED
-CVE-2019-2047
- RESERVED
-CVE-2019-2046
- RESERVED
-CVE-2019-2045
- RESERVED
-CVE-2019-2044
- RESERVED
-CVE-2019-2043
- RESERVED
+CVE-2019-2047 (In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write ...)
+ TODO: check
+CVE-2019-2046 (In CalculateInstanceSizeForDerivedClass of objects.cc, there is possib ...)
+ TODO: check
+CVE-2019-2045 (In JSCallTyper of typer.cc, there is an out of bounds write due to an ...)
+ TODO: check
+CVE-2019-2044 (In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a ...)
+ TODO: check
+CVE-2019-2043 (In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possi ...)
+ TODO: check
CVE-2019-2042
RESERVED
CVE-2019-2041 (In the configuration of NFC modules on certain devices, there is a pos ...)
@@ -69706,10 +69738,10 @@ CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a sto
NOT-FOR-US: Pixar Tractor
CVE-2018-5410 (Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a ...)
NOT-FOR-US: Dokan
-CVE-2018-5409
- RESERVED
-CVE-2018-5408
- RESERVED
+CVE-2018-5409 (The PrinterLogic Print Management software, versions up to and includi ...)
+ TODO: check
+CVE-2018-5408 (The PrinterLogic Print Management software, versions up to and includi ...)
+ TODO: check
CVE-2018-5407 (Simultaneous Multi-threading (SMT) in processors can enable local user ...)
{DSA-4355-1 DSA-4348-1 DLA-1586-1}
- openssl 1.1.1~~pre9-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50f667cecf31dfdc1a56c93c11ab78635cd21f06
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50f667cecf31dfdc1a56c93c11ab78635cd21f06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190508/f73c0641/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list