[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 9 21:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
81abf8d5 by security tracker role at 2019-05-09T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,24 @@
-CVE-2019-11842 [Use SystemRandom for token generation]
+CVE-2019-11846
+ RESERVED
+CVE-2019-11845
+ RESERVED
+CVE-2019-11844
+ RESERVED
+CVE-2019-11843
+ RESERVED
+CVE-2019-11841
+ RESERVED
+CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
+ TODO: check
+CVE-2019-11839 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...)
+ TODO: check
+CVE-2019-11838 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...)
+ TODO: check
+CVE-2019-11837 (njs through 0.3.1, used in NGINX, has a segmentation fault in String.p ...)
+ TODO: check
+CVE-2019-11836 (The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android ...)
+ TODO: check
+CVE-2019-11842 (An issue was discovered in Matrix Sydent before 1.0.3 and Synapse befo ...)
- matrix-synapse 0.99.2-5
NOTE: https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a/
CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to multiline ...)
@@ -964,7 +984,7 @@ CVE-2019-11446 (An issue was discovered in ATutor through 2.2.4. It allows the u
NOT-FOR-US: ATutor
CVE-2019-11445 (OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JS ...)
NOT-FOR-US: OpenKM
-CVE-2019-11444 (An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker ca ...)
+CVE-2019-11444 (** DISPUTED ** An issue was discovered in Liferay Portal CE 7.1.2 GA3. ...)
NOT-FOR-US: Liferay Portal CE
CVE-2019-11443
RESERVED
@@ -1171,8 +1191,8 @@ CVE-2019-11355
RESERVED
CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...)
NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows
-CVE-2019-11353
- RESERVED
+CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker ...)
+ TODO: check
CVE-2019-11352
RESERVED
CVE-2019-11351 (TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt ...)
@@ -1238,8 +1258,8 @@ CVE-2019-11326
RESERVED
CVE-2019-11325
RESERVED
-CVE-2019-11323
- RESERVED
+CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ...)
+ TODO: check
CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases ...)
- python-urllib3 <unfixed> (bug #927412)
NOTE: https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
@@ -4169,6 +4189,7 @@ CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_g
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815 [device_tree: heap buffer overflow while loading device tree blob]
RESERVED
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-7
[stretch] - qemu <postponed> (Minor issue)
- qemu-kvm <removed>
@@ -5431,8 +5452,8 @@ CVE-2019-9849
RESERVED
CVE-2019-9848
RESERVED
-CVE-2019-9847
- RESERVED
+CVE-2019-9847 (A vulnerability in LibreOffice hyperlink processing allows an attacker ...)
+ TODO: check
CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_existin ...)
- linux 4.19.37-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5522,6 +5543,7 @@ CVE-2019-9825 (FeiFeiCMS 4.1.190209 allows remote attackers to upload and execut
NOT-FOR-US: FeiFeiCMS
CVE-2019-9824
RESERVED
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-6
[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
- qemu-kvm <removed>
@@ -9188,7 +9210,7 @@ CVE-2019-8385
RESERVED
CVE-2019-8384
RESERVED
-CVE-2019-8383 (An issue was discovered in AdvanceCOMP before 2.1. An invalid memory a ...)
+CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory ...)
- advancecomp <unfixed> (bug #928730)
[stretch] - advancecomp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/272/
@@ -9201,7 +9223,7 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory acc
NOTE: Crash in a CLI tool, no security impact
CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...)
NOT-FOR-US: Bento4
-CVE-2019-8379 (An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer dere ...)
+CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...)
- advancecomp <unfixed> (bug #928729)
[stretch] - advancecomp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/271/
@@ -12149,8 +12171,8 @@ CVE-2019-7183
RESERVED
CVE-2019-7182
RESERVED
-CVE-2019-7181
- RESERVED
+CVE-2019-7181 (Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and ea ...)
+ TODO: check
CVE-2019-7180
RESERVED
CVE-2019-7179
@@ -13573,12 +13595,12 @@ CVE-2019-6568 (A vulnerability has been identified in CP1604 (All versions), CP1
NOT-FOR-US: Siemens
CVE-2019-6567
RESERVED
-CVE-2019-6566
- RESERVED
+CVE-2019-6566 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...)
+ TODO: check
CVE-2019-6565 (Moxa IKS and EDS fails to properly validate user input, giving unauthe ...)
NOT-FOR-US: Moxa
-CVE-2019-6564
- RESERVED
+CVE-2019-6564 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...)
+ TODO: check
CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5 ...)
NOT-FOR-US: Moxa
CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the softwa ...)
@@ -13609,16 +13631,16 @@ CVE-2019-6550 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple sta
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a XML file ...)
NOT-FOR-US: PR100088 Modbus
-CVE-2019-6548
- RESERVED
+CVE-2019-6548 (GE Communicator, all versions prior to 4.0.517, contains two backdoor ...)
+ TODO: check
CVE-2019-6547 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
NOT-FOR-US: Delta Industrial Automation CNCSoft
-CVE-2019-6546
- RESERVED
+CVE-2019-6546 (GE Communicator, all versions prior to 4.0.517, allows an attacker to ...)
+ TODO: check
CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
NOT-FOR-US: AVEVA
-CVE-2019-6544
- RESERVED
+CVE-2019-6544 (GE Communicator, all versions prior to 4.0.517, has a service running ...)
+ TODO: check
CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
NOT-FOR-US: AVEVA
CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior t ...)
@@ -19265,10 +19287,10 @@ CVE-2019-4074 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1
NOT-FOR-US: IBM
CVE-2019-4073 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
NOT-FOR-US: IBM
-CVE-2019-4072
- RESERVED
-CVE-2019-4071
- RESERVED
+CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard ...)
+ TODO: check
+CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard ...)
+ TODO: check
CVE-2019-4070
RESERVED
CVE-2019-4069
@@ -27052,8 +27074,8 @@ CVE-2019-1570 (The Expedition Migration tool 1.1.8 and earlier may allow an auth
NOT-FOR-US: Expedition Migration tool
CVE-2019-1569 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
NOT-FOR-US: Expedition Migration tool
-CVE-2019-1568
- RESERVED
+CVE-2019-1568 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto ...)
+ TODO: check
CVE-2019-1567 (The Expedition Migration tool 1.1.6 and earlier may allow an authentic ...)
NOT-FOR-US: Expedition Migration tool
CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN- ...)
@@ -31538,8 +31560,7 @@ CVE-2019-0227 (A Server Side Request Forgery (SSRF) vulnerability affected the A
NOTE: disclosure mentions "03/12/2019 - Apache applied SSRF patch":
NOTE: https://github.com/RhinoSecurityLabs/CVEs/issues/1
NOTE: https://github.com/apache/axis1-java/commit/35511b872a6460129cfc0cd35baaccbd820977b5
-CVE-2019-0226
- RESERVED
+CVE-2019-0226 (Apache Karaf Config service provides a install method (via service or ...)
- apache-karaf <itp> (bug #881297)
CVE-2019-0225 (A specially crafted url could be used to access files under the ROOT d ...)
- jspwiki <removed>
@@ -32921,6 +32942,7 @@ CVE-2018-18851
CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authen ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-18849 (In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-boun ...)
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-1 (bug #912535)
[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
- qemu-kvm <removed>
@@ -51387,6 +51409,7 @@ CVE-2018-11808 (Incorrect Access Control in CustomFieldsFeedServlet in Zoho Mana
CVE-2018-11807
RESERVED
CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via inc ...)
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-1 (bug #901017)
[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
@@ -98805,8 +98828,8 @@ CVE-2017-12841
RESERVED
CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...)
NOTE: DESLock+
-CVE-2017-12839
- RESERVED
+CVE-2017-12839 (A heap-based buffer over-read in the getbits function in src/libmpg123 ...)
+ TODO: check
CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...)
NOT-FOR-US: NexusPHP
CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in P ...)
@@ -98882,12 +98905,12 @@ CVE-2017-12808
RESERVED
CVE-2017-12807
REJECTED
-CVE-2017-12806
- RESERVED
-CVE-2017-12805
- RESERVED
-CVE-2017-12804
- RESERVED
+CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
+ TODO: check
+CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
+ TODO: check
+CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1. ...)
+ TODO: check
CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0. ...)
NOT-FOR-US: mkclean
CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 201 ...)
@@ -98939,12 +98962,12 @@ CVE-2017-12791 (Directory traversal vulnerability in minion id validation in Sal
NOTE: https://github.com/saltstack/salt/pull/42944
NOTE: https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a
NOTE: https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
-CVE-2017-12790
- RESERVED
+CVE-2017-12790 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The ...)
+ TODO: check
CVE-2017-12789
RESERVED
-CVE-2017-12788
- RESERVED
+CVE-2017-12788 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
+ TODO: check
CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, includ ...)
NOT-FOR-US: NoviWare
CVE-2017-12786 (Network interfaces of the cliengine and noviengine services, included ...)
@@ -98963,8 +98986,8 @@ CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through 2012-0
NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in mkvalidator 0. ...)
NOT-FOR-US: libembl2 (different codebase than src:libebml)
-CVE-2017-12778
- RESERVED
+CVE-2017-12778 (The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Aut ...)
+ TODO: check
CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to non-UFO path ...)
{DSA-3981-1}
- linux 4.12.6-1 (low)
@@ -99041,16 +99064,16 @@ CVE-2017-12762 (In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is cop
- linux 4.13.4-1 (unimportant)
NOTE: Fixed by: https://git.kernel.org/linus/9f5af546e6acc30f075828cb58c7f09665033967 (v4.13-rc4)
NOTE: Driver is disabled since squeeze and unmaintained for a long time
-CVE-2017-12761
- RESERVED
-CVE-2017-12760
- RESERVED
-CVE-2017-12759
- RESERVED
-CVE-2017-12758
- RESERVED
-CVE-2017-12757
- RESERVED
+CVE-2017-12761 (http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by ...)
+ TODO: check
+CVE-2017-12760 (Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa ...)
+ TODO: check
+CVE-2017-12759 (Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Man ...)
+ TODO: check
+CVE-2017-12758 (https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 ...)
+ TODO: check
+CVE-2017-12757 (Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Inje ...)
+ TODO: check
CVE-2017-12756 (Command inject in transfer from another server in extplorer 2.1.9 and ...)
{DLA-1063-1}
- extplorer <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81abf8d568fa3fee389a74d2a8d5dfa0a347009b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81abf8d568fa3fee389a74d2a8d5dfa0a347009b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190509/396e1deb/attachment.html>
More information about the debian-security-tracker-commits
mailing list