[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 10 09:10:24 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7aa25e46 by security tracker role at 2019-05-10T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2019-11872
+ RESERVED
+CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...)
+ TODO: check
+CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in t ...)
+ TODO: check
+CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it ...)
+ TODO: check
+CVE-2019-11868
+ RESERVED
+CVE-2019-11867
+ RESERVED
+CVE-2019-11866
+ RESERVED
+CVE-2019-11865
+ RESERVED
+CVE-2019-11864
+ RESERVED
+CVE-2019-11863
+ RESERVED
+CVE-2019-11862
+ RESERVED
+CVE-2019-11861
+ RESERVED
+CVE-2019-11860
+ RESERVED
+CVE-2019-11859
+ RESERVED
+CVE-2019-11858
+ RESERVED
+CVE-2019-11857
+ RESERVED
+CVE-2019-11856
+ RESERVED
+CVE-2019-11855
+ RESERVED
+CVE-2019-11854
+ RESERVED
+CVE-2019-11853
+ RESERVED
+CVE-2019-11852
+ RESERVED
+CVE-2019-11851
+ RESERVED
+CVE-2019-11850
+ RESERVED
+CVE-2019-11849
+ RESERVED
+CVE-2019-11848
+ RESERVED
+CVE-2019-11847
+ RESERVED
+CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu ...)
+ TODO: check
CVE-2019-11846
RESERVED
CVE-2019-11845
@@ -663,8 +717,8 @@ CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog p
NOT-FOR-US: Print My Blog plugin for WordPress
CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows rem ...)
NOT-FOR-US: HumHub
-CVE-2019-11563
- RESERVED
+CVE-2019-11563 (Shenzhen Sricctv DeviceViewer for XP has a Buffer Overflow via the use ...)
+ TODO: check
CVE-2019-11562
RESERVED
CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...)
@@ -2216,31 +2270,32 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se
NOTE: https://github.com/matrixssl/matrixssl/issues/26
CVE-2019-10913
RESERVED
- {DLA-1778-1}
+ {DSA-4441-1 DLA-1778-1}
- symfony 3.4.22+dfsg-2
NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
CVE-2019-10912
RESERVED
+ {DSA-4441-1}
- symfony 3.4.22+dfsg-2
[jessie] - symfony <not-affected> (vulnerable code is not present)
NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
CVE-2019-10911
RESERVED
- {DLA-1778-1}
+ {DSA-4441-1 DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
CVE-2019-10910
RESERVED
- {DLA-1778-1}
+ {DSA-4441-1 DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
CVE-2019-10909
RESERVED
- {DLA-1778-1}
+ {DSA-4441-1 DLA-1778-1}
- drupal7 <not-affected> (Drupal 7 core not affected)
- symfony 3.4.22+dfsg-2
NOTE: https://www.drupal.org/SA-CORE-2019-005
@@ -4101,6 +4156,7 @@ CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick b
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ccc28ee4c777d915f95919ac3bcf8adf93037a7
CVE-2019-10130 [Selectivity estimators bypass row security policies]
RESERVED
+ {DSA-4439-1}
- postgresql-11 11.3-1
- postgresql-9.6 <removed>
- postgresql-9.4 <removed>
@@ -10858,8 +10914,8 @@ CVE-2019-7655
RESERVED
CVE-2019-7654
RESERVED
-CVE-2019-7652
- RESERVED
+CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...)
+ TODO: check
CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...)
NOT-FOR-US: Emsisoft Anti-Malware
CVE-2019-7650
@@ -13883,7 +13939,7 @@ CVE-2019-6466
RESERVED
CVE-2019-6465 [Zone transfer controls for writable DLZ zones were not effective]
RESERVED
- {DLA-1697-1}
+ {DSA-4440-1 DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922955)
NOTE: https://kb.isc.org/docs/cve-2019-6465
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/a9307de85e147f4756c75d15aa221d2262df7d67
@@ -27490,11 +27546,11 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows lo
CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correc ...)
NOT-FOR-US: OpenLiteSpeed
CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...)
- {DLA-1707-1}
+ {DSA-4441-1 DLA-1707-1}
- symfony 3.4.20+dfsg-1
NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2 ...)
- {DLA-1707-1}
+ {DSA-4441-1 DLA-1707-1}
- symfony 3.4.20+dfsg-1
NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user wi ...)
@@ -43482,7 +43538,7 @@ CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2
[jessie] - symfony <not-affected> (Vulnerable code not present, introduced later in commit 4c8a25a6e2)
NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through 2. ...)
- {DLA-1707-1}
+ {DSA-4441-1 DLA-1707-1}
- symfony 3.4.14+dfsg-1
NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
CVE-2018-14772 (Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution v ...)
@@ -68980,7 +69036,7 @@ CVE-2018-5746
RESERVED
CVE-2018-5745 [An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys]
RESERVED
- {DLA-1697-1}
+ {DSA-4440-1 DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922954)
NOTE: https://kb.isc.org/docs/cve-2018-5745
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/235a64a5a4c0143b183bd55f6ed756741d4d7880
@@ -68997,6 +69053,7 @@ CVE-2018-5744 [A specially crafted packet can cause named to leak memory]
NOTE: Test: https://gitlab.isc.org/isc-projects/bind9/commit/fe4810f1f8f75a4d5a96542fc6085109c94a3ee5
CVE-2018-5743 [Limiting simultaneous TCP clients is ineffective]
RESERVED
+ {DSA-4440-1}
- bind9 1:9.11.5.P4+dfsg-4 (bug #927932)
NOTE: https://kb.isc.org/docs/cve-2018-5743
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9689ffc485df8f971f0ad81ab8ab1f5389493776
@@ -162555,8 +162612,8 @@ CVE-2016-1602 (A code injection in the supportconfig data collection tool in sup
NOT-FOR-US: SLES support tool
CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, do ...)
NOT-FOR-US: yast2-users / SuSE YAST
-CVE-2016-1600
- RESERVED
+CVE-2016-1600 (The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 ...)
+ TODO: check
CVE-2016-1599 (Cross-site scripting (XSS) vulnerability in NetIQ Self Service Passwor ...)
NOT-FOR-US: NetIQ Self Service Password Reset
CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attacke ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aa25e461569fae8d5ce6ded39915f6feb3ab74e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aa25e461569fae8d5ce6ded39915f6feb3ab74e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190510/63cc89bc/attachment.html>
More information about the debian-security-tracker-commits
mailing list