[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 10 21:10:27 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
583a6c26 by security tracker role at 2019-05-10T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-11883
+ RESERVED
+CVE-2019-11882
+ RESERVED
+CVE-2019-11881
+ RESERVED
+CVE-2019-11880
+ RESERVED
+CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...)
+ TODO: check
+CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...)
+ TODO: check
+CVE-2019-11877
+ RESERVED
+CVE-2019-11876
+ RESERVED
+CVE-2019-11875
+ RESERVED
+CVE-2019-11874
+ RESERVED
+CVE-2019-11873
+ RESERVED
CVE-2019-11872
RESERVED
CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...)
@@ -1846,8 +1868,8 @@ CVE-2019-11084 (GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly an
NOT-FOR-US: GAuth
CVE-2019-11083
RESERVED
-CVE-2019-11082
- RESERVED
+CVE-2019-11082 (core/api/datasets/internal/actions/Explode.java in the Dataset API in ...)
+ TODO: check
CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.2 and pos ...)
NOT-FOR-US: Dentsply Sirona Sidexis
CVE-2019-11080
@@ -16460,8 +16482,8 @@ CVE-2019-5496
RESERVED
CVE-2019-5495
RESERVED
-CVE-2019-5494
- RESERVED
+CVE-2019-5494 (Oncommand Unified Manager in 7-mode prior to version 5.2.3 shipped wit ...)
+ TODO: check
CVE-2019-5493
RESERVED
CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...)
@@ -17434,8 +17456,7 @@ CVE-2019-5020
RESERVED
CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint document ...)
NOT-FOR-US: Rainbow PDF Office Server Document Converter
-CVE-2019-5018 [Window Function Remote Code Execution Vulnerability]
- RESERVED
+CVE-2019-5018 (An exploitable use after free vulnerability exists in the window funct ...)
- sqlite3 <unfixed> (bug #928770)
[stretch] - sqlite3 <not-affected> (windowfuncs introduced in 3.25.0)
[jessie] - sqlite3 <not-affected> (windowfuncs introduced in 3.25.0)
@@ -19098,8 +19119,8 @@ CVE-2019-4206
RESERVED
CVE-2019-4205
RESERVED
-CVE-2019-4204
- RESERVED
+CVE-2019-4204 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...)
+ TODO: check
CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited ...)
NOT-FOR-US: IBM
CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to ...)
@@ -24074,6 +24095,7 @@ CVE-2019-2700 (Vulnerability in the PeopleSoft Enterprise ELM component of Oracl
CVE-2019-2699 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
- openjdk-8 <not-affected> (Windows-specific)
CVE-2019-2698 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
+ {DLA-1782-1}
- openjdk-7 <removed> (low)
- openjdk-8 <removed> (low)
- openjdk-11 11.0.3+7-1 (low)
@@ -24109,6 +24131,7 @@ CVE-2019-2686 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
CVE-2019-2685 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2684 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
+ {DLA-1782-1}
- openjdk-7 <removed>
- openjdk-8 <removed>
- openjdk-11 11.0.3+7-1
@@ -24293,6 +24316,7 @@ CVE-2019-2604 (Vulnerability in the Oracle Marketing component of Oracle E-Busin
CVE-2019-2603 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
+ {DLA-1782-1}
- openjdk-7 <removed>
- openjdk-8 <removed>
- openjdk-11 11.0.3+7-1
@@ -26480,8 +26504,8 @@ CVE-2019-1869
RESERVED
CVE-2019-1868
RESERVED
-CVE-2019-1867
- RESERVED
+CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services Controller ( ...)
+ TODO: check
CVE-2019-1866
RESERVED
CVE-2019-1865
@@ -64556,10 +64580,10 @@ CVE-2018-7122
RESERVED
CVE-2018-7121
RESERVED
-CVE-2018-7120
- RESERVED
-CVE-2018-7119
- RESERVED
+CVE-2018-7120 (A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Chan ...)
+ TODO: check
+CVE-2018-7119 (A Local Disclosure of Sensitive Information vulnerability was identifi ...)
+ TODO: check
CVE-2018-7118 (A local access restriction bypass vulnerability was identified in HPE ...)
NOT-FOR-US: HPE Service Pack for ProLiant (SPP) Bundled Software
CVE-2018-7117 (A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerab ...)
@@ -64628,12 +64652,12 @@ CVE-2018-7086
RESERVED
CVE-2018-7085
RESERVED
-CVE-2018-7084
- RESERVED
-CVE-2018-7083
- RESERVED
-CVE-2018-7082
- RESERVED
+CVE-2018-7084 (A command injection vulnerability is present that permits an unauthent ...)
+ TODO: check
+CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave behind ...)
+ TODO: check
+CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...)
+ TODO: check
CVE-2018-7081
RESERVED
CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
@@ -64668,8 +64692,8 @@ CVE-2018-7066 (An unauthenticated remote command execution exists in Aruba Clear
NOT-FOR-US: Aruba
CVE-2018-7065 (An authenticated SQL injection vulnerability in Aruba ClearPass Policy ...)
NOT-FOR-US: Aruba
-CVE-2018-7064
- RESERVED
+CVE-2018-7064 (A reflected cross-site scripting (XSS) vulnerability is present in an ...)
+ TODO: check
CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write o ...)
NOT-FOR-US: Aruba
CVE-2018-7062
@@ -79492,8 +79516,8 @@ CVE-2018-1992 (The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloade
NOT-FOR-US: IBM
CVE-2018-1991
RESERVED
-CVE-2018-1990
- RESERVED
+CVE-2018-1990 (IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could all ...)
+ TODO: check
CVE-2018-1989
RESERVED
CVE-2018-1988
@@ -79892,8 +79916,8 @@ CVE-2018-1792 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.
NOT-FOR-US: IBM
CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service ...)
NOT-FOR-US: IBM
-CVE-2018-1790
- RESERVED
+CVE-2018-1790 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
+ TODO: check
CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to ...)
NOT-FOR-US: IBM
CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitiv ...)
@@ -98250,10 +98274,10 @@ CVE-2017-12887
RESERVED
CVE-2017-12886
RESERVED
-CVE-2017-12885
- RESERVED
-CVE-2017-12884
- RESERVED
+CVE-2017-12885 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Sit ...)
+ TODO: check
+CVE-2017-12884 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Informati ...)
+ TODO: check
CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...)
{DSA-3982-1}
- perl 5.26.0-8 (bug #875597)
@@ -99041,8 +99065,8 @@ CVE-2017-12797 (Integer overflow in the INT123_parse_new_id3 function in the ID3
NOTE: https://sourceforge.net/p/mpg123/mailman/message/35987663/
CVE-2017-12796 (The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distri ...)
NOT-FOR-US: OpenMRS addon
-CVE-2017-12795
- RESERVED
+CVE-2017-12795 (OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper I ...)
+ TODO: check
CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ...)
- python-django 1:1.11.5-1 (low; bug #874415)
[stretch] - python-django 1:1.10.7-2+deb9u2
@@ -99062,8 +99086,8 @@ CVE-2017-12791 (Directory traversal vulnerability in minion id validation in Sal
NOTE: https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
CVE-2017-12790 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The ...)
NOT-FOR-US: Metinfo
-CVE-2017-12789
- RESERVED
+CVE-2017-12789 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The ...)
+ TODO: check
CVE-2017-12788 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
NOT-FOR-US: Metinfo
CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, includ ...)
@@ -190092,8 +190116,8 @@ CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before
NOT-FOR-US: Emerson AMS Device Manager
CVE-2015-1007 (A specially crafted configuration file could be used to cause a stack- ...)
NOT-FOR-US: Opto 22 PAC
-CVE-2015-1006
- RESERVED
+CVE-2015-1006 (A vulnerable file in Opto 22 PAC Project Professional versions prior t ...)
+ TODO: check
CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE u ...)
NOT-FOR-US: IniNet
CVE-2015-1004
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/583a6c26e029f8b1b2b06c9aa68be9a573e68492
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/583a6c26e029f8b1b2b06c9aa68be9a573e68492
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190510/a07b0fdc/attachment.html>
More information about the debian-security-tracker-commits
mailing list