[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 15 21:11:03 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6ffa45f by security tracker role at 2019-05-15T20:10:54Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2019-12104
+ RESERVED
+CVE-2019-12103
+ RESERVED
CVE-2019-12102
RESERVED
CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain ...)
@@ -548,8 +552,8 @@ CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to mult
CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a ...)
- cjson <unfixed> (bug #928726)
NOTE: https://github.com/DaveGamble/cJSON/issues/337
-CVE-2019-11833
- RESERVED
+CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out ...)
+ TODO: check
CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...)
NOT-FOR-US: Typo3
CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...)
@@ -2025,8 +2029,8 @@ CVE-2019-11226
RESERVED
CVE-2019-11225
RESERVED
-CVE-2019-11224
- RESERVED
+CVE-2019-11224 (HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. ...)
+ TODO: check
CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy plugin t ...)
NOT-FOR-US: SupportCandy plugin for WordPress
CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
@@ -2307,7 +2311,7 @@ CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
RESERVED
- {DSA-4444-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1787-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
@@ -3551,8 +3555,7 @@ CVE-2019-10642 (Contao 4.7 allows CSRF. ...)
NOT-FOR-US: Contao
CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery ...)
NOT-FOR-US: Contao
-CVE-2019-10640 [DoS potential for regex in CI/CD refs]
- RESERVED
+CVE-2019-10640 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10639
@@ -4723,8 +4726,7 @@ CVE-2019-10109 [EXIF geolocation data not stripped from uploaded images]
RESERVED
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10108 [IDOR labels of private projects/groups]
- RESERVED
+CVE-2019-10108 (An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Co ...)
- gitlab <not-affected> (Only affects 11.8.4 and later)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10107 (CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" f ...)
@@ -5412,8 +5414,8 @@ CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can resul
NOT-FOR-US: ktlint
CVE-2019-1010259
RESERVED
-CVE-2019-1010258
- RESERVED
+CVE-2019-1010258 (nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf4 ...)
+ TODO: check
CVE-2019-1010257 (An Information Disclosure / Data Modification issue exists in article2 ...)
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2019-1010256
@@ -8566,8 +8568,7 @@ CVE-2019-8938 (VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext para
NOT-FOR-US: VertrigoServ
CVE-2019-8937
RESERVED
-CVE-2019-8936 [Crafted null dereference attack in authenticated mode 6 packet]
- RESERVED
+CVE-2019-8936 (NTP through 4.2.8p12 has a NULL Pointer Dereference. ...)
[experimental] - ntp 1:4.2.8p13+dfsg-1
- ntp 1:4.2.8p12+dfsg-4 (bug #924228)
[stretch] - ntp <not-affected> (Introduced with the fix for CVE-2018-7182, not backported to stretch)
@@ -16760,10 +16761,10 @@ CVE-2019-5600
RESERVED
CVE-2019-5599
RESERVED
-CVE-2019-5598
- RESERVED
-CVE-2019-5597
- RESERVED
+CVE-2019-5598 (In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...)
+ TODO: check
+CVE-2019-5597 (In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEAS ...)
+ TODO: check
CVE-2019-5596 (In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE b ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc
@@ -16908,8 +16909,8 @@ CVE-2019-5528
RESERVED
CVE-2019-5527
RESERVED
-CVE-2019-5526
- RESERVED
+CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue ...)
+ TODO: check
CVE-2019-5525
RESERVED
CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6 ...)
@@ -20820,14 +20821,14 @@ CVE-2019-3729
RESERVED
CVE-2019-3728
RESERVED
-CVE-2019-3727
- RESERVED
+CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs ...)
+ TODO: check
CVE-2019-3726
RESERVED
-CVE-2019-3725
- RESERVED
-CVE-2019-3724
- RESERVED
+CVE-2019-3725 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security An ...)
+ TODO: check
+CVE-2019-3724 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security An ...)
+ TODO: check
CVE-2019-3723
RESERVED
CVE-2019-3722
@@ -21074,8 +21075,8 @@ CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (le
NOT-FOR-US: McAfee
CVE-2019-3603
RESERVED
-CVE-2019-3602
- RESERVED
+CVE-2019-3602 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
+ TODO: check
CVE-2019-3601
RESERVED
CVE-2019-3600
@@ -21106,8 +21107,8 @@ CVE-2019-3588
RESERVED
CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
NOT-FOR-US: McAfee
-CVE-2019-3586
- RESERVED
+CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint Securi ...)
+ TODO: check
CVE-2019-3585
RESERVED
CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in Mc ...)
@@ -27227,8 +27228,8 @@ CVE-2019-1769
RESERVED
CVE-2019-1768
RESERVED
-CVE-2019-1767
- RESERVED
+CVE-2019-1767 (Multiple vulnerabilities in the implementation of a specific CLI comma ...)
+ TODO: check
CVE-2019-1766 (A vulnerability in the web-based management interface of Session Initi ...)
NOT-FOR-US: Cisco
CVE-2019-1765 (A vulnerability in the web-based management interface of Session Initi ...)
@@ -27291,26 +27292,26 @@ CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement (
NOT-FOR-US: Cisco
CVE-2019-1736
RESERVED
-CVE-2019-1735
- RESERVED
+CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
CVE-2019-1734
RESERVED
-CVE-2019-1733
- RESERVED
-CVE-2019-1732
- RESERVED
-CVE-2019-1731
- RESERVED
-CVE-2019-1730
- RESERVED
-CVE-2019-1729
- RESERVED
-CVE-2019-1728
- RESERVED
-CVE-2019-1727
- RESERVED
-CVE-2019-1726
- RESERVED
+CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX- ...)
+ TODO: check
+CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco ...)
+ TODO: check
+CVE-2019-1731 (A vulnerability in the SSH CLI key management functionality of Cisco N ...)
+ TODO: check
+CVE-2019-1730 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...)
+ TODO: check
+CVE-2019-1729 (A vulnerability in the CLI implementation of a specific command used f ...)
+ TODO: check
+CVE-2019-1728 (A vulnerability in the Secure Configuration Validation functionality o ...)
+ TODO: check
+CVE-2019-1727 (A vulnerability in the Python scripting subsystem of Cisco NX-OS Softw ...)
+ TODO: check
+CVE-2019-1726 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
CVE-2019-1725 (A vulnerability in the local management CLI implementation for specifi ...)
NOT-FOR-US: Cisco
CVE-2019-1724 (A vulnerability in the session management functionality of the web-bas ...)
@@ -27327,8 +27328,8 @@ CVE-2019-1719 (A vulnerability in the web-based guest portal of Cisco Identity S
NOT-FOR-US: Cisco
CVE-2019-1718 (A vulnerability in the web interface of Cisco Identity Services Engine ...)
NOT-FOR-US: Cisco
-CVE-2019-1717
- RESERVED
+CVE-2019-1717 (A vulnerability in the web-based management interface of Cisco Video S ...)
+ TODO: check
CVE-2019-1716 (A vulnerability in the web-based management interface of Session Initi ...)
NOT-FOR-US: Cisco
CVE-2019-1715 (A vulnerability in the Deterministic Random Bit Generator (DRBG), also ...)
@@ -51214,7 +51215,7 @@ CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe before
NOT-FOR-US: Intel
CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
RESERVED
- {DSA-4444-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1787-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
@@ -51227,7 +51228,7 @@ CVE-2018-12128
RESERVED
CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
RESERVED
- {DSA-4444-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1787-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
@@ -51236,7 +51237,7 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
- {DSA-4444-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1787-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
@@ -58737,8 +58738,8 @@ CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote
NOT-FOR-US: zzcms
CVE-2016-10720
RESERVED
-CVE-2016-10719
- RESERVED
+CVE-2016-10719 (TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can ...)
+ TODO: check
CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by t ...)
NOT-FOR-US: Coremail XT3.0
CVE-2018-9329
@@ -60189,7 +60190,8 @@ CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.
NOT-FOR-US: WolfCMS
CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login fun ...)
NOT-FOR-US: WolfCMS
-CVE-2018-8812 (An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 an ...)
+CVE-2018-8812
+ REJECTED
NOT-FOR-US: Avaya
CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in system/workplace/ad ...)
NOT-FOR-US: OpenCMS
@@ -120382,12 +120384,12 @@ CVE-2017-6003 (dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_la
NOT-FOR-US: dotCMS
CVE-2017-6002 (Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add ...)
NOT-FOR-US: Subrion CMS
-CVE-2014-9919
- RESERVED
-CVE-2014-9918
- RESERVED
-CVE-2014-9917
- RESERVED
+CVE-2014-9919 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the f ...)
+ TODO: check
+CVE-2014-9918 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the u ...)
+ TODO: check
+CVE-2014-9917 (An issue was discovered in Bilboplanet 2.0. There is a stored XSS vuln ...)
+ TODO: check
CVE-2014-9916 (Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 ...)
NOT-FOR-US: Bilboplanet
CVE-2017-6001 (Race condition in kernel/events/core.c in the Linux kernel before 4.9. ...)
@@ -144344,8 +144346,8 @@ CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congest
NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion wi ...)
NOTE: CVE assigned for the HTTP/2 protocol issue
-CVE-2016-7151
- RESERVED
+CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a re ...)
+ TODO: check
CVE-2016-7150 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)
NOT-FOR-US: b2evolution
CVE-2016-7149 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)
@@ -144841,8 +144843,7 @@ CVE-2016-7044 (The unformat_24bit_color function in the format parsing code in I
- irssi 0.8.20-1
[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
NOTE: http://irssi.org/security/irssi_sa_2016.txt
-CVE-2016-7043
- RESERVED
+CVE-2016-7043 (It has been reported that KIE server and Busitess Central before versi ...)
NOT-FOR-US: Kie server
CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the Linux kerne ...)
{DSA-3696-1 DLA-670-1}
@@ -216327,8 +216328,7 @@ CVE-2014-0790
RESERVED
CVE-2013-7288 (Cross-site scripting (XSS) vulnerability in the mycode_parse_video fun ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
-CVE-2013-7285 [remote code execution via deserialization in XStream]
- RESERVED
+CVE-2013-7285 (Xstream API versions up to 1.4.6 and version 1.4.10, if the security f ...)
- libxstream-java 1.4.7-1 (bug #734821)
[wheezy] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
[squeeze] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6ffa45fa6587c531daeca6b7168f0226e5c40df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6ffa45fa6587c531daeca6b7168f0226e5c40df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190515/82bfcdf3/attachment.html>
More information about the debian-security-tracker-commits
mailing list