[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 16 09:10:34 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
404a0f69 by security tracker role at 2019-05-16T08:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, a ...)
+ TODO: check
+CVE-2019-12135
+ RESERVED
+CVE-2019-12134
+ RESERVED
+CVE-2019-12133
+ RESERVED
+CVE-2019-12132
+ RESERVED
+CVE-2019-12131
+ RESERVED
+CVE-2019-12130
+ RESERVED
+CVE-2019-12129
+ RESERVED
+CVE-2019-12128
+ RESERVED
+CVE-2019-12127
+ RESERVED
+CVE-2019-12126
+ RESERVED
+CVE-2019-12125
+ RESERVED
+CVE-2019-12124
+ RESERVED
+CVE-2019-12123
+ RESERVED
+CVE-2019-12122
+ RESERVED
+CVE-2019-12121
+ RESERVED
+CVE-2019-12120
+ RESERVED
+CVE-2019-12119
+ RESERVED
+CVE-2019-12118
+ RESERVED
+CVE-2019-12117
+ RESERVED
+CVE-2019-12116
+ RESERVED
+CVE-2019-12115
+ RESERVED
+CVE-2019-12114
+ RESERVED
+CVE-2019-12113
+ RESERVED
+CVE-2019-12112
+ RESERVED
+CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
+ TODO: check
+CVE-2019-12110 (An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnP ...)
+ TODO: check
+CVE-2019-12109 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
+ TODO: check
+CVE-2019-12108 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
+ TODO: check
+CVE-2019-12107 (The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd ...)
+ TODO: check
+CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and ...)
+ TODO: check
+CVE-2019-12105
+ RESERVED
CVE-2019-12104
RESERVED
CVE-2019-12103
@@ -10,8 +74,8 @@ CVE-2019-12100
RESERVED
CVE-2019-12099 (In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated us ...)
NOT-FOR-US: PHP-Fusion
-CVE-2019-12098
- RESERVED
+CVE-2019-12098 (In the client side of Heimdal before 7.6.0, failure to verify anonymou ...)
+ TODO: check
CVE-2019-12097
RESERVED
CVE-2019-12096
@@ -2312,7 +2376,7 @@ CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
@@ -4715,16 +4779,13 @@ CVE-2019-10112 [Recurity assessment: loginState HMAC issues]
RESERVED
- gitlab <not-affected> (Only affects 11.9 and later)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10111 [Persistent XSS at merge request resolve conflicts]
- RESERVED
+CVE-2019-10111 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10110 [Improper authorization control "move issue"]
- RESERVED
+CVE-2019-10110 (An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab ...)
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10109 [EXIF geolocation data not stripped from uploaded images]
- RESERVED
+CVE-2019-10109 (An Information Exposure issue (issue 1 of 2) was discovered in GitLab ...)
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10108 (An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Co ...)
@@ -7747,8 +7808,8 @@ CVE-2019-9198
RESERVED
CVE-2019-9197
RESERVED
-CVE-2019-9196
- RESERVED
+CVE-2019-9196 (The Face authentication component in Aware mobile liveness 2.2.1 sdk 2 ...)
+ TODO: check
CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An a ...)
NOT-FOR-US: Grin
CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PH ...)
@@ -27018,12 +27079,12 @@ CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of Cisco
NOT-FOR-US: Cisco
CVE-2019-1861
RESERVED
-CVE-2019-1860
- RESERVED
+CVE-2019-1860 (A vulnerability in the dashboard gadget rendering of Cisco Unified Int ...)
+ TODO: check
CVE-2019-1859 (A vulnerability in the Secure Shell (SSH) authentication process of Ci ...)
NOT-FOR-US: Cisco
-CVE-2019-1858
- RESERVED
+CVE-2019-1858 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
+ TODO: check
CVE-2019-1857 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
NOT-FOR-US: Cisco
CVE-2019-1856 (A vulnerability in the web-based management interface of Cisco Prime C ...)
@@ -27032,22 +27093,22 @@ CVE-2019-1855
RESERVED
CVE-2019-1854 (A vulnerability in the management web interface of Cisco Expressway Se ...)
NOT-FOR-US: Cisco
-CVE-2019-1853
- RESERVED
+CVE-2019-1853 (A vulnerability in the HostScan component of Cisco AnyConnect Secure M ...)
+ TODO: check
CVE-2019-1852 (A vulnerability in the web-based management interface of Cisco Prime N ...)
NOT-FOR-US: Cisco
-CVE-2019-1851
- RESERVED
+CVE-2019-1851 (A vulnerability in the External RESTful Services (ERS) API of the Cisc ...)
+ TODO: check
CVE-2019-1850
RESERVED
-CVE-2019-1849
- RESERVED
+CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label ...)
+ TODO: check
CVE-2019-1848
RESERVED
CVE-2019-1847
RESERVED
-CVE-2019-1846
- RESERVED
+CVE-2019-1846 (A vulnerability in the Multiprotocol Label Switching (MPLS) Operations ...)
+ TODO: check
CVE-2019-1845
RESERVED
CVE-2019-1844 (A vulnerability in certain attachment detection mechanisms of the Cisc ...)
@@ -27072,10 +27133,10 @@ CVE-2019-1835 (A vulnerability in the CLI of Cisco Aironet Access Points (APs) c
NOT-FOR-US: Cisco
CVE-2019-1834 (A vulnerability in the internal packet processing of Cisco Aironet Ser ...)
NOT-FOR-US: Cisco
-CVE-2019-1833
- RESERVED
-CVE-2019-1832
- RESERVED
+CVE-2019-1833 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
+ TODO: check
+CVE-2019-1832 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...)
+ TODO: check
CVE-2019-1831 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
NOT-FOR-US: Cisco
CVE-2019-1830 (A vulnerability in Locally Significant Certificate (LSC) management fo ...)
@@ -27088,46 +27149,46 @@ CVE-2019-1827 (A vulnerability in the Online Help web service of Cisco Small Bus
NOT-FOR-US: Cisco
CVE-2019-1826 (A vulnerability in the quality of service (QoS) feature of Cisco Airon ...)
NOT-FOR-US: Cisco
-CVE-2019-1825
- RESERVED
-CVE-2019-1824
- RESERVED
-CVE-2019-1823
- RESERVED
-CVE-2019-1822
- RESERVED
-CVE-2019-1821
- RESERVED
-CVE-2019-1820
- RESERVED
-CVE-2019-1819
- RESERVED
-CVE-2019-1818
- RESERVED
+CVE-2019-1825 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2019-1824 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2019-1823 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2019-1822 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2019-1821 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2019-1820 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2019-1819 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2019-1818 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2019-1817 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...)
NOT-FOR-US: Cisco
CVE-2019-1816 (A vulnerability in the log subscription subsystem of the Cisco Web Sec ...)
NOT-FOR-US: Cisco
CVE-2019-1815
RESERVED
-CVE-2019-1814
- RESERVED
-CVE-2019-1813
- RESERVED
-CVE-2019-1812
- RESERVED
-CVE-2019-1811
- RESERVED
-CVE-2019-1810
- RESERVED
-CVE-2019-1809
- RESERVED
-CVE-2019-1808
- RESERVED
+CVE-2019-1814 (A vulnerability in the interactions between the DHCP and TFTP features ...)
+ TODO: check
+CVE-2019-1813 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
+ TODO: check
+CVE-2019-1812 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
+ TODO: check
+CVE-2019-1811 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
+ TODO: check
+CVE-2019-1810 (A vulnerability in the Image Signature Verification feature used in an ...)
+ TODO: check
+CVE-2019-1809 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
+ TODO: check
+CVE-2019-1808 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
+ TODO: check
CVE-2019-1807 (A vulnerability in the session management functionality of the web UI ...)
NOT-FOR-US: Cisco
-CVE-2019-1806
- RESERVED
+CVE-2019-1806 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
+ TODO: check
CVE-2019-1805 (A vulnerability in certain access control mechanisms for the Secure Sh ...)
NOT-FOR-US: Cisco
CVE-2019-1804 (A vulnerability in the SSH key management for the Cisco Nexus 9000 Ser ...)
@@ -27154,18 +27215,18 @@ CVE-2019-1797 (A vulnerability in the web-based management interface of Cisco Wi
NOT-FOR-US: Cisco
CVE-2019-1796 (A vulnerability in the handling of Inter-Access Point Protocol (IAPP) ...)
NOT-FOR-US: Cisco
-CVE-2019-1795
- RESERVED
+CVE-2019-1795 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
+ TODO: check
CVE-2019-1794 (A vulnerability in the search path processing of Cisco Directory Conne ...)
NOT-FOR-US: Cisco
CVE-2019-1793
RESERVED
CVE-2019-1792 (A vulnerability in the URL block page of Cisco Umbrella could allow an ...)
NOT-FOR-US: Cisco
-CVE-2019-1791
- RESERVED
-CVE-2019-1790
- RESERVED
+CVE-2019-1791 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1790 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
CVE-2019-1789 [An out-of-bounds heap read condition when scanning PE files]
RESERVED
{DLA-1759-1}
@@ -27195,40 +27256,40 @@ CVE-2019-1785 (A vulnerability in the RAR file scanning functionality of Clam An
[stretch] - clamav <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
[jessie] - clamav <not-affected> (Vulnerable code introduced later)
NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1784
- RESERVED
-CVE-2019-1783
- RESERVED
-CVE-2019-1782
- RESERVED
-CVE-2019-1781
- RESERVED
+CVE-2019-1784 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1783 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1782 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
+ TODO: check
+CVE-2019-1781 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
+ TODO: check
CVE-2019-1780
RESERVED
-CVE-2019-1779
- RESERVED
-CVE-2019-1778
- RESERVED
+CVE-2019-1779 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
+ TODO: check
+CVE-2019-1778 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
CVE-2019-1777 (A vulnerability in the web-based interface of the Cisco Registered Env ...)
NOT-FOR-US: Cisco
-CVE-2019-1776
- RESERVED
-CVE-2019-1775
- RESERVED
-CVE-2019-1774
- RESERVED
-CVE-2019-1773
- RESERVED
-CVE-2019-1772
- RESERVED
-CVE-2019-1771
- RESERVED
-CVE-2019-1770
- RESERVED
-CVE-2019-1769
- RESERVED
-CVE-2019-1768
- RESERVED
+CVE-2019-1776 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1775 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1774 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1773 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
+ TODO: check
+CVE-2019-1772 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
+ TODO: check
+CVE-2019-1771 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
+ TODO: check
+CVE-2019-1770 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1769 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2019-1768 (A vulnerability in the implementation of a specific CLI command for Ci ...)
+ TODO: check
CVE-2019-1767 (Multiple vulnerabilities in the implementation of a specific CLI comma ...)
NOT-FOR-US: Cisco
CVE-2019-1766 (A vulnerability in the web-based management interface of Session Initi ...)
@@ -38818,7 +38879,7 @@ CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman compo
- foreman <itp> (bug #663101)
CVE-2018-16860 [Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum]
RESERVED
- {DSA-4443-1}
+ {DSA-4443-1 DLA-1788-1}
- heimdal <unfixed> (bug #928966)
[stretch] - heimdal <no-dsa> (Minor issue)
[jessie] - heimdal <no-dsa> (Minor issue)
@@ -51217,7 +51278,7 @@ CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe before
NOT-FOR-US: Intel
CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
@@ -51230,7 +51291,7 @@ CVE-2018-12128
RESERVED
CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
@@ -51239,7 +51300,7 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/404a0f697bf182d968e93b19c697d369ea471123
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/404a0f697bf182d968e93b19c697d369ea471123
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190516/58a49518/attachment.html>
More information about the debian-security-tracker-commits
mailing list