[Git][security-tracker-team/security-tracker][master] automatic update

Tue May 28 21:10:31 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08885669 by security tracker role at 2019-05-28T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-12396 (An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal ...)
+	TODO: check
+CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing l ...)
+	TODO: check
+CVE-2019-12394
+	RESERVED
+CVE-2019-12393
+	RESERVED
+CVE-2019-12392
+	RESERVED
+CVE-2019-12391
+	RESERVED
+CVE-2019-12390
+	RESERVED
+CVE-2019-12389
+	RESERVED
+CVE-2019-12388
+	RESERVED
+CVE-2019-12387
+	RESERVED
+CVE-2019-12386
+	RESERVED
+CVE-2019-12385
+	RESERVED
 CVE-2019-12384
 	RESERVED
 CVE-2019-12383 (Tor Browser before 8.0.1 has an information exposure vulnerability. It ...)
@@ -130,7 +154,7 @@ CVE-2019-12323
 CVE-2019-12322
 	RESERVED
 CVE-2019-12321
-	RESERVED
+	REJECTED
 CVE-2019-12320
 	RESERVED
 CVE-2019-12319
@@ -13079,10 +13103,10 @@ CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDC
 	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
-CVE-2019-7394
-	RESERVED
-CVE-2019-7393
-	RESERVED
+CVE-2019-7394 (A privilege escalation vulnerability in the administrative user interf ...)
+	TODO: check
+CVE-2019-7393 (A UI redress vulnerability in the administrative user interface of CA  ...)
+	TODO: check
 CVE-2019-7392 (An improper authentication vulnerability in CA Privileged Access Manag ...)
 	NOT-FOR-US: CA Privileged Access Manager
 CVE-2019-7391 (ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cg ...)
@@ -18016,23 +18040,21 @@ CVE-2019-5442
 	RESERVED
 CVE-2019-5441
 	RESERVED
-CVE-2019-5440
-	RESERVED
+CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery token gene ...)
+	TODO: check
 CVE-2019-5439
 	RESERVED
 CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0.29.0. ...)
 	NOT-FOR-US: npm harp module
 CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...)
 	NOT-FOR-US: npm harp module
-CVE-2019-5436 [TFTP receive buffer overflow]
-	RESERVED
+CVE-2019-5436 (A heap buffer overflow in the TFTP receiving code allows for DoS or ar ...)
 	{DLA-1804-1}
 	- curl <unfixed> (bug #929351)
 	NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95
 	NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
-CVE-2019-5435 [Integer overflows in curl_url_set]
-	RESERVED
+CVE-2019-5435 (An integer overflow in curl's URL API results in a buffer overflow in  ...)
 	- curl <unfixed> (bug #929352)
 	[stretch] - curl <not-affected> (Vulnerable code introduced later)
 	[jessie] - curl <not-affected> (Vulnerable code introduced later)
@@ -33266,8 +33288,7 @@ CVE-2019-0190 (A bug exists in the way mod_ssl handled client renegotiations. A
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/4
 CVE-2019-0189
 	RESERVED
-CVE-2019-0188
-	RESERVED
+CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity injection ...)
 	NOT-FOR-US: Apache Camel
 CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
 	- jakarta-jmeter <unfixed>
@@ -38877,8 +38898,7 @@ CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
 	NOTE: 2.4.x http://svn.apache.org/r1851409
 	NOTE: 2.5.x http://svn.apache.org/r1850947
-CVE-2018-17198
-	RESERVED
+CVE-2018-17198 (Server-side Request Forgery (SSRF) and File Enumeration vulnerability  ...)
 	NOT-FOR-US: Apache Roller
 CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an infinite loop  ...)
 	- tika 1.20-1
@@ -48759,8 +48779,8 @@ CVE-2018-13377
 	RESERVED
 CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 t ...)
 	NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13375
-	RESERVED
+CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in Fortinet For ...)
+	TODO: check
 CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker to obtai ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2018-13373
@@ -60268,8 +60288,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera)
 	NOT-FOR-US: AXIS
 CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2. ...)
 	NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154
-	REJECTED
+CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in libj ...)
+	TODO: check
 CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...)
 	NOT-FOR-US: Z-BlogPHP
 CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08885669c959760e2bad719df2604264ddababce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08885669c959760e2bad719df2604264ddababce
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190528/faf7606a/attachment.html>
