[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 28 21:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
08885669 by security tracker role at 2019-05-28T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-12396 (An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal ...)
+ TODO: check
+CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing l ...)
+ TODO: check
+CVE-2019-12394
+ RESERVED
+CVE-2019-12393
+ RESERVED
+CVE-2019-12392
+ RESERVED
+CVE-2019-12391
+ RESERVED
+CVE-2019-12390
+ RESERVED
+CVE-2019-12389
+ RESERVED
+CVE-2019-12388
+ RESERVED
+CVE-2019-12387
+ RESERVED
+CVE-2019-12386
+ RESERVED
+CVE-2019-12385
+ RESERVED
CVE-2019-12384
RESERVED
CVE-2019-12383 (Tor Browser before 8.0.1 has an information exposure vulnerability. It ...)
@@ -130,7 +154,7 @@ CVE-2019-12323
CVE-2019-12322
RESERVED
CVE-2019-12321
- RESERVED
+ REJECTED
CVE-2019-12320
RESERVED
CVE-2019-12319
@@ -13079,10 +13103,10 @@ CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDC
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
-CVE-2019-7394
- RESERVED
-CVE-2019-7393
- RESERVED
+CVE-2019-7394 (A privilege escalation vulnerability in the administrative user interf ...)
+ TODO: check
+CVE-2019-7393 (A UI redress vulnerability in the administrative user interface of CA ...)
+ TODO: check
CVE-2019-7392 (An improper authentication vulnerability in CA Privileged Access Manag ...)
NOT-FOR-US: CA Privileged Access Manager
CVE-2019-7391 (ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cg ...)
@@ -18016,23 +18040,21 @@ CVE-2019-5442
RESERVED
CVE-2019-5441
RESERVED
-CVE-2019-5440
- RESERVED
+CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery token gene ...)
+ TODO: check
CVE-2019-5439
RESERVED
CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0.29.0. ...)
NOT-FOR-US: npm harp module
CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...)
NOT-FOR-US: npm harp module
-CVE-2019-5436 [TFTP receive buffer overflow]
- RESERVED
+CVE-2019-5436 (A heap buffer overflow in the TFTP receiving code allows for DoS or ar ...)
{DLA-1804-1}
- curl <unfixed> (bug #929351)
NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html
NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95
NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
-CVE-2019-5435 [Integer overflows in curl_url_set]
- RESERVED
+CVE-2019-5435 (An integer overflow in curl's URL API results in a buffer overflow in ...)
- curl <unfixed> (bug #929352)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
[jessie] - curl <not-affected> (Vulnerable code introduced later)
@@ -33266,8 +33288,7 @@ CVE-2019-0190 (A bug exists in the way mod_ssl handled client renegotiations. A
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/4
CVE-2019-0189
RESERVED
-CVE-2019-0188
- RESERVED
+CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity injection ...)
NOT-FOR-US: Apache Camel
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
- jakarta-jmeter <unfixed>
@@ -38877,8 +38898,7 @@ CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
NOTE: 2.4.x http://svn.apache.org/r1851409
NOTE: 2.5.x http://svn.apache.org/r1850947
-CVE-2018-17198
- RESERVED
+CVE-2018-17198 (Server-side Request Forgery (SSRF) and File Enumeration vulnerability ...)
NOT-FOR-US: Apache Roller
CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an infinite loop ...)
- tika 1.20-1
@@ -48759,8 +48779,8 @@ CVE-2018-13377
RESERVED
CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 t ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13375
- RESERVED
+CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in Fortinet For ...)
+ TODO: check
CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker to obtai ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13373
@@ -60268,8 +60288,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera)
NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2. ...)
NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154
- REJECTED
+CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in libj ...)
+ TODO: check
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...)
NOT-FOR-US: Z-BlogPHP
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08885669c959760e2bad719df2604264ddababce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/08885669c959760e2bad719df2604264ddababce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190528/faf7606a/attachment.html>
More information about the debian-security-tracker-commits
mailing list