[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 8 09:10:45 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0fbd838 by security tracker role at 2019-10-08T08:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-17339
+ RESERVED
+CVE-2019-17338
+ RESERVED
+CVE-2019-17337
+ RESERVED
+CVE-2019-17336
+ RESERVED
+CVE-2019-17335
+ RESERVED
+CVE-2019-17334
+ RESERVED
+CVE-2019-17333
+ RESERVED
+CVE-2019-17332
+ RESERVED
+CVE-2019-17331
+ RESERVED
+CVE-2019-17330
+ RESERVED
+CVE-2019-17329
+ RESERVED
+CVE-2019-17328
+ RESERVED
+CVE-2019-17327
+ RESERVED
+CVE-2019-17326
+ RESERVED
+CVE-2019-17325
+ RESERVED
+CVE-2019-17324
+ RESERVED
+CVE-2019-17323
+ RESERVED
+CVE-2019-17322
+ RESERVED
+CVE-2019-17321
+ RESERVED
+CVE-2019-17320
+ RESERVED
CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
NOT-FOR-US: SugarCRM
CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
@@ -172,8 +212,8 @@ CVE-2019-17241
RESERVED
CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...)
NOT-FOR-US: Bludit
-CVE-2019-17239
- RESERVED
+CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...)
+ TODO: check
CVE-2019-17238
RESERVED
CVE-2019-17237
@@ -184,10 +224,10 @@ CVE-2019-17235
RESERVED
CVE-2019-17234
RESERVED
-CVE-2019-17233
- RESERVED
-CVE-2019-17232
- RESERVED
+CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
+ TODO: check
+CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
+ TODO: check
CVE-2019-17231
RESERVED
CVE-2019-17230
@@ -898,8 +938,8 @@ CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/wid
NOT-FOR-US: pfSense
CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...)
NOT-FOR-US: pfSense
-CVE-2019-16913
- RESERVED
+CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86 ...)
+ TODO: check
CVE-2019-16912
RESERVED
CVE-2019-16911
@@ -12063,7 +12103,7 @@ CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists
[buster] - xymon 4.3.28-5+deb10u1
[stretch] - xymon 4.3.28-2+deb9u1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-17351 [No grant table and foreign mapping limits]
+CVE-2019-17351 (An issue was discovered in drivers/xen/balloon.c in the Linux kernel b ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.168-1+deb9u5
@@ -12941,8 +12981,8 @@ CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13120
- RESERVED
+CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checki ...)
+ TODO: check
CVE-2019-13119
RESERVED
CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of ...)
@@ -22373,7 +22413,8 @@ CVE-2019-1010075
RESERVED
CVE-2019-1010074
RESERVED
-CVE-2019-1010073 (BACnet Stack bacserv 0.9.1 and 0.8.5 is affected by: Buffer Overflow. ...)
+CVE-2019-1010073
+ REJECTED
NOT-FOR-US: BACnet Stack bacserv
CVE-2019-1010072
RESERVED
@@ -23571,41 +23612,41 @@ CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to ini
NOTE: https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5
CVE-2019-9577
RESERVED
-CVE-2019-17350
+CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
- xen 4.11.1+92-g6c33308a8d-1
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
-CVE-2019-17349
+CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
- xen 4.11.1+92-g6c33308a8d-1
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
-CVE-2019-17348 [xen: x86 shadow: Insufficient TLB flushing when using PCID]
+CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929992)
[jessie] - xen <not-affected> (PCID support not backported)
NOTE: https://xenbits.xen.org/xsa/advisory-294.html
-CVE-2019-17347 [xen: x86: PV kernel context switch corruption]
+CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929999)
NOTE: https://xenbits.xen.org/xsa/advisory-293.html
-CVE-2019-17346 [xen: x86: insufficient TLB flushing when using PCID]
+CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929993)
[jessie] - xen <not-affected> (PCID support not backported)
NOTE: https://xenbits.xen.org/xsa/advisory-292.html
-CVE-2019-17345 [xen: x86/PV: page type reference counting issue with failed IOMMU update]
+CVE-2019-17345 (An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV gu ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929995)
[jessie] - xen <not-affected> (only 4.8 and later affected)
NOTE: https://xenbits.xen.org/xsa/advisory-291.html
-CVE-2019-17344 [xen: missing preemption in x86 PV page table unvalidation]
+CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929996)
[jessie] - xen <not-affected> (Introduced by ignored fix for CVE-2018-3646)
NOTE: https://xenbits.xen.org/xsa/advisory-290.html
-CVE-2019-17343 [xen: x86: Inconsistent PV IOMMU discipline]
+CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929994)
NOTE: https://xenbits.xen.org/xsa/advisory-288.html
-CVE-2019-17342 [xen: x86: steal_page violates page_struct access discipline]
+CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #930001)
NOTE: https://xenbits.xen.org/xsa/advisory-287.html
-CVE-2019-17341 [xen: race with pass-through device hotplug]
+CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929998)
NOTE: https://xenbits.xen.org/xsa/advisory-285.html
-CVE-2019-17340 [xen: grant table transfer issues on large hosts]
+CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 guest OS us ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929991)
[jessie] - xen <ignored> (memory leak on huge memory machines)
NOTE: https://xenbits.xen.org/xsa/advisory-284.html
@@ -74123,7 +74164,7 @@ CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated u
NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10239 (A privilege escalation vulnerability in the "support access" feature o ...)
NOT-FOR-US: Infoblox NIOS
-CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in B ...)
+CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affec ...)
NOT-FOR-US: skarg BACnet Protocol Stack
CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before 2 ...)
NOT-FOR-US: Google Guava
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191008/da17bf87/attachment.html>
More information about the debian-security-tracker-commits
mailing list