[Git][security-tracker-team/security-tracker][master] automatic update

Tue Oct 8 09:10:45 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0fbd838 by security tracker role at 2019-10-08T08:10:33Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-17339
+	RESERVED
+CVE-2019-17338
+	RESERVED
+CVE-2019-17337
+	RESERVED
+CVE-2019-17336
+	RESERVED
+CVE-2019-17335
+	RESERVED
+CVE-2019-17334
+	RESERVED
+CVE-2019-17333
+	RESERVED
+CVE-2019-17332
+	RESERVED
+CVE-2019-17331
+	RESERVED
+CVE-2019-17330
+	RESERVED
+CVE-2019-17329
+	RESERVED
+CVE-2019-17328
+	RESERVED
+CVE-2019-17327
+	RESERVED
+CVE-2019-17326
+	RESERVED
+CVE-2019-17325
+	RESERVED
+CVE-2019-17324
+	RESERVED
+CVE-2019-17323
+	RESERVED
+CVE-2019-17322
+	RESERVED
+CVE-2019-17321
+	RESERVED
+CVE-2019-17320
+	RESERVED
 CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
 	NOT-FOR-US: SugarCRM
 CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
@@ -172,8 +212,8 @@ CVE-2019-17241
 	RESERVED
 CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...)
 	NOT-FOR-US: Bludit
-CVE-2019-17239
-	RESERVED
+CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...)
+	TODO: check
 CVE-2019-17238
 	RESERVED
 CVE-2019-17237
@@ -184,10 +224,10 @@ CVE-2019-17235
 	RESERVED
 CVE-2019-17234
 	RESERVED
-CVE-2019-17233
-	RESERVED
-CVE-2019-17232
-	RESERVED
+CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
+	TODO: check
+CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
+	TODO: check
 CVE-2019-17231
 	RESERVED
 CVE-2019-17230
@@ -898,8 +938,8 @@ CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/wid
 	NOT-FOR-US: pfSense
 CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...)
 	NOT-FOR-US: pfSense
-CVE-2019-16913
-	RESERVED
+CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86 ...)
+	TODO: check
 CVE-2019-16912
 	RESERVED
 CVE-2019-16911
@@ -12063,7 +12103,7 @@ CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists
 	[buster] - xymon 4.3.28-5+deb10u1
 	[stretch] - xymon 4.3.28-2+deb9u1
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-17351 [No grant table and foreign mapping limits]
+CVE-2019-17351 (An issue was discovered in drivers/xen/balloon.c in the Linux kernel b ...)
 	- linux 5.2.6-1
 	[buster] - linux 4.19.67-1
 	[stretch] - linux 4.9.168-1+deb9u5
@@ -12941,8 +12981,8 @@ CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
 	[experimental] - gitlab 11.10.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13120
-	RESERVED
+CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checki ...)
+	TODO: check
 CVE-2019-13119
 	RESERVED
 CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of  ...)
@@ -22373,7 +22413,8 @@ CVE-2019-1010075
 	RESERVED
 CVE-2019-1010074
 	RESERVED
-CVE-2019-1010073 (BACnet Stack bacserv 0.9.1 and 0.8.5 is affected by: Buffer Overflow.  ...)
+CVE-2019-1010073
+	REJECTED
 	NOT-FOR-US: BACnet Stack bacserv
 CVE-2019-1010072
 	RESERVED
@@ -23571,41 +23612,41 @@ CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to ini
 	NOTE: https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5
 CVE-2019-9577
 	RESERVED
-CVE-2019-17350
+CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
 	- xen 4.11.1+92-g6c33308a8d-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-295.html
-CVE-2019-17349
+CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
 	- xen 4.11.1+92-g6c33308a8d-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-295.html
-CVE-2019-17348 [xen: x86 shadow: Insufficient TLB flushing when using PCID]
+CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929992)
 	[jessie] - xen <not-affected> (PCID support not backported)
 	NOTE: https://xenbits.xen.org/xsa/advisory-294.html
-CVE-2019-17347 [xen: x86: PV kernel context switch corruption]
+CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929999)
 	NOTE: https://xenbits.xen.org/xsa/advisory-293.html
-CVE-2019-17346 [xen: x86: insufficient TLB flushing when using PCID]
+CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929993)
 	[jessie] - xen <not-affected> (PCID support not backported)
 	NOTE: https://xenbits.xen.org/xsa/advisory-292.html
-CVE-2019-17345 [xen: x86/PV: page type reference counting issue with failed IOMMU update]
+CVE-2019-17345 (An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV gu ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929995)
 	[jessie] - xen <not-affected> (only 4.8 and later affected)
 	NOTE: https://xenbits.xen.org/xsa/advisory-291.html
-CVE-2019-17344 [xen: missing preemption in x86 PV page table unvalidation]
+CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929996)
 	[jessie] - xen <not-affected> (Introduced by ignored fix for CVE-2018-3646)
 	NOTE: https://xenbits.xen.org/xsa/advisory-290.html
-CVE-2019-17343 [xen: x86: Inconsistent PV IOMMU discipline]
+CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929994)
 	NOTE: https://xenbits.xen.org/xsa/advisory-288.html
-CVE-2019-17342 [xen: x86: steal_page violates page_struct access discipline]
+CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #930001)
 	NOTE: https://xenbits.xen.org/xsa/advisory-287.html
-CVE-2019-17341 [xen: race with pass-through device hotplug]
+CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929998)
 	NOTE: https://xenbits.xen.org/xsa/advisory-285.html
-CVE-2019-17340 [xen: grant table transfer issues on large hosts]
+CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 guest OS us ...)
 	- xen 4.11.1+92-g6c33308a8d-1 (bug #929991)
 	[jessie] - xen <ignored> (memory leak on huge memory machines)
 	NOTE: https://xenbits.xen.org/xsa/advisory-284.html
@@ -74123,7 +74164,7 @@ CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated u
 	NOT-FOR-US: SolarWinds Serv-U
 CVE-2018-10239 (A privilege escalation vulnerability in the "support access" feature o ...)
 	NOT-FOR-US: Infoblox NIOS
-CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in B ...)
+CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affec ...)
 	NOT-FOR-US: skarg BACnet Protocol Stack
 CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before 2 ...)
 	NOT-FOR-US: Google Guava



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191008/da17bf87/attachment.html>
