[Git][security-tracker-team/security-tracker][master] automatic update

Wed Sep 4 09:10:40 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fbc46cb by security tracker role at 2019-09-04T08:10:29Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...)
+	TODO: check
+CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm kernel ...)
+	TODO: check
+CVE-2019-15901
+	RESERVED
+CVE-2019-15900
+	RESERVED
+CVE-2019-15899
+	RESERVED
+CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the username o ...)
+	TODO: check
+CVE-2019-15897
+	RESERVED
+CVE-2019-15896
+	RESERVED
+CVE-2019-15895
+	RESERVED
+CVE-2019-15894
+	RESERVED
+CVE-2019-15893
+	RESERVED
+CVE-2019-15891
+	RESERVED
+CVE-2019-15890
+	RESERVED
 CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has XSS via th ...)
 	NOT-FOR-US: download-manager plugin for WordPress
 CVE-2019-15888
@@ -52,7 +78,8 @@ CVE-2019-15864 (The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XS
 	NOT-FOR-US: breadcrumbs-by-menu plugin for WordPress
 CVE-2019-15863 (The ConvertPlus plugin before 3.4.5 for WordPress has an unintended ac ...)
 	NOT-FOR-US: ConvertPlus plugin for WordPress
-CVE-2019-15892 [VSV00003 DoS]
+CVE-2019-15892 (An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x a ...)
+	{DSA-4514-1}
 	- varnish 6.2.1-1 (bug #939333)
 	[stretch] - varnish <not-affected> (Only a security issue in 6.0 and later)
 	[jessie] - varnish <not-affected> (Only a security issue in 6.0 and later)
@@ -16669,6 +16696,7 @@ CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did n
 CVE-2019-10198 (An authentication bypass vulnerability was discovered in foreman-tasks ...)
 	- foreman <itp> (bug #663101)
 CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up ...)
+	{DSA-4513-1}
 	- samba 2:4.9.13+dfsg-1
 	[stretch] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
 	[jessie] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
@@ -29877,12 +29905,12 @@ CVE-2019-5482
 	RESERVED
 CVE-2019-5481
 	RESERVED
-CVE-2019-5480
-	RESERVED
-CVE-2019-5479
-	RESERVED
-CVE-2019-5478
-	RESERVED
+CVE-2019-5480 (A path traversal vulnerability in <= v0.9.7 of statichttpserver npm ...)
+	TODO: check
+CVE-2019-5479 (An unintended require vulnerability in <v0.5.5 larvitbase-api may a ...)
+	TODO: check
+CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...)
+	TODO: check
 CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...)
 	- rexical <unfixed>
 	- ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802)
@@ -29893,8 +29921,8 @@ CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier
 	NOTE: Change in rexical is covered by the scope of this CVE.
 CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...)
 	TODO: check
-CVE-2019-5475
-	RESERVED
+CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Exe ...)
+	TODO: check
 CVE-2019-5474 [Override Merge Request Approval Rules]
 	RESERVED
 	- gitlab <not-affected> (Only affects Gitlab EE 11.8 and later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fbc46cb8c3cf3d5d1da584e7cc0cbb24973c9d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fbc46cb8c3cf3d5d1da584e7cc0cbb24973c9d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190904/05d4cfe9/attachment.html>
