[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 23 Jan 2019 12:10:49 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5d759325 by security tracker role at 2019-01-23T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-6709
+       RESERVED
+CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the admin.php?mod=order state 
...)
+       TODO: check
+CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the 
admin.php?mod=product&amp;act=state ...)
+       TODO: check
+CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. 
For ...)
+       TODO: check
+CVE-2019-6705
+       RESERVED
+CVE-2019-6704
+       RESERVED
+CVE-2019-6703
+       RESERVED
+CVE-2019-6702
+       RESERVED
+CVE-2019-6701
+       RESERVED
+CVE-2019-6700
+       RESERVED
+CVE-2019-6699
+       RESERVED
+CVE-2019-6698
+       RESERVED
+CVE-2019-6697
+       RESERVED
+CVE-2019-6696
+       RESERVED
+CVE-2019-6695
+       RESERVED
+CVE-2019-6694
+       RESERVED
+CVE-2019-6693
+       RESERVED
+CVE-2019-6692
+       RESERVED
+CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the ...)
+       TODO: check
+CVE-2019-6690
+       RESERVED
 CVE-2018-1000997
        NOT-FOR-US: Jenkins
 CVE-2019-6689
@@ -6701,14 +6741,14 @@ CVE-2019-3589
        RESERVED
 CVE-2019-3588
        RESERVED
-CVE-2019-3587
-       RESERVED
+CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows 
client ...)
+       TODO: check
 CVE-2019-3586
        RESERVED
 CVE-2019-3585
        RESERVED
-CVE-2019-3584
-       RESERVED
+CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision 
Endpoint in ...)
+       TODO: check
 CVE-2019-3583
        RESERVED
 CVE-2019-3582
@@ -8443,8 +8483,7 @@ CVE-2018-20247 (In Foxit Quick PDF Library (all versions 
prior to 16.12), issue
        NOT-FOR-US: Foxit Quick PDF Library
 CVE-2018-20246
        RESERVED
-CVE-2018-20245
-       RESERVED
+CVE-2018-20245 (The LDAP auth backend 
(airflow.contrib.auth.backends.ldap_auth) prior ...)
        NOT-FOR-US: Apache Airflow
 CVE-2018-20244
        RESERVED
@@ -27113,8 +27152,8 @@ CVE-2018-15616 (A vulnerability in the Web UI component 
of Avaya Aura System Pla
        NOT-FOR-US: Avaya Aura System Platform
 CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call 
Management ...)
        NOT-FOR-US: Avaya
-CVE-2018-15614
-       RESERVED
+CVE-2018-15614 (A vulnerability in the one-x Portal component of IP Office 
could allow ...)
+       TODO: check
 CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime 
Config ...)
        NOT-FOR-US: Avaya
 CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya 
Aura ...)
@@ -60579,11 +60618,9 @@ CVE-2017-17838
        REJECTED
 CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection 
leak in the ...)
        NOT-FOR-US: Apache DeltaSpike-JSF module
-CVE-2017-17836
-       RESERVED
+CVE-2017-17836 (In Apache Airflow 1.8.2 and earlier, an experimental Airflow 
feature ...)
        NOT-FOR-US: Apache Airflow
-CVE-2017-17835
-       RESERVED
+CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability 
allowed for ...)
        NOT-FOR-US: Apache Airflow
 CVE-2017-17834
        RESERVED
@@ -64796,8 +64833,8 @@ CVE-2018-2028
        RESERVED
 CVE-2018-2027
        RESERVED
-CVE-2018-2026
-       RESERVED
+CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments 
could ...)
+       TODO: check
 CVE-2018-2025
        RESERVED
 CVE-2018-2024
@@ -65346,8 +65383,8 @@ CVE-2018-1753 (IBM Tivoli Key Lifecycle Manager 2.6, 
2.7, and 3.0 generates an e
        NOT-FOR-US: IBM
 CVE-2018-1752
        RESERVED
-CVE-2018-1751
-       RESERVED
+CVE-2018-1751 (IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses 
weaker ...)
+       TODO: check
 CVE-2018-1750 (IBM Security Key Lifecycle Manager 3.0 specifies permissions 
for a ...)
        NOT-FOR-US: IBM
 CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses 
incomplete ...)
@@ -75272,8 +75309,7 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain 
incorrectly formatted DCC CTCP me
        - irssi 1.0.5-1 (bug #879521)
        NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
        NOTE: 
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
-CVE-2017-15720
-       RESERVED
+CVE-2017-15720 (In Apache Airflow 1.8.2 and earlier, an authenticated user can 
execute ...)
        NOT-FOR-US: Apache Airflow
 CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 
...)
        NOT-FOR-US: Wicket jQuery UI



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d759325686fa91a10d846277b09bc698475cc0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d759325686fa91a10d846277b09bc698475cc0c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to