[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 12 Mar 2019 01:11:26 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
974757c5 by security tracker role at 2019-03-12T08:10:12Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 
allows ...)
+       TODO: check
+CVE-2019-9720
+       RESERVED
+CVE-2019-9719
+       RESERVED
+CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder 
allows ...)
+       TODO: check
+CVE-2019-9717
+       RESERVED
+CVE-2019-9716
+       RESERVED
+CVE-2019-9715
+       RESERVED
+CVE-2019-9714
+       RESERVED
+CVE-2019-9713
+       RESERVED
+CVE-2019-9712
+       RESERVED
+CVE-2019-9711
+       RESERVED
+CVE-2019-9710 (An issue was discovered in webargs before 5.1.3, as used with 
...)
+       TODO: check
+CVE-2019-9709
+       RESERVED
+CVE-2019-9708
+       RESERVED
+CVE-2019-9707
+       RESERVED
+CVE-2019-9706 (Vixie Cron before the 3.0pl1-133 Debian package allows local 
users to ...)
+       TODO: check
+CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local 
users to ...)
+       TODO: check
+CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian package allows local 
users to ...)
+       TODO: check
 CVE-2019-XXXX [Use-after-free]
        - cron 3.0pl1-133 (bug #809167)
        [stretch] - cron <no-dsa> (Minor issue)
@@ -130,8 +166,8 @@ CVE-2019-9645
        RESERVED
 CVE-2019-9646 (The Contact Form Email plugin before 1.2.66 for WordPress 
allows ...)
        NOT-FOR-US: WordPress plugin contact-form-to-email
-CVE-2019-9644
-       RESERVED
+CVE-2019-9644 (An XSSI (cross-site inclusion) vulnerability in Jupyter 
Notebook before ...)
+       TODO: check
 CVE-2019-9643
        RESERVED
 CVE-2019-9642
@@ -3082,6 +3118,7 @@ CVE-2019-8402
 CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN 
messages. ...)
        NOT-FOR-US: WooCommerce plugin
 CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x 
before ...)
+       {DLA-1708-1}
        - zabbix 1:3.0.17+dfsg-1 (low)
        [stretch] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-10272
@@ -13092,10 +13129,10 @@ CVE-2019-4018
        RESERVED
 CVE-2019-4017
        RESERVED
-CVE-2019-4016
-       RESERVED
-CVE-2019-4015
-       RESERVED
+CVE-2019-4016 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
+CVE-2019-4015 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
 CVE-2019-4014
        RESERVED
 CVE-2019-4013
@@ -20201,8 +20238,8 @@ CVE-2019-1709
        RESERVED
 CVE-2019-1708
        RESERVED
-CVE-2019-1707
-       RESERVED
+CVE-2019-1707 (A vulnerability in the web-based management interface of Cisco 
DNA ...)
+       TODO: check
 CVE-2019-1706
        RESERVED
 CVE-2019-1705
@@ -20211,8 +20248,8 @@ CVE-2019-1704
        RESERVED
 CVE-2019-1703
        RESERVED
-CVE-2019-1702
-       RESERVED
+CVE-2019-1702 (Multiple vulnerabilities in the web-based management interface 
of ...)
+       TODO: check
 CVE-2019-1701
        RESERVED
 CVE-2019-1700 (A vulnerability in field-programmable gate array (FPGA) ingress 
buffer ...)
@@ -20235,8 +20272,8 @@ CVE-2019-1692
        RESERVED
 CVE-2019-1691 (A vulnerability in the detection engine of Cisco Firepower 
Threat ...)
        NOT-FOR-US: Cisco
-CVE-2019-1690
-       RESERVED
+CVE-2019-1690 (A vulnerability in the management interface of Cisco 
Application ...)
+       TODO: check
 CVE-2019-1689 (A vulnerability in the client application for iOS of Cisco 
Webex Teams ...)
        NOT-FOR-US: Cisco
 CVE-2019-1688 (A vulnerability in the management web interface of Cisco 
Network ...)
@@ -20379,24 +20416,24 @@ CVE-2019-1620
        RESERVED
 CVE-2019-1619
        RESERVED
-CVE-2019-1618
-       RESERVED
-CVE-2019-1617
-       RESERVED
-CVE-2019-1616
-       RESERVED
-CVE-2019-1615
-       RESERVED
-CVE-2019-1614
-       RESERVED
-CVE-2019-1613
-       RESERVED
-CVE-2019-1612
-       RESERVED
-CVE-2019-1611
-       RESERVED
-CVE-2019-1610
-       RESERVED
+CVE-2019-1618 (A vulnerability in the Tetration Analytics agent for Cisco 
Nexus 9000 ...)
+       TODO: check
+CVE-2019-1617 (A vulnerability in the Fibre Channel over Ethernet (FCoE) 
N-port ...)
+       TODO: check
+CVE-2019-1616 (A vulnerability in the Cisco Fabric Services component of Cisco 
NX-OS ...)
+       TODO: check
+CVE-2019-1615 (A vulnerability in the Image Signature Verification feature of 
Cisco ...)
+       TODO: check
+CVE-2019-1614 (A vulnerability in the NX-API feature of Cisco NX-OS Software 
could ...)
+       TODO: check
+CVE-2019-1613 (A vulnerability in the CLI of Cisco NX-OS Software could allow 
an ...)
+       TODO: check
+CVE-2019-1612 (A vulnerability in the CLI of Cisco NX-OS Software could allow 
an ...)
+       TODO: check
+CVE-2019-1611 (A vulnerability in the CLI of Cisco NX-OS Software and Cisco 
FXOS ...)
+       TODO: check
+CVE-2019-1610 (A vulnerability in the CLI of Cisco NX-OS Software could allow 
an ...)
+       TODO: check
 CVE-2019-1609 (A vulnerability in the CLI of Cisco NX-OS Software could allow 
an ...)
        NOT-FOR-US: Cisco
 CVE-2019-1608 (A vulnerability in the CLI of Cisco NX-OS Software could allow 
an ...)
@@ -66610,7 +66647,7 @@ CVE-2018-4058
        {DSA-4373-1 DLA-1671-1}
        - coturn 4.5.1.0-1
 CVE-2018-4057
-       RESERVED
+       REJECTED
 CVE-2018-4056 (An exploitable SQL injection vulnerability exists in the 
administrator ...)
        {DSA-4373-1 DLA-1671-1}
        - coturn 4.5.1.0-1
@@ -72632,8 +72669,8 @@ CVE-2018-2011
        RESERVED
 CVE-2018-2010
        RESERVED
-CVE-2018-2009
-       RESERVED
+CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an 
information ...)
+       TODO: check
 CVE-2018-2008
        RESERVED
 CVE-2018-2007
@@ -72654,8 +72691,8 @@ CVE-2018-2000
        RESERVED
 CVE-2018-1999
        RESERVED
-CVE-2018-1998
-       RESERVED
+CVE-2018-1998 (IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user 
to ...)
+       TODO: check
 CVE-2018-1997
        RESERVED
 CVE-2018-1996 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
provide ...)
@@ -72690,20 +72727,20 @@ CVE-2018-1982
        RESERVED
 CVE-2018-1981
        RESERVED
-CVE-2018-1980
-       RESERVED
+CVE-2018-1980 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
 CVE-2018-1979
        RESERVED
-CVE-2018-1978
-       RESERVED
+CVE-2018-1978 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
 CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect 
Server) ...)
        NOT-FOR-US: IBM
 CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by 
sensitive ...)
        NOT-FOR-US: IBM
 CVE-2018-1975
        RESERVED
-CVE-2018-1974
-       RESERVED
+CVE-2018-1974 (IBM WebSphere 8.0.0.0 through 9.1.1 could allow an 
authenticated ...)
+       TODO: check
 CVE-2018-1973 (IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with 
limited ...)
        NOT-FOR-US: IBM
 CVE-2018-1972
@@ -72804,10 +72841,10 @@ CVE-2018-1925
        RESERVED
 CVE-2018-1924
        RESERVED
-CVE-2018-1923
-       RESERVED
-CVE-2018-1922
-       RESERVED
+CVE-2018-1923 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
+CVE-2018-1922 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
 CVE-2018-1921
        RESERVED
 CVE-2018-1920 (IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a 
XML ...)
@@ -72846,8 +72883,8 @@ CVE-2018-1904 (IBM WebSphere Application Server 7.0, 
8.0, 8.5, and 9.0 could all
        NOT-FOR-US: IBM
 CVE-2018-1903
        RESERVED
-CVE-2018-1902
-       RESERVED
+CVE-2018-1902 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a ...)
+       TODO: check
 CVE-2018-1901 (IBM WebSphere Application Server 8.5 and 9.0 could allow a 
remote ...)
        NOT-FOR-US: IBM
 CVE-2018-1900 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, 
and ...)
@@ -72870,8 +72907,7 @@ CVE-2018-1892
        RESERVED
 CVE-2018-1891 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site 
...)
        NOT-FOR-US: IBM
-CVE-2018-1890
-       RESERVED
+CVE-2018-1890 (IBM SDK, Java Technology Edition Version 8 on the AIX platform 
uses ...)
        NOT-FOR-US: IBM Java on AIX
 CVE-2018-1889 (IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site 
...)
        NOT-FOR-US: IBM
@@ -123040,6 +123076,7 @@ CVE-2017-2828 (An exploitable command injection 
vulnerability exists in the web
 CVE-2017-2827 (An exploitable command injection vulnerability exists in the 
web ...)
        NOT-FOR-US: Foscam C1 Indoor HD Camera
 CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig 
proxy ...)
+       {DLA-1708-1}
        - zabbix <unfixed> (low)
        [buster] - zabbix <ignored> (Minor issue, workaround exists)
        [stretch] - zabbix <ignored> (Minor issue, workaround exists)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/974757c53d0e81701e9e026be14100b8b8a9563e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/974757c53d0e81701e9e026be14100b8b8a9563e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to