[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61940580 by security tracker role at 2019-03-13T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF 
injection is ...)
+       TODO: check
+CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 
and ...)
+       TODO: check
+CVE-2019-9739
+       RESERVED
+CVE-2019-9738 (jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the 
'<EMBED ...)
+       TODO: check
+CVE-2019-9737 (Editor.md 1.5.0 has DOM-based XSS via vectors involving the 
'<EMBED ...)
+       TODO: check
+CVE-2019-9736 (DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors 
involving ...)
+       TODO: check
+CVE-2019-9735 (An issue was discovered in the iptables firewall module in 
OpenStack ...)
+       TODO: check
+CVE-2019-9734
+       RESERVED
+CVE-2019-9733
+       RESERVED
+CVE-2019-9732
+       RESERVED
+CVE-2019-9731
+       RESERVED
+CVE-2019-9730
+       RESERVED
+CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver 
allows ...)
+       TODO: check
+CVE-2019-9728
+       RESERVED
+CVE-2019-9727
+       RESERVED
+CVE-2019-9726
+       RESERVED
+CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 
5601f ...)
+       TODO: check
+CVE-2019-9724
+       RESERVED
 CVE-2019-9723
        RESERVED
 CVE-2019-9722
@@ -268,6 +304,7 @@ CVE-2019-9629
        RESERVED
 CVE-2019-9628 [XML parser class fails to trap exceptions on malformed XML 
declaration]
        RESERVED
+       {DSA-4407-1}
        - xmltooling <unfixed> (bug #924346)
        NOTE: https://shibboleth.net/community/advisories/secadv_20190311.txt
        NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-143
@@ -442,8 +479,8 @@ CVE-2019-9560
        RESERVED
 CVE-2019-9559
        RESERVED
-CVE-2019-9558
-       RESERVED
+CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site 
...)
+       TODO: check
 CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting 
(XSS) ...)
        TODO: check
 CVE-2019-9556
@@ -9069,24 +9106,24 @@ CVE-2019-5927
        RESERVED
 CVE-2019-5926
        RESERVED
-CVE-2019-5925
-       RESERVED
-CVE-2019-5924
-       RESERVED
-CVE-2019-5923
-       RESERVED
-CVE-2019-5922
-       RESERVED
-CVE-2019-5921
-       RESERVED
-CVE-2019-5920
-       RESERVED
-CVE-2019-5919
-       RESERVED
-CVE-2019-5918
-       RESERVED
-CVE-2019-5917
-       RESERVED
+CVE-2019-5925 (Cross-site scripting vulnerability in Dradis Community Edition 
Dradis ...)
+       TODO: check
+CVE-2019-5924 (Cross-site request forgery (CSRF) vulnerability in Smart Forms 
2.6.15 ...)
+       TODO: check
+CVE-2019-5923 (Directory traversal vulnerability in iChain Insurance Wallet 
App for ...)
+       TODO: check
+CVE-2019-5922 (Untrusted search path vulnerability in The installer of 
Microsoft ...)
+       TODO: check
+CVE-2019-5921 (Untrusted search path vulnerability in Windows 7 allows an 
attacker to ...)
+       TODO: check
+CVE-2019-5920 (Cross-site request forgery (CSRF) vulnerability in FormCraft 
1.2.1 and ...)
+       TODO: check
+CVE-2019-5919 (An incomplete cryptography of the data store function by using 
hidden ...)
+       TODO: check
+CVE-2019-5918 (Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to 
conduct XML ...)
+       TODO: check
+CVE-2019-5917 (azure-umqtt-c (available through GitHub prior to 2017 October 
6) ...)
+       TODO: check
 CVE-2019-5916 (Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 
and ...)
        NOT-FOR-US: POWER EGG
 CVE-2019-5915 (Open redirect vulnerability in OpenAM (Open Source Edition) 
13.0 ...)
@@ -14062,8 +14099,8 @@ CVE-2019-3617
        RESERVED
 CVE-2019-3616
        RESERVED
-CVE-2019-3615
-       RESERVED
+CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in 
McAfee ...)
+       TODO: check
 CVE-2019-3614
        RESERVED
 CVE-2019-3613
@@ -14611,8 +14648,8 @@ CVE-2018-20622 (JasPer 2.0.14 has a memory leak in 
base/jas_malloc.c in libjaspe
        {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/193
-CVE-2018-20621
-       RESERVED
+CVE-2018-20621 (An issue was discovered in Microvirt MEmu 6.0.6. The 
MemuService.exe ...)
+       TODO: check
 CVE-2018-20620
        RESERVED
 CVE-2018-20619
@@ -22971,7 +23008,7 @@ CVE-2019-0805
        RESERVED
 CVE-2019-0804
        RESERVED
-       {DLA-1709-1}
+       {DSA-4406-1 DLA-1709-1}
        - waagent 2.2.34-3
 CVE-2019-0803
        RESERVED
@@ -24166,26 +24203,26 @@ CVE-2019-0279
        RESERVED
 CVE-2019-0278
        RESERVED
-CVE-2019-0277
-       RESERVED
-CVE-2019-0276
-       RESERVED
-CVE-2019-0275
-       RESERVED
-CVE-2019-0274
-       RESERVED
+CVE-2019-0277 (SAP HANA extended application services, version 1, advanced 
does not ...)
+       TODO: check
+CVE-2019-0276 (Banking services from SAP 9.0 (FSAPPL version 5) and SAP 
S/4HANA ...)
+       TODO: check
+CVE-2019-0275 (SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application 
Server ...)
+       TODO: check
+CVE-2019-0274 (SAP Mobile Platform SDK allows an attacker to prevent 
legitimate users ...)
+       TODO: check
 CVE-2019-0273
        RESERVED
 CVE-2019-0272
        RESERVED
-CVE-2019-0271
-       RESERVED
-CVE-2019-0270
-       RESERVED
-CVE-2019-0269
-       RESERVED
-CVE-2019-0268
-       RESERVED
+CVE-2019-0271 (ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform 
does ...)
+       TODO: check
+CVE-2019-0270 (ABAP Server of SAP NetWeaver and ABAP Platform fail to perform 
...)
+       TODO: check
+CVE-2019-0269 (SAP BusinessObjects Business Intelligence Platform (BI 
Workspace), ...)
+       TODO: check
+CVE-2019-0268 (SAP BusinessObjects Business Intelligence Platform (CMC 
Module), ...)
+       TODO: check
 CVE-2019-0267 (SAP Manufacturing Integration and Intelligence, versions 15.0, 
15.1 ...)
        NOT-FOR-US: SAP
 CVE-2019-0266 (Under certain conditions SAP HANA Extended Application 
Services, ...)
@@ -44016,7 +44053,7 @@ CVE-2018-12105
        RESERVED
 CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge 
Repo 0.7.4 ...)
        NOT-FOR-US: Airbnb Knowledge Repo
-CVE-2018-12103 (An issue was discovered on D-Link DIR-890L A2 devices. Due to 
the ...)
+CVE-2018-12103 (An issue was discovered on D-Link DIR-890L with firmware 
1.21B02beta01 ...)
        NOT-FOR-US: D-Link
 CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
        NOT-FOR-US: md4c



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61940580d490256bb439727f0b6c76c0d09e5ef2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61940580d490256bb439727f0b6c76c0d09e5ef2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits