[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 28 Mar 2019 01:11:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e8e24e88 by security tracker role at 2019-03-28T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-10249
+       RESERVED
+CVE-2019-10248
+       RESERVED
+CVE-2019-10247
+       RESERVED
+CVE-2019-10246
+       RESERVED
+CVE-2019-10245
+       RESERVED
+CVE-2019-10244
+       RESERVED
+CVE-2019-10243
+       RESERVED
+CVE-2019-10242
+       RESERVED
+CVE-2019-10241
+       RESERVED
+CVE-2019-10240
+       RESERVED
+CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7 
has a d ...)
+       TODO: check
 CVE-2019-10239
        RESERVED
 CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via 
the file ...)
@@ -22285,58 +22307,58 @@ CVE-2019-1764 (A vulnerability in the web-based 
management interface of Session
        NOT-FOR-US: Cisco
 CVE-2019-1763 (A vulnerability in the web-based management interface of 
Session Initi ...)
        NOT-FOR-US: Cisco
-CVE-2019-1762
-       RESERVED
-CVE-2019-1761
-       RESERVED
-CVE-2019-1760
-       RESERVED
-CVE-2019-1759
-       RESERVED
-CVE-2019-1758
-       RESERVED
-CVE-2019-1757
-       RESERVED
-CVE-2019-1756
-       RESERVED
-CVE-2019-1755
-       RESERVED
-CVE-2019-1754
-       RESERVED
-CVE-2019-1753
-       RESERVED
-CVE-2019-1752
-       RESERVED
-CVE-2019-1751
-       RESERVED
-CVE-2019-1750
-       RESERVED
-CVE-2019-1749
-       RESERVED
-CVE-2019-1748
-       RESERVED
-CVE-2019-1747
-       RESERVED
-CVE-2019-1746
-       RESERVED
-CVE-2019-1745
-       RESERVED
+CVE-2019-1762 (A vulnerability in the Secure Storage feature of Cisco IOS and 
IOS XE  ...)
+       TODO: check
+CVE-2019-1761 (A vulnerability in the Hot Standby Router Protocol (HSRP) 
subsystem of ...)
+       TODO: check
+CVE-2019-1760 (A vulnerability in Performance Routing Version 3 (PfRv3) of 
Cisco IOS  ...)
+       TODO: check
+CVE-2019-1759 (A vulnerability in access control list (ACL) functionality of 
the Giga ...)
+       TODO: check
+CVE-2019-1758 (A vulnerability in 802.1x function of Cisco IOS Software on the 
Cataly ...)
+       TODO: check
+CVE-2019-1757 (A vulnerability in the Cisco Smart Call Home feature of Cisco 
IOS and  ...)
+       TODO: check
+CVE-2019-1756 (A vulnerability in Cisco IOS XE Software could allow an 
authenticated, ...)
+       TODO: check
+CVE-2019-1755 (A vulnerability in the Web Services Management Agent (WSMA) 
function o ...)
+       TODO: check
+CVE-2019-1754 (A vulnerability in the authorization subsystem of Cisco IOS XE 
Softwar ...)
+       TODO: check
+CVE-2019-1753 (A vulnerability in the web UI of Cisco IOS XE Software could 
allow an  ...)
+       TODO: check
+CVE-2019-1752 (A vulnerability in the ISDN functions of Cisco IOS Software and 
Cisco  ...)
+       TODO: check
+CVE-2019-1751 (A vulnerability in the Network Address Translation 64 (NAT64) 
function ...)
+       TODO: check
+CVE-2019-1750 (A vulnerability in the Easy Virtual Switching System (VSS) of 
Cisco IO ...)
+       TODO: check
+CVE-2019-1749 (A vulnerability in the ingress traffic validation of Cisco IOS 
XE Soft ...)
+       TODO: check
+CVE-2019-1748 (A vulnerability in the Cisco Network Plug-and-Play (PnP) agent 
of Cisc ...)
+       TODO: check
+CVE-2019-1747 (A vulnerability in the implementation of the Short Message 
Service (SM ...)
+       TODO: check
+CVE-2019-1746 (A vulnerability in the Cluster Management Protocol (CMP) 
processing co ...)
+       TODO: check
+CVE-2019-1745 (A vulnerability in Cisco IOS XE Software could allow an 
authenticated, ...)
+       TODO: check
 CVE-2019-1744
        RESERVED
-CVE-2019-1743
-       RESERVED
-CVE-2019-1742
-       RESERVED
-CVE-2019-1741
-       RESERVED
-CVE-2019-1740
-       RESERVED
-CVE-2019-1739
-       RESERVED
-CVE-2019-1738
-       RESERVED
-CVE-2019-1737
-       RESERVED
+CVE-2019-1743 (A vulnerability in the web UI framework of Cisco IOS XE 
Software could ...)
+       TODO: check
+CVE-2019-1742 (A vulnerability in the web UI of Cisco IOS XE Software could 
allow an  ...)
+       TODO: check
+CVE-2019-1741 (A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) 
feature ...)
+       TODO: check
+CVE-2019-1740 (A vulnerability in the Network-Based Application Recognition 
(NBAR) fe ...)
+       TODO: check
+CVE-2019-1739 (A vulnerability in the Network-Based Application Recognition 
(NBAR) fe ...)
+       TODO: check
+CVE-2019-1738 (A vulnerability in the Network-Based Application Recognition 
(NBAR) fe ...)
+       TODO: check
+CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement 
(SLA)  ...)
+       TODO: check
 CVE-2019-1736
        RESERVED
 CVE-2019-1735
@@ -23528,8 +23550,8 @@ CVE-2019-1535
        RESERVED
 CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 
51029). VPor ...)
        NOT-FOR-US: InfoVista VistaPortal
-CVE-2018-19648
-       RESERVED
+CVE-2018-19648 (An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 
1.6.4. NETC ...)
+       TODO: check
 CVE-2018-19647
        RESERVED
 CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 
13.1.10 ...)
@@ -27351,10 +27373,9 @@ CVE-2019-0163
        RESERVED
 CVE-2019-0162
        RESERVED
-CVE-2019-0161
-       RESERVED
-CVE-2019-0160 [buffer overflows in PartitionDxe and UdfDxe with long file 
names and invalid UDF media]
-       RESERVED
+CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated 
user to ...)
+       TODO: check
+CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow 
unauthenticate ...)
        - edk2 0~20181115.85588389-1
        NOTE: 
https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370
        NOTE: 
https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219
@@ -38885,8 +38906,8 @@ CVE-2018-14816 (Advantech WebAccess 8.3.1 and earlier 
has several stack-based bu
        NOT-FOR-US: Advantech WebAccess
 CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several 
out-of-bounds write  ...)
        NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14814
-       RESERVED
+CVE-2018-14814 (WECON Technology PI Studio HMI versions 4.1.9 and prior and PI 
Studio  ...)
+       TODO: check
 CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer 
overflow ...)
        NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) 
vulnerability has  ...)
@@ -44866,8 +44887,8 @@ CVE-2018-12546 (In Eclipse Mosquitto version 1.0 to 
1.5.5 (inclusive) when a cli
        [jessie] - mosquitto <ignored> (Minor issue)
        NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
        NOTE: https://mosquitto.org/files/cve/2018-12546
-CVE-2018-12545
-       RESERVED
+CVE-2018-12545 (In Eclipse Jetty version 9.3.x and 9.4.x, the server is 
vulnerable to  ...)
+       TODO: check
 CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the 
OpenAPI XML  ...)
        NOT-FOR-US: Eclipse Vert.x
 CVE-2018-12543 (In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a 
message is  ...)
@@ -46001,18 +46022,16 @@ CVE-2018-12185 (Insufficient input validation in 
Intel(R) AMT in Intel(R) CSME b
        NOT-FOR-US: Intel
 CVE-2018-12184
        RESERVED
-CVE-2018-12183
-       RESERVED
-CVE-2018-12182
-       RESERVED
-CVE-2018-12181 [Stack buffer overflow with corrupted BMP]
-       RESERVED
+CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an 
unauthenticated user ...)
+       TODO: check
+CVE-2018-12182 (Insufficient memory write check in SMM service for EDK II may 
allow an ...)
+       TODO: check
+CVE-2018-12181 (Stack overflow in corrupted bmp for EDK II may allow 
unprivileged user ...)
        - edk2 0~20181115.85588389-3 (bug #924615)
        [stretch] - edk2 <no-dsa> (Minor issue, will be fixed via point update)
        [jessie] - edk2 <end-of-life> (non-free is not supported)
        NOTE: https://lists.01.org/pipermail/edk2-devel/2019-March/037626.html
-CVE-2018-12180 [Buffer Overflow in BlockIo service for RAM disk]
-       RESERVED
+CVE-2018-12180 (Buffer overflow in BlockIo service for EDK II may allow an 
unauthentic ...)
        - edk2 0~20181115.85588389-3 (bug #924615)
        [stretch] - edk2 <no-dsa> (Minor issue, will be fixed via point update)
        [jessie] - edk2 <end-of-life> (non-free is not supported)
@@ -46021,10 +46040,9 @@ CVE-2018-12180 [Buffer Overflow in BlockIo service for 
RAM disk]
        NOTE: 
https://lists.01.org/pipermail/edk2-devel/2019-February/037250.html
        NOTE: 
https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f
        NOTE: 
https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
-CVE-2018-12179
-       RESERVED
-CVE-2018-12178 [improper DNS packet size check]
-       RESERVED
+CVE-2018-12179 (Improper configuration in system firmware for EDK II may allow 
unauthe ...)
+       TODO: check
+CVE-2018-12178 (Buffer overflow in network stack for EDK II may allow 
unprivileged use ...)
        - edk2 0~20181115.85588389-3 (bug #924615)
        [stretch] - edk2 <no-dsa> (Minor issue, will be fixed via point update)
        [jessie] - edk2 <end-of-life> (non-free is not supported)
@@ -70210,8 +70228,7 @@ CVE-2018-3614
        RESERVED
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=751
        NOTE: 
https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html
-CVE-2018-3613
-       RESERVED
+CVE-2018-3613 (Logic issue in variable service module for EDK 
II/UDK2018/UDK2017/UDK2 ...)
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=415
        NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=44
        NOTE: 
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html
@@ -103695,8 +103712,8 @@ CVE-2017-9628 (An Information Exposure issue was 
discovered in Saia Burgess Cont
        NOT-FOR-US: Saia Burgess Controls
 CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in 
Schneider ...)
        NOT-FOR-US: Schneider Electric
-CVE-2017-9626
-       RESERVED
+CVE-2017-9626 (Systems using the Marel Food Processing Systems Pluto platform 
do not  ...)
+       TODO: check
 CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech 
EnviDAS Ul ...)
        NOT-FOR-US: Envitech EnviDAS Ultimate
 CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in 
Telaxus/EPESI 1 ...)
@@ -110019,8 +110036,8 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and 
older, 9.3.x (all configurat
        - jetty9 9.2.25-1 (low; bug #902953)
        NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
        NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
-CVE-2017-7655
-       RESERVED
+CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null 
Dereference vu ...)
+       TODO: check
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak 
vulnerability w ...)
        {DSA-4325-1 DLA-1525-1}
        - mosquitto 1.5.4-1 (bug #911265)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e24e88743744b31b58701e6b56d96f4139b4d4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e24e88743744b31b58701e6b56d96f4139b4d4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to