Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7829451a by security tracker role at 2019-04-08T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,199 @@ +CVE-2019-11011 + RESERVED +CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in ...) + TODO: check +CVE-2019-11009 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) + TODO: check +CVE-2019-11008 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) + TODO: check +CVE-2019-11007 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) + TODO: check +CVE-2019-11006 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) + TODO: check +CVE-2019-11005 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buf ...) + TODO: check +CVE-2019-11004 (In Materialize through 1.0.0, XSS is possible via the Toast feature. ...) + TODO: check +CVE-2019-11003 (In Materialize through 1.0.0, XSS is possible via the Autocomplete fea ...) + TODO: check +CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip feature. ...) + TODO: check +CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices th ...) + TODO: check +CVE-2019-11000 + RESERVED +CVE-2019-10999 + RESERVED +CVE-2019-10998 + RESERVED +CVE-2019-10997 + RESERVED +CVE-2019-10996 + RESERVED +CVE-2019-10995 + RESERVED +CVE-2019-10994 + RESERVED +CVE-2019-10993 + RESERVED +CVE-2019-10992 + RESERVED +CVE-2019-10991 + RESERVED +CVE-2019-10990 + RESERVED +CVE-2019-10989 + RESERVED +CVE-2019-10988 + RESERVED +CVE-2019-10987 + RESERVED +CVE-2019-10986 + RESERVED +CVE-2019-10985 + RESERVED +CVE-2019-10984 + RESERVED +CVE-2019-10983 + RESERVED +CVE-2019-10982 + RESERVED +CVE-2019-10981 + RESERVED +CVE-2019-10980 + RESERVED +CVE-2019-10979 + RESERVED +CVE-2019-10978 + RESERVED +CVE-2019-10977 + RESERVED +CVE-2019-10976 + RESERVED +CVE-2019-10975 + RESERVED +CVE-2019-10974 + RESERVED +CVE-2019-10973 + RESERVED +CVE-2019-10972 + RESERVED +CVE-2019-10971 + RESERVED +CVE-2019-10970 + RESERVED +CVE-2019-10969 + RESERVED +CVE-2019-10968 + RESERVED +CVE-2019-10967 + RESERVED +CVE-2019-10966 + RESERVED +CVE-2019-10965 + RESERVED +CVE-2019-10964 + RESERVED +CVE-2019-10963 + RESERVED +CVE-2019-10962 + RESERVED +CVE-2019-10961 + RESERVED +CVE-2019-10960 + RESERVED +CVE-2019-10959 + RESERVED +CVE-2019-10958 + RESERVED +CVE-2019-10957 + RESERVED +CVE-2019-10956 + RESERVED +CVE-2019-10955 + RESERVED +CVE-2019-10954 + RESERVED +CVE-2019-10953 + RESERVED +CVE-2019-10952 + RESERVED +CVE-2019-10951 + RESERVED +CVE-2019-10950 + RESERVED +CVE-2019-10949 + RESERVED +CVE-2019-10948 + RESERVED +CVE-2019-10947 + RESERVED +CVE-2019-10946 + RESERVED +CVE-2019-10945 + RESERVED +CVE-2019-10944 + RESERVED +CVE-2019-10943 + RESERVED +CVE-2019-10942 + RESERVED +CVE-2019-10941 + RESERVED +CVE-2019-10940 + RESERVED +CVE-2019-10939 + RESERVED +CVE-2019-10938 + RESERVED +CVE-2019-10937 + RESERVED +CVE-2019-10936 + RESERVED +CVE-2019-10935 + RESERVED +CVE-2019-10934 + RESERVED +CVE-2019-10933 + RESERVED +CVE-2019-10932 + RESERVED +CVE-2019-10931 + RESERVED +CVE-2019-10930 + RESERVED +CVE-2019-10929 + RESERVED +CVE-2019-10928 + RESERVED +CVE-2019-10927 + RESERVED +CVE-2019-10926 + RESERVED +CVE-2019-10925 + RESERVED +CVE-2019-10924 + RESERVED +CVE-2019-10923 + RESERVED +CVE-2019-10922 + RESERVED +CVE-2019-10921 + RESERVED +CVE-2019-10920 + RESERVED +CVE-2019-10919 + RESERVED +CVE-2019-10918 + RESERVED +CVE-2019-10917 + RESERVED +CVE-2019-10916 + RESERVED +CVE-2019-10915 + RESERVED +CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure T ...) + TODO: check CVE-2019-10913 RESERVED CVE-2019-10912 @@ -12,7 +208,7 @@ CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords v NOT-FOR-US: Airsonic CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...) NOT-FOR-US: Airsonic -CVE-2016-10745 [issue related to CVE-2019-10906, str.format vulnerability] +CVE-2016-10745 (In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. ...) - jinja2 2.9.4-1 NOTE: Fixed by: https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16 NOTE: Followup bugfix: https://github.com/pallets/jinja/commit/74bd64e56387f5b2931040dc7235a3509cde1611 @@ -165,8 +361,8 @@ CVE-2019-10847 RESERVED CVE-2019-10846 RESERVED -CVE-2019-10845 - RESERVED +CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...) + TODO: check CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...) NOT-FOR-US: Sony CVE-2019-10843 @@ -616,8 +812,8 @@ CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as inse - domoticz <itp> (bug #899058) CVE-2019-10677 RESERVED -CVE-2019-10676 - RESERVED +CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...) + TODO: check CVE-2019-10675 REJECTED CVE-2019-10674 @@ -3387,7 +3583,7 @@ CVE-2019-9770 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There i - libredwg <itp> (bug #595191) CVE-2019-9769 (PilusCart 1.4.1 is vulnerable to index.php?module=users&action=new ...) NOT-FOR-US: PilusCart -CVE-2019-9768 (Thinkst Canarytokens through 2019-03-01 relies on limited variation in ...) +CVE-2019-9768 (Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies o ...) NOT-FOR-US: Thinkst Canarytokens CVE-2019-9767 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting ...) NOT-FOR-US: Free MP3 CD Ripper @@ -5256,7 +5452,7 @@ CVE-2019-9044 RESERVED CVE-2019-9043 RESERVED -CVE-2019-9042 (An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt= ...) +CVE-2019-9042 (** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the i ...) NOT-FOR-US: Sitemagic CMS CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_templa ...) NOT-FOR-US: ZZZCMS @@ -5505,7 +5701,7 @@ CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in th - linux 4.19.28-1 NOTE: https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaib...@huawei.com/ NOTE: https://lore.kernel.org/lkml/20190219022512.gw2...@zeniv.linux.org.uk/ -CVE-2019-8979 (Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection whe ...) +CVE-2019-8979 (Kohana through 3.3.6 has SQL Injection when the order_by() parameter c ...) - libkohana2-php <removed> [jessie] - libkohana2-php <not-affected> (orderby function properly checks for allowed values) NOTE: https://github.com/huzr2018/orderby_SQLi/tree/master/kohana @@ -16515,8 +16711,8 @@ CVE-2019-4212 RESERVED CVE-2019-4211 RESERVED -CVE-2019-4210 - RESERVED +CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...) + TODO: check CVE-2019-4209 RESERVED CVE-2019-4208 @@ -16625,8 +16821,8 @@ CVE-2019-4157 RESERVED CVE-2019-4156 RESERVED -CVE-2019-4155 - RESERVED +CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted b ...) + TODO: check CVE-2019-4154 RESERVED CVE-2019-4153 @@ -16649,8 +16845,8 @@ CVE-2019-4145 RESERVED CVE-2019-4144 RESERVED -CVE-2019-4143 - RESERVED +CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 ...) + TODO: check CVE-2019-4142 RESERVED CVE-2019-4141 @@ -16833,8 +17029,8 @@ CVE-2019-4053 RESERVED CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthe ...) NOT-FOR-US: IBM -CVE-2019-4051 - RESERVED +CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system spe ...) + TODO: check CVE-2019-4050 RESERVED CVE-2019-4049 @@ -16845,8 +17041,8 @@ CVE-2019-4047 RESERVED CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM -CVE-2019-4045 - RESERVED +CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process Manager 18.0 ...) + TODO: check CVE-2019-4044 RESERVED CVE-2019-4043 (IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vuln ...) @@ -17209,6 +17405,7 @@ CVE-2019-3882 [DoS through vfio/type1 DMA mappings] CVE-2019-3881 RESERVED CVE-2019-3880 [Save registry file outside share as unprivileged user] + RESERVED {DSA-4427-1} - samba 2:4.9.5+dfsg-3 NOTE: https://www.samba.org/samba/security/CVE-2019-3880.html @@ -17244,6 +17441,7 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/ CVE-2019-3870 [During the provision of a new Active Directory DC, some files in the ...] + RESERVED - samba 2:4.9.5+dfsg-3 [stretch] - samba <not-affected> (Vulnerable code not present) [jessie] - samba <not-affected> (Vulnerable code not present) @@ -19329,8 +19527,8 @@ CVE-2018-20343 RESERVED CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...) NOT-FOR-US: Floureon IP Camera SP012 -CVE-2018-20341 - RESERVED +CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted Search P ...) + TODO: check CVE-2018-20340 (Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which c ...) {DSA-4389-1} - libu2f-host 1.1.7-1 (bug #921726) @@ -23993,14 +24191,12 @@ CVE-2019-1787 [An out-of-bounds heap read condition when scanning PDF documents] - clamav 0.101.2+dfsg-1 [stretch] - clamav <no-dsa> (Already fixed via SUA, pending inclusion in next point release) NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html -CVE-2019-1786 [An out-of-bounds heap read may occur when scanning malformed PDF documents] - RESERVED +CVE-2019-1786 (A vulnerability in the Portable Document Format (PDF) scanning functio ...) - clamav 0.101.2+dfsg-1 [stretch] - clamav <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0) [jessie] - clamav <not-affected> (Vulnerable code introduced later) NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html -CVE-2019-1785 [A path-traversal write condition may occur when scanning RAR archives] - RESERVED +CVE-2019-1785 (A vulnerability in the RAR file scanning functionality of Clam AntiVir ...) - libclamunrar 0.101.2-1 [stretch] - libclamunrar <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0) [jessie] - libclamunrar <not-affected> (Vulnerable code introduced later) @@ -29978,8 +30174,8 @@ CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 NOT-FOR-US: TextEditor 2.0 in ABB CP400 Panel Builder CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the D ...) NOT-FOR-US: Geutebrueck cameras -CVE-2018-19006 - RESERVED +CVE-2018-19006 (OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The ...) + TODO: check CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation ...) NOT-FOR-US: Cscape CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds rea ...) @@ -76730,14 +76926,14 @@ CVE-2018-2002 RESERVED CVE-2018-2001 RESERVED -CVE-2018-2000 - RESERVED -CVE-2018-1999 - RESERVED +CVE-2018-2000 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...) + TODO: check +CVE-2018-1999 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...) + TODO: check CVE-2018-1998 (IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inj ...) NOT-FOR-US: IBM -CVE-2018-1997 - RESERVED +CVE-2018-1997 (IBM Business Automation Workflow and Business Process Manager 18.0.0.0 ...) + TODO: check CVE-2018-1996 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...) NOT-FOR-US: IBM CVE-2018-1995 @@ -76844,8 +77040,8 @@ CVE-2018-1945 (IBM Security Identity Governance and Intelligence 5.2 through 5.2 NOT-FOR-US: IBM CVE-2018-1944 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 ...) NOT-FOR-US: IBM -CVE-2018-1943 - RESERVED +CVE-2018-1943 (IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header in ...) + TODO: check CVE-2018-1942 RESERVED CVE-2018-1941 (IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini ...) @@ -76960,14 +77156,14 @@ CVE-2018-1887 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, NOT-FOR-US: IBM CVE-2018-1886 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...) NOT-FOR-US: IBM -CVE-2018-1885 - RESERVED +CVE-2018-1885 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...) + TODO: check CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3. ...) NOT-FOR-US: IBM Case Manager CVE-2018-1883 (A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Co ...) NOT-FOR-US: IBM -CVE-2018-1882 - RESERVED +CVE-2018-1882 (In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, ...) + TODO: check CVE-2018-1881 RESERVED CVE-2018-1880 @@ -77024,8 +77220,8 @@ CVE-2018-1855 RESERVED CVE-2018-1854 RESERVED -CVE-2018-1853 - RESERVED +CVE-2018-1853 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could al ...) + TODO: check CVE-2018-1852 RESERVED CVE-2018-1851 (IBM WebSphere Application Server Liberty OpenID Connect could allow a ...) @@ -77156,8 +77352,8 @@ CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attack NOT-FOR-US: IBM CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitiv ...) NOT-FOR-US: IBM -CVE-2018-1787 - RESERVED +CVE-2018-1787 (IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vu ...) + TODO: check CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly ...) NOT-FOR-US: IBM Spectrum Protect CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses wea ...) @@ -110670,8 +110866,8 @@ CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automati NOT-FOR-US: Rockwell Rockwell PanelView Plus CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell ...) NOT-FOR-US: Moxa -CVE-2017-7912 - RESERVED +CVE-2017-7912 (Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v ...) + TODO: check CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...) NOT-FOR-US: CyberVision Kaa IoT Platform CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Canal St ...) @@ -190532,8 +190728,8 @@ CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider NOT-FOR-US: Schneider Electric ProClima CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in Honeywell ...) NOT-FOR-US: Honeywell Experion PKS -CVE-2014-9186 - RESERVED +CVE-2014-9186 (A file inclusion vulnerability exists in the confd.exe module in Honey ...) + TODO: check CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 a ...) NOT-FOR-US: Morfy CMS CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via ...) @@ -200751,10 +200947,10 @@ CVE-2014-5438 (Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG86 NOT-FOR-US: Arris Touchstone CVE-2014-5437 (Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS To ...) NOT-FOR-US: Arris Touchstone -CVE-2014-5436 - RESERVED -CVE-2014-5435 - RESERVED +CVE-2014-5436 (A directory traversal vulnerability exists in the confd.exe module in ...) + TODO: check +CVE-2014-5435 (An arbitrary memory write vulnerability exists in the dual_onsrv.exe m ...) + TODO: check CVE-2014-5434 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...) NOT-FOR-US: Baxter SIGMA Spectrum Infusion System CVE-2014-5433 (An unauthenticated remote attacker may be able to execute commands to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7829451a349f953f6cc4a8621b6cd1b94d789bc7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7829451a349f953f6cc4a8621b6cd1b94d789bc7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits