[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 10 Apr 2019 13:11:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4531d201 by security tracker role at 2019-04-10T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-11067
+       RESERVED
+CVE-2019-1003050
+       RESERVED
+CVE-2019-1003049
+       RESERVED
 CVE-2019-11066
        RESERVED
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to 
download ...)
@@ -264,10 +270,10 @@ CVE-2019-10948
        RESERVED
 CVE-2019-10947
        RESERVED
-CVE-2019-10946
-       RESERVED
-CVE-2019-10945
-       RESERVED
+CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh 
list of  ...)
+       TODO: check
+CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media 
Manager com ...)
+       TODO: check
 CVE-2019-10944
        RESERVED
 CVE-2019-10943
@@ -545,7 +551,7 @@ CVE-2019-10845 (An issue was discovered in Uniqkey Password 
Manager 1.14. When e
 CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network 
Libraries (aka n ...)
        NOT-FOR-US: Sony
 CVE-2019-10843
-       RESERVED
+       REJECTED
 CVE-2019-10842 (Arbitrary code execution (via backdoor code) was discovered in 
bootstr ...)
        NOT-FOR-US: backdoored version of bootstrap-sass
 CVE-2019-10841
@@ -5202,7 +5208,7 @@ CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 
mishandles suspicious files.
        NOT-FOR-US: Grin
 CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in 
the PH ...)
        NOT-FOR-US: elFinder
-CVE-2019-9193 (In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" 
function al ...)
+CVE-2019-9193 (** DISPUTED ** Third parties claim/state this is not an issue 
because  ...)
        - postgresql-11 <unfixed> (unimportant)
        - postgresql-9.6 <removed> (unimportant)
        - postgresql-9.4 <removed> (unimportant)
@@ -9116,8 +9122,8 @@ CVE-2019-7553
        RESERVED
 CVE-2019-7552
        RESERVED
-CVE-2019-7551
-       RESERVED
+CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x 
before 3.4 ...)
+       TODO: check
 CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can 
enumerate whe ...)
        NOT-FOR-US: JForum
 CVE-2019-7549
@@ -10264,8 +10270,8 @@ CVE-2019-7141
        RESERVED
 CVE-2019-7140
        RESERVED
-CVE-2019-7139
-       RESERVED
+CVE-2019-7139 (An unauthenticated user can execute arbitrary code through an 
SQL inje ...)
+       TODO: check
 CVE-2019-7138
        RESERVED
 CVE-2019-7137
@@ -12313,8 +12319,8 @@ CVE-2019-6289 (uploads/include/dialog/select_soft.php 
in DedeCMS V57_UTF8_SP2 al
        NOT-FOR-US: DedeCMS
 CVE-2019-6288
        RESERVED
-CVE-2019-6287
-       RESERVED
+CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued 
access  ...)
+       TODO: check
 CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in 
Sass::Prelex ...)
        - libsass <unfixed> (low)
        [stretch] - libsass <no-dsa> (Minor issue)
@@ -12663,12 +12669,12 @@ CVE-2019-6158
        RESERVED
 CVE-2019-6157
        RESERVED
-CVE-2019-6156
-       RESERVED
+CVE-2019-6156 (In Lenovo systems, SMM BIOS Write Protection is used to prevent 
writes ...)
+       TODO: check
 CVE-2019-6155
        RESERVED
-CVE-2019-6154
-       RESERVED
+CVE-2019-6154 (A DLL search path vulnerability was reported in Lenovo Bootable 
Genera ...)
+       TODO: check
 CVE-2019-6153
        RESERVED
 CVE-2019-6152
@@ -14458,12 +14464,12 @@ CVE-2019-5428
        RESERVED
 CVE-2019-5427
        RESERVED
-CVE-2019-5426
-       RESERVED
-CVE-2019-5425
-       RESERVED
-CVE-2019-5424
-       RESERVED
+CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an 
unauthenticated ...)
+       TODO: check
+CVE-2019-5425 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an 
authenticated u ...)
+       TODO: check
+CVE-2019-5424 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a 
privileged user  ...)
+       TODO: check
 CVE-2019-5423 (Path traversal vulnerability in http-live-simulator npm package 
versio ...)
        NOT-FOR-US: http-live-simulator node module
 CVE-2019-5422 (XSS in buttle npm package version 0.2.0 causes execution of 
attacker-p ...)
@@ -17322,8 +17328,8 @@ CVE-2019-4015 (IBM DB2 for Linux, UNIX and Windows 
(includes DB2 Connect Server)
        NOT-FOR-US: IBM
 CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
        NOT-FOR-US: IBM
-CVE-2019-4013
-       RESERVED
+CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to 
upload a ...)
+       TODO: check
 CVE-2019-4012
        RESERVED
 CVE-2019-4011
@@ -19793,8 +19799,8 @@ CVE-2018-20323 (www/soap/application/MCSoap/Logs.php in 
MailCleaner Community Ed
        NOT-FOR-US: MailCleaner
 CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting 
(XSS) vulner ...)
        - limesurvey <itp> (bug #472802)
-CVE-2018-20321
-       RESERVED
+CVE-2018-20321 (An issue was discovered in Rancher 2 through 2.1.5. Any 
project member ...)
+       TODO: check
 CVE-2018-20320
        RESERVED
 CVE-2018-20319
@@ -29435,7 +29441,7 @@ CVE-2019-0210
 CVE-2019-0209
        RESERVED
 CVE-2019-0208
-       RESERVED
+       REJECTED
 CVE-2019-0207
        RESERVED
 CVE-2019-0206
@@ -29452,8 +29458,7 @@ CVE-2019-0201
        RESERVED
 CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid 
Broker-J ve ...)
        - qpid-java <itp> (bug #840131)
-CVE-2019-0199 [HTTP/2 DoS]
-       RESERVED
+CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 
and 8.5. ...)
        - tomcat9 9.0.16-1
        - tomcat8 8.5.38-1
        [jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
@@ -77164,8 +77169,8 @@ CVE-2018-1996 (IBM WebSphere Application Server 7.0, 
8.0, 8.5, and 9.0 could pro
        NOT-FOR-US: IBM
 CVE-2018-1995
        RESERVED
-CVE-2018-1994
-       RESERVED
+CVE-2018-1994 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable 
to SQL i ...)
+       TODO: check
 CVE-2018-1993 (IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 
and 5.0.0 ...)
        NOT-FOR-US: IBM
 CVE-2018-1992 (The IBM Power 9 OP910, OP920, and FW910 boot firmware's 
bootloader is  ...)
@@ -77346,8 +77351,8 @@ CVE-2018-1905 (IBM WebSphere Application Server 9.0.0.0 
through 9.0.0.9 is vulne
        NOT-FOR-US: IBM
 CVE-2018-1904 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow re ...)
        NOT-FOR-US: IBM
-CVE-2018-1903
-       RESERVED
+CVE-2018-1903 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 
could all ...)
+       TODO: check
 CVE-2018-1902 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a  ...)
        NOT-FOR-US: IBM
 CVE-2018-1901 (IBM WebSphere Application Server 8.5 and 9.0 could allow a 
remote atta ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4531d201d7ad9a7637e6f5735f9fe197e718c6b2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4531d201d7ad9a7637e6f5735f9fe197e718c6b2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to