[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 25 Apr 2019 01:11:12 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
09527ef7 by security tracker role at 2019-04-25T08:10:28Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows 
admin/db_backup?d ...)
+       TODO: check
+CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 
0.1.0-beta.8 mis ...)
+       TODO: check
+CVE-2019-11513 (The File Manager in CMS Made Simple through 2.2.10 has 
Reflected XSS v ...)
+       TODO: check
+CVE-2019-11512
+       RESERVED
+CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS 
via the ...)
+       TODO: check
+CVE-2019-11510
+       RESERVED
+CVE-2019-11509
+       RESERVED
+CVE-2019-11508
+       RESERVED
+CVE-2019-11507
+       RESERVED
+CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 
Q8, the ...)
+       TODO: check
+CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 
Q8, ther ...)
+       TODO: check
+CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
+       TODO: check
+CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard 
against sy ...)
+       TODO: check
+CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the 
ownership of a s ...)
+       TODO: check
+CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs 
that OR ...)
+       TODO: check
 CVE-2019-11501
        RESERVED
 CVE-2019-11500
@@ -677,10 +707,10 @@ CVE-2019-11220
        RESERVED
 CVE-2019-11219
        RESERVED
-CVE-2019-11218
-       RESERVED
-CVE-2019-11217
-       RESERVED
+CVE-2019-11218 (Improper handling of extra parameters in the AccountController 
(User P ...)
+       TODO: check
+CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 
6.5.0 a ...)
+       TODO: check
 CVE-2019-11216
        RESERVED
 CVE-2019-11215
@@ -707,8 +737,8 @@ CVE-2019-11205
        RESERVED
 CVE-2019-11204
        RESERVED
-CVE-2019-11203
-       RESERVED
+CVE-2019-11203 (The workspace client, openspace client, app development 
client, and RE ...)
+       TODO: check
 CVE-2019-11202
        RESERVED
 CVE-2019-11201
@@ -3770,12 +3800,12 @@ CVE-2019-9900
 CVE-2019-9899
        RESERVED
 CVE-2019-9898 (Potential recycling of random numbers used in cryptography 
exists with ...)
-       {DSA-4423-1}
+       {DSA-4423-1 DLA-1763-1}
        - putty 0.70-6
        NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html
        NOTE: 
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=320bf8479ff5bcbad239db4f9f4aa63656b0675e
 CVE-2019-9897 (Multiple denial-of-service attacks that can be triggered by 
writing to ...)
-       {DSA-4423-1}
+       {DSA-4423-1 DLA-1763-1}
        - putty 0.70-6
        NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-one-column-cjk.html
        NOTE: 
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=03777723e553024e94d8bfcf182f3a2e92ffb914
@@ -3792,7 +3822,7 @@ CVE-2019-9895 (In PuTTY versions before 0.71 on Unix, a 
remotely triggerable buf
        NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-fd-set-overflow.html
        NOTE: 
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c926d9ea4a9e0a0a2384f06c7583648cdff3ed6
 CVE-2019-9894 (A remotely triggerable memory overwrite in RSA key exchange in 
PuTTY b ...)
-       {DSA-4423-1}
+       {DSA-4423-1 DLA-1763-1}
        - putty 0.70-6
        NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html
        NOTE: 
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f
@@ -6929,16 +6959,16 @@ CVE-2019-8997 (An XML External Entity Injection (XXE) 
vulnerability in the Manag
        NOT-FOR-US: BlackBerry
 CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of 
the set  ...)
        NOT-FOR-US: Signiant
-CVE-2019-8995
-       RESERVED
-CVE-2019-8994
-       RESERVED
-CVE-2019-8993
-       RESERVED
-CVE-2019-8992
-       RESERVED
-CVE-2019-8991
-       RESERVED
+CVE-2019-8995 (The workspace client, openspace client, and app development 
client of  ...)
+       TODO: check
+CVE-2019-8994 (The workspace client of TIBCO Software Inc.'s TIBCO 
ActiveMatrix BPM,  ...)
+       TODO: check
+CVE-2019-8993 (The administrative web server component of TIBCO Software 
Inc.'s TIBCO ...)
+       TODO: check
+CVE-2019-8992 (The administrative server component of TIBCO Software Inc.'s 
TIBCO Act ...)
+       TODO: check
+CVE-2019-8991 (The administrator web interface of TIBCO Software Inc.'s TIBCO 
ActiveM ...)
+       TODO: check
 CVE-2019-8990 (The HTTP Connector component of TIBCO Software Inc.'s TIBCO 
ActiveMatr ...)
        NOT-FOR-US: TIBCO
 CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO 
Data S ...)
@@ -20667,8 +20697,8 @@ CVE-2018-20436 (** DISPUTED ** The "secret chat" 
feature in Telegram 4.9.1 for A
        NOT-FOR-US: Telegram for Android
 CVE-2018-20435
        RESERVED
-CVE-2018-20434
-       RESERVED
+CVE-2018-20434 (LibreNMS 1.46 allows remote attackers to execute arbitrary OS 
commands ...)
+       TODO: check
 CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in 
com/mcha ...)
        {DLA-1621-1}
        - c3p0 0.9.1.2-10 (bug #917257)
@@ -33562,8 +33592,8 @@ CVE-2018-18253 (An issue was discovered in CapMon 
Access Manager 5.4.1.1005. CAL
        NOT-FOR-US: CapMon Access Manager
 CVE-2018-18252 (An issue was discovered in CapMon Access Manager 5.4.1.1005. 
CALRunEle ...)
        NOT-FOR-US: CapMon Access Manager
-CVE-2018-18251
-       RESERVED
+CVE-2018-18251 (Deltek Vision 7.x before 7.6 permits the execution of any 
attacker sup ...)
+       TODO: check
 CVE-2019-0085
        RESERVED
 CVE-2019-0084
@@ -61849,10 +61879,10 @@ CVE-2018-7577 (Memcpy parameter overlap in Google 
Snappy library 1.1.4, as used
        TODO: check
 CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null 
Pointer Deref ...)
        TODO: check
-CVE-2018-7575
-       RESERVED
-CVE-2018-7574
-       RESERVED
+CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer 
Overflow v ...)
+       TODO: check
+CVE-2018-7574 (Google TensorFlow 1.6.x and earlier is affected by a Null 
Pointer Dere ...)
+       TODO: check
 CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP 
server ca ...)
        NOT-FOR-US: FTPShell Client
 CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when 
configured to a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/09527ef7c3695dfba968c7032e53cbb7f160e800

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/09527ef7c3695dfba968c7032e53cbb7f160e800
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to