Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13719c7a by security tracker role at 2019-04-27T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-11564
+ RESERVED
+CVE-2019-11563
+ RESERVED
+CVE-2019-11562
+ RESERVED
+CVE-2019-11561
+ RESERVED
+CVE-2019-11560
+ RESERVED
+CVE-2019-11559
+ RESERVED
+CVE-2019-11558
+ RESERVED
+CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for
WordPress ...)
+ TODO: check
+CVE-2019-11556
+ RESERVED
CVE-2019-11554
RESERVED
CVE-2019-11553
@@ -40,8 +58,8 @@ CVE-2019-11535
RESERVED
CVE-2019-11534
RESERVED
-CVE-2019-11533
- RESERVED
+CVE-2019-11533 (Cross-site scripting (XSS) vulnerability in ProjectSend before
r1070 a ...)
+ TODO: check
CVE-2019-11532
RESERVED
CVE-2019-11531
@@ -136,8 +154,8 @@ CVE-2019-11494
RESERVED
CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution
because pd ...)
NOT-FOR-US: VeryPDF
-CVE-2019-11492
- RESERVED
+CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server
logs. ...)
+ TODO: check
CVE-2019-11491
RESERVED
CVE-2019-11490 (An issue was discovered in Npcap 0.992. Sending a malformed
.pcap file ...)
@@ -259,9 +277,11 @@ CVE-2019-11457
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary
PHP code. ...)
NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash
Monit bef ...)
+ {DLA-1767-1}
- monit <unfixed> (bug #927775)
NOTE:
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in
Tildeslash ...)
+ {DLA-1767-1}
- monit <unfixed> (bug #927775)
NOTE:
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
NOTE:
https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
@@ -504,7 +524,7 @@ CVE-2019-11347
RESERVED
CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of
Duty ga ...)
NOT-FOR-US: Activision
-CVE-2019-11555 [EAP-pwd message reassembly issue with unexpected fragment]
+CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8
and wpa_ ...)
- wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463)
NOTE:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
NOTE: Patches: https://w1.fi/security/2019-5/
@@ -10517,8 +10537,8 @@ CVE-2019-7478
RESERVED
CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC
Cipher allow ...)
NOT-FOR-US: SonicWall
-CVE-2019-7476
- RESERVED
+CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS),
allow a r ...)
+ TODO: check
CVE-2019-7475 (A vulnerability in SonicWall SonicOS and SonicOSv with
management enab ...)
NOT-FOR-US: SonicWall
CVE-2019-7474 (A vulnerability in SonicWall SonicOS and SonicOSv, allow
authenticated ...)
@@ -11028,6 +11048,7 @@ CVE-2019-7319
CVE-2019-7318
RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free
because ...)
+ {DSA-4435-1}
- libpng1.6 1.6.36-4 (bug #921355)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
NOTE: https://github.com/glennrp/libpng/issues/275
@@ -19026,10 +19047,10 @@ CVE-2019-3846
RESERVED
CVE-2019-3845 (A lack of access control was found in the message queues
maintained by ...)
NOT-FOR-US: qpid dispatch router
-CVE-2019-3844
- RESERVED
-CVE-2019-3843
- RESERVED
+CVE-2019-3844 (It was discovered that a systemd service that uses DynamicUser
propert ...)
+ TODO: check
+CVE-2019-3843 (It was discovered that a systemd service that uses DynamicUser
propert ...)
+ TODO: check
CVE-2019-3842 (In systemd before v242-rc4, it was discovered that pam_systemd
does no ...)
{DSA-4428-1 DLA-1762-1}
- systemd 241-3
@@ -32900,9 +32921,11 @@ CVE-2018-18515
CVE-2018-18514
RESERVED
CVE-2018-18513 (A crash can occur when processing a crafted S/MIME message or
an XPI p ...)
+ {DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18513
CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound
notific ...)
+ {DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
CVE-2018-18511 (Cross-origin images can be read from a canvas element in
violation of ...)
@@ -33600,8 +33623,8 @@ CVE-2018-18278
RESERVED
CVE-2018-18277
RESERVED
-CVE-2018-18276
- RESERVED
+CVE-2018-18276 (XSS exists in the ProFiles 1.5 component for Joomla! via the
name or p ...)
+ TODO: check
CVE-2018-18275
RESERVED
CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer
overflo ...)
@@ -40752,12 +40775,12 @@ CVE-2018-15584 (Cross-Site Scripting (XSS)
vulnerability in adm/boardgroup_form_
TODO: check
CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in
GNUBOARD ...)
NOT-FOR-US: GNUBOARD
-CVE-2018-15582
- RESERVED
+CVE-2018-15582 (Cross-Site Scripting (XSS) vulnerability in
adm/sms_admin/num_book_wri ...)
+ TODO: check
CVE-2018-15581 (Cross-Site Scripting (XSS) vulnerability in
adm/faqmasterformupdate.ph ...)
TODO: check
-CVE-2018-15580
- RESERVED
+CVE-2018-15580 (Cross-Site Scripting (XSS) vulnerability in
adm/contentformupdate.php ...)
+ TODO: check
CVE-2018-15579
RESERVED
CVE-2018-15578
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13719c7ad8aee9d5a37c8f99f877d5b0515ff7ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13719c7ad8aee9d5a37c8f99f877d5b0515ff7ed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
