[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 29 Apr 2019 13:10:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4ceb4a24 by security tracker role at 2019-04-29T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,44 @@
-CVE-2019-11591
+CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 
does not ...)
+       TODO: check
+CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was 
found in th ...)
+       TODO: check
+CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows 
filter-li ...)
+       TODO: check
+CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows 
filter-lis ...)
+       TODO: check
+CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option 
allows filter ...)
+       TODO: check
+CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to 
admin/deletenews ...)
+       TODO: check
+CVE-2019-11589
+       RESERVED
+CVE-2019-11588
+       RESERVED
+CVE-2019-11587
+       RESERVED
+CVE-2019-11586
+       RESERVED
+CVE-2019-11585
+       RESERVED
+CVE-2019-11584
+       RESERVED
+CVE-2019-11583
+       RESERVED
+CVE-2019-11582
+       RESERVED
+CVE-2019-11581
+       RESERVED
+CVE-2019-11580
+       RESERVED
+CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ 
URI. ...)
+       TODO: check
+CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress 
allows C ...)
        NOT-FOR-US: WordPress plugin contact-form-maker
-CVE-2019-11590
+CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows 
CSRF vi ...)
        NOT-FOR-US: WordPress plugin form-maker
 CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna 
in dhcp ...)
        - dhcpcd5 <unfixed> (bug #928105)
@@ -3497,7 +3535,7 @@ CVE-2018-20815 [device_tree: heap buffer overflow while 
loading device tree blob
        - qemu-kvm <removed>
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
        NOTE: https://www.openwall.com/lists/oss-security/2019/03/27/1
-CVE-2016-10749
+CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a 
buffer over-r ...)
        - cjson <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/DaveGamble/cJSON/issues/30
        NOTE: https://www.openwall.com/lists/oss-security/2016/11/07/2
@@ -3896,6 +3934,7 @@ CVE-2019-9930
 CVE-2019-9929
        RESERVED
 CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the 
RTSP c ...)
+       {DLA-1770-1 DLA-1769-1}
        [experimental] - gst-plugins-base1.0 1.15.90-1
        - gst-plugins-base1.0 <unfixed> (bug #927978)
        - gst-plugins-base0.10 <removed>
@@ -8336,8 +8375,8 @@ CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, 
in some less common con
        NOT-FOR-US: Check Point
 CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm 
up to 1 ...)
        NOT-FOR-US: Check Point ZoneAlarm
-CVE-2019-8454
-       RESERVED
+CVE-2019-8454 (A local attacker can create a hard-link between a file to which 
the Ch ...)
+       TODO: check
 CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 
are ta ...)
        NOT-FOR-US: Check Point ZoneAlarm
 CVE-2019-8452 (A hard-link created from log file archive of Check Point 
ZoneAlarm up  ...)
@@ -15662,8 +15701,8 @@ CVE-2019-5494
        RESERVED
 CVE-2019-5493
        RESERVED
-CVE-2019-5492
-       RESERVED
+CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may 
disclos ...)
+       TODO: check
 CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 
9.3P7 a ...)
        NOT-FOR-US: Clustered Data ONTAP
 CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the 
NetApp  ...)
@@ -15788,8 +15827,8 @@ CVE-2019-5431
        RESERVED
 CVE-2019-5430
        RESERVED
-CVE-2019-5429
-       RESERVED
+CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an 
attacke ...)
+       TODO: check
 CVE-2019-5428
        REJECTED
 CVE-2019-5427 (c3p0 version &lt; 0.9.5.4 may be exploited by a billion laughs 
attack  ...)
@@ -18601,8 +18640,8 @@ CVE-2019-4049
        RESERVED
 CVE-2019-4048
        RESERVED
-CVE-2019-4047
-       RESERVED
+CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an 
authenticated us ...)
+       TODO: check
 CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
        NOT-FOR-US: IBM
 CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process 
Manager 18.0 ...)
@@ -19838,14 +19877,14 @@ CVE-2019-3565
        RESERVED
 CVE-2019-3564
        RESERVED
-CVE-2019-3563
-       RESERVED
-CVE-2019-3562
-       RESERVED
-CVE-2019-3561
-       RESERVED
-CVE-2019-3560
-       RESERVED
+CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying 
newlines ...)
+       TODO: check
+CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the 
Oculus Bro ...)
+       TODO: check
+CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos 
functions al ...)
+       TODO: check
+CVE-2019-3560 (An improperly performed length calculation on a buffer in 
PlaintextRec ...)
+       TODO: check
 CVE-2019-3559
        RESERVED
 CVE-2019-3558
@@ -20073,8 +20112,8 @@ CVE-2018-20625
        RESERVED
 CVE-2018-20624
        RESERVED
-CVE-2019-3493
-       RESERVED
+CVE-2019-3493 (A potential security vulnerability has been identified in Micro 
Focus  ...)
+       TODO: check
 CVE-2019-3492
        RESERVED
 CVE-2019-3491
@@ -49110,8 +49149,7 @@ CVE-2018-12385 (A potentially exploitable crash in 
TransportSecurityInfo used fo
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385
-CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible 
ClientHello]
-       RESERVED
+CVE-2018-12384 (When handling a SSLv2-compatible ClientHello request, the 
server doesn ...)
        - nss 2:3.39-1 (low; bug #908332)
        [stretch] - nss <postponed> (Minor issue, can be fixed along in future 
DSA)
        [jessie] - nss <postponed> (Minor issue, can be fixed along in future 
DSA)
@@ -49651,7 +49689,7 @@ CVE-2018-12206 (Improper configuration of hardware 
access in Intel QuickAssist T
        NOT-FOR-US: Intel QuickAssist Technology for Linux
 CVE-2018-12205 (Privilege escalation vulnerability in Platform Sample/ Silicon 
Referen ...)
        NOT-FOR-US: Intel
-CVE-2018-12204 (Privilege escalation vulnerability in Platform Sample/ Silicon 
Referen ...)
+CVE-2018-12204 (Improper memory initialization in Platform Sample/Silicon 
Reference fi ...)
        NOT-FOR-US: Intel
 CVE-2018-12203 (Denial of service vulnerability in Platform Sample/ Silicon 
Reference  ...)
        NOT-FOR-US: Intel
@@ -70040,8 +70078,7 @@ CVE-2018-5124 (Unsanitized output in the browser UI 
leaves HTML tags in place an
        - firefox 58.0.1-1
        - firefox-esr <not-affected> (Vulnerable code introduced later than 52)
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
-CVE-2018-5123
-       RESERVED
+CVE-2018-5123 (A third party website can access information available to a 
user with  ...)
        - bugzilla4 <itp> (bug #669643)
        - bugzilla <removed>
 CVE-2018-5122 (A potential integer overflow in the "DoCrypt" function of 
WebCrypto wa ...)
@@ -78596,14 +78633,14 @@ CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 
is affected by an informatio
        NOT-FOR-US: IBM
 CVE-2018-2008
        RESERVED
-CVE-2018-2007
-       RESERVED
+CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected 
crypto ...)
+       TODO: check
 CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 
could allow ...)
        NOT-FOR-US: IBM
 CVE-2018-2005
        RESERVED
-CVE-2018-2004
-       RESERVED
+CVE-2018-2004 (IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is 
vulnerable to cr ...)
+       TODO: check
 CVE-2018-2003
        RESERVED
 CVE-2018-2002
@@ -78688,8 +78725,8 @@ CVE-2018-1963
        RESERVED
 CVE-2018-1962 (IBM Security Identity Manager 7.0.1 Virtual Appliance does not 
invalid ...)
        NOT-FOR-US: IBM
-CVE-2018-1961
-       RESERVED
+CVE-2018-1961 (IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could 
disclose se ...)
+       TODO: check
 CVE-2018-1960
        RESERVED
 CVE-2018-1959 (IBM Security Identity Manager 7.0.1 Virtual Appliance contains 
hard-co ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ceb4a245deff2dec929b224be4bce6c33118a2a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ceb4a245deff2dec929b224be4bce6c33118a2a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to