Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9a7e2567 by security tracker role at 2019-05-06T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,83 @@ +CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...) + TODO: check +CVE-2019-11806 + RESERVED +CVE-2019-11805 + RESERVED +CVE-2019-11804 + RESERVED +CVE-2019-11803 + RESERVED +CVE-2019-11802 + RESERVED +CVE-2019-11801 + RESERVED +CVE-2019-11800 + RESERVED +CVE-2019-11799 + RESERVED +CVE-2019-11798 + RESERVED +CVE-2019-11797 + RESERVED +CVE-2019-11796 + RESERVED +CVE-2019-11795 + RESERVED +CVE-2019-11794 + RESERVED +CVE-2019-11793 + RESERVED +CVE-2019-11792 + RESERVED +CVE-2019-11791 + RESERVED +CVE-2019-11790 + RESERVED +CVE-2019-11789 + RESERVED +CVE-2019-11788 + RESERVED +CVE-2019-11787 + RESERVED +CVE-2019-11786 + RESERVED +CVE-2019-11785 + RESERVED +CVE-2019-11784 + RESERVED +CVE-2019-11783 + RESERVED +CVE-2019-11782 + RESERVED +CVE-2019-11781 + RESERVED +CVE-2019-11780 + RESERVED +CVE-2019-11779 + RESERVED +CVE-2019-11778 + RESERVED +CVE-2019-11777 + RESERVED +CVE-2019-11776 + RESERVED +CVE-2019-11775 + RESERVED +CVE-2019-11774 + RESERVED +CVE-2019-11773 + RESERVED +CVE-2019-11772 + RESERVED +CVE-2019-11771 + RESERVED +CVE-2019-11770 + RESERVED +CVE-2019-11769 + RESERVED +CVE-2019-11768 + RESERVED CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...) - phpbb3 <removed> [jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to disable the remote avatar function) @@ -2029,6 +2109,7 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se NOTE: https://github.com/matrixssl/matrixssl/issues/26 CVE-2019-10913 RESERVED + {DLA-1778-1} - symfony 3.4.22+dfsg-2 NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides CVE-2019-10912 @@ -2038,18 +2119,21 @@ CVE-2019-10912 NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized CVE-2019-10911 RESERVED + {DLA-1778-1} - drupal7 <not-affected> (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash CVE-2019-10910 RESERVED + {DLA-1778-1} - drupal7 <not-affected> (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid CVE-2019-10909 RESERVED + {DLA-1778-1} - drupal7 <not-affected> (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 @@ -3635,8 +3719,8 @@ CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plu NOT-FOR-US: Jenkins plugin CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10249 - RESERVED +CVE-2019-10249 (All Xtext & Xtend versions prior to 2.18.0 were built using HTTP i ...) + TODO: check CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...) NOT-FOR-US: Eclipse Vorto CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...) @@ -16305,16 +16389,16 @@ CVE-2019-5436 RESERVED CVE-2019-5435 RESERVED -CVE-2019-5434 - RESERVED -CVE-2019-5433 - RESERVED -CVE-2019-5432 - RESERVED -CVE-2019-5431 - RESERVED -CVE-2019-5430 - RESERVED +CVE-2019-5434 (An attacker could send a specifically crafted payload to the XML-RPC i ...) + TODO: check +CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance could be ...) + TODO: check +CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT Brokers us ...) + TODO: check +CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-0911. T ...) + TODO: check +CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...) + TODO: check CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...) - filezilla <unfixed> (low; bug #928282) [stretch] - filezilla <no-dsa> (Minor issue) @@ -19507,6 +19591,7 @@ CVE-2019-3884 RESERVED NOT-FOR-US: atomic-openshift CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...) + {DLA-1779-1} - 389-ds-base <unfixed> (bug #927939) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612 NOTE: https://pagure.io/389-ds-base/issue/50329 @@ -19877,12 +19962,12 @@ CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain jav NOT-FOR-US: Cloud Foundry CVE-2019-3800 RESERVED -CVE-2019-3799 - RESERVED +CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...) + TODO: check CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, ...) NOT-FOR-US: Cloud Foundry -CVE-2019-3797 - RESERVED +CVE-2019-3797 (This affects Spring Data JPA in versions up to and including 2.1.5, 2. ...) + TODO: check CVE-2019-3796 RESERVED CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...) @@ -20369,10 +20454,10 @@ CVE-2019-3567 RESERVED CVE-2019-3566 RESERVED -CVE-2019-3565 - RESERVED -CVE-2019-3564 - RESERVED +CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...) + TODO: check +CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...) + TODO: check CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...) NOT-FOR-US: Facebook Wangle CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...) @@ -20381,10 +20466,10 @@ CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functio - hhvm <removed> CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...) NOT-FOR-US: Fizz -CVE-2019-3559 - RESERVED -CVE-2019-3558 - RESERVED +CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving messages w ...) + TODO: check +CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving messages ...) + TODO: check CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...) - hhvm <removed> CVE-2019-3556 @@ -20395,8 +20480,8 @@ CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acc NOT-FOR-US: Facebook Wangle CVE-2019-3553 RESERVED -CVE-2019-3552 - RESERVED +CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...) + TODO: check CVE-2019-3551 RESERVED CVE-2019-3550 @@ -37064,11 +37149,9 @@ CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7. NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default. CVE-2018-17203 REJECTED -CVE-2018-17202 - RESERVED +CVE-2018-17202 (Certain input files could make the code to enter into an infinite loop ...) NOTE: Apache Commons Imaging -CVE-2018-17201 - RESERVED +CVE-2018-17201 (Certain input files could make the code hang when Apache Sanselan 0.97 ...) NOTE: Apache Commons Imaging CVE-2018-17200 RESERVED @@ -45592,8 +45675,7 @@ CVE-2018-13992 CVE-2018-13991 RESERVED NOT-FOR-US: Phoenix Contact FL switch -CVE-2018-13990 - RESERVED +CVE-2018-13990 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior ...) NOT-FOR-US: Phoenix Contact FL switch CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST ...) NOT-FOR-US: Grundig Smart Inter@ctive TV 3.0 devices @@ -45611,8 +45693,8 @@ CVE-2018-13985 RESERVED CVE-2018-13984 RESERVED -CVE-2018-13983 - RESERVED +CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...) + TODO: check CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...) - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 [jessie] - smarty3 <not-affected> (vulnerable code not present) @@ -73093,32 +73175,32 @@ CVE-2018-4075 RESERVED CVE-2018-4074 RESERVED -CVE-2018-4073 - RESERVED -CVE-2018-4072 - RESERVED -CVE-2018-4071 - RESERVED -CVE-2018-4070 - RESERVED -CVE-2018-4069 - RESERVED -CVE-2018-4068 - RESERVED -CVE-2018-4067 - RESERVED -CVE-2018-4066 - RESERVED -CVE-2018-4065 - RESERVED +CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...) + TODO: check +CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...) + TODO: check +CVE-2018-4071 (An exploitable Information Disclosure vulnerability exists in the ACEM ...) + TODO: check +CVE-2018-4070 (An exploitable Information Disclosure vulnerability exists in the ACEM ...) + TODO: check +CVE-2018-4069 (An information disclosure vulnerability exists in the ACEManager authe ...) + TODO: check +CVE-2018-4068 (An exploitable information disclosure vulnerability exists in the ACEM ...) + TODO: check +CVE-2018-4067 (An exploitable information disclosure vulnerability exists in the ACEM ...) + TODO: check +CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in the ...) + TODO: check +CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...) + TODO: check CVE-2018-4064 RESERVED -CVE-2018-4063 - RESERVED -CVE-2018-4062 - RESERVED -CVE-2018-4061 - RESERVED +CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...) + TODO: check +CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...) + TODO: check +CVE-2018-4061 (An exploitable command injection vulnerability exists in the ACEManage ...) + TODO: check CVE-2018-4060 RESERVED CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a7e2567411d5d8bff362c760ce52e906e0c30d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a7e2567411d5d8bff362c760ce52e906e0c30d2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits