[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 06 May 2019 13:10:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9a7e2567 by security tracker role at 2019-05-06T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for 
WordPress allow ...)
+       TODO: check
+CVE-2019-11806
+       RESERVED
+CVE-2019-11805
+       RESERVED
+CVE-2019-11804
+       RESERVED
+CVE-2019-11803
+       RESERVED
+CVE-2019-11802
+       RESERVED
+CVE-2019-11801
+       RESERVED
+CVE-2019-11800
+       RESERVED
+CVE-2019-11799
+       RESERVED
+CVE-2019-11798
+       RESERVED
+CVE-2019-11797
+       RESERVED
+CVE-2019-11796
+       RESERVED
+CVE-2019-11795
+       RESERVED
+CVE-2019-11794
+       RESERVED
+CVE-2019-11793
+       RESERVED
+CVE-2019-11792
+       RESERVED
+CVE-2019-11791
+       RESERVED
+CVE-2019-11790
+       RESERVED
+CVE-2019-11789
+       RESERVED
+CVE-2019-11788
+       RESERVED
+CVE-2019-11787
+       RESERVED
+CVE-2019-11786
+       RESERVED
+CVE-2019-11785
+       RESERVED
+CVE-2019-11784
+       RESERVED
+CVE-2019-11783
+       RESERVED
+CVE-2019-11782
+       RESERVED
+CVE-2019-11781
+       RESERVED
+CVE-2019-11780
+       RESERVED
+CVE-2019-11779
+       RESERVED
+CVE-2019-11778
+       RESERVED
+CVE-2019-11777
+       RESERVED
+CVE-2019-11776
+       RESERVED
+CVE-2019-11775
+       RESERVED
+CVE-2019-11774
+       RESERVED
+CVE-2019-11773
+       RESERVED
+CVE-2019-11772
+       RESERVED
+CVE-2019-11771
+       RESERVED
+CVE-2019-11770
+       RESERVED
+CVE-2019-11769
+       RESERVED
+CVE-2019-11768
+       RESERVED
 CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 
allows checki ...)
        - phpbb3 <removed>
        [jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to 
disable the remote avatar function)
@@ -2029,6 +2109,7 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in 
MatrixSSL, as used in Inside Se
        NOTE: https://github.com/matrixssl/matrixssl/issues/26
 CVE-2019-10913
        RESERVED
+       {DLA-1778-1}
        - symfony 3.4.22+dfsg-2
        NOTE: 
https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
 CVE-2019-10912
@@ -2038,18 +2119,21 @@ CVE-2019-10912
        NOTE: 
https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
 CVE-2019-10911
        RESERVED
+       {DLA-1778-1}
        - drupal7 <not-affected> (Drupal 7 core not affected)
        - symfony 3.4.22+dfsg-2
        NOTE: https://www.drupal.org/SA-CORE-2019-005
        NOTE: 
https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
 CVE-2019-10910
        RESERVED
+       {DLA-1778-1}
        - drupal7 <not-affected> (Drupal 7 core not affected)
        - symfony 3.4.22+dfsg-2
        NOTE: https://www.drupal.org/SA-CORE-2019-005
        NOTE: 
https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
 CVE-2019-10909
        RESERVED
+       {DLA-1778-1}
        - drupal7 <not-affected> (Drupal 7 core not affected)
        - symfony 3.4.22+dfsg-2
        NOTE: https://www.drupal.org/SA-CORE-2019-005
@@ -3635,8 +3719,8 @@ CVE-2019-1003041 (A sandbox bypass vulnerability in 
Jenkins Pipeline: Groovy Plu
        NOT-FOR-US: Jenkins plugin
 CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security 
Plugin 1.55  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-10249
-       RESERVED
+CVE-2019-10249 (All Xtext &amp; Xtend versions prior to 2.18.0 were built 
using HTTP i ...)
+       TODO: check
 CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build 
artifacts fo ...)
        NOT-FOR-US: Eclipse Vorto
 CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 
and older, ...)
@@ -16305,16 +16389,16 @@ CVE-2019-5436
        RESERVED
 CVE-2019-5435
        RESERVED
-CVE-2019-5434
-       RESERVED
-CVE-2019-5433
-       RESERVED
-CVE-2019-5432
-       RESERVED
-CVE-2019-5431
-       RESERVED
-CVE-2019-5430
-       RESERVED
+CVE-2019-5434 (An attacker could send a specifically crafted payload to the 
XML-RPC i ...)
+       TODO: check
+CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance 
could be  ...)
+       TODO: check
+CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT 
Brokers us ...)
+       TODO: check
+CVE-2019-5431 (This vulnerability was caused by an incomplete fix to 
CVE-2017-0911. T ...)
+       TODO: check
+CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF 
protection, i ...)
+       TODO: check
 CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an 
attacke ...)
        - filezilla <unfixed> (low; bug #928282)
        [stretch] - filezilla <no-dsa> (Minor issue)
@@ -19507,6 +19591,7 @@ CVE-2019-3884
        RESERVED
        NOT-FOR-US: atomic-openshift
 CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by 
workers  ...)
+       {DLA-1779-1}
        - 389-ds-base <unfixed> (bug #927939)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
        NOTE: https://pagure.io/389-ds-base/issue/50329
@@ -19877,12 +19962,12 @@ CVE-2019-3801 (Cloud Foundry cf-deployment, versions 
prior to 7.9.0, contain jav
        NOT-FOR-US: Cloud Foundry
 CVE-2019-3800
        RESERVED
-CVE-2019-3799
-       RESERVED
+CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 
2.0.x pri ...)
+       TODO: check
 CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 
1.79.0,  ...)
        NOT-FOR-US: Cloud Foundry
-CVE-2019-3797
-       RESERVED
+CVE-2019-3797 (This affects Spring Data JPA in versions up to and including 
2.1.5, 2. ...)
+       TODO: check
 CVE-2019-3796
        RESERVED
 CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 
5.0.12, ...)
@@ -20369,10 +20454,10 @@ CVE-2019-3567
        RESERVED
 CVE-2019-3566
        RESERVED
-CVE-2019-3565
-       RESERVED
-CVE-2019-3564
-       RESERVED
+CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) 
would n ...)
+       TODO: check
+CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving 
messages wit ...)
+       TODO: check
 CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying 
newlines ...)
        NOT-FOR-US: Facebook Wangle
 CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the 
Oculus Bro ...)
@@ -20381,10 +20466,10 @@ CVE-2019-3561 (Insufficient boundary checks for the 
strrpos and strripos functio
        - hhvm <removed>
 CVE-2019-3560 (An improperly performed length calculation on a buffer in 
PlaintextRec ...)
        NOT-FOR-US: Fizz
-CVE-2019-3559
-       RESERVED
-CVE-2019-3558
-       RESERVED
+CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving 
messages w ...)
+       TODO: check
+CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving 
messages ...)
+       TODO: check
 CVE-2019-3557 (The implementations of streams for bz2 and php://output 
improperly imp ...)
        - hhvm <removed>
 CVE-2019-3556
@@ -20395,8 +20480,8 @@ CVE-2019-3554 (Wangle's AcceptRoutingHandler 
incorrectly casts a socket when acc
        NOT-FOR-US: Facebook Wangle
 CVE-2019-3553
        RESERVED
-CVE-2019-3552
-       RESERVED
+CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon 
receivin ...)
+       TODO: check
 CVE-2019-3551
        RESERVED
 CVE-2019-3550
@@ -37064,11 +37149,9 @@ CVE-2018-17204 (An issue was discovered in Open 
vSwitch (OvS) 2.7.x through 2.7.
        NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
 CVE-2018-17203
        REJECTED
-CVE-2018-17202
-       RESERVED
+CVE-2018-17202 (Certain input files could make the code to enter into an 
infinite loop ...)
        NOTE: Apache Commons Imaging
-CVE-2018-17201
-       RESERVED
+CVE-2018-17201 (Certain input files could make the code hang when Apache 
Sanselan 0.97 ...)
        NOTE: Apache Commons Imaging
 CVE-2018-17200
        RESERVED
@@ -45592,8 +45675,7 @@ CVE-2018-13992
 CVE-2018-13991
        RESERVED
        NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13990
-       RESERVED
+CVE-2018-13990 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 
versions prior ...)
        NOT-FOR-US: Phoenix Contact FL switch
 CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks 
via a POST ...)
        NOT-FOR-US: Grundig Smart Inter@ctive TV 3.0 devices
@@ -45611,8 +45693,8 @@ CVE-2018-13985
        RESERVED
 CVE-2018-13984
        RESERVED
-CVE-2018-13983
-       RESERVED
+CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to 
htdocs/install/index.ph ...)
+       TODO: check
 CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 
3.1.33 is pro ...)
        - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
        [jessie] - smarty3 <not-affected> (vulnerable code not present)
@@ -73093,32 +73175,32 @@ CVE-2018-4075
        RESERVED
 CVE-2018-4074
        RESERVED
-CVE-2018-4073
-       RESERVED
-CVE-2018-4072
-       RESERVED
-CVE-2018-4071
-       RESERVED
-CVE-2018-4070
-       RESERVED
-CVE-2018-4069
-       RESERVED
-CVE-2018-4068
-       RESERVED
-CVE-2018-4067
-       RESERVED
-CVE-2018-4066
-       RESERVED
-CVE-2018-4065
-       RESERVED
+CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in 
the ACEMa ...)
+       TODO: check
+CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in 
the ACEMa ...)
+       TODO: check
+CVE-2018-4071 (An exploitable Information Disclosure vulnerability exists in 
the ACEM ...)
+       TODO: check
+CVE-2018-4070 (An exploitable Information Disclosure vulnerability exists in 
the ACEM ...)
+       TODO: check
+CVE-2018-4069 (An information disclosure vulnerability exists in the 
ACEManager authe ...)
+       TODO: check
+CVE-2018-4068 (An exploitable information disclosure vulnerability exists in 
the ACEM ...)
+       TODO: check
+CVE-2018-4067 (An exploitable information disclosure vulnerability exists in 
the ACEM ...)
+       TODO: check
+CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists 
in the  ...)
+       TODO: check
+CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the 
ACEMan ...)
+       TODO: check
 CVE-2018-4064
        RESERVED
-CVE-2018-4063
-       RESERVED
-CVE-2018-4062
-       RESERVED
-CVE-2018-4061
-       RESERVED
+CVE-2018-4063 (An exploitable remote code execution vulnerability exists in 
the uploa ...)
+       TODO: check
+CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd 
function of ...)
+       TODO: check
+CVE-2018-4061 (An exploitable command injection vulnerability exists in the 
ACEManage ...)
+       TODO: check
 CVE-2018-4060
        RESERVED
 CVE-2018-4059 (An exploitable unsafe default configuration vulnerability 
exists in th ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a7e2567411d5d8bff362c760ce52e906e0c30d2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a7e2567411d5d8bff362c760ce52e906e0c30d2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to