Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50f667ce by security tracker role at 2019-05-08T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,38 @@
-CVE-2019-11815 [net: rds: force to destroy connection if t_sock is NULL in
rds_tcp_kill_sock()]
+CVE-2019-11829
+ RESERVED
+CVE-2019-11828
+ RESERVED
+CVE-2019-11827
+ RESERVED
+CVE-2019-11826
+ RESERVED
+CVE-2019-11825
+ RESERVED
+CVE-2019-11824
+ RESERVED
+CVE-2019-11823
+ RESERVED
+CVE-2019-11822
+ RESERVED
+CVE-2019-11821
+ RESERVED
+CVE-2019-11820
+ RESERVED
+CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka
Excel Macro ...)
+ TODO: check
+CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross
site sc ...)
+ TODO: check
+CVE-2019-11817
+ RESERVED
+CVE-2019-11816
+ RESERVED
+CVE-2019-11814 (An issue was discovered in app/webroot/js/misp.js in MISP
before 2.4.1 ...)
+ TODO: check
+CVE-2019-11813 (An issue was discovered in
app/View/Elements/Events/View/value_field.c ...)
+ TODO: check
+CVE-2019-11812 (A persistent XSS issue was discovered in
app/View/Helper/CommandHelper ...)
+ TODO: check
+CVE-2019-11815 (An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c
in the L ...)
- linux 4.19.37-1
NOTE: Fixed by:
https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63
CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4.
There is a u ...)
@@ -365,10 +399,10 @@ CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for
Debian sets the /var/log/g
[stretch] - groonga <no-dsa> (Minor issue, can be fixed via point
release)
CVE-2019-11644
RESERVED
-CVE-2019-11643
- RESERVED
-CVE-2019-11642
- RESERVED
+CVE-2019-11643 (Persistent XSS has been found in the OneShield Policy (Dragon
Core) fr ...)
+ TODO: check
+CVE-2019-11642 (A log poisoning vulnerability has been discovered in the
OneShield Pol ...)
+ TODO: check
CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid
fingerpri ...)
NOT-FOR-US: Anomali Agave
CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a
heap-based buf ...)
@@ -583,14 +617,14 @@ CVE-2019-11566
RESERVED
CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog
plugin ...)
NOT-FOR-US: Print My Blog plugin for WordPress
-CVE-2019-11564
- RESERVED
+CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12
allows rem ...)
+ TODO: check
CVE-2019-11563
RESERVED
CVE-2019-11562
RESERVED
-CVE-2019-11561
- RESERVED
+CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable
to a Deni ...)
+ TODO: check
CVE-2019-11560 (A buffer overflow vulnerability in the streaming server
provided by hi ...)
NOT-FOR-US: hisilicon
CVE-2019-11559
@@ -609,8 +643,8 @@ CVE-2019-11552
RESERVED
CVE-2019-11551
RESERVED
-CVE-2019-11550
- RESERVED
+CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly]
RESERVED
- gitlab 11.8.9+dfsg-1 (bug #928221)
@@ -703,14 +737,14 @@ CVE-2019-11512
RESERVED
CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS
via the ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2019-11510
- RESERVED
+CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1,
8.2 before ...)
+ TODO: check
CVE-2019-11509
RESERVED
-CVE-2019-11508
- RESERVED
-CVE-2019-11507
- RESERVED
+CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1,
8.2 before ...)
+ TODO: check
+CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before
8.3R7.1 and 9. ...)
+ TODO: check
CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403
Q8, the ...)
- graphicsmagick 1.4~hg15968-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
@@ -735,8 +769,7 @@ CVE-2019-11501
RESERVED
CVE-2019-11500
RESERVED
-CVE-2019-11499 [Submission-login crashes when authentication is started over
TLS secured channel and invalid authentication message is sent]
- RESERVED
+CVE-2019-11499 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the
submission-lo ...)
- dovecot 1:2.3.4.1-5 (bug #928235)
[stretch] - dovecot <not-affected> (Vulnerable code not present,
introduced in 2.3)
[jessie] - dovecot <not-affected> (Vulnerable code not present,
introduced in 2.3)
@@ -753,8 +786,7 @@ CVE-2019-11496
RESERVED
CVE-2019-11495
RESERVED
-CVE-2019-11494 [Submission-login crashes with signal 11 due to null pointer
access when authentication is aborted by disconnecting.]
- RESERVED
+CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the
submission-lo ...)
- dovecot 1:2.3.4.1-5 (bug #928235)
[stretch] - dovecot <not-affected> (Vulnerable code not present,
introduced in 2.3)
[jessie] - dovecot <not-affected> (Vulnerable code not present,
introduced in 2.3)
@@ -878,8 +910,8 @@ CVE-2019-11459 (The tiff_document_render() and
tiff_document_get_thumbnail() fun
CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux
kernel befo ...)
- linux 3.11.7-1
NOTE: Fixed by:
https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
-CVE-2019-11458
- RESERVED
+CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An
unserial ...)
+ TODO: check
CVE-2019-11457
RESERVED
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary
PHP code. ...)
@@ -989,8 +1021,8 @@ CVE-2019-11408
RESERVED
CVE-2019-11407
RESERVED
-CVE-2019-11406
- RESERVED
+CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name,
email, o ...)
+ TODO: check
CVE-2019-11405 (OpenAPI Tools OpenAPI Generator before
4.0.0-20190419.052012-560 uses ...)
NOT-FOR-US: OpenAPI Tools OpenAPI Generator
CVE-2019-11404 (arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts
(for compi ...)
@@ -1005,8 +1037,8 @@ CVE-2019-11400
RESERVED
CVE-2019-11399
RESERVED
-CVE-2019-11398
- RESERVED
+CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS
2019.2 a ...)
+ TODO: check
CVE-2019-11397
RESERVED
CVE-2019-11396
@@ -5853,8 +5885,8 @@ CVE-2019-9700
RESERVED
CVE-2019-9699
RESERVED
-CVE-2019-9698
- RESERVED
+CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to
an arbit ...)
+ TODO: check
CVE-2019-9697
RESERVED
CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be
susceptible to a ...)
@@ -6384,8 +6416,8 @@ CVE-2019-9507
RESERVED
CVE-2019-9506
RESERVED
-CVE-2019-9505
- RESERVED
+CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and
includi ...)
+ TODO: check
CVE-2019-9504
RESERVED
CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
@@ -9117,8 +9149,8 @@ CVE-2019-8389 (A file-read vulnerability was identified
in the Wi-Fi transfer fe
NOT-FOR-US: Musicloud
CVE-2019-8388
RESERVED
-CVE-2019-8387
- RESERVED
+CVE-2019-8387 (MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command
Execution, r ...)
+ TODO: check
CVE-2019-8386
RESERVED
CVE-2019-8385
@@ -9211,8 +9243,8 @@ CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173
does not verify X.509 c
NOT-FOR-US: Heimdal Thor Agent
CVE-2019-8350
RESERVED
-CVE-2019-8349
- RESERVED
+CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy
2.7.4 all ...)
+ TODO: check
CVE-2019-8348
RESERVED
CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP
accounts via ...)
@@ -9412,8 +9444,8 @@ CVE-2019-8287
RESERVED
CVE-2019-8286
RESERVED
-CVE-2019-8285
- RESERVED
+CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a
heap-b ...)
+ TODO: check
CVE-2019-8284
RESERVED
CVE-2019-8283
@@ -17264,8 +17296,8 @@ CVE-2019-5023
RESERVED
CVE-2019-5022
REJECTED
-CVE-2019-5021
- RESERVED
+CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since
v3.3) conta ...)
+ TODO: check
CVE-2019-5020
RESERVED
CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint
document ...)
@@ -17278,8 +17310,8 @@ CVE-2019-5016
RESERVED
CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS
X vers ...)
NOT-FOR-US: Apple
-CVE-2019-5014
- RESERVED
+CVE-2019-5014 (An exploitable improper access control vulnerability exists in
the blu ...)
+ TODO: check
CVE-2019-5013
RESERVED
CVE-2019-5012
@@ -25625,30 +25657,30 @@ CVE-2019-2056
RESERVED
CVE-2019-2055
RESERVED
-CVE-2019-2054
- RESERVED
-CVE-2019-2053
- RESERVED
-CVE-2019-2052
- RESERVED
-CVE-2019-2051
- RESERVED
-CVE-2019-2050
- RESERVED
-CVE-2019-2049
- RESERVED
+CVE-2019-2054 (In the seccomp implementation prior to kernel version 4.8,
there is a ...)
+ TODO: check
+CVE-2019-2053 (In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a
possible ou ...)
+ TODO: check
+CVE-2019-2052 (In VisitPointers of heap.cc, there is a possible out-of-bounds
read du ...)
+ TODO: check
+CVE-2019-2051 (In heap of spaces.h, there is a possible out of bounds read due
to imp ...)
+ TODO: check
+CVE-2019-2050 (In tearDownClientInterface of WificondControl.java, there is a
possibl ...)
+ TODO: check
+CVE-2019-2049 (In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc,
there is ...)
+ TODO: check
CVE-2019-2048
RESERVED
-CVE-2019-2047
- RESERVED
-CVE-2019-2046
- RESERVED
-CVE-2019-2045
- RESERVED
-CVE-2019-2044
- RESERVED
-CVE-2019-2043
- RESERVED
+CVE-2019-2047 (In UpdateLoadElement of ic.cc, there is a possible
out-of-bounds write ...)
+ TODO: check
+CVE-2019-2046 (In CalculateInstanceSizeForDerivedClass of objects.cc, there is
possib ...)
+ TODO: check
+CVE-2019-2045 (In JSCallTyper of typer.cc, there is an out of bounds write due
to an ...)
+ TODO: check
+CVE-2019-2044 (In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp,
there is a ...)
+ TODO: check
+CVE-2019-2043 (In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is
a possi ...)
+ TODO: check
CVE-2019-2042
RESERVED
CVE-2019-2041 (In the configuration of NFC modules on certain devices, there
is a pos ...)
@@ -69706,10 +69738,10 @@ CVE-2018-5411 (Pixar's Tractor software, versions 2.2
and earlier, contain a sto
NOT-FOR-US: Pixar Tractor
CVE-2018-5410 (Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are
vulnerable to a ...)
NOT-FOR-US: Dokan
-CVE-2018-5409
- RESERVED
-CVE-2018-5408
- RESERVED
+CVE-2018-5409 (The PrinterLogic Print Management software, versions up to and
includi ...)
+ TODO: check
+CVE-2018-5408 (The PrinterLogic Print Management software, versions up to and
includi ...)
+ TODO: check
CVE-2018-5407 (Simultaneous Multi-threading (SMT) in processors can enable
local user ...)
{DSA-4355-1 DSA-4348-1 DLA-1586-1}
- openssl 1.1.1~~pre9-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/50f667cecf31dfdc1a56c93c11ab78635cd21f06
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/50f667cecf31dfdc1a56c93c11ab78635cd21f06
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
