Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
404a0f69 by security tracker role at 2019-05-16T08:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named
mermaid, a ...)
+ TODO: check
+CVE-2019-12135
+ RESERVED
+CVE-2019-12134
+ RESERVED
+CVE-2019-12133
+ RESERVED
+CVE-2019-12132
+ RESERVED
+CVE-2019-12131
+ RESERVED
+CVE-2019-12130
+ RESERVED
+CVE-2019-12129
+ RESERVED
+CVE-2019-12128
+ RESERVED
+CVE-2019-12127
+ RESERVED
+CVE-2019-12126
+ RESERVED
+CVE-2019-12125
+ RESERVED
+CVE-2019-12124
+ RESERVED
+CVE-2019-12123
+ RESERVED
+CVE-2019-12122
+ RESERVED
+CVE-2019-12121
+ RESERVED
+CVE-2019-12120
+ RESERVED
+CVE-2019-12119
+ RESERVED
+CVE-2019-12118
+ RESERVED
+CVE-2019-12117
+ RESERVED
+CVE-2019-12116
+ RESERVED
+CVE-2019-12115
+ RESERVED
+CVE-2019-12114
+ RESERVED
+CVE-2019-12113
+ RESERVED
+CVE-2019-12112
+ RESERVED
+CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd
through 2.1 ex ...)
+ TODO: check
+CVE-2019-12110 (An AddPortMapping Denial Of Service vulnerability in MiniUPnP
MiniUPnP ...)
+ TODO: check
+CVE-2019-12109 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd
through 2.1 ex ...)
+ TODO: check
+CVE-2019-12108 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd
through 2.1 ex ...)
+ TODO: check
+CVE-2019-12107 (The upnp_event_prepare function in upnpevents.c in MiniUPnP
MiniUPnPd ...)
+ TODO: check
+CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd
1.4 and ...)
+ TODO: check
+CVE-2019-12105
+ RESERVED
CVE-2019-12104
RESERVED
CVE-2019-12103
@@ -10,8 +74,8 @@ CVE-2019-12100
RESERVED
CVE-2019-12099 (In PHP-Fusion 9.03.00, edit_profile.php allows remote
authenticated us ...)
NOT-FOR-US: PHP-Fusion
-CVE-2019-12098
- RESERVED
+CVE-2019-12098 (In the client side of Heimdal before 7.6.0, failure to verify
anonymou ...)
+ TODO: check
CVE-2019-12097
RESERVED
CVE-2019-12096
@@ -2312,7 +2376,7 @@ CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
@@ -4715,16 +4779,13 @@ CVE-2019-10112 [Recurity assessment: loginState HMAC
issues]
RESERVED
- gitlab <not-affected> (Only affects 11.9 and later)
NOTE:
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10111 [Persistent XSS at merge request resolve conflicts]
- RESERVED
+CVE-2019-10111 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE:
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10110 [Improper authorization control "move issue"]
- RESERVED
+CVE-2019-10110 (An Insecure Permissions issue (issue 1 of 3) was discovered in
GitLab ...)
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE:
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
-CVE-2019-10109 [EXIF geolocation data not stripped from uploaded images]
- RESERVED
+CVE-2019-10109 (An Information Exposure issue (issue 1 of 2) was discovered in
GitLab ...)
- gitlab 11.8.6+dfsg-1 (bug #926482)
NOTE:
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10108 (An Incorrect Access Control (issue 1 of 2) was discovered in
GitLab Co ...)
@@ -7747,8 +7808,8 @@ CVE-2019-9198
RESERVED
CVE-2019-9197
RESERVED
-CVE-2019-9196
- RESERVED
+CVE-2019-9196 (The Face authentication component in Aware mobile liveness
2.2.1 sdk 2 ...)
+ TODO: check
CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious
files. An a ...)
NOT-FOR-US: Grin
CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in
the PH ...)
@@ -27018,12 +27079,12 @@ CVE-2019-1862 (A vulnerability in the web-based user
interface (Web UI) of Cisco
NOT-FOR-US: Cisco
CVE-2019-1861
RESERVED
-CVE-2019-1860
- RESERVED
+CVE-2019-1860 (A vulnerability in the dashboard gadget rendering of Cisco
Unified Int ...)
+ TODO: check
CVE-2019-1859 (A vulnerability in the Secure Shell (SSH) authentication
process of Ci ...)
NOT-FOR-US: Cisco
-CVE-2019-1858
- RESERVED
+CVE-2019-1858 (A vulnerability in the Simple Network Management Protocol
(SNMP) input ...)
+ TODO: check
CVE-2019-1857 (A vulnerability in the web-based management interface of Cisco
HyperFl ...)
NOT-FOR-US: Cisco
CVE-2019-1856 (A vulnerability in the web-based management interface of Cisco
Prime C ...)
@@ -27032,22 +27093,22 @@ CVE-2019-1855
RESERVED
CVE-2019-1854 (A vulnerability in the management web interface of Cisco
Expressway Se ...)
NOT-FOR-US: Cisco
-CVE-2019-1853
- RESERVED
+CVE-2019-1853 (A vulnerability in the HostScan component of Cisco AnyConnect
Secure M ...)
+ TODO: check
CVE-2019-1852 (A vulnerability in the web-based management interface of Cisco
Prime N ...)
NOT-FOR-US: Cisco
-CVE-2019-1851
- RESERVED
+CVE-2019-1851 (A vulnerability in the External RESTful Services (ERS) API of
the Cisc ...)
+ TODO: check
CVE-2019-1850
RESERVED
-CVE-2019-1849
- RESERVED
+CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP)
Multiprotocol Label ...)
+ TODO: check
CVE-2019-1848
RESERVED
CVE-2019-1847
RESERVED
-CVE-2019-1846
- RESERVED
+CVE-2019-1846 (A vulnerability in the Multiprotocol Label Switching (MPLS)
Operations ...)
+ TODO: check
CVE-2019-1845
RESERVED
CVE-2019-1844 (A vulnerability in certain attachment detection mechanisms of
the Cisc ...)
@@ -27072,10 +27133,10 @@ CVE-2019-1835 (A vulnerability in the CLI of Cisco
Aironet Access Points (APs) c
NOT-FOR-US: Cisco
CVE-2019-1834 (A vulnerability in the internal packet processing of Cisco
Aironet Ser ...)
NOT-FOR-US: Cisco
-CVE-2019-1833
- RESERVED
-CVE-2019-1832
- RESERVED
+CVE-2019-1833 (A vulnerability in the Secure Sockets Layer (SSL)/Transport
Layer Secu ...)
+ TODO: check
+CVE-2019-1832 (A vulnerability in the detection engine of Cisco Firepower
Threat Defe ...)
+ TODO: check
CVE-2019-1831 (A vulnerability in the email message scanning of Cisco AsyncOS
Softwar ...)
NOT-FOR-US: Cisco
CVE-2019-1830 (A vulnerability in Locally Significant Certificate (LSC)
management fo ...)
@@ -27088,46 +27149,46 @@ CVE-2019-1827 (A vulnerability in the Online Help web
service of Cisco Small Bus
NOT-FOR-US: Cisco
CVE-2019-1826 (A vulnerability in the quality of service (QoS) feature of
Cisco Airon ...)
NOT-FOR-US: Cisco
-CVE-2019-1825
- RESERVED
-CVE-2019-1824
- RESERVED
-CVE-2019-1823
- RESERVED
-CVE-2019-1822
- RESERVED
-CVE-2019-1821
- RESERVED
-CVE-2019-1820
- RESERVED
-CVE-2019-1819
- RESERVED
-CVE-2019-1818
- RESERVED
+CVE-2019-1825 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2019-1824 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2019-1823 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2019-1822 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2019-1821 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2019-1820 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2019-1819 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2019-1818 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
CVE-2019-1817 (A vulnerability in the web proxy functionality of Cisco AsyncOS
Softwa ...)
NOT-FOR-US: Cisco
CVE-2019-1816 (A vulnerability in the log subscription subsystem of the Cisco
Web Sec ...)
NOT-FOR-US: Cisco
CVE-2019-1815
RESERVED
-CVE-2019-1814
- RESERVED
-CVE-2019-1813
- RESERVED
-CVE-2019-1812
- RESERVED
-CVE-2019-1811
- RESERVED
-CVE-2019-1810
- RESERVED
-CVE-2019-1809
- RESERVED
-CVE-2019-1808
- RESERVED
+CVE-2019-1814 (A vulnerability in the interactions between the DHCP and TFTP
features ...)
+ TODO: check
+CVE-2019-1813 (A vulnerability in the Image Signature Verification feature of
Cisco N ...)
+ TODO: check
+CVE-2019-1812 (A vulnerability in the Image Signature Verification feature of
Cisco N ...)
+ TODO: check
+CVE-2019-1811 (A vulnerability in the Image Signature Verification feature of
Cisco N ...)
+ TODO: check
+CVE-2019-1810 (A vulnerability in the Image Signature Verification feature
used in an ...)
+ TODO: check
+CVE-2019-1809 (A vulnerability in the Image Signature Verification feature of
Cisco N ...)
+ TODO: check
+CVE-2019-1808 (A vulnerability in the Image Signature Verification feature of
Cisco N ...)
+ TODO: check
CVE-2019-1807 (A vulnerability in the session management functionality of the
web UI ...)
NOT-FOR-US: Cisco
-CVE-2019-1806
- RESERVED
+CVE-2019-1806 (A vulnerability in the Simple Network Management Protocol
(SNMP) input ...)
+ TODO: check
CVE-2019-1805 (A vulnerability in certain access control mechanisms for the
Secure Sh ...)
NOT-FOR-US: Cisco
CVE-2019-1804 (A vulnerability in the SSH key management for the Cisco Nexus
9000 Ser ...)
@@ -27154,18 +27215,18 @@ CVE-2019-1797 (A vulnerability in the web-based
management interface of Cisco Wi
NOT-FOR-US: Cisco
CVE-2019-1796 (A vulnerability in the handling of Inter-Access Point Protocol
(IAPP) ...)
NOT-FOR-US: Cisco
-CVE-2019-1795
- RESERVED
+CVE-2019-1795 (A vulnerability in the CLI of Cisco FXOS Software and Cisco
NX-OS Soft ...)
+ TODO: check
CVE-2019-1794 (A vulnerability in the search path processing of Cisco
Directory Conne ...)
NOT-FOR-US: Cisco
CVE-2019-1793
RESERVED
CVE-2019-1792 (A vulnerability in the URL block page of Cisco Umbrella could
allow an ...)
NOT-FOR-US: Cisco
-CVE-2019-1791
- RESERVED
-CVE-2019-1790
- RESERVED
+CVE-2019-1791 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1790 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
CVE-2019-1789 [An out-of-bounds heap read condition when scanning PE files]
RESERVED
{DLA-1759-1}
@@ -27195,40 +27256,40 @@ CVE-2019-1785 (A vulnerability in the RAR file
scanning functionality of Clam An
[stretch] - clamav <not-affected> (Vulnerable code only present in
0.101.1 and 0.101.0)
[jessie] - clamav <not-affected> (Vulnerable code introduced later)
NOTE:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
-CVE-2019-1784
- RESERVED
-CVE-2019-1783
- RESERVED
-CVE-2019-1782
- RESERVED
-CVE-2019-1781
- RESERVED
+CVE-2019-1784 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1783 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1782 (A vulnerability in the CLI of Cisco FXOS Software and Cisco
NX-OS Soft ...)
+ TODO: check
+CVE-2019-1781 (A vulnerability in the CLI of Cisco FXOS Software and Cisco
NX-OS Soft ...)
+ TODO: check
CVE-2019-1780
RESERVED
-CVE-2019-1779
- RESERVED
-CVE-2019-1778
- RESERVED
+CVE-2019-1779 (A vulnerability in the CLI of Cisco FXOS Software and Cisco
NX-OS Soft ...)
+ TODO: check
+CVE-2019-1778 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
CVE-2019-1777 (A vulnerability in the web-based interface of the Cisco
Registered Env ...)
NOT-FOR-US: Cisco
-CVE-2019-1776
- RESERVED
-CVE-2019-1775
- RESERVED
-CVE-2019-1774
- RESERVED
-CVE-2019-1773
- RESERVED
-CVE-2019-1772
- RESERVED
-CVE-2019-1771
- RESERVED
-CVE-2019-1770
- RESERVED
-CVE-2019-1769
- RESERVED
-CVE-2019-1768
- RESERVED
+CVE-2019-1776 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1775 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1774 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1773 (A vulnerability in the Cisco Webex Network Recording Player for
Micros ...)
+ TODO: check
+CVE-2019-1772 (A vulnerability in the Cisco Webex Network Recording Player for
Micros ...)
+ TODO: check
+CVE-2019-1771 (A vulnerability in the Cisco Webex Network Recording Player for
Micros ...)
+ TODO: check
+CVE-2019-1770 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1769 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2019-1768 (A vulnerability in the implementation of a specific CLI command
for Ci ...)
+ TODO: check
CVE-2019-1767 (Multiple vulnerabilities in the implementation of a specific
CLI comma ...)
NOT-FOR-US: Cisco
CVE-2019-1766 (A vulnerability in the web-based management interface of
Session Initi ...)
@@ -38818,7 +38879,7 @@ CVE-2018-16861 (A cross-site scripting (XSS) flaw was
found in the foreman compo
- foreman <itp> (bug #663101)
CVE-2018-16860 [Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum]
RESERVED
- {DSA-4443-1}
+ {DSA-4443-1 DLA-1788-1}
- heimdal <unfixed> (bug #928966)
[stretch] - heimdal <no-dsa> (Minor issue)
[jessie] - heimdal <no-dsa> (Minor issue)
@@ -51217,7 +51278,7 @@ CVE-2018-12131 (Permissions in the driver pack
installers for Intel NVMe before
NOT-FOR-US: Intel
CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
@@ -51230,7 +51291,7 @@ CVE-2018-12128
RESERVED
CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
@@ -51239,7 +51300,7 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port
Data Sampling]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/404a0f697bf182d968e93b19c697d369ea471123
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/404a0f697bf182d968e93b19c697d369ea471123
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
