Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08885669 by security tracker role at 2019-05-28T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-12396 (An issue was discovered in Revive Adserver before 4.2.1. In
lib/OA/Dal ...)
+ TODO: check
+CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a
missing l ...)
+ TODO: check
+CVE-2019-12394
+ RESERVED
+CVE-2019-12393
+ RESERVED
+CVE-2019-12392
+ RESERVED
+CVE-2019-12391
+ RESERVED
+CVE-2019-12390
+ RESERVED
+CVE-2019-12389
+ RESERVED
+CVE-2019-12388
+ RESERVED
+CVE-2019-12387
+ RESERVED
+CVE-2019-12386
+ RESERVED
+CVE-2019-12385
+ RESERVED
CVE-2019-12384
RESERVED
CVE-2019-12383 (Tor Browser before 8.0.1 has an information exposure
vulnerability. It ...)
@@ -130,7 +154,7 @@ CVE-2019-12323
CVE-2019-12322
RESERVED
CVE-2019-12321
- RESERVED
+ REJECTED
CVE-2019-12320
RESERVED
CVE-2019-12319
@@ -13079,10 +13103,10 @@ CVE-2019-7395 (In ImageMagick before 7.0.8-25, a
memory leak exists in WritePSDC
- imagemagick <unfixed> (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
-CVE-2019-7394
- RESERVED
-CVE-2019-7393
- RESERVED
+CVE-2019-7394 (A privilege escalation vulnerability in the administrative user
interf ...)
+ TODO: check
+CVE-2019-7393 (A UI redress vulnerability in the administrative user interface
of CA ...)
+ TODO: check
CVE-2019-7392 (An improper authentication vulnerability in CA Privileged
Access Manag ...)
NOT-FOR-US: CA Privileged Access Manager
CVE-2019-7391 (ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow
login/login-page.cg ...)
@@ -18016,23 +18040,21 @@ CVE-2019-5442
RESERVED
CVE-2019-5441
RESERVED
-CVE-2019-5440
- RESERVED
+CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery
token gene ...)
+ TODO: check
CVE-2019-5439
RESERVED
CVE-2019-5438 (Path traversal using symlink in npm harp module versions <=
0.29.0. ...)
NOT-FOR-US: npm harp module
CVE-2019-5437 (Information exposure through the directory listing in npm's
harp modul ...)
NOT-FOR-US: npm harp module
-CVE-2019-5436 [TFTP receive buffer overflow]
- RESERVED
+CVE-2019-5436 (A heap buffer overflow in the TFTP receiving code allows for
DoS or ar ...)
{DLA-1804-1}
- curl <unfixed> (bug #929351)
NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html
NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95
NOTE: Fixed by:
https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
-CVE-2019-5435 [Integer overflows in curl_url_set]
- RESERVED
+CVE-2019-5435 (An integer overflow in curl's URL API results in a buffer
overflow in ...)
- curl <unfixed> (bug #929352)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
[jessie] - curl <not-affected> (Vulnerable code introduced later)
@@ -33266,8 +33288,7 @@ CVE-2019-0190 (A bug exists in the way mod_ssl handled
client renegotiations. A
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/4
CVE-2019-0189
RESERVED
-CVE-2019-0188
- RESERVED
+CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity
injection ...)
NOT-FOR-US: Apache Camel
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in
distributed mod ...)
- jakarta-jmeter <unfixed>
@@ -38877,8 +38898,7 @@ CVE-2018-17199 (In Apache HTTP Server 2.4 release
2.4.37 and prior, mod_session
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
NOTE: 2.4.x http://svn.apache.org/r1851409
NOTE: 2.5.x http://svn.apache.org/r1850947
-CVE-2018-17198
- RESERVED
+CVE-2018-17198 (Server-side Request Forgery (SSRF) and File Enumeration
vulnerability ...)
NOT-FOR-US: Apache Roller
CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an
infinite loop ...)
- tika 1.20-1
@@ -48759,8 +48779,8 @@ CVE-2018-13377
RESERVED
CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS
5.6.1 t ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13375
- RESERVED
+CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in
Fortinet For ...)
+ TODO: check
CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker
to obtai ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13373
@@ -60268,8 +60288,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered
on AXIS P1354 (IP camera)
NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT
Professional 2. ...)
NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154
- REJECTED
+CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot
in libj ...)
+ TODO: check
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote
attackers ...)
NOT-FOR-US: Z-BlogPHP
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in
kernel/events/core.c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/08885669c959760e2bad719df2604264ddababce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/08885669c959760e2bad719df2604264ddababce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
