Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5285679d by security tracker role at 2019-06-21T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -208,8 +208,8 @@ CVE-2019-12838
RESERVED
CVE-2019-12837
RESERVED
-CVE-2019-12836
- RESERVED
+CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an
attacker t ...)
+ TODO: check
CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled
out-of-bounds ...)
NOT-FOR-US: Leanify
CVE-2019-12834
@@ -256,6 +256,7 @@ CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows
remote authenticated
CVE-2019-12815
RESERVED
CVE-2019-12814 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
+ {DLA-1831-1}
- jackson-databind <unfixed> (bug #930750)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2341
NOTE:
https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5
@@ -820,8 +821,8 @@ CVE-2019-12574
RESERVED
CVE-2019-12573
RESERVED
-CVE-2019-12572
- RESERVED
+CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
CVE-2019-12571
RESERVED
CVE-2019-12570
@@ -1311,6 +1312,7 @@ CVE-2019-12385
RESERVED
CVE-2019-12384
RESERVED
+ {DLA-1831-1}
- jackson-databind <unfixed> (bug #930750)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2334
NOTE:
https://github.com/FasterXML/jackson-databind/commit/c9ef4a10d6f6633cf470d6a469514b68fa2be234
@@ -3113,7 +3115,7 @@ CVE-2019-11651
RESERVED
CVE-2019-11650
RESERVED
-CVE-2019-11649 (Cross-site scripting in Micro Focus Fortify software security
center s ...)
+CVE-2019-11649 (Cross-Site Scripting vulnerability in Micro Focus Fortify
Software Sec ...)
NOT-FOR-US: Micro Focus Fortify software security center server
CVE-2019-11648
RESERVED
@@ -3824,8 +3826,8 @@ CVE-2019-11394
RESERVED
CVE-2019-11393 (An issue was discovered in /admin/users/update in M/Monit
before 3.7.3 ...)
NOT-FOR-US: M/Monit
-CVE-2019-11392
- RESERVED
+CVE-2019-11392 (BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file
to syndic ...)
+ TODO: check
CVE-2019-11391 (An issue was discovered in OWASP ModSecurity Core Rule Set
(CRS) throu ...)
- modsecurity-crs <unfixed> (unimportant; bug #928053)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
@@ -4124,7 +4126,7 @@ CVE-2019-11273
RESERVED
CVE-2019-11272
RESERVED
-CVE-2019-11271 (Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH
270.x v ...)
+CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a
BOSH Di ...)
TODO: check
CVE-2019-11270
RESERVED
@@ -4798,8 +4800,8 @@ CVE-2019-11013
RESERVED
CVE-2019-11012
RESERVED
-CVE-2019-11011
- RESERVED
+CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution.
...)
+ TODO: check
CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory
leak in ...)
{DLA-1755-1}
- graphicsmagick 1.4~hg15968-1 (bug #927029)
@@ -5636,12 +5638,12 @@ CVE-2019-10722
RESERVED
CVE-2019-10721
RESERVED
-CVE-2019-10720
- RESERVED
-CVE-2019-10719
- RESERVED
-CVE-2019-10718
- RESERVED
+CVE-2019-10720 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal
and Remo ...)
+ TODO: check
+CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal
and Remo ...)
+ TODO: check
+CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity
Blind In ...)
+ TODO: check
CVE-2019-10717
RESERVED
CVE-2019-10716
@@ -6564,8 +6566,8 @@ CVE-2019-10272 (An issue was discovered in Weaver
e-cology 9.0. There is a CRLF
NOT-FOR-US: Weaver e-cology
CVE-2019-10271
RESERVED
-CVE-2019-10270
- RESERVED
+CVE-2019-10270 (An arbitrary password reset issue was discovered in the
Ultimate Membe ...)
+ TODO: check
CVE-2019-10269 (BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a
stack-based b ...)
- bwa 0.7.17-3 (low; bug #926014)
[stretch] - bwa 0.7.15-2+deb9u1
@@ -7165,8 +7167,7 @@ CVE-2019-10074
RESERVED
CVE-2019-10073
RESERVED
-CVE-2019-10072 [Incomplete fix for CVE-2019-0199]
- RESERVED
+CVE-2019-10072 (The fix for CVE-2019-0199 was incomplete and did not address
HTTP/2 co ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
[stretch] - tomcat8 <not-affected> (Incomplete fix for CVE-2019-0199
not applied)
@@ -36999,7 +37000,7 @@ CVE-2018-18520 (An Invalid Memory Address Dereference
exists in the function elf
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
-CVE-2018-18519 (BestXsoftware Best Free Keylogger 5.2.9 allows local users to
gain pri ...)
+CVE-2018-18519 (BestXsoftware Best Free Keylogger before 6.0.0 allows local
users to g ...)
NOT-FOR-US: BestXsoftware Best Free Keylogger
CVE-2018-18518
RESERVED
@@ -44114,8 +44115,8 @@ CVE-2018-15869 (An Amazon Web Services (AWS) developer
who does not specify the
[stretch] - packer <not-affected> (Vulnerable code added later)
NOTE: https://github.com/hashicorp/packer/issues/6584
NOTE: https://github.com/aws/aws-cli/issues/3629
-CVE-2018-15868
- RESERVED
+CVE-2018-15868 (SQL injection vulnerability in ChronoScan version 1.5.4.3 and
earlier ...)
+ TODO: check
CVE-2018-15867
RESERVED
CVE-2018-15866
@@ -44422,8 +44423,8 @@ CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX
before 5.3R5 and 9.0R1 ha
NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version
2.70.05.02, Engi ...)
NOT-FOR-US: Dell 2335dn printers
-CVE-2018-15747
- RESERVED
+CVE-2018-15747 (The default configuration of glot-www through 2018-05-19
allows remote ...)
+ TODO: check
CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to
cause a den ...)
- qemu 1:3.1+dfsg-1 (low; bug #907500)
[stretch] - qemu <ignored> (Minor issue, too risky to backport, not
enabled by default)
@@ -44448,24 +44449,24 @@ CVE-2018-15739
RESERVED
CVE-2018-15738
RESERVED
-CVE-2018-15737
- RESERVED
-CVE-2018-15736
- RESERVED
-CVE-2018-15735
- RESERVED
-CVE-2018-15734
- RESERVED
-CVE-2018-15733
- RESERVED
-CVE-2018-15732
- RESERVED
-CVE-2018-15731
- RESERVED
-CVE-2018-15730
- RESERVED
-CVE-2018-15729
- RESERVED
+CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15735 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15734 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15733 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15732 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15731 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15730 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
+CVE-2018-15729 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The
driver ...)
+ TODO: check
CVE-2018-15728 (An issue was discovered in Couchbase Server. Authenticated
users can s ...)
NOT-FOR-US: Couchbase
CVE-2018-15727 (Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3
allows aut ...)
@@ -44628,8 +44629,8 @@ CVE-2018-15667 (An issue was discovered in Bloop
Airmail 3 3.5.9 for macOS. It r
NOT-FOR-US: Bloop Airmail
CVE-2018-15666
RESERVED
-CVE-2018-15665
- RESERVED
+CVE-2018-15665 (An issue was discovered in Cloudera Data Science Workbench
(CDSW) 1.2. ...)
+ TODO: check
CVE-2018-15664 (In Docker through 18.06.1-ce-rc2, the API endpoints behind the
'docker ...)
- docker.io <unfixed> (bug #929662)
NOTE: https://www.openwall.com/lists/oss-security/2019/05/28/1
@@ -93205,8 +93206,7 @@ CVE-2017-15696 (When an Apache Geode cluster before
v1.4.0 is operating in secur
NOT-FOR-US: Apache Geode
CVE-2017-15695 (When an Apache Geode server versions 1.0.0 to 1.4.0 is
configured with ...)
NOT-FOR-US: Apache Geode
-CVE-2017-15694
- RESERVED
+CVE-2017-15694 (When an Apache Geode server versions 1.0.0 to 1.8.0 is
operating in se ...)
NOT-FOR-US: Apache Geode
CVE-2017-15693 (In Apache Geode before v1.4.0, the Geode server stores
application obj ...)
NOT-FOR-US: Apache Geode
@@ -146379,8 +146379,7 @@ CVE-2016-7406 (Format string vulnerability in
Dropbear SSH before 2016.74 allows
- dropbear 2016.74-1
[jessie] - dropbear 2014.65-1+deb8u1
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
-CVE-2016-7404 [Magnum created instances have full API access to creating
user's OpenStack account]
- RESERVED
+CVE-2016-7404 (OpenStack Magnum passes OpenStack credentials into the Heat
templates ...)
- magnum 3.1.1-5 (bug #863547)
NOTE:
https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
CVE-2016-7403
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5285679d97017f9b27a362366a68408d4c0f472a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5285679d97017f9b27a362366a68408d4c0f472a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
