[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 25 Jun 2019 13:11:15 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1703b5ad by security tracker role at 2019-06-25T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-12965
+       RESERVED
+CVE-2019-12964 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the 
ticket.php ...)
+       TODO: check
+CVE-2019-12963 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the 
chat.php C ...)
+       TODO: check
+CVE-2019-12962 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in 
mobile/index.p ...)
+       TODO: check
+CVE-2019-12961 (LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection 
in the  ...)
+       TODO: check
+CVE-2019-12960 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection 
in func ...)
+       TODO: check
+CVE-2019-12959
+       RESERVED
 CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be 
triggered in F ...)
        TODO: check
 CVE-2019-12957 (In Xpdf 4.01.01, a buffer over-read could be triggered in 
FoFiType1C:: ...)
@@ -16,8 +30,8 @@ CVE-2019-12951 (An issue was discovered in Mongoose before 
6.15. The parse_mqtt(
        TODO: check
 CVE-2019-12950
        RESERVED
-CVE-2019-12949
-       RESERVED
+CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick 
an authen ...)
+       TODO: check
 CVE-2019-12948
        RESERVED
 CVE-2019-12947
@@ -312,8 +326,7 @@ CVE-2019-12821
        RESERVED
 CVE-2019-12820
        RESERVED
-CVE-2019-12817 [powerpc: Unrelated processes may be able to read/write to each 
other's virtual memory]
-       RESERVED
+CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel 
before 5.1. ...)
        - linux <unfixed>
        [stretch] - linux <not-affected> (Vulnerable code not present)
        [jessie] - linux <not-affected> (Vulnerable code not present)
@@ -2984,6 +2997,7 @@ CVE-2019-11709
        RESERVED
 CVE-2019-11708 [sandbox escape using Prompt:Open]
        RESERVED
+       {DSA-4471-1 DLA-1836-1}
        - firefox 67.0.4-1
        - firefox-esr 60.7.2esr-1
        - thunderbird 1:60.7.2-1
@@ -2991,7 +3005,7 @@ CVE-2019-11708 [sandbox escape using Prompt:Open]
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11708
 CVE-2019-11707
        RESERVED
-       {DSA-4466-1 DLA-1829-1}
+       {DSA-4471-1 DSA-4466-1 DLA-1836-1 DLA-1829-1}
        - firefox 67.0.3-1
        - firefox-esr 60.7.1esr-1
        - thunderbird 1:60.7.2-1
@@ -17474,10 +17488,10 @@ CVE-2019-6331
        RESERVED
 CVE-2019-6330
        RESERVED
-CVE-2019-6329
-       RESERVED
-CVE-2019-6328
-       RESERVED
+CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain 
system p ...)
+       TODO: check
+CVE-2019-6328 (HP Support Assistant 8.7.50 and earlier allows a user to gain 
system p ...)
+       TODO: check
 CVE-2019-6327 (HP Color LaserJet Pro M280-M281 Multifunction Printer series 
(before v ...)
        NOT-FOR-US: HP
 CVE-2019-6326 (HP Color LaserJet Pro M280-M281 Multifunction Printer series 
(before v ...)
@@ -21941,8 +21955,8 @@ CVE-2019-4384 (IBM Campaign 9.1.2 and 10.1 could allow 
a remote attacker to trav
        NOT-FOR-US: IBM
 CVE-2019-4383
        RESERVED
-CVE-2019-4382
-       RESERVED
+CVE-2019-4382 (IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an 
unauthorized us ...)
+       TODO: check
 CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain 
sensiti ...)
        NOT-FOR-US: IBM
 CVE-2019-4380
@@ -21951,8 +21965,8 @@ CVE-2019-4379
        RESERVED
 CVE-2019-4378
        RESERVED
-CVE-2019-4377
-       RESERVED
+CVE-2019-4377 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals 
sensitive info ...)
+       TODO: check
 CVE-2019-4376
        RESERVED
 CVE-2019-4375
@@ -22389,24 +22403,24 @@ CVE-2019-4160
        RESERVED
 CVE-2019-4159
        RESERVED
-CVE-2019-4158
-       RESERVED
-CVE-2019-4157
-       RESERVED
-CVE-2019-4156
-       RESERVED
+CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove 
that a  ...)
+       TODO: check
+CVE-2019-4157 (IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable 
to cross ...)
+       TODO: check
+CVE-2019-4156 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker 
than expec ...)
+       TODO: check
 CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is 
impacted b ...)
        NOT-FOR-US: IBM
 CVE-2019-4154
        RESERVED
-CVE-2019-4153
-       RESERVED
-CVE-2019-4152
-       RESERVED
-CVE-2019-4151
-       RESERVED
-CVE-2019-4150
-       RESERVED
+CVE-2019-4153 (IBM Security Access Manager 9.0.1 through 9.0.6 could allow a 
remote a ...)
+       TODO: check
+CVE-2019-4152 (IBM Security Access Manager 9.0.1 through 9.0.6 does not 
invalidate se ...)
+       TODO: check
+CVE-2019-4151 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker 
than expec ...)
+       TODO: check
+CVE-2019-4150 (IBM Security Access Manager 9.0.1 through 9.0.6 does not 
validate, or  ...)
+       TODO: check
 CVE-2019-4149
        RESERVED
 CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 
6.0.0.1 is vu ...)
@@ -22415,8 +22429,8 @@ CVE-2019-4147
        RESERVED
 CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 
6.0.0.1 could ...)
        NOT-FOR-US: IBM
-CVE-2019-4145
-       RESERVED
+CVE-2019-4145 (IBM Security Access Manager 9.0.1 through 9.0.6 could reveal 
highly se ...)
+       TODO: check
 CVE-2019-4144
        RESERVED
 CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 
3.1.1  ...)
@@ -22435,8 +22449,8 @@ CVE-2019-4137 (IBM Tivoli Storage Productivity Center 
5.2.13 through 5.3.0.1 is
        NOT-FOR-US: IBM
 CVE-2019-4136 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 
10.4.0 is vu ...)
        NOT-FOR-US: IBM
-CVE-2019-4135
-       RESERVED
+CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by 
a secur ...)
+       TODO: check
 CVE-2019-4134
        RESERVED
 CVE-2019-4133
@@ -82746,12 +82760,12 @@ CVE-2018-2015 (IBM API Connect 2018.1 and 2018.4.1.4 
could allow a remote attack
        NOT-FOR-US: IBM
 CVE-2018-2014
        RESERVED
-CVE-2018-2013
-       RESERVED
+CVE-2018-2013 (IBM API Connect 2018.1 through 2018.4.1.5 could disclose 
sensitive inf ...)
+       TODO: check
 CVE-2018-2012
        RESERVED
-CVE-2018-2011
-       RESERVED
+CVE-2018-2011 (IBM API Connect 2018.1 through 2018.4.1.5 could allow an 
attacker to o ...)
+       TODO: check
 CVE-2018-2010
        RESERVED
 CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an 
information dis ...)
@@ -83056,8 +83070,8 @@ CVE-2018-1860
        RESERVED
 CVE-2018-1859 (IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user 
authenticat ...)
        NOT-FOR-US: IBM
-CVE-2018-1858
-       RESERVED
+CVE-2018-1858 (IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to 
cross-site re ...)
+       TODO: check
 CVE-2018-1857 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 11.1 ...)
        NOT-FOR-US: IBM
 CVE-2018-1856



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1703b5ad7a61543a88e85b2fa1b7386d527e294b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1703b5ad7a61543a88e85b2fa1b7386d527e294b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to