[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 26 Jul 2019 01:11:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e97043c8 by security tracker role at 2019-07-26T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-14282 (The simple_captcha2 gem 0.2.3 for Ruby, as distributed on 
RubyGems.org ...)
+       TODO: check
+CVE-2019-14281 (The datagrid gem 1.0.6 for Ruby, as distributed on 
RubyGems.org, inclu ...)
+       TODO: check
+CVE-2019-14280 (In some circumstances, Craft 2 before 2.7.10 and 3 before 
3.2.6 wasn't ...)
+       TODO: check
+CVE-2019-14279
+       RESERVED
+CVE-2019-14278
+       RESERVED
+CVE-2019-14277 (Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with 
certain ...)
+       TODO: check
+CVE-2019-14276
+       RESERVED
+CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the 
calc_arro ...)
+       TODO: check
+CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() 
function i ...)
+       TODO: check
+CVE-2019-14273
+       RESERVED
+CVE-2019-14272
+       RESERVED
 CVE-2019-14271
        RESERVED
 CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 
12.0.0.6 ...)
@@ -1272,13 +1294,13 @@ CVE-2019-13649
 CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, 
when hardwa ...)
        - linux <unfixed>
        NOTE: https://patchwork.ozlabs.org/patch/1133904/
-CVE-2018-20856 [block: blk_init_allocated_queue() set q->fq as NULL in the 
fail case]
+CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In 
block/bl ...)
        - linux 4.18.8-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
-CVE-2018-20855 [IB/mlx5: Fix leaking stack memory to userspace]
+CVE-2018-20855 (An issue was discovered in the Linux kernel before 4.18.7. In 
create_q ...)
        - linux 4.18.8-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/0625b4ba1a5d4703c7fb01c497bd6c156908af00
-CVE-2018-20854 [phy: ocelot-serdes: fix out-of-bounds read]
+CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20. 
drivers/phy/m ...)
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
 CVE-2018-20853
@@ -1308,6 +1330,7 @@ CVE-2019-13639
        RESERVED
 CVE-2019-13638 [shell command injection]
        RESERVED
+       {DLA-1864-1}
        - patch 2.7.6-5
        NOTE: 
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
 CVE-2019-13637 (In LogMeIn join.me before 3.16.0.5505, an attacker could 
execute arbit ...)
@@ -2667,8 +2690,8 @@ CVE-2019-13484
        RESERVED
        - xymon 4.3.29-1
        NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13483
-       RESERVED
+CVE-2019-13483 (Auth0 Passport-SharePoint before 0.4.0 does not validate the 
JWT signa ...)
+       TODO: check
 CVE-2019-13482 (An issue was discovered on D-Link DIR-818LW devices with 
firmware 2.06 ...)
        NOT-FOR-US: D-Link
 CVE-2019-13481 (An issue was discovered on D-Link DIR-818LW devices with 
firmware 2.06 ...)
@@ -6650,10 +6673,10 @@ CVE-2019-11924
        RESERVED
 CVE-2019-11923
        RESERVED
-CVE-2019-11922
-       RESERVED
-CVE-2019-11921
-       RESERVED
+CVE-2019-11922 (A race condition in the one-pass compression functions of 
Zstandard pr ...)
+       TODO: check
+CVE-2019-11921 (An out of bounds write is possible via a specially crafted 
packet in c ...)
+       TODO: check
 CVE-2019-11920
        RESERVED
 CVE-2019-11919
@@ -9202,16 +9225,16 @@ CVE-2019-10978
        RESERVED
 CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module 
QJ71E71-100 ser ...)
        NOT-FOR-US: Mitsubishi
-CVE-2019-10976
-       RESERVED
+CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. 
This vu ...)
+       TODO: check
 CVE-2019-10975 (An out-of-bounds read vulnerability has been identified in 
Fuji Electr ...)
        NOT-FOR-US: Fuji Electric
-CVE-2019-10974
-       RESERVED
+CVE-2019-10974 (NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, 
The appli ...)
+       TODO: check
 CVE-2019-10973 (Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 
9.0.x, all ...)
        NOT-FOR-US: Quest KACE
-CVE-2019-10972
-       RESERVED
+CVE-2019-10972 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. 
This vu ...)
+       TODO: check
 CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 
3.41 and pr ...)
        NOT-FOR-US: Omron
 CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions 
manufactured befor ...)
@@ -9781,8 +9804,8 @@ CVE-2019-10746 [prototype pollution]
        NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6
 CVE-2019-10745
        RESERVED
-CVE-2019-10744
-       RESERVED
+CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to 
Prototype Poll ...)
+       TODO: check
 CVE-2019-10743
        RESERVED
 CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a 
denial of ...)
@@ -11153,8 +11176,7 @@ CVE-2019-10186
        RESERVED
 CVE-2019-10185
        RESERVED
-CVE-2019-10184 [Information leak in requests for directories without trailing 
slashes]
-       RESERVED
+CVE-2019-10184 (undertow before version 2.0.23.Final is vulnerable to an 
information l ...)
        - undertow <unfixed>
        NOTE: https://issues.jboss.org/browse/UNDERTOW-1578
        NOTE: https://github.com/undertow-io/undertow/pull/794
@@ -12447,8 +12469,8 @@ CVE-2019-1010149 (zzcms version 8.3 and earlier is 
affected by: File Delete to C
        NOT-FOR-US: zzcms
 CVE-2019-1010148 (zzcms version 8.3 and earlier is affected by: SQL Injection. 
The impac ...)
        NOT-FOR-US: zzcms
-CVE-2019-1010147
-       RESERVED
+CVE-2019-1010147 (Yellowfin Smart Reporting All Versions Prior to 7.3 is 
affected by: In ...)
+       TODO: check
 CVE-2019-1010146
        RESERVED
 CVE-2019-1010145
@@ -23786,16 +23808,16 @@ CVE-2019-5609
        RESERVED
 CVE-2019-5608
        RESERVED
-CVE-2019-5607
-       RESERVED
-CVE-2019-5606
-       RESERVED
-CVE-2019-5605
-       RESERVED
-CVE-2019-5604
-       RESERVED
-CVE-2019-5603
-       RESERVED
+CVE-2019-5607 (In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 
12.0-RELEAS ...)
+       TODO: check
+CVE-2019-5606 (In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 
12.0-RELEAS ...)
+       TODO: check
+CVE-2019-5605 (In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 
11.3-RELEAS ...)
+       TODO: check
+CVE-2019-5604 (In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 
12.0-RELEAS ...)
+       TODO: check
+CVE-2019-5603 (In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 
12.0-RELEAS ...)
+       TODO: check
 CVE-2019-5602 (In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 
12.0-RELEAS ...)
        - kfreebsd-10 <unfixed> (unimportant)
        NOTE: 
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc
@@ -34795,7 +34817,7 @@ CVE-2019-1581
        RESERVED
 CVE-2019-1580
        RESERVED
-CVE-2019-1579 (Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 
8.0.11 and  ...)
+CVE-2019-1579 (Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 
8.0.11-h1 a ...)
        NOT-FOR-US: PAN-OS
 CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks 
MineMeld vers ...)
        NOT-FOR-US: Palo Alto Networks MineMeld
@@ -39394,8 +39416,7 @@ CVE-2019-0204 (A specifically crafted Docker image 
running under the root user c
        - apache-mesos <itp> (bug #760315)
 CVE-2019-0203
        RESERVED
-CVE-2019-0202
-       RESERVED
+CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible 
endpoints to ...)
        NOT-FOR-US: Apache Storm
 CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 
3.5.0-alph ...)
        {DSA-4461-1 DLA-1801-1}
@@ -59372,8 +59393,7 @@ CVE-2018-11780 (A potential Remote Code Execution bug 
exists with the PDFInfo pl
        - spamassassin 3.4.2-1 (bug #908970)
        [stretch] - spamassassin 3.4.2-1~deb9u1
        NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
-CVE-2018-11779
-       RESERVED
+CVE-2018-11779 (In Apache Storm versions 1.1.0 to 1.2.2, when the user is 
using the st ...)
        NOT-FOR-US: Apache Storm
 CVE-2018-11778 (UnixAuthenticationService in Apache Ranger 1.2.0 was updated 
to correc ...)
        NOT-FOR-US: Apache Ranger



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e97043c842e587969528aca380ab293a837aa318

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e97043c842e587969528aca380ab293a837aa318
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to