[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 31 Jul 2019 01:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d80c7fda by security tracker role at 2019-07-31T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, 
allowing a ...)
+       TODO: check
+CVE-2019-14451
+       RESERVED
+CVE-2019-14450
+       RESERVED
+CVE-2019-14449
+       RESERVED
+CVE-2019-14448
+       RESERVED
+CVE-2019-14447
+       RESERVED
+CVE-2019-14446
+       RESERVED
+CVE-2007-6763
+       RESERVED
 CVE-2019-14445
        RESERVED
 CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains 
an intege ...)
@@ -4337,8 +4353,8 @@ CVE-2019-13028 (An incorrect implementation of a local 
web server in eID client
        NOT-FOR-US: local web server in eID client (Product from the Ministry 
of Interior of the Slovak Republic)
 CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 
5.10.8071 has S ...)
        NOT-FOR-US: Realization Concerto Critical Chain Planner
-CVE-2019-13026
-       RESERVED
+CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows 
SQL Inject ...)
+       TODO: check
 CVE-2019-13025
        RESERVED
 CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and 
Centreon web be ...)
@@ -11730,28 +11746,24 @@ CVE-2019-10166 [virDomainManagedSaveDefineXML API 
exposed to readonly clients]
        NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720114
        NOTE: 
https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a
-CVE-2019-10165
-       RESERVED
+CVE-2019-10165 (OpenShift Container Platform before version 4.1.3 writes OAuth 
tokens  ...)
        NOT-FOR-US: OpenShift
 CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 
11.4 are ...)
        - postgresql-11 11.4-1
        - postgresql-9.6 <not-affected> (Only affects 10.x and later)
        - postgresql-9.4 <not-affected> (Only affects 10.x and later)
        NOTE: https://www.postgresql.org/about/news/1949/
-CVE-2019-10163 [Denial of service via NOTIFY packets]
-       RESERVED
+CVE-2019-10163 (A Vulnerability has been found in PowerDNS Authoritative 
Server before ...)
        {DSA-4470-1 DLA-1843-1}
        - pdns 4.1.6-3
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
        NOTE: 
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html
-CVE-2019-10162 [Denial of service via crafted zone records]
-       RESERVED
+CVE-2019-10162 (A vulnerability has been found in PowerDNS Authoritative 
Server before ...)
        {DSA-4470-1 DLA-1843-1}
        - pdns 4.1.6-3
        NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
        NOTE: 
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html
-CVE-2019-10161 [arbitrary file read/exec via virDomainSaveImageGetXMLDesc API]
-       RESERVED
+CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 
5.4.1 would ...)
        {DSA-4469-1 DLA-1832-1}
        - libvirt 5.0.0-4
        NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
@@ -11780,8 +11792,7 @@ CVE-2019-10158
        NOT-FOR-US: infinispan
 CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 
4.8.3 did  ...)
        NOT-FOR-US: Keycloak
-CVE-2019-10156 [templating causing an unexpected key file to be set on remote 
node]
-       RESERVED
+CVE-2019-10156 (A flaw was discovered in the way Ansible templating was 
implemented in ...)
        - ansible <unfixed> (low; bug #930065)
        [buster] - ansible <no-dsa> (Minor issue)
        [stretch] - ansible <no-dsa> (Minor issue)
@@ -11796,16 +11807,14 @@ CVE-2019-10155 (The Libreswan Project has found a 
vulnerability in the processin
        NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and 
later, freeswan
 CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web 
service f ...)
        - moodle <removed>
-CVE-2019-10153 [mis-handling of non-ASCII characters in guest comment fields]
-       RESERVED
+CVE-2019-10153 (A flaw was discovered in fence-agents, prior to version 4.3.4, 
where u ...)
        - fence-agents 4.3.3-2 (low; bug #930887)
        [stretch] - fence-agents <no-dsa> (Minor issue)
        [jessie] - fence-agents <not-affected> (Vulnerable code introduced 
later)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460
        NOTE: https://github.com/ClusterLabs/fence-agents/pull/255
        NOTE: https://github.com/ClusterLabs/fence-agents/pull/272
-CVE-2019-10152
-       RESERVED
+CVE-2019-10152 (A path traversal vulnerability has been discovered in podman 
before ve ...)
        NOT-FOR-US: Podman
 CVE-2019-10151
        RESERVED
@@ -19088,19 +19097,19 @@ CVE-2019-7618
        RESERVED
 CVE-2019-7617
        RESERVED
-CVE-2019-7616
-       RESERVED
-CVE-2019-7615
-       RESERVED
-CVE-2019-7614
-       RESERVED
+CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side 
request f ...)
+       TODO: check
+CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM 
agent for R ...)
+       TODO: check
+CVE-2019-7614 (A race condition flaw was found in the response headers 
Elasticsearch  ...)
+       TODO: check
 CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient 
loggin ...)
        NOT-FOR-US: Winlogbeat
 CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash 
version ...)
        - logstash <itp> (bug #664841)
 CVE-2019-7611 (A permission issue was found in Elasticsearch versions before 
5.6.15 a ...)
        - elasticsearch <removed>
-CVE-2019-7610 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary 
code exec ...)
+CVE-2019-7610 (Kibana versions before 6.6.1 contain an arbitrary code 
execution flaw  ...)
        - kibana <itp> (bug #700337)
 CVE-2019-7609 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary 
code exec ...)
        - kibana <itp> (bug #700337)
@@ -24637,32 +24646,32 @@ CVE-2019-5461 [GitHub Integration SSRF]
        RESERVED
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5460
-       RESERVED
-CVE-2019-5459
-       RESERVED
-CVE-2019-5458
-       RESERVED
-CVE-2019-5457
-       RESERVED
-CVE-2019-5456
-       RESERVED
-CVE-2019-5455
-       RESERVED
-CVE-2019-5454
-       RESERVED
-CVE-2019-5453
-       RESERVED
-CVE-2019-5452
-       RESERVED
-CVE-2019-5451
-       RESERVED
-CVE-2019-5450
-       RESERVED
-CVE-2019-5449
-       RESERVED
-CVE-2019-5448
-       RESERVED
+CVE-2019-5460 (Double Free in VLC versions &lt;= 3.0.6 leads to a crash. ...)
+       TODO: check
+CVE-2019-5459 (An Integer underflow in VLC Media Player versions &lt; 3.0.7 
leads to  ...)
+       TODO: check
+CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server 
(all vers ...)
+       TODO: check
+CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server 
(all versi ...)
+       TODO: check
+CVE-2019-5456 (SMTP MITM refers to a malicious actor setting up an SMTP proxy 
server  ...)
+       TODO: check
+CVE-2019-5455 (Bypassing lock protection exists in Nextcloud Android app 3.6.0 
when c ...)
+       TODO: check
+CVE-2019-5454 (SQL Injection in the Nextcloud Android app prior to version 
3.0.0 allo ...)
+       TODO: check
+CVE-2019-5453 (Bypass lock protection in the Nextcloud Android app prior to 
version 3 ...)
+       TODO: check
+CVE-2019-5452 (Bypass lock protection in the Nextcloud Android app prior to 
version 3 ...)
+       TODO: check
+CVE-2019-5451 (Bypass lock protection in the Nextcloud Android app prior to 
version 3 ...)
+       TODO: check
+CVE-2019-5450 (Improper sanitization of HTML in directory names in the 
Nextcloud Andr ...)
+       TODO: check
+CVE-2019-5449 (A missing check in the Nextcloud Server prior to version 15.0.1 
causes ...)
+       TODO: check
+CVE-2019-5448 (Yarn before 1.17.3 is vulnerable to Missing Encryption of 
Sensitive Da ...)
+       TODO: check
 CVE-2019-5447 (A path traversal vulnerability in &lt;= v0.2.6 of 
http-file-server npm ...)
        NOT-FOR-US: http-file-server Node.js module
 CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an 
Admin  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d80c7fdad0332d4f2e84c454a777433d22b9bd86

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d80c7fdad0332d4f2e84c454a777433d22b9bd86
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to