[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 10 Aug 2019 01:11:14 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c9608d11 by security tracker role at 2019-08-10T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2019-14808
        RESERVED
-CVE-2019-14807
-       RESERVED
+CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for 
MediaWiki, XSS e ...)
+       TODO: check
 CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has 
insufficien ...)
        - python-werkzeug <unfixed> (low)
        [buster] - python-werkzeug <no-dsa> (Minor issue)
@@ -7945,20 +7945,20 @@ CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a 
Buffer Overflow in the TC
        NOT-FOR-US: Wind River VxWorks
 CVE-2019-12262
        RESERVED
-CVE-2019-12261
-       RESERVED
-CVE-2019-12260
-       RESERVED
+CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer 
Overflow in the ...)
+       TODO: check
+CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
TCP compon ...)
+       TODO: check
 CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the 
IGMPv3  ...)
        NOT-FOR-US: Wind River VxWorks
-CVE-2019-12258
-       RESERVED
+CVE-2019-12258 (Wind River VxWorks 6.5 through 6.9 and vx7 has Session 
Fixation in the ...)
+       TODO: check
 CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
DHCP clien ...)
        NOT-FOR-US: Wind River VxWorks
 CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
IPv4 compo ...)
        NOT-FOR-US: Wind River VxWorks
-CVE-2019-12255
-       RESERVED
+CVE-2019-12255 (Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in 
the TCP  ...)
+       TODO: check
 CVE-2019-12254
        RESERVED
 CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as 
demonstr ...)
@@ -9668,10 +9668,10 @@ CVE-2018-20829
        RESERVED
 CVE-2018-20828
        RESERVED
-CVE-2018-20827
-       RESERVED
-CVE-2018-20826
-       RESERVED
+CVE-2018-20827 (The activity stream gadget in Jira before version 7.13.1 
allows remote ...)
+       TODO: check
+CVE-2018-20826 (The inline-create rest resource in Jira before version 7.12.3 
allows a ...)
+       TODO: check
 CVE-2018-20825
        RESERVED
 CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 
allows rem ...)
@@ -9736,8 +9736,8 @@ CVE-2019-11583 (The issue searching component in Jira 
before version 8.1.0 allow
        NOT-FOR-US: issue searching component in Jira
 CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree 
for Window ...)
        NOT-FOR-US: Atlassian Sourcetree
-CVE-2019-11581
-       RESERVED
+CVE-2019-11581 (There was a server-side template injection vulnerability in 
Jira Serve ...)
+       TODO: check
 CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall 
development p ...)
        NOT-FOR-US: Atlassian Crowd and Crowd Data Center
 CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ 
URI. ...)
@@ -10547,8 +10547,8 @@ CVE-2019-11276
        RESERVED
 CVE-2019-11275
        RESERVED
-CVE-2019-11274
-       RESERVED
+CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to 
an XSS a ...)
+       TODO: check
 CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 
1.3.7, and ve ...)
        NOT-FOR-US: Pivotal Container Services
 CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older 
unsupported ve ...)
@@ -10779,6 +10779,7 @@ CVE-2019-11188
        RESERVED
 CVE-2019-11187 [Perform stricter check on LDAP success/failure]
        RESERVED
+       {DLA-1876-1 DLA-1875-1}
        - fusiondirectory 1.2.3-5
        [buster] - fusiondirectory <no-dsa> (Minor issue)
        [stretch] - fusiondirectory <no-dsa> (Minor issue)
@@ -11122,15 +11123,13 @@ CVE-2019-11044
        RESERVED
 CVE-2019-11043
        RESERVED
-CVE-2019-11042 [heap-buffer-overflow on exif_process_user_comment]
-       RESERVED
+CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an 
image, e.g ...)
        - php7.3 7.3.8-1
        - php7.0 <removed>
        - php5 <removed>
        NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78256
-CVE-2019-11041 [heap-buffer-overflow on exif_scan_thumbnail]
-       RESERVED
+CVE-2019-11041 (When PHP EXIF extension is parsing EXIF information from an 
image, e.g ...)
        - php7.3 7.3.8-1
        - php7.0 <removed>
        - php5 <removed>
@@ -30154,12 +30153,12 @@ CVE-2019-3746
        RESERVED
 CVE-2019-3745
        RESERVED
-CVE-2019-3744
-       RESERVED
+CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 
contain a pri ...)
+       TODO: check
 CVE-2019-3743
        RESERVED
-CVE-2019-3742
-       RESERVED
+CVE-2019-3742 (Dell/Alienware Digital Delivery versions prior to 3.5.2013 
contain a p ...)
+       TODO: check
 CVE-2019-3741 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 
contain a  ...)
        NOT-FOR-US: EMC
 CVE-2019-3740



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9608d118e43d564cc25b33f523c0667e0d15f1b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9608d118e43d564cc25b33f523c0667e0d15f1b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to