Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0fbc46cb by security tracker role at 2019-09-04T08:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the
parser into ...)
+ TODO: check
+CVE-2019-15902 (A backporting error was discovered in the Linux
stable/longterm kernel ...)
+ TODO: check
+CVE-2019-15901
+ RESERVED
+CVE-2019-15900
+ RESERVED
+CVE-2019-15899
+ RESERVED
+CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the
username o ...)
+ TODO: check
+CVE-2019-15897
+ RESERVED
+CVE-2019-15896
+ RESERVED
+CVE-2019-15895
+ RESERVED
+CVE-2019-15894
+ RESERVED
+CVE-2019-15893
+ RESERVED
+CVE-2019-15891
+ RESERVED
+CVE-2019-15890
+ RESERVED
CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has
XSS via th ...)
NOT-FOR-US: download-manager plugin for WordPress
CVE-2019-15888
@@ -52,7 +78,8 @@ CVE-2019-15864 (The breadcrumbs-by-menu plugin before 1.0.3
for WordPress has XS
NOT-FOR-US: breadcrumbs-by-menu plugin for WordPress
CVE-2019-15863 (The ConvertPlus plugin before 3.4.5 for WordPress has an
unintended ac ...)
NOT-FOR-US: ConvertPlus plugin for WordPress
-CVE-2019-15892 [VSV00003 DoS]
+CVE-2019-15892 (An issue was discovered in Varnish Cache before 6.0.4 LTS, and
6.1.x a ...)
+ {DSA-4514-1}
- varnish 6.2.1-1 (bug #939333)
[stretch] - varnish <not-affected> (Only a security issue in 6.0 and
later)
[jessie] - varnish <not-affected> (Only a security issue in 6.0 and
later)
@@ -16669,6 +16696,7 @@ CVE-2019-10199 (It was found that Keycloak's account
console, up to 6.0.1, did n
CVE-2019-10198 (An authentication bypass vulnerability was discovered in
foreman-tasks ...)
- foreman <itp> (bug #663101)
CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba
4.10.x up ...)
+ {DSA-4513-1}
- samba 2:4.9.13+dfsg-1
[stretch] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
[jessie] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
@@ -29877,12 +29905,12 @@ CVE-2019-5482
RESERVED
CVE-2019-5481
RESERVED
-CVE-2019-5480
- RESERVED
-CVE-2019-5479
- RESERVED
-CVE-2019-5478
- RESERVED
+CVE-2019-5480 (A path traversal vulnerability in <= v0.9.7 of
statichttpserver npm ...)
+ TODO: check
+CVE-2019-5479 (An unintended require vulnerability in <v0.5.5
larvitbase-api may a ...)
+ TODO: check
+CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq
UltraScale+ dev ...)
+ TODO: check
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and
earlier allo ...)
- rexical <unfixed>
- ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802)
@@ -29893,8 +29921,8 @@ CVE-2019-5477 (A command injection vulnerability in
Nokogiri v1.10.3 and earlier
NOTE: Change in rexical is covered by the scope of this CVE.
CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0
(running o ...)
TODO: check
-CVE-2019-5475
- RESERVED
+CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote
Code Exe ...)
+ TODO: check
CVE-2019-5474 [Override Merge Request Approval Rules]
RESERVED
- gitlab <not-affected> (Only affects Gitlab EE 11.8 and later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fbc46cb8c3cf3d5d1da584e7cc0cbb24973c9d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fbc46cb8c3cf3d5d1da584e7cc0cbb24973c9d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
