Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d0fbd838 by security tracker role at 2019-10-08T08:10:33Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,43 @@ +CVE-2019-17339 + RESERVED +CVE-2019-17338 + RESERVED +CVE-2019-17337 + RESERVED +CVE-2019-17336 + RESERVED +CVE-2019-17335 + RESERVED +CVE-2019-17334 + RESERVED +CVE-2019-17333 + RESERVED +CVE-2019-17332 + RESERVED +CVE-2019-17331 + RESERVED +CVE-2019-17330 + RESERVED +CVE-2019-17329 + RESERVED +CVE-2019-17328 + RESERVED +CVE-2019-17327 + RESERVED +CVE-2019-17326 + RESERVED +CVE-2019-17325 + RESERVED +CVE-2019-17324 + RESERVED +CVE-2019-17323 + RESERVED +CVE-2019-17322 + RESERVED +CVE-2019-17321 + RESERVED +CVE-2019-17320 + RESERVED CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) @@ -172,8 +212,8 @@ CVE-2019-17241 RESERVED CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...) NOT-FOR-US: Bludit -CVE-2019-17239 - RESERVED +CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...) + TODO: check CVE-2019-17238 RESERVED CVE-2019-17237 @@ -184,10 +224,10 @@ CVE-2019-17235 RESERVED CVE-2019-17234 RESERVED -CVE-2019-17233 - RESERVED -CVE-2019-17232 - RESERVED +CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...) + TODO: check +CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...) + TODO: check CVE-2019-17231 RESERVED CVE-2019-17230 @@ -898,8 +938,8 @@ CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/wid NOT-FOR-US: pfSense CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...) NOT-FOR-US: pfSense -CVE-2019-16913 - RESERVED +CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86 ...) + TODO: check CVE-2019-16912 RESERVED CVE-2019-16911 @@ -12063,7 +12103,7 @@ CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html -CVE-2019-17351 [No grant table and foreign mapping limits] +CVE-2019-17351 (An issue was discovered in drivers/xen/balloon.c in the Linux kernel b ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.168-1+deb9u5 @@ -12941,8 +12981,8 @@ CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration] [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13120 - RESERVED +CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checki ...) + TODO: check CVE-2019-13119 RESERVED CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of ...) @@ -22373,7 +22413,8 @@ CVE-2019-1010075 RESERVED CVE-2019-1010074 RESERVED -CVE-2019-1010073 (BACnet Stack bacserv 0.9.1 and 0.8.5 is affected by: Buffer Overflow. ...) +CVE-2019-1010073 + REJECTED NOT-FOR-US: BACnet Stack bacserv CVE-2019-1010072 RESERVED @@ -23571,41 +23612,41 @@ CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to ini NOTE: https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5 CVE-2019-9577 RESERVED -CVE-2019-17350 +CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...) - xen 4.11.1+92-g6c33308a8d-1 NOTE: https://xenbits.xen.org/xsa/advisory-295.html -CVE-2019-17349 +CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...) - xen 4.11.1+92-g6c33308a8d-1 NOTE: https://xenbits.xen.org/xsa/advisory-295.html -CVE-2019-17348 [xen: x86 shadow: Insufficient TLB flushing when using PCID] +CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929992) [jessie] - xen <not-affected> (PCID support not backported) NOTE: https://xenbits.xen.org/xsa/advisory-294.html -CVE-2019-17347 [xen: x86: PV kernel context switch corruption] +CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929999) NOTE: https://xenbits.xen.org/xsa/advisory-293.html -CVE-2019-17346 [xen: x86: insufficient TLB flushing when using PCID] +CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929993) [jessie] - xen <not-affected> (PCID support not backported) NOTE: https://xenbits.xen.org/xsa/advisory-292.html -CVE-2019-17345 [xen: x86/PV: page type reference counting issue with failed IOMMU update] +CVE-2019-17345 (An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV gu ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929995) [jessie] - xen <not-affected> (only 4.8 and later affected) NOTE: https://xenbits.xen.org/xsa/advisory-291.html -CVE-2019-17344 [xen: missing preemption in x86 PV page table unvalidation] +CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929996) [jessie] - xen <not-affected> (Introduced by ignored fix for CVE-2018-3646) NOTE: https://xenbits.xen.org/xsa/advisory-290.html -CVE-2019-17343 [xen: x86: Inconsistent PV IOMMU discipline] +CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929994) NOTE: https://xenbits.xen.org/xsa/advisory-288.html -CVE-2019-17342 [xen: x86: steal_page violates page_struct access discipline] +CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #930001) NOTE: https://xenbits.xen.org/xsa/advisory-287.html -CVE-2019-17341 [xen: race with pass-through device hotplug] +CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929998) NOTE: https://xenbits.xen.org/xsa/advisory-285.html -CVE-2019-17340 [xen: grant table transfer issues on large hosts] +CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 guest OS us ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929991) [jessie] - xen <ignored> (memory leak on huge memory machines) NOTE: https://xenbits.xen.org/xsa/advisory-284.html @@ -74123,7 +74164,7 @@ CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated u NOT-FOR-US: SolarWinds Serv-U CVE-2018-10239 (A privilege escalation vulnerability in the "support access" feature o ...) NOT-FOR-US: Infoblox NIOS -CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in B ...) +CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affec ...) NOT-FOR-US: skarg BACnet Protocol Stack CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before 2 ...) NOT-FOR-US: Google Guava View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits