Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d0fbd838 by security tracker role at 2019-10-08T08:10:33Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-17339
+       RESERVED
+CVE-2019-17338
+       RESERVED
+CVE-2019-17337
+       RESERVED
+CVE-2019-17336
+       RESERVED
+CVE-2019-17335
+       RESERVED
+CVE-2019-17334
+       RESERVED
+CVE-2019-17333
+       RESERVED
+CVE-2019-17332
+       RESERVED
+CVE-2019-17331
+       RESERVED
+CVE-2019-17330
+       RESERVED
+CVE-2019-17329
+       RESERVED
+CVE-2019-17328
+       RESERVED
+CVE-2019-17327
+       RESERVED
+CVE-2019-17326
+       RESERVED
+CVE-2019-17325
+       RESERVED
+CVE-2019-17324
+       RESERVED
+CVE-2019-17323
+       RESERVED
+CVE-2019-17322
+       RESERVED
+CVE-2019-17321
+       RESERVED
+CVE-2019-17320
+       RESERVED
 CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL 
injection in the ...)
        NOT-FOR-US: SugarCRM
 CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL 
injection in the ...)
@@ -172,8 +212,8 @@ CVE-2019-17241
        RESERVED
 CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers 
to bypas ...)
        NOT-FOR-US: Bludit
-CVE-2019-17239
-       RESERVED
+CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in 
the downl ...)
+       TODO: check
 CVE-2019-17238
        RESERVED
 CVE-2019-17237
@@ -184,10 +224,10 @@ CVE-2019-17235
        RESERVED
 CVE-2019-17234
        RESERVED
-CVE-2019-17233
-       RESERVED
-CVE-2019-17232
-       RESERVED
+CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin 
through 1.8. ...)
+       TODO: check
+CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin 
through 1.8. ...)
+       TODO: check
 CVE-2019-17231
        RESERVED
 CVE-2019-17230
@@ -898,8 +938,8 @@ CVE-2019-16915 (An issue was discovered in pfSense through 
2.4.4-p3. widgets/wid
        NOT-FOR-US: pfSense
 CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In 
services_c ...)
        NOT-FOR-US: pfSense
-CVE-2019-16913
-       RESERVED
+CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to 
%PROGRAMFILES(X86 ...)
+       TODO: check
 CVE-2019-16912
        RESERVED
 CVE-2019-16911
@@ -12063,7 +12103,7 @@ CVE-2019-13451 (In Xymon through 4.3.28, a buffer 
overflow vulnerability exists
        [buster] - xymon 4.3.28-5+deb10u1
        [stretch] - xymon 4.3.28-2+deb9u1
        NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-17351 [No grant table and foreign mapping limits]
+CVE-2019-17351 (An issue was discovered in drivers/xen/balloon.c in the Linux 
kernel b ...)
        - linux 5.2.6-1
        [buster] - linux 4.19.67-1
        [stretch] - linux 4.9.168-1+deb9u5
@@ -12941,8 +12981,8 @@ CVE-2019-13121 [SSRF Vulnerability in Project GitHub 
Integration]
        [experimental] - gitlab 11.10.8+dfsg-1
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13120
-       RESERVED
+CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 for AWS lacks 
length checki ...)
+       TODO: check
 CVE-2019-13119
        RESERVED
 CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping 
characters of  ...)
@@ -22373,7 +22413,8 @@ CVE-2019-1010075
        RESERVED
 CVE-2019-1010074
        RESERVED
-CVE-2019-1010073 (BACnet Stack bacserv 0.9.1 and 0.8.5 is affected by: Buffer 
Overflow.  ...)
+CVE-2019-1010073
+       REJECTED
        NOT-FOR-US: BACnet Stack bacserv
 CVE-2019-1010072
        RESERVED
@@ -23571,41 +23612,41 @@ CVE-2019-9578 (In devs.c in Yubico libu2f-host before 
1.1.8, the response to ini
        NOTE: 
https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5
 CVE-2019-9577
        RESERVED
-CVE-2019-17350
+CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm 
domU attack ...)
        - xen 4.11.1+92-g6c33308a8d-1
        NOTE: https://xenbits.xen.org/xsa/advisory-295.html
-CVE-2019-17349
+CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm 
domU attack ...)
        - xen 4.11.1+92-g6c33308a8d-1
        NOTE: https://xenbits.xen.org/xsa/advisory-295.html
-CVE-2019-17348 [xen: x86 shadow: Insufficient TLB flushing when using PCID]
+CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929992)
        [jessie] - xen <not-affected> (PCID support not backported)
        NOTE: https://xenbits.xen.org/xsa/advisory-294.html
-CVE-2019-17347 [xen: x86: PV kernel context switch corruption]
+CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929999)
        NOTE: https://xenbits.xen.org/xsa/advisory-293.html
-CVE-2019-17346 [xen: x86: insufficient TLB flushing when using PCID]
+CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929993)
        [jessie] - xen <not-affected> (PCID support not backported)
        NOTE: https://xenbits.xen.org/xsa/advisory-292.html
-CVE-2019-17345 [xen: x86/PV: page type reference counting issue with failed 
IOMMU update]
+CVE-2019-17345 (An issue was discovered in Xen 4.8.x through 4.11.x allowing 
x86 PV gu ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929995)
        [jessie] - xen <not-affected> (only 4.8 and later affected)
        NOTE: https://xenbits.xen.org/xsa/advisory-291.html
-CVE-2019-17344 [xen: missing preemption in x86 PV page table unvalidation]
+CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929996)
        [jessie] - xen <not-affected> (Introduced by ignored fix for 
CVE-2018-3646)
        NOTE: https://xenbits.xen.org/xsa/advisory-290.html
-CVE-2019-17343 [xen: x86: Inconsistent PV IOMMU discipline]
+CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929994)
        NOTE: https://xenbits.xen.org/xsa/advisory-288.html
-CVE-2019-17342 [xen: x86: steal_page violates page_struct access discipline]
+CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #930001)
        NOTE: https://xenbits.xen.org/xsa/advisory-287.html
-CVE-2019-17341 [xen: race with pass-through device hotplug]
+CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV 
guest OS ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929998)
        NOTE: https://xenbits.xen.org/xsa/advisory-285.html
-CVE-2019-17340 [xen: grant table transfer issues on large hosts]
+CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 
guest OS us ...)
        - xen 4.11.1+92-g6c33308a8d-1 (bug #929991)
        [jessie] - xen <ignored> (memory leak on huge memory machines)
        NOTE: https://xenbits.xen.org/xsa/advisory-284.html
@@ -74123,7 +74164,7 @@ CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 
HFv1 assigns authenticated u
        NOT-FOR-US: SolarWinds Serv-U
 CVE-2018-10239 (A privilege escalation vulnerability in the "support access" 
feature o ...)
        NOT-FOR-US: Infoblox NIOS
-CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer 
overflow in B ...)
+CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 
is affec ...)
        NOT-FOR-US: skarg BACnet Protocol Stack
 CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x 
before 2 ...)
        NOT-FOR-US: Google Guava



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0fbd83895b47d98881ef56a9877227f32abc833
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to