Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b9885be by security tracker role at 2019-01-29T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-7178
+ RESERVED
+CVE-2019-7177
+ RESERVED
+CVE-2019-7176
+ RESERVED
+CVE-2019-7175
+ RESERVED
+CVE-2019-7174
+ RESERVED
+CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
+ TODO: check
+CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an
attacker ...)
+ TODO: check
+CVE-2019-7171 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
+ TODO: check
+CVE-2019-7170 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
+ TODO: check
+CVE-2019-7169 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
+ TODO: check
+CVE-2019-7168 (A stored-self XSS exists in Croogo through v3.0.5, allowing an
attacker ...)
+ TODO: check
+CVE-2019-7167
+ RESERVED
+CVE-2019-7166
+ RESERVED
+CVE-2019-7165
+ RESERVED
+CVE-2019-7164
+ RESERVED
+CVE-2019-7163
+ RESERVED
+CVE-2019-7162
+ RESERVED
+CVE-2019-7161
+ RESERVED
+CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../
Directory ...)
+ TODO: check
+CVE-2019-7159
+ RESERVED
+CVE-2019-7158
+ RESERVED
+CVE-2019-7157
+ RESERVED
+CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c
allows ...)
+ TODO: check
CVE-2019-7155
RESERVED
CVE-2019-7154 (The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has
a ...)
@@ -7234,6 +7280,7 @@ CVE-2019-3814
RESERVED
CVE-2019-3813 [Off-by-one error in array access in spice/server/memslot.c]
RESERVED
+ {DSA-4375-1}
- spice <unfixed> (bug #920762)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371
@@ -7261,14 +7308,12 @@ CVE-2019-3808
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=381228#p1536765
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395
-CVE-2019-3807 [pdns-recursor: DNSSEC validation is not performed for AA
responses]
- RESERVED
+CVE-2019-3807 (An issue has been found in PowerDNS Recursor versions 4.1.x
before ...)
- pdns-recursor 4.1.9-1
[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
-CVE-2019-3806 [pdns-recursor: Lua hooks are not called over TCP]
- RESERVED
+CVE-2019-3806 (An issue has been found in PowerDNS Recursor versions after
4.1.3 ...)
- pdns-recursor 4.1.9-1
[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
@@ -17903,6 +17948,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c
in Gnuplot 5.2.5. This iss
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to come from a trusted source,
NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to
cause a ...)
+ {DLA-1646-1}
- qemu 1:3.1+dfsg-1 (bug #914727)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
@@ -18254,6 +18300,7 @@ CVE-2018-19366
CVE-2018-19365
RESERVED
CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid
path while ...)
+ {DLA-1646-1}
- qemu 1:3.1+dfsg-1 (bug #914599)
- qemu-kvm <removed>
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
@@ -19479,8 +19526,8 @@ CVE-2018-18987 (VT-Designer Version 2.1.7.31 is
vulnerable by the program popula
NOT-FOR-US: VT-Designer
CVE-2018-18986
RESERVED
-CVE-2018-18985
- RESERVED
+CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior
to ...)
+ TODO: check
CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer
29901 ...)
NOT-FOR-US: Medtronic
CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program
reading the ...)
@@ -22234,6 +22281,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows
user-assisted XSS involving a
CVE-2018-17959
RESERVED
CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in
hw/net/rtl8139.c ...)
+ {DLA-1646-1}
- qemu 1:3.1+dfsg-1 (bug #911499)
[stretch] - qemu <postponed> (Minor issue, revisit for later update)
- qemu-kvm <removed>
@@ -24804,8 +24852,7 @@ CVE-2018-16881 (A denial of service vulnerability was
found in rsyslog in the im
[jessie] - rsyslog <not-affected> (Vulnerable code introduced in 8.13.1)
NOTE: Fixed by:
https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2
NOTE: Introduced by:
https://github.com/rsyslog/rsyslog/commit/6c52f29d593a27f934a1871d40eed84ebde3f3a6
-CVE-2018-16880 [oob-write in drivers/vhost/net.c:get_rx_bufs()]
- RESERVED
+CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in
the ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code introduced in
4.16-rc1)
[jessie] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)
@@ -41493,8 +41540,7 @@ CVE-2018-10614 (An XXE vulnerability in LeviStudioU,
Versions 1.8.29 and 1.8.44
NOT-FOR-US: LeviStudioU
CVE-2018-10613 (Multiple variants of XML External Entity (XXE) attacks may be
used to ...)
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
-CVE-2018-10612
- RESERVED
+CVE-2018-10612 (In 3S-Smart Software Solutions GmbH CODESYS Control V3
products prior ...)
NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Control V3 Products
CVE-2018-10611 (Java remote method invocation (RMI) input port in GE MDS
PulseNET and ...)
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
@@ -65930,8 +65976,8 @@ CVE-2018-1978
RESERVED
CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect
Server) ...)
NOT-FOR-US: IBM
-CVE-2018-1976
- RESERVED
+CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by
sensitive ...)
+ TODO: check
CVE-2018-1975
RESERVED
CVE-2018-1974
@@ -66416,8 +66462,8 @@ CVE-2018-1735
RESERVED
CVE-2018-1734
RESERVED
-CVE-2018-1733
- RESERVED
+CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter
user-controlled ...)
+ TODO: check
CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to
unauthorized ...)
NOT-FOR-US: IBM
CVE-2018-1731
@@ -66546,8 +66592,8 @@ CVE-2018-1670 (IBM Financial Transaction Manager for
ACH Services for Multi-Plat
NOT-FOR-US: IBM
CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21,
7.5.0.0 ...)
NOT-FOR-US: IBM
-CVE-2018-1668
- RESERVED
+CVE-2018-1668 (IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through
...)
+ TODO: check
CVE-2018-1667 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through
...)
NOT-FOR-US: IBM
CVE-2018-1666
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b9885bea65536b4be0dbf07fe2cd0e1cdee71f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b9885bea65536b4be0dbf07fe2cd0e1cdee71f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
