Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0b9885be by security tracker role at 2019-01-29T20:10:26Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,49 @@ +CVE-2019-7178 + RESERVED +CVE-2019-7177 + RESERVED +CVE-2019-7176 + RESERVED +CVE-2019-7175 + RESERVED +CVE-2019-7174 + RESERVED +CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...) + TODO: check +CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker ...) + TODO: check +CVE-2019-7171 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...) + TODO: check +CVE-2019-7170 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...) + TODO: check +CVE-2019-7169 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...) + TODO: check +CVE-2019-7168 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...) + TODO: check +CVE-2019-7167 + RESERVED +CVE-2019-7166 + RESERVED +CVE-2019-7165 + RESERVED +CVE-2019-7164 + RESERVED +CVE-2019-7163 + RESERVED +CVE-2019-7162 + RESERVED +CVE-2019-7161 + RESERVED +CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory ...) + TODO: check +CVE-2019-7159 + RESERVED +CVE-2019-7158 + RESERVED +CVE-2019-7157 + RESERVED +CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows ...) + TODO: check CVE-2019-7155 RESERVED CVE-2019-7154 (The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a ...) @@ -7234,6 +7280,7 @@ CVE-2019-3814 RESERVED CVE-2019-3813 [Off-by-one error in array access in spice/server/memslot.c] RESERVED + {DSA-4375-1} - spice <unfixed> (bug #920762) NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371 @@ -7261,14 +7308,12 @@ CVE-2019-3808 - moodle <removed> NOTE: https://moodle.org/mod/forum/discuss.php?d=381228#p1536765 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395 -CVE-2019-3807 [pdns-recursor: DNSSEC validation is not performed for AA responses] - RESERVED +CVE-2019-3807 (An issue has been found in PowerDNS Recursor versions 4.1.x before ...) - pdns-recursor 4.1.9-1 [stretch] - pdns-recursor <not-affected> (Only affects 4.1.x) [jessie] - pdns-recursor <not-affected> (Only affects 4.1.x) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html -CVE-2019-3806 [pdns-recursor: Lua hooks are not called over TCP] - RESERVED +CVE-2019-3806 (An issue has been found in PowerDNS Recursor versions after 4.1.3 ...) - pdns-recursor 4.1.9-1 [stretch] - pdns-recursor <not-affected> (Only affects 4.1.x) [jessie] - pdns-recursor <not-affected> (Only affects 4.1.x) @@ -17903,6 +17948,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This iss NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source, NOTE: see README.Debian.security (added in 5.2.6) CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a ...) + {DLA-1646-1} - qemu 1:3.1+dfsg-1 (bug #914727) - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html @@ -18254,6 +18300,7 @@ CVE-2018-19366 CVE-2018-19365 RESERVED CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while ...) + {DLA-1646-1} - qemu 1:3.1+dfsg-1 (bug #914599) - qemu-kvm <removed> NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed @@ -19479,8 +19526,8 @@ CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program popula NOT-FOR-US: VT-Designer CVE-2018-18986 RESERVED -CVE-2018-18985 - RESERVED +CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior to ...) + TODO: check CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 ...) NOT-FOR-US: Medtronic CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program reading the ...) @@ -22234,6 +22281,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a CVE-2018-17959 RESERVED CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c ...) + {DLA-1646-1} - qemu 1:3.1+dfsg-1 (bug #911499) [stretch] - qemu <postponed> (Minor issue, revisit for later update) - qemu-kvm <removed> @@ -24804,8 +24852,7 @@ CVE-2018-16881 (A denial of service vulnerability was found in rsyslog in the im [jessie] - rsyslog <not-affected> (Vulnerable code introduced in 8.13.1) NOTE: Fixed by: https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2 NOTE: Introduced by: https://github.com/rsyslog/rsyslog/commit/6c52f29d593a27f934a1871d40eed84ebde3f3a6 -CVE-2018-16880 [oob-write in drivers/vhost/net.c:get_rx_bufs()] - RESERVED +CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in the ...) - linux <unfixed> [stretch] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1) [jessie] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1) @@ -41493,8 +41540,7 @@ CVE-2018-10614 (An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 NOT-FOR-US: LeviStudioU CVE-2018-10613 (Multiple variants of XML External Entity (XXE) attacks may be used to ...) NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise -CVE-2018-10612 - RESERVED +CVE-2018-10612 (In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior ...) NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Control V3 Products CVE-2018-10611 (Java remote method invocation (RMI) input port in GE MDS PulseNET and ...) NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise @@ -65930,8 +65976,8 @@ CVE-2018-1978 RESERVED CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...) NOT-FOR-US: IBM -CVE-2018-1976 - RESERVED +CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive ...) + TODO: check CVE-2018-1975 RESERVED CVE-2018-1974 @@ -66416,8 +66462,8 @@ CVE-2018-1735 RESERVED CVE-2018-1734 RESERVED -CVE-2018-1733 - RESERVED +CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled ...) + TODO: check CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized ...) NOT-FOR-US: IBM CVE-2018-1731 @@ -66546,8 +66592,8 @@ CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for Multi-Plat NOT-FOR-US: IBM CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...) NOT-FOR-US: IBM -CVE-2018-1668 - RESERVED +CVE-2018-1668 (IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through ...) + TODO: check CVE-2018-1667 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through ...) NOT-FOR-US: IBM CVE-2018-1666 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b9885bea65536b4be0dbf07fe2cd0e1cdee71f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b9885bea65536b4be0dbf07fe2cd0e1cdee71f3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits