Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8d6b76ec by security tracker role at 2019-01-30T08:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,81 @@ +CVE-2019-7215 + RESERVED +CVE-2019-7214 + RESERVED +CVE-2019-7213 + RESERVED +CVE-2019-7212 + RESERVED +CVE-2019-7211 + RESERVED +CVE-2019-7210 + RESERVED +CVE-2019-7209 + RESERVED +CVE-2019-7208 + RESERVED +CVE-2019-7207 + RESERVED +CVE-2019-7206 + RESERVED +CVE-2019-7205 + RESERVED +CVE-2019-7204 + RESERVED +CVE-2019-7203 + RESERVED +CVE-2019-7202 + RESERVED +CVE-2019-7201 + RESERVED +CVE-2019-7200 + RESERVED +CVE-2019-7199 + RESERVED +CVE-2019-7198 + RESERVED +CVE-2019-7197 + RESERVED +CVE-2019-7196 + RESERVED +CVE-2019-7195 + RESERVED +CVE-2019-7194 + RESERVED +CVE-2019-7193 + RESERVED +CVE-2019-7192 + RESERVED +CVE-2019-7191 + RESERVED +CVE-2019-7190 + RESERVED +CVE-2019-7189 + RESERVED +CVE-2019-7188 + RESERVED +CVE-2019-7187 + RESERVED +CVE-2019-7186 + RESERVED +CVE-2019-7185 + RESERVED +CVE-2019-7184 + RESERVED +CVE-2019-7183 + RESERVED +CVE-2019-7182 + RESERVED +CVE-2019-7181 + RESERVED +CVE-2019-7180 + RESERVED +CVE-2019-7179 + RESERVED +CVE-2018-20747 + RESERVED +CVE-2018-20746 + RESERVED CVE-2019-7178 RESERVED CVE-2019-7177 @@ -11637,6 +11715,7 @@ CVE-2019-2504 (Vulnerability in the Oracle VM VirtualBox component of Oracle ... - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) CVE-2019-2503 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DLA-1570-1} - mysql-5.7 5.7.25-1 (bug #919817) - mariadb-10.0 <removed> NOTE: Fixed in MariaDB: 10.0.37 @@ -14374,8 +14453,8 @@ CVE-2018-19860 RESERVED CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a relative ...) NOT-FOR-US: OpenRefine -CVE-2018-19858 - RESERVED +CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack ...) + TODO: check CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player ...) {DSA-4366-1} - vlc 3.0.4-4 (bug #915760) @@ -14578,8 +14657,8 @@ CVE-2018-19784 (The str_rot_pass function in ...) NOT-FOR-US: PHP-Proxy CVE-2018-19783 RESERVED -CVE-2018-19782 - RESERVED +CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET requests in ...) + TODO: check CVE-2018-19781 RESERVED CVE-2018-19780 @@ -18137,8 +18216,8 @@ CVE-2018-19442 RESERVED CVE-2018-19441 RESERVED -CVE-2018-19440 - RESERVED +CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...) + TODO: check CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global ...) NOT-FOR-US: Oracle CVE-2018-19438 @@ -19794,8 +19873,8 @@ CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory lea NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654 CVE-2018-18896 RESERVED -CVE-2018-18895 - RESERVED +CVE-2018-18895 (A version of Castor XML, as used in Cisco WebEx Meetings Server before ...) + TODO: check CVE-2018-18894 RESERVED CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to ...) @@ -23614,8 +23693,8 @@ CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...) - hdf5 <undetermined> NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode -CVE-2018-17431 - RESERVED +CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote ...) + TODO: check CVE-2018-17430 RESERVED CVE-2018-17429 @@ -24150,6 +24229,7 @@ CVE-2018-17200 RESERVED CVE-2018-17199 [mod_session_cookie does not respect expiry time] RESERVED + {DLA-1647-1} - apache2 2.4.38-1 (bug #920303) NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3 NOTE: 2.4.x http://svn.apache.org/r1851409 @@ -29413,8 +29493,8 @@ CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ...) NOT-FOR-US: Ericsson-LG iPECS NMS 30M CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...) NOT-FOR-US: CeLa Link CLR-M20 devices -CVE-2018-15136 - RESERVED +CVE-2018-15136 (TitanHQ SpamTitan before 7.01 has Improper input validation. This ...) + TODO: check CVE-2018-15135 RESERVED CVE-2018-15134 @@ -35843,12 +35923,12 @@ CVE-2018-12613 (An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in whi NOTE: https://www.phpmyadmin.net/security/PMASA-2018-4/ CVE-2018-12612 RESERVED -CVE-2018-12611 - RESERVED -CVE-2018-12610 - RESERVED -CVE-2018-12609 - RESERVED +CVE-2018-12611 (OX App Suite 7.8.4 and earlier allows Directory Traversal. ...) + TODO: check +CVE-2018-12610 (OX App Suite 7.8.4 and earlier allows Information Exposure. ...) + TODO: check +CVE-2018-12609 (OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. ...) + TODO: check CVE-2018-12608 (An issue was discovered in Docker Moby before 17.06.0. The Docker ...) - docker.io 18.03.1+dfsg1-2 NOTE: https://github.com/moby/moby/pull/33182 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d6b76ec18f7a128cce70002a2d4717b0678e311 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d6b76ec18f7a128cce70002a2d4717b0678e311 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits