Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: da2b9a05 by security tracker role at 2019-02-01T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,23 @@ +CVE-2019-7307 + RESERVED +CVE-2019-7306 + RESERVED +CVE-2019-7305 + RESERVED +CVE-2019-7304 + RESERVED +CVE-2019-7303 + RESERVED +CVE-2019-7302 + RESERVED +CVE-2019-7301 (Zen Load Balancer 3.10.1 allows remote authenticated admin users to ...) + TODO: check +CVE-2019-7300 (Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary ...) + TODO: check +CVE-2019-7299 + RESERVED +CVE-2017-18361 (In Pylons Colander through 1.6, the URL validator allows an attacker to ...) + TODO: check CVE-2019-7298 (An issue was discovered on D-Link DIR-823G devices with firmware ...) NOT-FOR-US: D-Link CVE-2019-7297 (An issue was discovered on D-Link DIR-823G devices with firmware ...) @@ -673,7 +693,7 @@ CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of - zoneminder <unfixed> (bug #921001) NOTE: https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a NOTE: https://github.com/ZoneMinder/zoneminder/issues/2444 -CVE-2016-10741 [xfs: BUG_ON in __xfs_get_blocks() with xfstests generic/446] +CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...) - linux 4.9.6-1 NOTE: Fixed by: https://git.kernel.org/linus/04197b341f23b908193308b8d63d17ff23232598 CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1 allow remote ...) @@ -1824,6 +1844,7 @@ CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) th CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 ...) NOT-FOR-US: TP-Link CVE-2019-6486 (Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 ...) + {DSA-4380-1 DSA-4379-1} - golang-1.12 1.12~beta2-2 (bug #920548) - golang-1.11 1.11.5-1 - golang-1.10 <removed> @@ -2472,6 +2493,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling - svgpp 1.2.3+dfsg1-5 (bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in ...) + {DLA-1656-1} - agg <unfixed> (bug #919322) - svgpp <unfixed> (bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 @@ -8105,8 +8127,8 @@ CVE-2019-3606 RESERVED CVE-2019-3605 RESERVED -CVE-2019-3604 - RESERVED +CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) ...) + TODO: check CVE-2019-3603 RESERVED CVE-2019-3602 @@ -11879,6 +11901,7 @@ CVE-2019-2539 (Vulnerability in the MySQL Server component of Oracle MySQL ...) CVE-2019-2538 (Vulnerability in the Oracle Managed File Transfer component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2537 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DLA-1655-1} - mysql-5.7 5.7.25-1 (bug #919817) - mariadb-10.3 <unfixed> (bug #920933) - mariadb-10.1 <removed> @@ -11899,6 +11922,7 @@ CVE-2019-2531 (Vulnerability in the MySQL Server component of Oracle MySQL ...) CVE-2019-2530 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <not-affected> (Specific to 8) CVE-2019-2529 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DLA-1655-1} - mysql-5.7 5.7.25-1 (bug #919817) - mariadb-10.1 <removed> - mariadb-10.0 <removed> @@ -19893,8 +19917,8 @@ CVE-2018-19006 RESERVED CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation ...) NOT-FOR-US: Cscape -CVE-2018-19004 - RESERVED +CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds ...) + TODO: check CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to ...) NOT-FOR-US: GE Mark CVE-2018-19002 @@ -19925,8 +19949,8 @@ CVE-2018-18990 RESERVED CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...) NOT-FOR-US: CX-One -CVE-2018-18988 - RESERVED +CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of ...) + TODO: check CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...) NOT-FOR-US: VT-Designer CVE-2018-18986 @@ -26394,36 +26418,36 @@ CVE-2018-16495 RESERVED CVE-2018-16494 RESERVED -CVE-2018-16493 - RESERVED -CVE-2018-16492 - RESERVED -CVE-2018-16491 - RESERVED -CVE-2018-16490 - RESERVED -CVE-2018-16489 - RESERVED +CVE-2018-16493 (A path traversal vulnerability was found in module ...) + TODO: check +CVE-2018-16492 (A prototype pollution vulnerability was found in module extend <2.0.2, ...) + TODO: check +CVE-2018-16491 (A prototype pollution vulnerability was found in node.extend <1.1.7, ...) + TODO: check +CVE-2018-16490 (A prototype pollution vulnerability was found in module mpath <0.5.1 ...) + TODO: check +CVE-2018-16489 (A prototype pollution vulnerability was found in just-extend <4.0.0 ...) + TODO: check CVE-2018-16488 RESERVED -CVE-2018-16487 - RESERVED -CVE-2018-16486 - RESERVED -CVE-2018-16485 - RESERVED -CVE-2018-16484 - RESERVED -CVE-2018-16483 - RESERVED -CVE-2018-16482 - RESERVED -CVE-2018-16481 - RESERVED -CVE-2018-16480 - RESERVED -CVE-2018-16479 - RESERVED +CVE-2018-16487 (A prototype pollution vulnerability was found in lodash <4.17.11 where ...) + TODO: check +CVE-2018-16486 (A prototype pollution vulnerability was found in defaults-deep <=0.2.4 ...) + TODO: check +CVE-2018-16485 (Path Traversal vulnerability in module m-server <1.4.1 allows ...) + TODO: check +CVE-2018-16484 (A XSS vulnerability was found in module m-server <1.4.2 that allows ...) + TODO: check +CVE-2018-16483 (A deficiency in the access control in module express-cart <=1.1.5 ...) + TODO: check +CVE-2018-16482 (A server directory traversal vulnerability was found on node module ...) + TODO: check +CVE-2018-16481 (A XSS vulnerability was found in html-page <=2.1.1 that allows ...) + TODO: check +CVE-2018-16480 (A XSS vulnerability was found in module public <0.1.4 that allows ...) + TODO: check +CVE-2018-16479 (Path traversal vulnerability in http-live-simulator <1.0.7 causes ...) + TODO: check CVE-2018-16478 (A Path Traversal in simplehttpserver versions <=0.2.1 allows to list ...) NOT-FOR-US: simplehttpserver CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud ...) @@ -26456,7 +26480,7 @@ CVE-2018-16470 (There is a possible DoS vulnerability in the multipart parser in - ruby-rack <not-affected> (Only affects >= 2.0.4) NOTE: Introduced by: https://github.com/rack/rack/commit/c43217a81917de03aa6ceb1aa485ae69b8bb4598 (2.0.4) NOTE: Fixed by: https://github.com/rack/rack/commit/37c1160b2360074d20858792f23a7eb3afeabebd (2.0.6) -CVE-2018-16469 (The merge.recursive function in the merge package v <1.2 can be ...) +CVE-2018-16469 (The merge.recursive function in the merge package <1.2.1 can be ...) NOT-FOR-US: merge package v CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ...) {DSA-4364-1} @@ -28617,8 +28641,8 @@ CVE-2018-15619 RESERVED CVE-2018-15618 RESERVED -CVE-2018-15617 - RESERVED +CVE-2018-15617 (A vulnerability in the "capro" (Call Processor) process component of ...) + TODO: check CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System Platform ...) NOT-FOR-US: Avaya Aura System Platform CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management ...) @@ -51247,7 +51271,7 @@ CVE-2018-7189 CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an ...) NOT-FOR-US: Tiki CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure ...) - {DLA-1294-1} + {DSA-4380-1 DSA-4379-1 DLA-1294-1} - golang-1.10 1.10.1-1 - golang-1.9 <removed> (bug #895663) - golang-1.8 <removed> (bug #895664) @@ -53081,6 +53105,7 @@ CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id .. CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for ...) NOT-FOR-US: JEXTN Membership component for Joomla! CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before ...) + {DSA-4380-1} - golang-1.10 1.10~rc2-1 - golang-1.9 1.9.4-1 - golang-1.8 <removed> @@ -56587,8 +56612,8 @@ CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 NOT-FOR-US: F5 BIG-IP CVE-2018-5499 RESERVED -CVE-2018-5498 - RESERVED +CVE-2018-5498 (Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a ...) + TODO: check CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are ...) NOT-FOR-US: Clustered Data ONTAP CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...) @@ -71106,8 +71131,8 @@ CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appl NOT-FOR-US: Q'center Virtual Appliance CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...) NOT-FOR-US: Q'center Virtual Appliance -CVE-2018-0722 - RESERVED +CVE-2018-0722 (Path Traversal vulnerability in Photo Station versions: 5.7.2 and ...) + TODO: check CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and ...) NOT-FOR-US: QNAP QTS CVE-2018-0720 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2b9a0574e2055e95cb410162c0e3d6f652ed48 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da2b9a0574e2055e95cb410162c0e3d6f652ed48 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits