Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8f6fc2ed by security tracker role at 2019-02-08T08:10:13Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,17 @@ +CVE-2019-7634 + RESERVED +CVE-2019-7633 + RESERVED +CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow ...) + TODO: check +CVE-2019-7631 + RESERVED +CVE-2019-7630 + RESERVED +CVE-2019-7629 + RESERVED +CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail ...) + TODO: check CVE-2019-7627 RESERVED CVE-2019-7626 @@ -544,8 +558,8 @@ CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attack NOT-FOR-US: PHPMyWind CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in ...) NOT-FOR-US: PHPMyWind -CVE-2019-7401 - RESERVED +CVE-2019-7401 (NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based ...) + TODO: check CVE-2017-1000000 RESERVED CVE-2014-1000000 @@ -3417,8 +3431,8 @@ CVE-2019-6244 (An issue was discovered in UsualToolCMS 8.0. ...) NOT-FOR-US: UsualToolCMS CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot password page (aka the ...) NOT-FOR-US: Frog CMS -CVE-2019-6242 - RESERVED +CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read ...) + TODO: check CVE-2019-6241 RESERVED CVE-2019-6240 [Arbitrary repo read in Gitlab project import] @@ -3629,8 +3643,8 @@ CVE-2019-6141 RESERVED CVE-2019-6140 RESERVED -CVE-2019-6139 - RESERVED +CVE-2019-6139 (Forcepoint User ID (FUID) server versions up to 1.2 have a remote ...) + TODO: check CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and ...) NOT-FOR-US: libIEC61850 CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in ...) @@ -15211,28 +15225,28 @@ CVE-2019-1682 RESERVED CVE-2019-1681 RESERVED -CVE-2019-1680 - RESERVED -CVE-2019-1679 - RESERVED -CVE-2019-1678 - RESERVED +CVE-2019-1680 (A vulnerability in Cisco Webex Business Suite could allow an ...) + TODO: check +CVE-2019-1679 (A vulnerability in the web interface of Cisco TelePresence Conductor, ...) + TODO: check +CVE-2019-1678 (A vulnerability in Cisco Meeting Server could allow an authenticated, ...) + TODO: check CVE-2019-1677 (A vulnerability in Cisco Webex Meetings for Android could allow an ...) TODO: check CVE-2019-1676 RESERVED -CVE-2019-1675 - RESERVED +CVE-2019-1675 (A vulnerability in the default configuration of the Cisco Aironet ...) + TODO: check CVE-2019-1674 RESERVED CVE-2019-1673 RESERVED CVE-2019-1672 RESERVED -CVE-2019-1671 - RESERVED -CVE-2019-1670 - RESERVED +CVE-2019-1671 (A vulnerability in the web-based management interface of Cisco ...) + TODO: check +CVE-2019-1670 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check CVE-2019-1669 (A vulnerability in the data acquisition (DAQ) component of Cisco ...) NOT-FOR-US: Cisco CVE-2019-1668 (A vulnerability in the chat feed feature of Cisco SocialMiner could ...) @@ -15249,10 +15263,10 @@ CVE-2019-1663 RESERVED CVE-2019-1662 RESERVED -CVE-2019-1661 - RESERVED -CVE-2019-1660 - RESERVED +CVE-2019-1661 (A vulnerability in the web-based management interface of Cisco ...) + TODO: check +CVE-2019-1660 (A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco ...) + TODO: check CVE-2019-1659 RESERVED CVE-2019-1658 (A vulnerability in the web-based management interface of Cisco Unified ...) @@ -63140,7 +63154,7 @@ CVE-2017-17836 (In Apache Airflow 1.8.2 and earlier, an experimental Airflow fea CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for ...) NOT-FOR-US: Apache Airflow CVE-2017-17834 - RESERVED + REJECTED CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a ...) {DLA-1364-1} - openslp-dfsg <removed> (low) @@ -69377,8 +69391,7 @@ CVE-2017-17461 REJECTED CVE-2017-17460 RESERVED -CVE-2018-1340 [Secure flag missing from session cookie] - RESERVED +CVE-2018-1340 (Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage ...) - guacamole-client <unfixed> (bug #920796) [jessie] - guacamole-client <not-affected> (Vulnerable code not present) - guacamole <removed> @@ -69562,8 +69575,7 @@ CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x a [wheezy] - jakarta-jmeter <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039 -CVE-2018-1296 - RESERVED +CVE-2018-1296 (In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and ...) - hadoop <itp> (bug #793644) CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism does not ...) NOT-FOR-US: Apache Ignite View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f6fc2ed21cfd2504962d43bd0d649d72e9c98ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f6fc2ed21cfd2504962d43bd0d649d72e9c98ed You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits