[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 5 21:10:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca824502 by security tracker role at 2019-04-05T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-10893
+	RESERVED
+CVE-2019-10892
+	RESERVED
+CVE-2019-10891
+	RESERVED
+CVE-2019-10890
+	RESERVED
+CVE-2019-10889
+	RESERVED
+CVE-2019-10888 (A CSRF Issue that can add an admin user was discovered in UKcms v1.1.1 ...)
+	TODO: check
+CVE-2019-10887 (A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) de ...)
+	TODO: check
+CVE-2019-10886
+	RESERVED
+CVE-2019-10885 (An issue was discovered in Ivanti Workspace Control before 10.3.90.0.  ...)
+	TODO: check
+CVE-2019-10884 (Uniqkey Password Manager 1.14 contains a vulnerability because it fail ...)
+	TODO: check
+CVE-2019-10883
+	RESERVED
+CVE-2019-10882
+	RESERVED
+CVE-2019-10881
+	RESERVED
+CVE-2019-10880
+	RESERVED
+CVE-2018-20816 (An XSS combined with CSRF vulnerability discovered in SalesAgility Sui ...)
+	TODO: check
 CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...)
 	- teeworlds <unfixed>
 	NOTE: https://github.com/teeworlds/teeworlds/issues/2070
@@ -15,8 +45,8 @@ CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7,
 	- neutron <unfixed>
 	NOTE: https://bugs.launchpad.net/ossa/+bug/1813007
 	NOTE: https://review.openstack.org/#/q/topic:bug/1813007 
-CVE-2019-10875
-	RESERVED
+CVE-2019-10875 (A URL spoofing vulnerability was found in all international versions o ...)
+	TODO: check
 CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
@@ -929,10 +959,10 @@ CVE-2019-10481
 	RESERVED
 CVE-2019-10480
 	RESERVED
-CVE-2019-10479
-	RESERVED
-CVE-2019-10478
-	RESERVED
+CVE-2019-10479 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...)
+	TODO: check
+CVE-2019-10478 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...)
+	TODO: check
 CVE-2019-10477 (The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 fo ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2019-10476
@@ -11058,16 +11088,16 @@ CVE-2019-6556
 	RESERVED
 CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
 	NOT-FOR-US: Cscape
-CVE-2019-6554
-	RESERVED
+CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...)
+	TODO: check
 CVE-2019-6553 (A vulnerability was found in Rockwell Automation RSLinx Classic versio ...)
 	TODO: check
-CVE-2019-6552
-	RESERVED
+CVE-2019-6552 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command  ...)
+	TODO: check
 CVE-2019-6551 (Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior al ...)
 	NOT-FOR-US: Pangea Communications Internet FAX ATA
-CVE-2019-6550
-	RESERVED
+CVE-2019-6550 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-ba ...)
+	TODO: check
 CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a XML file ...)
 	NOT-FOR-US: PR100088 Modbus
 CVE-2019-6548
@@ -11155,7 +11185,7 @@ CVE-2019-6508 (An issue was discovered in creditease-sec insight through 2018-09
 	NOT-FOR-US: creditease-sec
 CVE-2019-6507 (An issue was discovered in creditease-sec insight through 2018-09-11.  ...)
 	NOT-FOR-US: creditease-sec
-CVE-2019-6506 (SalesAgility SuiteCRM 7.11.0 allows SQL Injection. ...)
+CVE-2019-6506 (SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x be ...)
 	NOT-FOR-US: SalesAgility SuiteCRM
 CVE-2019-6505
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca824502ee38e7d8c3f4738835c3e5d7af82deb5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca824502ee38e7d8c3f4738835c3e5d7af82deb5
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190405/a8806870/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list