[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 18 21:10:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0cdc2cad by security tracker role at 2019-04-18T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2019-11322 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...)
+ TODO: check
+CVE-2019-11321 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router o ...)
+ TODO: check
+CVE-2019-11320 (In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_ ...)
+ TODO: check
+CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...)
+ TODO: check
+CVE-2019-11318
+ RESERVED
+CVE-2019-11317
+ RESERVED
+CVE-2019-11316
+ RESERVED
+CVE-2019-11315
+ RESERVED
+CVE-2019-11314
+ RESERVED
+CVE-2019-11313
+ RESERVED
+CVE-2019-11312
+ RESERVED
+CVE-2019-11311
+ RESERVED
+CVE-2019-11310
+ RESERVED
+CVE-2019-11309
+ RESERVED
+CVE-2019-11308
+ RESERVED
+CVE-2019-11307
+ RESERVED
+CVE-2019-11306
+ RESERVED
+CVE-2019-11305
+ RESERVED
+CVE-2019-11304
+ RESERVED
+CVE-2019-11303
+ RESERVED
+CVE-2019-11302
+ RESERVED
+CVE-2019-11301
+ RESERVED
+CVE-2019-11300
+ RESERVED
+CVE-2019-11299
+ RESERVED
+CVE-2019-11298
+ RESERVED
+CVE-2019-11297
+ RESERVED
+CVE-2019-11296
+ RESERVED
+CVE-2019-11295
+ RESERVED
+CVE-2019-11294
+ RESERVED
+CVE-2019-11293
+ RESERVED
+CVE-2019-11292
+ RESERVED
+CVE-2019-11291
+ RESERVED
+CVE-2019-11290
+ RESERVED
+CVE-2019-11289
+ RESERVED
+CVE-2019-11288
+ RESERVED
+CVE-2019-11287
+ RESERVED
+CVE-2019-11286
+ RESERVED
+CVE-2019-11285
+ RESERVED
+CVE-2019-11284
+ RESERVED
+CVE-2019-11283
+ RESERVED
+CVE-2019-11282
+ RESERVED
+CVE-2019-11281
+ RESERVED
+CVE-2019-11280
+ RESERVED
+CVE-2019-11279
+ RESERVED
+CVE-2019-11278
+ RESERVED
+CVE-2019-11277
+ RESERVED
+CVE-2019-11276
+ RESERVED
+CVE-2019-11275
+ RESERVED
+CVE-2019-11274
+ RESERVED
+CVE-2019-11273
+ RESERVED
+CVE-2019-11272
+ RESERVED
+CVE-2019-11271
+ RESERVED
+CVE-2019-11270
+ RESERVED
+CVE-2019-11269
+ RESERVED
+CVE-2019-11268
+ RESERVED
CVE-2019-XXXX [Cross Site Scripting - SA-CORE-2019-006 / Object.prototype pollution in jQuery]
- drupal7 <removed> (bug #927330)
- jquery <unfixed> (bug #927385)
@@ -100,8 +210,8 @@ CVE-2019-11225
RESERVED
CVE-2019-11224
RESERVED
-CVE-2019-11223
- RESERVED
+CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy plugin t ...)
+ TODO: check
CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
NOT-FOR-US: Subrion CMS
CVE-2019-11222 (gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overfl ...)
@@ -390,8 +500,8 @@ CVE-2019-11086
RESERVED
CVE-2019-11085
RESERVED
-CVE-2019-11084
- RESERVED
+CVE-2019-11084 (GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and disc ...)
+ TODO: check
CVE-2019-11083
RESERVED
CVE-2019-11082
@@ -517,15 +627,13 @@ CVE-2019-11037
RESERVED
CVE-2019-11036
RESERVED
-CVE-2019-11035 [Heap-buffer-overflow in exif_iif_add_value in EXIF]
- RESERVED
+CVE-2019-11035 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
- php7.3 7.3.4-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77831
-CVE-2019-11034 [Heap-buffer-overflow in php_ifd_get32s]
- RESERVED
+CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
- php7.3 7.3.4-1
- php7.0 <removed>
- php5 <removed>
@@ -575,8 +683,8 @@ CVE-2019-11019
RESERVED
CVE-2019-11018 (application\admin\controller\User.php in ThinkAdmin V4.0 does not prev ...)
NOT-FOR-US: ThinkAdmin
-CVE-2019-11017
- RESERVED
+CVE-2019-11017 (On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vu ...)
+ TODO: check
CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. ...)
NOT-FOR-US: Elgg
CVE-2019-11015
@@ -2244,20 +2352,20 @@ CVE-2019-10308
RESERVED
CVE-2019-10307
RESERVED
-CVE-2019-10306
- RESERVED
-CVE-2019-10305
- RESERVED
-CVE-2019-10304
- RESERVED
-CVE-2019-10303
- RESERVED
-CVE-2019-10302
- RESERVED
-CVE-2019-10301
- RESERVED
-CVE-2019-10300
- RESERVED
+CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earli ...)
+ TODO: check
+CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in th ...)
+ TODO: check
+CVE-2019-10304 (A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Dep ...)
+ TODO: check
+CVE-2019-10303 (Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier sto ...)
+ TODO: check
+CVE-2019-10302 (Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted ...)
+ TODO: check
+CVE-2019-10301 (A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier ...)
+ TODO: check
+CVE-2019-10300 (A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1. ...)
+ TODO: check
CVE-2019-10299 (Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in ...)
NOT-FOR-US: Jenkins CloudCoreo DeployTime Plugin
CVE-2019-10298 (Jenkins Koji Plugin stores credentials unencrypted in its global confi ...)
@@ -6333,8 +6441,8 @@ CVE-2019-9007
RESERVED
CVE-2019-9006
RESERVED
-CVE-2019-9005
- RESERVED
+CVE-2019-9005 (The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows D ...)
+ TODO: check
CVE-2019-9004 (In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13 ...)
NOT-FOR-US: Eclipse Wakaama
CVE-2019-9003 (In the Linux kernel before 4.20.5, attackers can trigger a drivers/cha ...)
@@ -6348,8 +6456,8 @@ CVE-2019-9001
RESERVED
CVE-2019-9000
RESERVED
-CVE-2019-8999
- RESERVED
+CVE-2019-8999 (An XML External Entity vulnerability in the UEM Core of BlackBerry UEM ...)
+ TODO: check
CVE-2019-8998
RESERVED
CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...)
@@ -12020,7 +12128,7 @@ CVE-2019-6612
RESERVED
CVE-2019-6611
RESERVED
-CVE-2019-6610 (On versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11 ...)
+CVE-2019-6610 (On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6609 (Platform dependent weakness. This issue only impacts iSeries platforms ...)
NOT-FOR-US: BIG-IP APM
@@ -18155,7 +18263,7 @@ CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
NOTE: Fixed by: https://git.kernel.org/linus/c73f4c998e1fd4249b9edfa39e23f4fda2b9b041
-CVE-2016-10746 [Similar issue than CVE-2019-3886 but for virDomainGetTime API calls]
+CVE-2016-10746 (libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...)
- libvirt 1.3.1-1
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=506e9d6c2d4baaf580d489fff0690c0ff2ff588f (v1.3.1-rc1)
CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...)
@@ -18168,8 +18276,7 @@ CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 an
NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=25736a4c7ed50c101b4f87935f350f1a39a89f6e (v4.8.0-rc1)
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=2a07c990bd9143d7a0fe8d1b6b7c763c52185240
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=ae076bb40e0e150aef41361b64001138d04d6c60
-CVE-2019-3885 [Information disclosure through use-after-free]
- RESERVED
+CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and including versi ...)
- pacemaker <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
CVE-2019-3884
@@ -20628,8 +20735,8 @@ CVE-2019-3400
RESERVED
CVE-2019-3399
RESERVED
-CVE-2019-3398
- RESERVED
+CVE-2019-3398 (Confluence Server and Data Center had a path traversal vulnerability i ...)
+ TODO: check
CVE-2019-3397
RESERVED
CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before versi ...)
@@ -20849,8 +20956,8 @@ CVE-2018-20202
RESERVED
CVE-2018-20201 (There is a stack-based buffer over-read in the jsfNameFromString funct ...)
NOT-FOR-US: Espruino 2V00
-CVE-2018-20200
- RESERVED
+CVE-2018-20200 (CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the- ...)
+ TODO: check
CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
- faad2 <unfixed> (low)
[buster] - faad2 <no-dsa> (Minor issue)
@@ -30501,7 +30608,7 @@ CVE-2018-19219 (In LibSass 3.5-stable, there is an illegal address access at Sas
CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sass::Par ...)
- libsass <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
-CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the function _n ...)
+CVE-2018-19217 (** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL poi ...)
- ncurses <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
NOTE: nobody was able to reproduce it for now
@@ -32542,7 +32649,7 @@ CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0,
NOT-FOR-US: AXIOS
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the console/acco ...)
NOT-FOR-US: JTBC(PHP)
-CVE-2018-18435 (KioWare Server 4.9.6 allows local users to gain privileges by replacin ...)
+CVE-2018-18435 (KioWare Server version 4.9.6 and older installs by default to "C:\kiow ...)
NOT-FOR-US: KioWare Server
CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file download is ...)
NOT-FOR-US: litemall
@@ -35512,12 +35619,12 @@ CVE-2018-17291
RESERVED
CVE-2018-17290
RESERVED
-CVE-2018-17289
- RESERVED
-CVE-2018-17288
- RESERVED
-CVE-2018-17287
- RESERVED
+CVE-2018-17289 (An XML external entity (XXE) vulnerability in Kofax Front Office Serve ...)
+ TODO: check
+CVE-2018-17288 (Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client an ...)
+ TODO: check
+CVE-2018-17287 (In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, s ...)
+ TODO: check
CVE-2018-17286
RESERVED
CVE-2018-17285
@@ -35836,8 +35943,8 @@ CVE-2018-17170
RESERVED
CVE-2018-17169
RESERVED
-CVE-2018-17168
- RESERVED
+CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
+ TODO: check
CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17166
@@ -36556,12 +36663,10 @@ CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in t
NOTE: https://www.openwall.com/lists/oss-security/2019/01/25/1
CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
NOT-FOR-US: Ansible Tower
-CVE-2018-16878 [Insufficient verification inflicted preference of uncontrolled processes can lead to DoS]
- RESERVED
+CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...)
- pacemaker <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
-CVE-2018-16877 [Insufficient local IPC client-server authentication on the client's side can lead to local privesc]
- RESERVED
+CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...)
- pacemaker <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a infor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cdc2cad6090b8e88474192b5c11ff701526a092
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cdc2cad6090b8e88474192b5c11ff701526a092
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190418/32976750/attachment.html>
More information about the debian-security-tracker-commits
mailing list