[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Apr 18 21:10:28 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0cdc2cad by security tracker role at 2019-04-18T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2019-11322 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...)
+	TODO: check
+CVE-2019-11321 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router o ...)
+	TODO: check
+CVE-2019-11320 (In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_ ...)
+	TODO: check
+CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...)
+	TODO: check
+CVE-2019-11318
+	RESERVED
+CVE-2019-11317
+	RESERVED
+CVE-2019-11316
+	RESERVED
+CVE-2019-11315
+	RESERVED
+CVE-2019-11314
+	RESERVED
+CVE-2019-11313
+	RESERVED
+CVE-2019-11312
+	RESERVED
+CVE-2019-11311
+	RESERVED
+CVE-2019-11310
+	RESERVED
+CVE-2019-11309
+	RESERVED
+CVE-2019-11308
+	RESERVED
+CVE-2019-11307
+	RESERVED
+CVE-2019-11306
+	RESERVED
+CVE-2019-11305
+	RESERVED
+CVE-2019-11304
+	RESERVED
+CVE-2019-11303
+	RESERVED
+CVE-2019-11302
+	RESERVED
+CVE-2019-11301
+	RESERVED
+CVE-2019-11300
+	RESERVED
+CVE-2019-11299
+	RESERVED
+CVE-2019-11298
+	RESERVED
+CVE-2019-11297
+	RESERVED
+CVE-2019-11296
+	RESERVED
+CVE-2019-11295
+	RESERVED
+CVE-2019-11294
+	RESERVED
+CVE-2019-11293
+	RESERVED
+CVE-2019-11292
+	RESERVED
+CVE-2019-11291
+	RESERVED
+CVE-2019-11290
+	RESERVED
+CVE-2019-11289
+	RESERVED
+CVE-2019-11288
+	RESERVED
+CVE-2019-11287
+	RESERVED
+CVE-2019-11286
+	RESERVED
+CVE-2019-11285
+	RESERVED
+CVE-2019-11284
+	RESERVED
+CVE-2019-11283
+	RESERVED
+CVE-2019-11282
+	RESERVED
+CVE-2019-11281
+	RESERVED
+CVE-2019-11280
+	RESERVED
+CVE-2019-11279
+	RESERVED
+CVE-2019-11278
+	RESERVED
+CVE-2019-11277
+	RESERVED
+CVE-2019-11276
+	RESERVED
+CVE-2019-11275
+	RESERVED
+CVE-2019-11274
+	RESERVED
+CVE-2019-11273
+	RESERVED
+CVE-2019-11272
+	RESERVED
+CVE-2019-11271
+	RESERVED
+CVE-2019-11270
+	RESERVED
+CVE-2019-11269
+	RESERVED
+CVE-2019-11268
+	RESERVED
 CVE-2019-XXXX [Cross Site Scripting - SA-CORE-2019-006 / Object.prototype pollution in jQuery]
 	- drupal7 <removed> (bug #927330)
 	- jquery <unfixed> (bug #927385)
@@ -100,8 +210,8 @@ CVE-2019-11225
 	RESERVED
 CVE-2019-11224
 	RESERVED
-CVE-2019-11223
-	RESERVED
+CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy plugin t ...)
+	TODO: check
 CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2019-11222 (gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overfl ...)
@@ -390,8 +500,8 @@ CVE-2019-11086
 	RESERVED
 CVE-2019-11085
 	RESERVED
-CVE-2019-11084
-	RESERVED
+CVE-2019-11084 (GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and disc ...)
+	TODO: check
 CVE-2019-11083
 	RESERVED
 CVE-2019-11082
@@ -517,15 +627,13 @@ CVE-2019-11037
 	RESERVED
 CVE-2019-11036
 	RESERVED
-CVE-2019-11035 [Heap-buffer-overflow in exif_iif_add_value in EXIF]
-	RESERVED
+CVE-2019-11035 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
 	- php7.3 7.3.4-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77831
-CVE-2019-11034 [Heap-buffer-overflow in php_ifd_get32s]
-	RESERVED
+CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
 	- php7.3 7.3.4-1
 	- php7.0 <removed>
 	- php5 <removed>
@@ -575,8 +683,8 @@ CVE-2019-11019
 	RESERVED
 CVE-2019-11018 (application\admin\controller\User.php in ThinkAdmin V4.0 does not prev ...)
 	NOT-FOR-US: ThinkAdmin
-CVE-2019-11017
-	RESERVED
+CVE-2019-11017 (On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vu ...)
+	TODO: check
 CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. ...)
 	NOT-FOR-US: Elgg
 CVE-2019-11015
@@ -2244,20 +2352,20 @@ CVE-2019-10308
 	RESERVED
 CVE-2019-10307
 	RESERVED
-CVE-2019-10306
-	RESERVED
-CVE-2019-10305
-	RESERVED
-CVE-2019-10304
-	RESERVED
-CVE-2019-10303
-	RESERVED
-CVE-2019-10302
-	RESERVED
-CVE-2019-10301
-	RESERVED
-CVE-2019-10300
-	RESERVED
+CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earli ...)
+	TODO: check
+CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in th ...)
+	TODO: check
+CVE-2019-10304 (A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Dep ...)
+	TODO: check
+CVE-2019-10303 (Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier sto ...)
+	TODO: check
+CVE-2019-10302 (Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted ...)
+	TODO: check
+CVE-2019-10301 (A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier ...)
+	TODO: check
+CVE-2019-10300 (A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1. ...)
+	TODO: check
 CVE-2019-10299 (Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in ...)
 	NOT-FOR-US: Jenkins CloudCoreo DeployTime Plugin
 CVE-2019-10298 (Jenkins Koji Plugin stores credentials unencrypted in its global confi ...)
@@ -6333,8 +6441,8 @@ CVE-2019-9007
 	RESERVED
 CVE-2019-9006
 	RESERVED
-CVE-2019-9005
-	RESERVED
+CVE-2019-9005 (The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows D ...)
+	TODO: check
 CVE-2019-9004 (In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13 ...)
 	NOT-FOR-US: Eclipse Wakaama
 CVE-2019-9003 (In the Linux kernel before 4.20.5, attackers can trigger a drivers/cha ...)
@@ -6348,8 +6456,8 @@ CVE-2019-9001
 	RESERVED
 CVE-2019-9000
 	RESERVED
-CVE-2019-8999
-	RESERVED
+CVE-2019-8999 (An XML External Entity vulnerability in the UEM Core of BlackBerry UEM ...)
+	TODO: check
 CVE-2019-8998
 	RESERVED
 CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...)
@@ -12020,7 +12128,7 @@ CVE-2019-6612
 	RESERVED
 CVE-2019-6611
 	RESERVED
-CVE-2019-6610 (On versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11 ...)
+CVE-2019-6610 (On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11 ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6609 (Platform dependent weakness. This issue only impacts iSeries platforms ...)
 	NOT-FOR-US: BIG-IP APM
@@ -18155,7 +18263,7 @@ CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
 	NOTE: Fixed by: https://git.kernel.org/linus/c73f4c998e1fd4249b9edfa39e23f4fda2b9b041
-CVE-2016-10746 [Similar issue than CVE-2019-3886 but for virDomainGetTime API calls]
+CVE-2016-10746 (libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...)
 	- libvirt 1.3.1-1
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=506e9d6c2d4baaf580d489fff0690c0ff2ff588f (v1.3.1-rc1)
 CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...)
@@ -18168,8 +18276,7 @@ CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 an
 	NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=25736a4c7ed50c101b4f87935f350f1a39a89f6e (v4.8.0-rc1)
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=2a07c990bd9143d7a0fe8d1b6b7c763c52185240
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=ae076bb40e0e150aef41361b64001138d04d6c60
-CVE-2019-3885 [Information disclosure through use-after-free]
-	RESERVED
+CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and including versi ...)
 	- pacemaker <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
 CVE-2019-3884
@@ -20628,8 +20735,8 @@ CVE-2019-3400
 	RESERVED
 CVE-2019-3399
 	RESERVED
-CVE-2019-3398
-	RESERVED
+CVE-2019-3398 (Confluence Server and Data Center had a path traversal vulnerability i ...)
+	TODO: check
 CVE-2019-3397
 	RESERVED
 CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before versi ...)
@@ -20849,8 +20956,8 @@ CVE-2018-20202
 	RESERVED
 CVE-2018-20201 (There is a stack-based buffer over-read in the jsfNameFromString funct ...)
 	NOT-FOR-US: Espruino 2V00
-CVE-2018-20200
-	RESERVED
+CVE-2018-20200 (CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the- ...)
+	TODO: check
 CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
 	- faad2 <unfixed> (low)
 	[buster] - faad2 <no-dsa> (Minor issue)
@@ -30501,7 +30608,7 @@ CVE-2018-19219 (In LibSass 3.5-stable, there is an illegal address access at Sas
 CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sass::Par ...)
 	- libsass <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
-CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the function _n ...)
+CVE-2018-19217 (** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL poi ...)
 	- ncurses <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
 	NOTE: nobody was able to reproduce it for now
@@ -32542,7 +32649,7 @@ CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0,
 	NOT-FOR-US: AXIOS
 CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the console/acco ...)
 	NOT-FOR-US: JTBC(PHP)
-CVE-2018-18435 (KioWare Server 4.9.6 allows local users to gain privileges by replacin ...)
+CVE-2018-18435 (KioWare Server version 4.9.6 and older installs by default to "C:\kiow ...)
 	NOT-FOR-US: KioWare Server
 CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file download is  ...)
 	NOT-FOR-US: litemall
@@ -35512,12 +35619,12 @@ CVE-2018-17291
 	RESERVED
 CVE-2018-17290
 	RESERVED
-CVE-2018-17289
-	RESERVED
-CVE-2018-17288
-	RESERVED
-CVE-2018-17287
-	RESERVED
+CVE-2018-17289 (An XML external entity (XXE) vulnerability in Kofax Front Office Serve ...)
+	TODO: check
+CVE-2018-17288 (Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client an ...)
+	TODO: check
+CVE-2018-17287 (In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, s ...)
+	TODO: check
 CVE-2018-17286
 	RESERVED
 CVE-2018-17285
@@ -35836,8 +35943,8 @@ CVE-2018-17170
 	RESERVED
 CVE-2018-17169
 	RESERVED
-CVE-2018-17168
-	RESERVED
+CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
+	TODO: check
 CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored  ...)
 	NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-17166
@@ -36556,12 +36663,10 @@ CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in t
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/25/1
 CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
 	NOT-FOR-US: Ansible Tower
-CVE-2018-16878 [Insufficient verification inflicted preference of uncontrolled processes can lead to DoS]
-	RESERVED
+CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...)
 	- pacemaker <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
-CVE-2018-16877 [Insufficient local IPC client-server authentication on the client's side can lead to local privesc]
-	RESERVED
+CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...)
 	- pacemaker <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
 CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a infor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cdc2cad6090b8e88474192b5c11ff701526a092

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cdc2cad6090b8e88474192b5c11ff701526a092
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190418/32976750/attachment.html>


More information about the debian-security-tracker-commits mailing list