[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Apr 25 21:10:27 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd735666 by security tracker role at 2019-04-25T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...)
+	TODO: check
+CVE-2019-11536
+	RESERVED
+CVE-2019-11535
+	RESERVED
+CVE-2019-11534
+	RESERVED
+CVE-2019-11533
+	RESERVED
+CVE-2019-11532
+	RESERVED
+CVE-2019-11531
+	RESERVED
+CVE-2019-11530
+	RESERVED
+CVE-2019-11529
+	RESERVED
+CVE-2019-11528
+	RESERVED
+CVE-2019-11527
+	RESERVED
+CVE-2019-11526
+	RESERVED
+CVE-2019-11525
+	RESERVED
+CVE-2019-11524
+	RESERVED
+CVE-2019-11523
+	RESERVED
+CVE-2019-11522
+	RESERVED
+CVE-2019-11521
+	RESERVED
+CVE-2019-11520
+	RESERVED
+CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in nopComme ...)
+	TODO: check
+CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] ...)
+	TODO: check
+CVE-2019-11517
+	RESERVED
+CVE-2019-11516
+	RESERVED
+CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...)
+	TODO: check
 CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...)
 	NOT-FOR-US: Gila CMS
 CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mis ...)
@@ -1315,8 +1361,8 @@ CVE-2019-10957
 	RESERVED
 CVE-2019-10956
 	RESERVED
-CVE-2019-10955
-	RESERVED
+CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...)
+	TODO: check
 CVE-2019-10954
 	RESERVED
 CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable ...)
@@ -3802,11 +3848,9 @@ CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd
 CVE-2019-9902
 	RESERVED
-CVE-2019-9901
-	RESERVED
+CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote att ...)
 	NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
-CVE-2019-9900
-	RESERVED
+CVE-2019-9900 (When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not r ...)
 	NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
 CVE-2019-9899
 	RESERVED
@@ -5146,8 +5190,8 @@ CVE-2019-9671
 	RESERVED
 CVE-2019-9670
 	RESERVED
-CVE-2019-9669
-	RESERVED
+CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...)
+	TODO: check
 CVE-2019-9668
 	RESERVED
 CVE-2019-9667
@@ -6504,16 +6548,16 @@ CVE-2019-9141
 	RESERVED
 CVE-2019-9140
 	RESERVED
-CVE-2019-9139
-	RESERVED
-CVE-2019-9138
-	RESERVED
-CVE-2019-9137
-	RESERVED
-CVE-2019-9136
-	RESERVED
-CVE-2019-9135
-	RESERVED
+CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
+	TODO: check
+CVE-2019-9138 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
+	TODO: check
+CVE-2019-9137 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
+	TODO: check
+CVE-2019-9136 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...)
+	TODO: check
+CVE-2019-9135 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...)
+	TODO: check
 CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have a Stack ...)
 	NOT-FOR-US: Architectural Information System
 CVE-2019-9133 (When processing subtitles format media file, KMPlayer version 2018.12. ...)
@@ -8657,7 +8701,7 @@ CVE-2019-8279 (Multiple stored XSS in Vanilla Forums before 2.5 allow remote att
 	NOT-FOR-US: Vanilla Forums
 CVE-2019-8278 (Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Rem ...)
 	NOT-FOR-US: Invision Power Board
-CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-655) in VNC ...)
+CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC ...)
 	NOT-FOR-US: UltraVNC
 CVE-2019-8276 (UltraVNC revision 1211 has a stack buffer overflow vulnerability in VN ...)
 	NOT-FOR-US: UltraVNC
@@ -15642,7 +15686,8 @@ CVE-2019-5430
 	RESERVED
 CVE-2019-5429
 	RESERVED
-CVE-2019-5428 (A prototype pollution vulnerability exists in jQuery versions < 3.4 ...)
+CVE-2019-5428
+	REJECTED
 	NOTE: Duplicate of CVE-2019-11358	
 	TODO: check (MITRE already contacted)
 CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack  ...)
@@ -18072,8 +18117,8 @@ CVE-2019-4240
 	RESERVED
 CVE-2019-4239
 	RESERVED
-CVE-2019-4238
-	RESERVED
+CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
+	TODO: check
 CVE-2019-4237
 	RESERVED
 CVE-2019-4236
@@ -18104,8 +18149,8 @@ CVE-2019-4224
 	RESERVED
 CVE-2019-4223
 	RESERVED
-CVE-2019-4222
-	RESERVED
+CVE-2019-4222 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...)
+	TODO: check
 CVE-2019-4221
 	RESERVED
 CVE-2019-4220
@@ -18252,12 +18297,12 @@ CVE-2019-4150
 	RESERVED
 CVE-2019-4149
 	RESERVED
-CVE-2019-4148
-	RESERVED
+CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
+	TODO: check
 CVE-2019-4147
 	RESERVED
-CVE-2019-4146
-	RESERVED
+CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...)
+	TODO: check
 CVE-2019-4145
 	RESERVED
 CVE-2019-4144
@@ -18364,8 +18409,8 @@ CVE-2019-4094 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
 	NOT-FOR-US: IBM
 CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a  ...)
 	NOT-FOR-US: IBM
-CVE-2019-4092
-	RESERVED
+CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to ...)
+	TODO: check
 CVE-2019-4091
 	RESERVED
 CVE-2019-4090
@@ -18394,16 +18439,16 @@ CVE-2019-4079
 	RESERVED
 CVE-2019-4078
 	RESERVED
-CVE-2019-4077
-	RESERVED
-CVE-2019-4076
-	RESERVED
-CVE-2019-4075
-	RESERVED
-CVE-2019-4074
-	RESERVED
-CVE-2019-4073
-	RESERVED
+CVE-2019-4077 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
+	TODO: check
+CVE-2019-4076 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
+	TODO: check
+CVE-2019-4075 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
+	TODO: check
+CVE-2019-4074 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
+	TODO: check
+CVE-2019-4073 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
+	TODO: check
 CVE-2019-4072
 	RESERVED
 CVE-2019-4071
@@ -18482,8 +18527,8 @@ CVE-2019-4035 (IBM Content Navigator 3.0CD could allow attackers to direct web t
 	NOT-FOR-US: IBM
 CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to execute arbi ...)
 	NOT-FOR-US: IBM
-CVE-2019-4033
-	RESERVED
+CVE-2019-4033 (IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scri ...)
+	TODO: check
 CVE-2019-4032 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
 	NOT-FOR-US: IBM
 CVE-2019-4031
@@ -18756,6 +18801,7 @@ CVE-2019-3904
 CVE-2019-3903
 	RESERVED
 CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to use symli ...)
+	{DLA-1764-1}
 	- mercurial 4.9-1 (bug #927674)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/6c10eba6b9cd
@@ -18765,8 +18811,7 @@ CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to l
 	- linux 4.6.1-1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
 	NOTE: Fixed by: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
-CVE-2019-3900 [vhost_net: fix possible infinite loop]
-	RESERVED
+CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module in Lin ...)
 	- linux <unfixed>
 CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
 	- heketi <itp> (bug #903384)
@@ -24056,10 +24101,10 @@ CVE-2018-20055
 	RESERVED
 CVE-2018-20054
 	RESERVED
-CVE-2018-20053
-	RESERVED
-CVE-2018-20052
-	RESERVED
+CVE-2018-20053 (An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. ...)
+	TODO: check
+CVE-2018-20052 (An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. ...)
+	TODO: check
 CVE-2018-20051 (Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 2 ...)
 	NOT-FOR-US: Jooan JA-Q1H Wi-Fi camera
 CVE-2018-20050 (Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with f ...)
@@ -30154,8 +30199,8 @@ CVE-2018-19445
 	RESERVED
 CVE-2018-19444
 	RESERVED
-CVE-2018-19442
-	RESERVED
+CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
+	TODO: check
 CVE-2018-19441
 	RESERVED
 CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
@@ -33299,8 +33344,8 @@ CVE-2018-18371
 	RESERVED
 CVE-2018-18370
 	RESERVED
-CVE-2018-18369
-	RESERVED
+CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
+	TODO: check
 CVE-2018-18368
 	RESERVED
 CVE-2018-18367
@@ -33528,8 +33573,8 @@ CVE-2018-18288
 	RESERVED
 CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discov ...)
 	NOT-FOR-US: ASUS RT-AC58U devices
-CVE-2018-18286
-	RESERVED
+CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)
+	TODO: check
 CVE-2018-18285
 	RESERVED
 CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...)
@@ -49387,8 +49432,8 @@ CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible
 	NOT-FOR-US: Symantec
 CVE-2018-12245 (Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a ...)
 	NOT-FOR-US: Symantec Endpoint Protection
-CVE-2018-12244
-	RESERVED
+CVE-2018-12244 (SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 ...)
+	TODO: check
 CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)
 	NOT-FOR-US: Symantec
 CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)
@@ -79011,8 +79056,8 @@ CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could a
 	NOT-FOR-US: IBM
 CVE-2018-1721
 	RESERVED
-CVE-2018-1720
-	RESERVED
+CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0 ...)
+	TODO: check
 CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...)
 	NOT-FOR-US: IBM
 CVE-2018-1718 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vuln ...)
@@ -80058,8 +80103,8 @@ CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure
 	NOT-FOR-US: Dolphin Browser for Android
 CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allo ...)
 	NOT-FOR-US: Zoho ManageEngine AD Manager Plus
-CVE-2018-1360
-	RESERVED
+CVE-2018-1360 (A cleartext transmission of sensitive information vulnerability in For ...)
+	TODO: check
 CVE-2018-1359
 	RESERVED
 CVE-2018-1358
@@ -86397,8 +86442,8 @@ CVE-2017-16560 (SanDisk Secure Access 3.01 vault decrypts and copies encrypted f
 	NOT-FOR-US: SanDisk Secure Access
 CVE-2017-16559
 	RESERVED
-CVE-2017-16558
-	RESERVED
+CVE-2017-16558 (Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vu ...)
+	TODO: check
 CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...)
 	NOT-FOR-US: K7 Antivirus
 CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd735666043a400bc2d9b8573105ed5fd90f313d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd735666043a400bc2d9b8573105ed5fd90f313d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190425/a8d600b5/attachment.html>


More information about the debian-security-tracker-commits mailing list