[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 26 09:10:25 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c60e13cf by security tracker role at 2019-04-26T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2019-11554
+ RESERVED
+CVE-2019-11553
+ RESERVED
+CVE-2019-11552
+ RESERVED
+CVE-2019-11551
+ RESERVED
+CVE-2019-11550
+ RESERVED
+CVE-2019-11549
+ RESERVED
+CVE-2019-11548
+ RESERVED
+CVE-2019-11547
+ RESERVED
+CVE-2019-11546
+ RESERVED
+CVE-2019-11545
+ RESERVED
+CVE-2019-11544
+ RESERVED
+CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...)
+ TODO: check
+CVE-2019-11542 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
+ TODO: check
+CVE-2019-11541 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
+ TODO: check
+CVE-2019-11540 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and ...)
+ TODO: check
+CVE-2019-11539 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
+ TODO: check
+CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
+ TODO: check
CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...)
NOT-FOR-US: osTicket
CVE-2019-11536
@@ -108,10 +142,10 @@ CVE-2019-11491
RESERVED
CVE-2019-11490 (An issue was discovered in Npcap 0.992. Sending a malformed .pcap file ...)
TODO: check
-CVE-2019-11489
- RESERVED
-CVE-2019-11488
- RESERVED
+CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interface in ...)
+ TODO: check
+CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...)
+ TODO: check
CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount reference co ...)
- linux <unfixed>
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
@@ -749,12 +783,14 @@ CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy pl
CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
NOT-FOR-US: Subrion CMS
CVE-2019-11222 (gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overfl ...)
+ {DLA-1765-1}
- gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (bug #926961)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/f36525c5beafb78959c3a07d6622c9028de348da
NOTE: https://github.com/gpac/gpac/issues/1204
NOTE: https://github.com/gpac/gpac/issues/1205
CVE-2019-11221 (GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media ...)
+ {DLA-1765-1}
- gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (bug #926963)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/f4616202e5578e65746cf7e7ceeba63bee1b094b
@@ -19224,8 +19260,8 @@ CVE-2019-3803 (Pivotal Concourse, all versions prior to 4.2.2, puts the user acc
NOT-FOR-US: Pivotal Concourse
CVE-2019-3802
RESERVED
-CVE-2019-3801
- RESERVED
+CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...)
+ TODO: check
CVE-2019-3800
RESERVED
CVE-2019-3799
@@ -19251,8 +19287,8 @@ CVE-2019-3790
RESERVED
CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0, contains ...)
TODO: check
-CVE-2019-3788
- RESERVED
+CVE-2019-3788 (Cloud Foundry UAA Release, versions prior to 71.0, allows clients to b ...)
+ TODO: check
CVE-2019-3787
RESERVED
CVE-2019-3786 (Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0 ...)
@@ -19385,10 +19421,10 @@ CVE-2019-3723
RESERVED
CVE-2019-3722
RESERVED
-CVE-2019-3721
- RESERVED
-CVE-2019-3720
- RESERVED
+CVE-2019-3721 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...)
+ TODO: check
+CVE-2019-3720 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...)
+ TODO: check
CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote ...)
NOT-FOR-US: Dell
CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
@@ -30467,8 +30503,7 @@ CVE-2018-19360 (FasterXML jackson-databind 2.x before 2.9.8 might allow attacker
NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
-CVE-2018-19359 [Unauthorized service template creation]
- RESERVED
+CVE-2018-19359 (GitLab Community and Enterprise Edition 8.9 and later and before 11.5. ...)
- gitlab 11.3.10+dfsg-2 (bug #914166)
NOTE: https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/
CVE-2018-19358 (GNOME Keyring through 3.28.2 allows local users to retrieve login cred ...)
@@ -32123,10 +32158,10 @@ CVE-2018-18826 (There exists a heap-based buffer overflow in vc1_decode_p_mb_int
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1135
CVE-2018-18825 (Pagoda Linux panel V6.0 has XSS via the verification code associated w ...)
NOT-FOR-US: Pagoda Linux panel
-CVE-2018-18824
- RESERVED
-CVE-2018-18823
- RESERVED
+CVE-2018-18824 (WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_ma ...)
+ TODO: check
+CVE-2018-18823 (WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_man ...)
+ TODO: check
CVE-2018-18822 (Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pagere ...)
NOT-FOR-US: Grapixel New Media
CVE-2018-18821
@@ -32563,8 +32598,7 @@ CVE-2018-18645 (An issue was discovered in GitLab Community and Enterprise Editi
CVE-2018-18644 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab <not-affected> (Only affects GitLab EE)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18643 [Persistent XSS autocomplete]
- RESERVED
+CVE-2018-18643 (GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and ...)
- gitlab <not-affected> (Only affects 11.2 and later)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18642 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
@@ -33361,10 +33395,10 @@ CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (W
NOT-FOR-US: Norton Security
CVE-2018-18368
RESERVED
-CVE-2018-18367
- RESERVED
-CVE-2018-18366
- RESERVED
+CVE-2018-18367 (Symantec Endpoint Protection Manager (SEPM) prior to and including 12. ...)
+ TODO: check
+CVE-2018-18366 (Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior ...)
+ TODO: check
CVE-2018-18365 (Norton Password Manager may be susceptible to an address spoofing issu ...)
NOT-FOR-US: Norton Password Manager
CVE-2018-18364 (Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be s ...)
@@ -33588,8 +33622,8 @@ CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can
NOT-FOR-US: ASUS RT-AC58U devices
CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could ...)
TODO: check
-CVE-2018-18285
- RESERVED
+CVE-2018-18285 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could ...)
+ TODO: check
CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...)
{DSA-4336-1 DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #911175)
@@ -37897,8 +37931,8 @@ CVE-2018-16662
RESERVED
CVE-2018-16661
RESERVED
-CVE-2018-16660
- RESERVED
+CVE-2018-16660 (A command injection vulnerability in PWS in Imperva SecureSphere 13.0. ...)
+ TODO: check
CVE-2018-16659 (An issue was discovered in Rausoft ID.prove 2.95. The login page allow ...)
NOT-FOR-US: Rausoft ID.prove
CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
@@ -39055,16 +39089,16 @@ CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml conf
NOT-FOR-US: iSmartAlarm application for Android
CVE-2018-16221
RESERVED
-CVE-2018-16220
- RESERVED
-CVE-2018-16219
- RESERVED
+CVE-2018-16220 (Cross Site Scripting in different input fields (domain field and perso ...)
+ TODO: check
+CVE-2018-16219 (A missing password verification in the web interface in AudioCodes 405 ...)
+ TODO: check
CVE-2018-16218
RESERVED
CVE-2018-16217
RESERVED
-CVE-2018-16216
- RESERVED
+CVE-2018-16216 (A command injection (missing input validation, escaping) in the monito ...)
+ TODO: check
CVE-2018-16215
RESERVED
CVE-2018-16214
@@ -42033,36 +42067,36 @@ CVE-2018-15005 (The ZTE ZMAX Champ Android device with a build fingerprint of ZT
NOT-FOR-US: ZTE
CVE-2018-15004 (The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/ ...)
NOT-FOR-US: Coolpad
-CVE-2018-15003
- RESERVED
+CVE-2018-15003 (The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:us ...)
+ TODO: check
CVE-2018-15002 (The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2 ...)
NOT-FOR-US: Vivo V7 device
CVE-2018-15001 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
NOT-FOR-US: Vivo V7 device
-CVE-2018-15000
- RESERVED
-CVE-2018-14999
- RESERVED
+CVE-2018-15000 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
+ TODO: check
+CVE-2018-14999 (The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bir ...)
+ TODO: check
CVE-2018-14998 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
NOT-FOR-US: Leagoo P1 Android device
-CVE-2018-14997
- RESERVED
-CVE-2018-14996
- RESERVED
+CVE-2018-14997 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
+ TODO: check
+CVE-2018-14996 (The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CP ...)
+ TODO: check
CVE-2018-14995 (The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z ...)
NOT-FOR-US: ZTE
-CVE-2018-14994
- RESERVED
-CVE-2018-14993
- RESERVED
+CVE-2018-14994 (The Essential Phone Android device with a build fingerprint of essenti ...)
+ TODO: check
+CVE-2018-14993 (The ASUS Zenfone V Live Android device with a build fingerprint of asu ...)
+ TODO: check
CVE-2018-14992 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
NOT-FOR-US: ASUS ZenFone 3 Max Android device
-CVE-2018-14991
- RESERVED
-CVE-2018-14990
- RESERVED
-CVE-2018-14989
- RESERVED
+CVE-2018-14991 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
+ TODO: check
+CVE-2018-14990 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
+ TODO: check
+CVE-2018-14989 (The Plum Compass Android device with a build fingerprint of PLUM/c179_ ...)
+ TODO: check
CVE-2018-14988 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
NOT-FOR-US: MXQ TV Box
CVE-2018-14987 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
@@ -42073,14 +42107,14 @@ CVE-2018-14985 (The Leagoo Z5C Android device with a build fingerprint of sp7731
NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14984 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
NOT-FOR-US: Leagoo Z5C Android device
-CVE-2018-14983
- RESERVED
+CVE-2018-14983 (The Sony Xperia L1 Android device with a build fingerprint of Sony/G33 ...)
+ TODO: check
CVE-2018-14982 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
NOT-FOR-US: LG devices specific issue
CVE-2018-14981 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
NOT-FOR-US: LG devices specific issue
-CVE-2018-14980
- RESERVED
+CVE-2018-14980 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
+ TODO: check
CVE-2018-14979 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/use ...)
@@ -43381,12 +43415,12 @@ CVE-2018-14561
RESERVED
CVE-2018-14560
RESERVED
-CVE-2018-14559
- RESERVED
+CVE-2018-14559 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
+ TODO: check
CVE-2018-14558 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
NOT-FOR-US: Tenda AC7 devices
-CVE-2018-14557
- RESERVED
+CVE-2018-14557 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
+ TODO: check
CVE-2018-14556
RESERVED
CVE-2018-14555
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c60e13cf9c2fe2ef326a59beaea3c04e8d291910
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c60e13cf9c2fe2ef326a59beaea3c04e8d291910
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190426/b2b089fc/attachment.html>
More information about the debian-security-tracker-commits
mailing list