[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 30 21:10:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27f6e7cb by security tracker role at 2019-04-30T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-11605
+ RESERVED
+CVE-2019-11604
+ RESERVED
+CVE-2019-11603
+ RESERVED
+CVE-2019-11602
+ RESERVED
+CVE-2019-11601
+ RESERVED
+CVE-2019-11600
+ RESERVED
+CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
+ TODO: check
+CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2. An Arbitra ...)
+ TODO: check
+CVE-2018-20833
+ RESERVED
+CVE-2018-20832
+ RESERVED
+CVE-2018-20831
+ RESERVED
+CVE-2018-20830
+ RESERVED
+CVE-2018-20829
+ RESERVED
+CVE-2018-20828
+ RESERVED
+CVE-2018-20827
+ RESERVED
+CVE-2018-20826
+ RESERVED
+CVE-2018-20825
+ RESERVED
+CVE-2018-20824
+ RESERVED
+CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 ha ...)
+ TODO: check
CVE-2019-XXXX [gpg-key2ps: Shell injection vulnerability in UIDs rendering]
- signing-party <unfixed> (bug #928256)
[stretch] - signing-party <no-dsa> (Will be fixed via point release)
@@ -986,8 +1024,8 @@ CVE-2019-11195
RESERVED
CVE-2019-11194
RESERVED
-CVE-2019-11193
- RESERVED
+CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via ...)
+ TODO: check
CVE-2019-11192
RESERVED
CVE-2019-11189
@@ -1548,12 +1586,12 @@ CVE-2019-10952
RESERVED
CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
NOT-FOR-US: Delta Electronics
-CVE-2019-10950
- RESERVED
+CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
+ TODO: check
CVE-2019-10949 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
NOT-FOR-US: Delta Electronics
-CVE-2019-10948
- RESERVED
+CVE-2019-10948 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
+ TODO: check
CVE-2019-10947 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
NOT-FOR-US: Delta Electronics
CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh list of ...)
@@ -3048,30 +3086,30 @@ CVE-2019-10320
RESERVED
CVE-2019-10319
RESERVED
-CVE-2019-10318
- RESERVED
-CVE-2019-10317
- RESERVED
-CVE-2019-10316
- RESERVED
-CVE-2019-10315
- RESERVED
-CVE-2019-10314
- RESERVED
-CVE-2019-10313
- RESERVED
-CVE-2019-10312
- RESERVED
-CVE-2019-10311
- RESERVED
-CVE-2019-10310
- RESERVED
-CVE-2019-10309
- RESERVED
-CVE-2019-10308
- RESERVED
-CVE-2019-10307
- RESERVED
+CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret une ...)
+ TODO: check
+CVE-2019-10317 (Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostna ...)
+ TODO: check
+CVE-2019-10316 (Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials ...)
+ TODO: check
+CVE-2019-10315 (Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the ...)
+ TODO: check
+CVE-2019-10314 (Jenkins Koji Plugin disables SSL/TLS and hostname verification globall ...)
+ TODO: check
+CVE-2019-10313 (Jenkins Twitter Plugin stores credentials unencrypted in its global co ...)
+ TODO: check
+CVE-2019-10312 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...)
+ TODO: check
+CVE-2019-10311 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...)
+ TODO: check
+CVE-2019-10310 (A cross-site request forgery vulnerability in Jenkins Ansible Tower Pl ...)
+ TODO: check
+CVE-2019-10309 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use ...)
+ TODO: check
+CVE-2019-10308 (A missing permission check in Jenkins Static Analysis Utilities Plugin ...)
+ TODO: check
+CVE-2019-10307 (A cross-site request forgery vulnerability in Jenkins Static Analysis ...)
+ TODO: check
CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earli ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in th ...)
@@ -3144,8 +3182,8 @@ CVE-2019-10274
RESERVED
CVE-2019-10273 (Information leakage vulnerability in the /mc login page in ManageEngin ...)
NOT-FOR-US: ManageEngine ServiceDesk Plus
-CVE-2019-10272
- RESERVED
+CVE-2019-10272 (An issue was discovered in Weaver e-cology 9.0. There is a CRLF Inject ...)
+ TODO: check
CVE-2019-10271
RESERVED
CVE-2019-10270
@@ -3468,8 +3506,8 @@ CVE-2019-10133
RESERVED
CVE-2019-10132
RESERVED
-CVE-2019-10131
- RESERVED
+CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...)
+ TODO: check
CVE-2019-10130
RESERVED
CVE-2019-10129
@@ -5551,8 +5589,8 @@ CVE-2019-9623 (Feng Office 3.7.0.5 allows remote attackers to execute arbitrary
NOT-FOR-US: Feng Office
CVE-2019-9622 (eBrigade through 4.5 allows Arbitrary File Download via ../ directory ...)
NOT-FOR-US: eBrigade
-CVE-2019-9621
- RESERVED
+CVE-2019-9621 (Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 pa ...)
+ TODO: check
CVE-2019-9620
RESERVED
CVE-2019-9619 [not enabled pam_systemd for non-interactive sessions]
@@ -5902,8 +5940,8 @@ CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes blo
NOT-FOR-US: pfSense
CVE-2019-9487
RESERVED
-CVE-2019-9486
- RESERVED
+CVE-2019-9486 (STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTE ...)
+ TODO: check
CVE-2019-9485 [Privilege escalation impersonate user]
RESERVED
[experimental] - gitlab 11.8.2-1
@@ -13121,8 +13159,8 @@ CVE-2019-6496 (The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, mode
NOT-FOR-US: ThreadX-based firmware on Marvell Avastar Wi-Fi devices
CVE-2019-6495
RESERVED
-CVE-2019-6494
- RESERVED
+CVE-2019-6494 (IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privilege ...)
+ TODO: check
CVE-2019-6493 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
NOT-FOR-US: IObit Smart Defrag
CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
@@ -15472,8 +15510,8 @@ CVE-2019-5626
RESERVED
CVE-2019-5625
RESERVED
-CVE-2019-5624
- RESERVED
+CVE-2019-5624 (Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improp ...)
+ TODO: check
CVE-2019-5623
RESERVED
CVE-2019-5622
@@ -18441,8 +18479,8 @@ CVE-2019-4168
RESERVED
CVE-2019-4167
RESERVED
-CVE-2019-4166
- RESERVED
+CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...)
+ TODO: check
CVE-2019-4165
RESERVED
CVE-2019-4164
@@ -20697,10 +20735,10 @@ CVE-2018-20513
RESERVED
CVE-2018-20512 (EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privi ...)
NOT-FOR-US: EPON CPE-WiFi devices
-CVE-2018-20510
- RESERVED
-CVE-2018-20509
- RESERVED
+CVE-2018-20510 (The print_binder_transaction_ilocked function in drivers/android/binde ...)
+ TODO: check
+CVE-2018-20509 (The print_binder_ref_olocked function in drivers/android/binder.c in t ...)
+ TODO: check
CVE-2018-20508 (CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This ...)
NOT-FOR-US: CrashFix
CVE-2018-1000890 (FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulner ...)
@@ -21531,8 +21569,8 @@ CVE-2019-3401
RESERVED
CVE-2019-3400
RESERVED
-CVE-2019-3399
- RESERVED
+CVE-2019-3399 (The BrowseProjects.jspa resource in Jira before version 7.13.2, and fr ...)
+ TODO: check
CVE-2019-3398 (Confluence Server and Data Center had a path traversal vulnerability i ...)
NOT-FOR-US: Confluence Server and Data Center
CVE-2019-3397
@@ -21661,8 +21699,8 @@ CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and C
NOT-FOR-US: Atlassian
CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and Cruci ...)
NOT-FOR-US: Atlassian
-CVE-2018-20239
- RESERVED
+CVE-2018-20239 (Application Links before version 5.0.11, from version 5.1.0 before 5.2 ...)
+ TODO: check
CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and fro ...)
NOT-FOR-US: Atlassian
CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 allo ...)
@@ -30588,8 +30626,8 @@ CVE-2018-19376 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF v
NOT-FOR-US: GreenCMS
CVE-2018-19375
RESERVED
-CVE-2018-19374
- RESERVED
+CVE-2018-19374 (Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to ...)
+ TODO: check
CVE-2018-19373
RESERVED
CVE-2018-19372
@@ -41772,12 +41810,12 @@ CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9
NOTE: Different issue than CVE-2017-11613 but adressed with same set of commits.
NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
-CVE-2018-15208
- RESERVED
-CVE-2018-15207
- RESERVED
-CVE-2018-15206
- RESERVED
+CVE-2018-15208 (BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. ...)
+ TODO: check
+CVE-2018-15207 (BPC SmartVista 2 has Improper Access Control in the SVFE module, where ...)
+ TODO: check
+CVE-2018-15206 (BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.js ...)
+ TODO: check
CVE-2018-15205
RESERVED
CVE-2018-15204
@@ -42373,10 +42411,10 @@ CVE-2018-14933 (upgrade_handle.php on NUUO NVRmini devices allows Remote Command
NOT-FOR-US: NUUO NVRmini devices
CVE-2018-14932
RESERVED
-CVE-2018-14931
- RESERVED
-CVE-2018-14930
- RESERVED
+CVE-2018-14931 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
+ TODO: check
+CVE-2018-14930 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
+ TODO: check
CVE-2018-14929 (Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonst ...)
NOT-FOR-US: Metara
CVE-2018-14928 (/contingency/servlet/ServletFileDownload executes as root and provides ...)
@@ -42524,10 +42562,10 @@ CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp
[experimental] - flif <unfixed>
- flif <removed>
NOTE: https://github.com/FLIF-hub/FLIF/issues/520
-CVE-2018-14875
- RESERVED
-CVE-2018-14874
- RESERVED
+CVE-2018-14875 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
+ TODO: check
+CVE-2018-14874 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
+ TODO: check
CVE-2018-14873 (An issue was discovered in Rincewind 0.1. There is a cross-site script ...)
NOT-FOR-US: Rincewind
CVE-2018-14872 (An issue was discovered in Rincewind 0.1. A reinstall vulnerability ex ...)
@@ -82558,7 +82596,7 @@ CVE-2017-17107 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-code
NOT-FOR-US: Zivif web cameras
CVE-2017-17106 (Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtain ...)
NOT-FOR-US: Zivif web cameras
-CVE-2017-17105 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to unauthe ...)
+CVE-2017-17105 (Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-betw ...)
NOT-FOR-US: Zivif web cameras
CVE-2017-17104 (Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/ ...)
NOT-FOR-US: Fiyo CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27f6e7cb90564a6dbd08a4ea403611bfc948b5a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27f6e7cb90564a6dbd08a4ea403611bfc948b5a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190430/00c0f7fe/attachment.html>
More information about the debian-security-tracker-commits
mailing list