[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Aug 5 21:10:50 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13826f6d by security tracker role at 2019-08-05T20:10:33Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-14666
+	RESERVED
+CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
+	TODO: check
+CVE-2019-14664
+	RESERVED
+CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...)
+	TODO: check
+CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...)
+	TODO: check
+CVE-2018-20960
+	RESERVED
+CVE-2018-20959
+	RESERVED
+CVE-2018-20958
+	RESERVED
+CVE-2018-20957
+	RESERVED
+CVE-2018-20956
+	RESERVED
+CVE-2018-20955
+	RESERVED
+CVE-2017-18485
+	RESERVED
+CVE-2017-18484
+	RESERVED
+CVE-2016-10864
+	RESERVED
+CVE-2016-10863
+	RESERVED
 CVE-2019-14661
 	RESERVED
 CVE-2019-14660
@@ -227,16 +257,16 @@ CVE-2017-XXXX [IPv6 mroute missing type check]
 	NOTE: https://git.kernel.org/linus/99253eb750fda6a644d5188fb26c43bad8d5a745
 CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary code on  ...)
 	NOT-FOR-US: Das Keyboard Q
-CVE-2019-14550
-	RESERVED
-CVE-2019-14549
-	RESERVED
-CVE-2019-14548
-	RESERVED
-CVE-2019-14547
-	RESERVED
-CVE-2019-14546
-	RESERVED
+CVE-2019-14550 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+	TODO: check
+CVE-2019-14549 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+	TODO: check
+CVE-2019-14548 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the bod ...)
+	TODO: check
+CVE-2019-14547 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+	TODO: check
+CVE-2019-14546 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+	TODO: check
 CVE-2019-14545
 	RESERVED
 CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for route ...)
@@ -295,8 +325,8 @@ CVE-2019-14527
 	RESERVED
 CVE-2019-14526
 	RESERVED
-CVE-2019-14525
-	RESERVED
+CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0 through 2019. ...)
+	TODO: check
 CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
 	- schism <unfixed> (bug #933808)
 	[jessie] - schism <no-dsa> (Minor issue)
@@ -307,8 +337,8 @@ CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722. Ther
 	NOTE: https://github.com/schismtracker/schismtracker/issues/202
 CVE-2019-14522
 	RESERVED
-CVE-2019-14521
-	RESERVED
+CVE-2019-14521 (The api/admin/logoupload Logo File upload feature in EMCA Energy Logse ...)
+	TODO: check
 CVE-2019-14520
 	RESERVED
 CVE-2019-14519
@@ -647,48 +677,48 @@ CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV da
 	NOT-FOR-US: cPanel
 CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or  ...)
 	NOT-FOR-US: DrayTek routers
-CVE-2017-18482
-	RESERVED
-CVE-2017-18481
-	RESERVED
-CVE-2017-18480
-	RESERVED
-CVE-2017-18479
-	RESERVED
-CVE-2017-18478
-	RESERVED
-CVE-2017-18477
-	RESERVED
-CVE-2017-18476
-	RESERVED
-CVE-2017-18475
-	RESERVED
-CVE-2017-18474
-	RESERVED
-CVE-2017-18473
-	RESERVED
-CVE-2017-18472
-	RESERVED
-CVE-2017-18471
-	RESERVED
-CVE-2017-18470
-	RESERVED
-CVE-2017-18469
-	RESERVED
-CVE-2017-18468
-	RESERVED
-CVE-2017-18467
-	RESERVED
-CVE-2017-18466
-	RESERVED
-CVE-2017-18465
-	RESERVED
-CVE-2017-18464
-	RESERVED
+CVE-2017-18482 (cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_ ...)
+	TODO: check
+CVE-2017-18481 (cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension L ...)
+	TODO: check
+CVE-2017-18480 (cPanel before 62.0.4 does not enforce account ownership for has_mycnf_ ...)
+	TODO: check
+CVE-2017-18479 (In cPanel before 62.0.4, WHM SSL certificate generation uses an unrese ...)
+	TODO: check
+CVE-2017-18478 (In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api fo ...)
+	TODO: check
+CVE-2017-18477 (In cPanel before 62.0.4, Exim transports could execute in the context  ...)
+	TODO: check
+CVE-2017-18476 (Leech Protect in cPanel before 62.0.4 does not protect certain directo ...)
+	TODO: check
+CVE-2017-18475 (In cPanel before 62.0.4, Exim piped filters ran in the context of an i ...)
+	TODO: check
+CVE-2017-18474 (cPanel before 62.0.4 allows arbitrary file-read operations via Exim va ...)
+	TODO: check
+CVE-2017-18473 (cPanel before 62.0.4 allows self XSS on the webmail Password and Secur ...)
+	TODO: check
+CVE-2017-18472 (cPanel before 62.0.4 allows reflected XSS in reset-password interfaces ...)
+	TODO: check
+CVE-2017-18471 (cPanel before 62.0.4 allows self XSS on the paper_lantern password-cha ...)
+	TODO: check
+CVE-2017-18470 (cPanel before 62.0.4 has a fixed password for the Munin MySQL test acc ...)
+	TODO: check
+CVE-2017-18469 (cPanel before 62.0.17 allows demo accounts to execute code via an NVDa ...)
+	TODO: check
+CVE-2017-18468 (cPanel before 62.0.17 allows demo accounts to execute code via the Hta ...)
+	TODO: check
+CVE-2017-18467 (cPanel before 62.0.17 allows access to restricted resources because of ...)
+	TODO: check
+CVE-2017-18466 (cPanel before 62.0.17 does not properly recognize domain ownership dur ...)
+	TODO: check
+CVE-2017-18465 (cPanel before 62.0.17 does not have a sufficient list of reserved user ...)
+	TODO: check
+CVE-2017-18464 (cPanel before 62.0.17 allows arbitrary file-overwrite operations via t ...)
+	TODO: check
 CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of the root ...)
 	NOT-FOR-US: cPanel
-CVE-2017-18462
-	RESERVED
+CVE-2017-18462 (cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based ...)
+	TODO: check
 CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy questio ...)
 	NOT-FOR-US: cPanel
 CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during automatic ...)
@@ -1019,24 +1049,24 @@ CVE-2016-10777
 	RESERVED
 CVE-2016-10776
 	RESERVED
-CVE-2016-10775
-	RESERVED
-CVE-2016-10774
-	RESERVED
-CVE-2016-10773
-	RESERVED
-CVE-2016-10772
-	RESERVED
-CVE-2016-10771
-	RESERVED
-CVE-2016-10770
-	RESERVED
-CVE-2016-10769
-	RESERVED
-CVE-2016-10768
-	RESERVED
-CVE-2016-10767
-	RESERVED
+CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations via reass ...)
+	TODO: check
+CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi in ...)
+	TODO: check
+CVE-2016-10773 (cPanel before 60.0.25 allows format-string injection in exception-mess ...)
+	TODO: check
+CVE-2016-10772 (cPanel before 60.0.25 does not enforce feature-list restrictions when  ...)
+	TODO: check
+CVE-2016-10771 (cPanel before 60.0.25 allows file-create and file-chmod operations dur ...)
+	TODO: check
+CVE-2016-10770 (cPanel before 60.0.25 allows arbitrary file-overwrite operations durin ...)
+	TODO: check
+CVE-2016-10769 (cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-cl ...)
+	TODO: check
+CVE-2016-10768 (cPanel before 60.0.25 allows file-overwrite operations during preparat ...)
+	TODO: check
+CVE-2016-10767 (cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Perm ...)
+	TODO: check
 CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read operatio ...)
 	NOT-FOR-US: cPanel
 CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
@@ -1319,8 +1349,8 @@ CVE-2019-14350 (EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtrat
 	NOT-FOR-US: EspoCRM
 CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtr ...)
 	NOT-FOR-US: EspoCRM
-CVE-2019-14348
-	RESERVED
+CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to ...)
+	TODO: check
 CVE-2019-14347
 	RESERVED
 CVE-2019-14346
@@ -7491,8 +7521,8 @@ CVE-2019-12266
 	RESERVED
 CVE-2019-12265
 	RESERVED
-CVE-2019-12264
-	RESERVED
+CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect  ...)
+	TODO: check
 CVE-2019-12263
 	RESERVED
 CVE-2019-12262
@@ -10102,8 +10132,8 @@ CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsuppor
 	NOTE: https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee
 CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
 	NOT-FOR-US: Cloud Foundry
-CVE-2019-11270
-	RESERVED
+CVE-2019-11270 (Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability wh ...)
+	TODO: check
 CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
 	NOT-FOR-US: Spring Security OAuth
 CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
@@ -10293,8 +10323,8 @@ CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that b
 	- dolibarr <removed>
 CVE-2019-11199 (Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded file ...)
 	- dolibarr <removed>
-CVE-2019-11198
-	RESERVED
+CVE-2019-11198 (Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9. ...)
+	TODO: check
 CVE-2019-11197
 	RESERVED
 CVE-2019-11196 (An authentication bypass vulnerability in all versions of ValuePLUS In ...)
@@ -10834,8 +10864,8 @@ CVE-2019-10996
 	RESERVED
 CVE-2019-10995
 	RESERVED
-CVE-2019-10994
-	RESERVED
+CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...)
+	TODO: check
 CVE-2019-10993 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointe ...)
 	NOT-FOR-US: WebAccess/SCADA
 CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
@@ -10862,8 +10892,8 @@ CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and pri
 	NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
 CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulner ...)
 	NOT-FOR-US: AVEVA
-CVE-2019-10980
-	RESERVED
+CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCADA 4.3. ...)
+	TODO: check
 CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
 	NOT-FOR-US: SICK MSC800
 CVE-2019-10978
@@ -25707,8 +25737,8 @@ CVE-2019-5504
 	RESERVED
 CVE-2019-5503
 	RESERVED
-CVE-2019-5502
-	RESERVED
+CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
+	TODO: check
 CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose  ...)
 	NOT-FOR-US: Data ONTAP
 CVE-2019-5500
@@ -27925,8 +27955,8 @@ CVE-2019-4475
 	RESERVED
 CVE-2019-4474
 	RESERVED
-CVE-2019-4473
-	RESERVED
+CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on  ...)
+	TODO: check
 CVE-2019-4472
 	RESERVED
 CVE-2019-4471
@@ -28303,8 +28333,8 @@ CVE-2019-4286
 	RESERVED
 CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a  ...)
 	NOT-FOR-US: IBM
-CVE-2019-4284
-	RESERVED
+CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local  ...)
+	TODO: check
 CVE-2019-4283
 	RESERVED
 CVE-2019-4282
@@ -28349,8 +28379,8 @@ CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file inclusion
 	NOT-FOR-US: IBM
 CVE-2019-4262
 	RESERVED
-CVE-2019-4261
-	RESERVED
+CVE-2019-4261 (IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS ...)
+	TODO: check
 CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0 ...)
 	NOT-FOR-US: IBM
 CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...)
@@ -29542,8 +29572,8 @@ CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 2.1.
 	NOT-FOR-US: Pivotal Spring Data JPA
 CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...)
 	NOT-FOR-US: Cloud Foundry
-CVE-2019-3800
-	RESERVED
+CVE-2019-3800 (CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes t ...)
+	TODO: check
 CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...)
 	NOT-FOR-US: Spring Cloud Config
 CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0,  ...)
@@ -29710,8 +29740,8 @@ CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a re
 	NOT-FOR-US: Dell
 CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
 	NOT-FOR-US: Dell
-CVE-2019-3717
-	RESERVED
+CVE-2019-3717 (Select Dell Client Commercial and Consumer platforms contain an Improp ...)
+	TODO: check
 CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information exposure ...)
 	NOT-FOR-US: RSA
 CVE-2019-3715 (RSA Archer versions, prior to 6.5 SP1, contain an information exposure ...)
@@ -81465,7 +81495,7 @@ CVE-2018-4702
 CVE-2018-4701
 	RESERVED
 CVE-2018-4700
-	RESERVED
+	REJECTED
 CVE-2018-4699
 	RESERVED
 CVE-2018-4698



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13826f6d7f2a84495b22e4b31c85af2579e312f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13826f6d7f2a84495b22e4b31c85af2579e312f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190805/deefe9e7/attachment.html>


More information about the debian-security-tracker-commits mailing list