[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 5 21:10:50 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13826f6d by security tracker role at 2019-08-05T20:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-14666
+ RESERVED
+CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
+ TODO: check
+CVE-2019-14664
+ RESERVED
+CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...)
+ TODO: check
+CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...)
+ TODO: check
+CVE-2018-20960
+ RESERVED
+CVE-2018-20959
+ RESERVED
+CVE-2018-20958
+ RESERVED
+CVE-2018-20957
+ RESERVED
+CVE-2018-20956
+ RESERVED
+CVE-2018-20955
+ RESERVED
+CVE-2017-18485
+ RESERVED
+CVE-2017-18484
+ RESERVED
+CVE-2016-10864
+ RESERVED
+CVE-2016-10863
+ RESERVED
CVE-2019-14661
RESERVED
CVE-2019-14660
@@ -227,16 +257,16 @@ CVE-2017-XXXX [IPv6 mroute missing type check]
NOTE: https://git.kernel.org/linus/99253eb750fda6a644d5188fb26c43bad8d5a745
CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary code on ...)
NOT-FOR-US: Das Keyboard Q
-CVE-2019-14550
- RESERVED
-CVE-2019-14549
- RESERVED
-CVE-2019-14548
- RESERVED
-CVE-2019-14547
- RESERVED
-CVE-2019-14546
- RESERVED
+CVE-2019-14550 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+ TODO: check
+CVE-2019-14549 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+ TODO: check
+CVE-2019-14548 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the bod ...)
+ TODO: check
+CVE-2019-14547 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+ TODO: check
+CVE-2019-14546 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
+ TODO: check
CVE-2019-14545
RESERVED
CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for route ...)
@@ -295,8 +325,8 @@ CVE-2019-14527
RESERVED
CVE-2019-14526
RESERVED
-CVE-2019-14525
- RESERVED
+CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0 through 2019. ...)
+ TODO: check
CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
- schism <unfixed> (bug #933808)
[jessie] - schism <no-dsa> (Minor issue)
@@ -307,8 +337,8 @@ CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722. Ther
NOTE: https://github.com/schismtracker/schismtracker/issues/202
CVE-2019-14522
RESERVED
-CVE-2019-14521
- RESERVED
+CVE-2019-14521 (The api/admin/logoupload Logo File upload feature in EMCA Energy Logse ...)
+ TODO: check
CVE-2019-14520
RESERVED
CVE-2019-14519
@@ -647,48 +677,48 @@ CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV da
NOT-FOR-US: cPanel
CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...)
NOT-FOR-US: DrayTek routers
-CVE-2017-18482
- RESERVED
-CVE-2017-18481
- RESERVED
-CVE-2017-18480
- RESERVED
-CVE-2017-18479
- RESERVED
-CVE-2017-18478
- RESERVED
-CVE-2017-18477
- RESERVED
-CVE-2017-18476
- RESERVED
-CVE-2017-18475
- RESERVED
-CVE-2017-18474
- RESERVED
-CVE-2017-18473
- RESERVED
-CVE-2017-18472
- RESERVED
-CVE-2017-18471
- RESERVED
-CVE-2017-18470
- RESERVED
-CVE-2017-18469
- RESERVED
-CVE-2017-18468
- RESERVED
-CVE-2017-18467
- RESERVED
-CVE-2017-18466
- RESERVED
-CVE-2017-18465
- RESERVED
-CVE-2017-18464
- RESERVED
+CVE-2017-18482 (cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_ ...)
+ TODO: check
+CVE-2017-18481 (cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension L ...)
+ TODO: check
+CVE-2017-18480 (cPanel before 62.0.4 does not enforce account ownership for has_mycnf_ ...)
+ TODO: check
+CVE-2017-18479 (In cPanel before 62.0.4, WHM SSL certificate generation uses an unrese ...)
+ TODO: check
+CVE-2017-18478 (In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api fo ...)
+ TODO: check
+CVE-2017-18477 (In cPanel before 62.0.4, Exim transports could execute in the context ...)
+ TODO: check
+CVE-2017-18476 (Leech Protect in cPanel before 62.0.4 does not protect certain directo ...)
+ TODO: check
+CVE-2017-18475 (In cPanel before 62.0.4, Exim piped filters ran in the context of an i ...)
+ TODO: check
+CVE-2017-18474 (cPanel before 62.0.4 allows arbitrary file-read operations via Exim va ...)
+ TODO: check
+CVE-2017-18473 (cPanel before 62.0.4 allows self XSS on the webmail Password and Secur ...)
+ TODO: check
+CVE-2017-18472 (cPanel before 62.0.4 allows reflected XSS in reset-password interfaces ...)
+ TODO: check
+CVE-2017-18471 (cPanel before 62.0.4 allows self XSS on the paper_lantern password-cha ...)
+ TODO: check
+CVE-2017-18470 (cPanel before 62.0.4 has a fixed password for the Munin MySQL test acc ...)
+ TODO: check
+CVE-2017-18469 (cPanel before 62.0.17 allows demo accounts to execute code via an NVDa ...)
+ TODO: check
+CVE-2017-18468 (cPanel before 62.0.17 allows demo accounts to execute code via the Hta ...)
+ TODO: check
+CVE-2017-18467 (cPanel before 62.0.17 allows access to restricted resources because of ...)
+ TODO: check
+CVE-2017-18466 (cPanel before 62.0.17 does not properly recognize domain ownership dur ...)
+ TODO: check
+CVE-2017-18465 (cPanel before 62.0.17 does not have a sufficient list of reserved user ...)
+ TODO: check
+CVE-2017-18464 (cPanel before 62.0.17 allows arbitrary file-overwrite operations via t ...)
+ TODO: check
CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of the root ...)
NOT-FOR-US: cPanel
-CVE-2017-18462
- RESERVED
+CVE-2017-18462 (cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based ...)
+ TODO: check
CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy questio ...)
NOT-FOR-US: cPanel
CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during automatic ...)
@@ -1019,24 +1049,24 @@ CVE-2016-10777
RESERVED
CVE-2016-10776
RESERVED
-CVE-2016-10775
- RESERVED
-CVE-2016-10774
- RESERVED
-CVE-2016-10773
- RESERVED
-CVE-2016-10772
- RESERVED
-CVE-2016-10771
- RESERVED
-CVE-2016-10770
- RESERVED
-CVE-2016-10769
- RESERVED
-CVE-2016-10768
- RESERVED
-CVE-2016-10767
- RESERVED
+CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations via reass ...)
+ TODO: check
+CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi in ...)
+ TODO: check
+CVE-2016-10773 (cPanel before 60.0.25 allows format-string injection in exception-mess ...)
+ TODO: check
+CVE-2016-10772 (cPanel before 60.0.25 does not enforce feature-list restrictions when ...)
+ TODO: check
+CVE-2016-10771 (cPanel before 60.0.25 allows file-create and file-chmod operations dur ...)
+ TODO: check
+CVE-2016-10770 (cPanel before 60.0.25 allows arbitrary file-overwrite operations durin ...)
+ TODO: check
+CVE-2016-10769 (cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-cl ...)
+ TODO: check
+CVE-2016-10768 (cPanel before 60.0.25 allows file-overwrite operations during preparat ...)
+ TODO: check
+CVE-2016-10767 (cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Perm ...)
+ TODO: check
CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read operatio ...)
NOT-FOR-US: cPanel
CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
@@ -1319,8 +1349,8 @@ CVE-2019-14350 (EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtrat
NOT-FOR-US: EspoCRM
CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtr ...)
NOT-FOR-US: EspoCRM
-CVE-2019-14348
- RESERVED
+CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to ...)
+ TODO: check
CVE-2019-14347
RESERVED
CVE-2019-14346
@@ -7491,8 +7521,8 @@ CVE-2019-12266
RESERVED
CVE-2019-12265
RESERVED
-CVE-2019-12264
- RESERVED
+CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect ...)
+ TODO: check
CVE-2019-12263
RESERVED
CVE-2019-12262
@@ -10102,8 +10132,8 @@ CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsuppor
NOTE: https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee
CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
NOT-FOR-US: Cloud Foundry
-CVE-2019-11270
- RESERVED
+CVE-2019-11270 (Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability wh ...)
+ TODO: check
CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
NOT-FOR-US: Spring Security OAuth
CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
@@ -10293,8 +10323,8 @@ CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that b
- dolibarr <removed>
CVE-2019-11199 (Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded file ...)
- dolibarr <removed>
-CVE-2019-11198
- RESERVED
+CVE-2019-11198 (Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9. ...)
+ TODO: check
CVE-2019-11197
RESERVED
CVE-2019-11196 (An authentication bypass vulnerability in all versions of ValuePLUS In ...)
@@ -10834,8 +10864,8 @@ CVE-2019-10996
RESERVED
CVE-2019-10995
RESERVED
-CVE-2019-10994
- RESERVED
+CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...)
+ TODO: check
CVE-2019-10993 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointe ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
@@ -10862,8 +10892,8 @@ CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and pri
NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulner ...)
NOT-FOR-US: AVEVA
-CVE-2019-10980
- RESERVED
+CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCADA 4.3. ...)
+ TODO: check
CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
NOT-FOR-US: SICK MSC800
CVE-2019-10978
@@ -25707,8 +25737,8 @@ CVE-2019-5504
RESERVED
CVE-2019-5503
RESERVED
-CVE-2019-5502
- RESERVED
+CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
+ TODO: check
CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...)
NOT-FOR-US: Data ONTAP
CVE-2019-5500
@@ -27925,8 +27955,8 @@ CVE-2019-4475
RESERVED
CVE-2019-4474
RESERVED
-CVE-2019-4473
- RESERVED
+CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on ...)
+ TODO: check
CVE-2019-4472
RESERVED
CVE-2019-4471
@@ -28303,8 +28333,8 @@ CVE-2019-4286
RESERVED
CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a ...)
NOT-FOR-US: IBM
-CVE-2019-4284
- RESERVED
+CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local ...)
+ TODO: check
CVE-2019-4283
RESERVED
CVE-2019-4282
@@ -28349,8 +28379,8 @@ CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file inclusion
NOT-FOR-US: IBM
CVE-2019-4262
RESERVED
-CVE-2019-4261
- RESERVED
+CVE-2019-4261 (IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS ...)
+ TODO: check
CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0 ...)
NOT-FOR-US: IBM
CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...)
@@ -29542,8 +29572,8 @@ CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 2.1.
NOT-FOR-US: Pivotal Spring Data JPA
CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...)
NOT-FOR-US: Cloud Foundry
-CVE-2019-3800
- RESERVED
+CVE-2019-3800 (CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes t ...)
+ TODO: check
CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...)
NOT-FOR-US: Spring Cloud Config
CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, ...)
@@ -29710,8 +29740,8 @@ CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a re
NOT-FOR-US: Dell
CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
NOT-FOR-US: Dell
-CVE-2019-3717
- RESERVED
+CVE-2019-3717 (Select Dell Client Commercial and Consumer platforms contain an Improp ...)
+ TODO: check
CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information exposure ...)
NOT-FOR-US: RSA
CVE-2019-3715 (RSA Archer versions, prior to 6.5 SP1, contain an information exposure ...)
@@ -81465,7 +81495,7 @@ CVE-2018-4702
CVE-2018-4701
RESERVED
CVE-2018-4700
- RESERVED
+ REJECTED
CVE-2018-4699
RESERVED
CVE-2018-4698
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13826f6d7f2a84495b22e4b31c85af2579e312f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13826f6d7f2a84495b22e4b31c85af2579e312f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190805/deefe9e7/attachment.html>
More information about the debian-security-tracker-commits
mailing list