[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Feb 5 08:10:22 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8d9cb32 by security tracker role at 2019-02-05T08:10:12Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,155 @@
+CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
+	TODO: check
+CVE-2019-7399
+	RESERVED
+CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...)
+	TODO: check
+CVE-2019-7397 (In ImageMagick before 7.0.8-25, several memory leaks exist in ...)
+	TODO: check
+CVE-2019-7396 (In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...)
+	TODO: check
+CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel ...)
+	TODO: check
+CVE-2019-7394
+	RESERVED
+CVE-2019-7393
+	RESERVED
+CVE-2019-7392
+	RESERVED
+CVE-2019-7391
+	RESERVED
+CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...)
+	TODO: check
+CVE-2019-7389 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...)
+	TODO: check
+CVE-2019-7388 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...)
+	TODO: check
+CVE-2019-7387 (A local file inclusion vulnerability exists in the web interface of ...)
+	TODO: check
+CVE-2019-7386
+	RESERVED
+CVE-2019-7385
+	RESERVED
+CVE-2019-7384
+	RESERVED
+CVE-2019-7383
+	RESERVED
+CVE-2019-7382
+	RESERVED
+CVE-2019-7381
+	RESERVED
+CVE-2019-7380
+	RESERVED
+CVE-2019-7379
+	RESERVED
+CVE-2019-7378
+	RESERVED
+CVE-2019-7377
+	RESERVED
+CVE-2019-7376
+	RESERVED
+CVE-2019-7375
+	RESERVED
+CVE-2019-7374
+	RESERVED
+CVE-2019-7373
+	RESERVED
+CVE-2019-7372
+	RESERVED
+CVE-2019-7371
+	RESERVED
+CVE-2019-7370
+	RESERVED
+CVE-2019-7369
+	RESERVED
+CVE-2019-7368
+	RESERVED
+CVE-2019-7367
+	RESERVED
+CVE-2019-7366
+	RESERVED
+CVE-2019-7365
+	RESERVED
+CVE-2019-7364
+	RESERVED
+CVE-2019-7363
+	RESERVED
+CVE-2019-7362
+	RESERVED
+CVE-2019-7361
+	RESERVED
+CVE-2019-7360
+	RESERVED
+CVE-2019-7359
+	RESERVED
+CVE-2019-7358
+	RESERVED
+CVE-2019-7357
+	RESERVED
+CVE-2019-7356
+	RESERVED
+CVE-2019-1000024 (OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a ...)
+	TODO: check
+CVE-2019-1000023 (OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) ...)
+	TODO: check
+CVE-2019-1000022 (Taoensso Sente version Prior to version 1.14.0 contains a Cross Site ...)
+	TODO: check
+CVE-2019-1000021 (slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 ...)
+	TODO: check
+CVE-2019-1000020 (libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 ...)
+	TODO: check
+CVE-2019-1000019 (libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 ...)
+	TODO: check
+CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect ...)
+	TODO: check
+CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array ...)
+	TODO: check
+CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site ...)
+	TODO: check
+CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing ...)
+	TODO: check
+CVE-2019-1000013 (Hex package manager hex_core version 0.3.0 and earlier contains a ...)
+	TODO: check
+CVE-2019-1000012 (Hex package manager version 0.14.0 through 0.18.2 contains a Signing ...)
+	TODO: check
+CVE-2019-1000011 (API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access ...)
+	TODO: check
+CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting ...)
+	TODO: check
+CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: ...)
+	TODO: check
+CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a ...)
+	TODO: check
+CVE-2019-1000007 (aioxmpp version 0.10.2 and earlier contains a Improper Handling of ...)
+	TODO: check
+CVE-2019-1000006 (RIOT RIOT-OS version after commit ...)
+	TODO: check
+CVE-2019-1000005 (mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of ...)
+	TODO: check
+CVE-2019-1000004 (yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross ...)
+	TODO: check
+CVE-2019-1000003 (MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery ...)
+	TODO: check
+CVE-2019-1000002 (Gitea version 1.6.2 and earlier contains a Incorrect Access Control ...)
+	TODO: check
+CVE-2019-1000001 (TeamPass version 2.1.27 and earlier contains a Storing Passwords in a ...)
+	TODO: check
+CVE-2018-20753 (Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 ...)
+	TODO: check
+CVE-2018-20752 (An issue was discovered in Recon-ng before 4.9.5. Lack of validation in ...)
+	TODO: check
+CVE-2018-1000999 (Fastnet SA MailCleaner version 2018092601 contains a Command Injection ...)
+	TODO: check
+CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) ...)
+	TODO: check
+CVE-2017-18362 (ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is ...)
+	TODO: check
+CVE-2016-1000282
+	RESERVED
+CVE-2016-1000276 (Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load ...)
+	TODO: check
+CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / ...)
+	TODO: check
 CVE-2019-7355
 	RESERVED
 CVE-2019-7354
@@ -89,7 +241,7 @@ CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through
 	- zoneminder <unfixed>
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2450
 CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...)
-	 - kanboard <itp> (bug #790814)
+	- kanboard <itp> (bug #790814)
 CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...)
 	TODO: check
 CVE-2019-7322
@@ -850,7 +1002,7 @@ CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local
 	NOTE: Fixed by: https://git.kernel.org/linus/04197b341f23b908193308b8d63d17ff23232598
 CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1 allow remote ...)
 	NOT-FOR-US: Atlassian Crowd
-CVE-2019-1000018 [Remote code execution in scp support]
+CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77: Improper Neutralization of ...)
 	{DSA-4377-1 DLA-1650-1}
 	- rssh 2.3.4-9 (bug #919623)
 	NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/
@@ -881,7 +1033,7 @@ CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS polic
 CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a ...)
 	NOT-FOR-US: Olivier Poitrey Go CORS handler
 CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the ...)
-	{DLA-1651-1}
+	{DSA-4384-1 DLA-1651-1}
 	- libgd2 <unfixed> (bug #920728)
 	NOTE: https://github.com/libgd/libgd/issues/492
 	NOTE: https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
@@ -893,7 +1045,7 @@ CVE-2019-XXXX [DoS due to changing # of allowed users in root channel]
 	NOTE: Introduced in: https://github.com/mumble-voip/mumble/commit/84b1bcecef790a84d10b2d1f2060c1681a2bb836
 	NOTE: Fixed by: https://github.com/mumble-voip/mumble/commit/3edc46ff7308691d342f8c08ce1afaaefce35a5c
 CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...)
-	{DLA-1651-1}
+	{DSA-4384-1 DLA-1651-1}
 	- libgd2 <unfixed> (bug #920645)
 	- php7.3 7.3.1-1 (unimportant)
 	- php7.0 <removed> (unimportant)
@@ -7382,8 +7534,8 @@ CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This ...
 	NOT-FOR-US: IBM
 CVE-2019-4039
 	RESERVED
-CVE-2019-4038
-	RESERVED
+CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to ...)
+	TODO: check
 CVE-2019-4037
 	RESERVED
 CVE-2019-4036
@@ -28465,8 +28617,8 @@ CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access
 	NOT-FOR-US: RSA Archer
 CVE-2018-15779
 	REJECTED
-CVE-2018-15778
-	RESERVED
+CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...)
+	TODO: check
 CVE-2018-15777
 	RESERVED
 CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an ...)
@@ -28754,16 +28906,16 @@ CVE-2018-15661 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...
 	NOT-FOR-US: Ola Money application for Android
 CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...)
 	NOT-FOR-US: Ola Money application for Android
-CVE-2018-15659
-	RESERVED
-CVE-2018-15658
-	RESERVED
-CVE-2018-15657
-	RESERVED
-CVE-2018-15656
-	RESERVED
-CVE-2018-15655
-	RESERVED
+CVE-2018-15659 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related ...)
+	TODO: check
+CVE-2018-15658 (An issue was discovered in 42Gears SureMDM before 2018-11-27. By ...)
+	TODO: check
+CVE-2018-15657 (An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via ...)
+	TODO: check
+CVE-2018-15656 (An issue was discovered in the registration API endpoint in 42Gears ...)
+	TODO: check
+CVE-2018-15655 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related ...)
+	TODO: check
 CVE-2018-15654
 	RESERVED
 CVE-2018-15653
@@ -66670,8 +66822,8 @@ CVE-2018-1972
 	RESERVED
 CVE-2018-1971
 	RESERVED
-CVE-2018-1970
-	RESERVED
+CVE-2018-1970 (IBM Security Identity Manager 7.0.1 is vulnerable to a XML External ...)
+	TODO: check
 CVE-2018-1969 (IBM Security Identity Manager 6.0.0 allows the attacker to upload or ...)
 	NOT-FOR-US: IBM
 CVE-2018-1968
@@ -66686,8 +66838,8 @@ CVE-2018-1964
 	RESERVED
 CVE-2018-1963
 	RESERVED
-CVE-2018-1962
-	RESERVED
+CVE-2018-1962 (IBM Security Identity Manager 7.0.1 Virtual Appliance does not ...)
+	TODO: check
 CVE-2018-1961
 	RESERVED
 CVE-2018-1960
@@ -67008,8 +67160,8 @@ CVE-2018-1803 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0,
 	NOT-FOR-US: IBM
 CVE-2018-1802 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
-CVE-2018-1801
-	RESERVED
+CVE-2018-1801 (IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus ...)
+	TODO: check
 CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could ...)
 	NOT-FOR-US: IBM
 CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
@@ -67260,8 +67412,8 @@ CVE-2018-1677 (IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7
 	NOT-FOR-US: IBM
 CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM Planning Analytics
-CVE-2018-1675
-	RESERVED
+CVE-2018-1675 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
+	TODO: check
 CVE-2018-1674 (IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through ...)
 	NOT-FOR-US: IBM
 CVE-2018-1673 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8d9cb3292a1c1210f33b318649eb17cc74a036e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8d9cb3292a1c1210f33b318649eb17cc74a036e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190205/0ee482d5/attachment.html>

More information about the debian-security-tracker-commits mailing list