[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 3 21:10:48 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6fded050 by security tracker role at 2019-07-03T20:10:37Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-13194
+ RESERVED
+CVE-2019-13193
+ RESERVED
+CVE-2019-13192
+ RESERVED
+CVE-2019-13191
+ RESERVED
+CVE-2019-13190
+ RESERVED
+CVE-2019-13189
+ RESERVED
+CVE-2019-13188
+ RESERVED
+CVE-2019-13187
+ RESERVED
+CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php. An a ...)
+ TODO: check
+CVE-2019-13185
+ RESERVED
+CVE-2019-13184
+ RESERVED
CVE-2019-13183
RESERVED
CVE-2019-13182
@@ -44,8 +66,7 @@ CVE-2019-13166
RESERVED
CVE-2019-13165
RESERVED
-CVE-2019-13164 [qemu-bridge-helper ACL bypassed with long interface names]
- RESERVED
+CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...)
- qemu <unfixed> (bug #931351)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
@@ -810,10 +831,10 @@ CVE-2019-12869 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86,
NOT-FOR-US: PHOENIX CONTACT PC Worx
CVE-2019-12868 (app/Model/Server.php in MISP 2.4.109 allows remote command execution b ...)
NOT-FOR-US: MISP
-CVE-2019-12867
- RESERVED
-CVE-2019-12866
- RESERVED
+CVE-2019-12867 (Certain actions could cause privilege escalation for issue attachments ...)
+ TODO: check
+CVE-2019-12866 (An Insecure Direct Object Reference, with Authorization Bypass through ...)
+ TODO: check
CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...)
- radare2 <unfixed> (bug #930704)
[buster] - radare2 <no-dsa> (Minor issue)
@@ -856,16 +877,16 @@ CVE-2019-12853
RESERVED
CVE-2019-12852
RESERVED
-CVE-2019-12851
- RESERVED
-CVE-2019-12850
- RESERVED
+CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...)
+ TODO: check
+CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...)
+ TODO: check
CVE-2019-12849
RESERVED
CVE-2019-12848
RESERVED
-CVE-2019-12847
- RESERVED
+CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...)
+ TODO: check
CVE-2019-12846
RESERVED
CVE-2019-12845
@@ -1522,8 +1543,8 @@ CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet Acces
NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client
CVE-2019-12571
RESERVED
-CVE-2019-12570
- RESERVED
+CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Status by ...)
+ TODO: check
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...)
NOT-FOR-US: Viber
CVE-2019-12568
@@ -6370,16 +6391,16 @@ CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.
NOTE: https://hg.tryton.org/trytond/rev/f58bbfe0aefb
CVE-2019-10722
RESERVED
-CVE-2019-10721
- RESERVED
+CVE-2019-10721 (BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the Retur ...)
+ TODO: check
CVE-2019-10720 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...)
NOT-FOR-US: BlogEngine.NET
CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...)
NOT-FOR-US: BlogEngine.NET
CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind In ...)
NOT-FOR-US: BlogEngine.NET
-CVE-2019-10717
- RESERVED
+CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via ...)
+ TODO: check
CVE-2019-10716
RESERVED
CVE-2019-10715
@@ -7537,8 +7558,7 @@ CVE-2019-10185
RESERVED
CVE-2019-10184
RESERVED
-CVE-2019-10183 [unattended option leaks password via command line argument]
- RESERVED
+CVE-2019-10183 (Virt-install(1) utility used to provision new virtual machines has int ...)
- virt-manager <not-affected> (Vulnerable code introduced in v2.2.0)
NOTE: https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
CVE-2019-10182
@@ -7724,7 +7744,7 @@ CVE-2019-10138
NOT-FOR-US: python-novajoin plugin for OpenStack
CVE-2019-10137 (A path traversal flaw was found in spacewalk-proxy, all versions throu ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2019-10136 (It was found that Spacewalk, all versions through 2.8, did not safely ...)
+CVE-2019-10136 (It was found that Spacewalk, all versions through 2.9, did not safely ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2019-10135
RESERVED
@@ -7828,16 +7848,16 @@ CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Nam
NOT-FOR-US: CMS Made Simple
CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Des ...)
NOT-FOR-US: CMS Made Simple
-CVE-2019-10104
- RESERVED
+CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...)
+ TODO: check
CVE-2019-10103
RESERVED
CVE-2019-10102
RESERVED
CVE-2019-10101
RESERVED
-CVE-2019-10100
- RESERVED
+CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...)
+ TODO: check
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated ...)
@@ -9078,10 +9098,10 @@ CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Site
NOT-FOR-US: Sitecore CMS
CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...)
NOT-FOR-US: Sitecore CMS
-CVE-2019-9873
- RESERVED
-CVE-2019-9872
- RESERVED
+CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ...)
+ TODO: check
+CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating run ...)
+ TODO: check
CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...)
NOT-FOR-US: Jector Smart TV FM-K75 devices
CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...)
@@ -9229,8 +9249,8 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html
NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
-CVE-2019-9823
- RESERVED
+CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...)
+ TODO: check
CVE-2019-9822
RESERVED
CVE-2019-9821
@@ -10968,8 +10988,8 @@ CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.2019
NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=67543ce
NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c
NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
-CVE-2019-9186
- RESERVED
+CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ...)
+ TODO: check
CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt befo ...)
NOT-FOR-US: Bolt CMS
CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)
@@ -16100,8 +16120,7 @@ CVE-2019-7167 (Zcash, before the Sapling network upgrade (2018-10-28), had a cou
NOT-FOR-US: Zcash
CVE-2019-7166
RESERVED
-CVE-2019-7165
- RESERVED
+CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitra ...)
- dosbox <unfixed> (bug #931222)
NOTE: Fixed in 0.74-3 upstream.
CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injecti ...)
@@ -17326,40 +17345,40 @@ CVE-2019-6643
RESERVED
CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2019-6641
- RESERVED
-CVE-2019-6640
- RESERVED
-CVE-2019-6639
- RESERVED
-CVE-2019-6638
- RESERVED
-CVE-2019-6637
- RESERVED
-CVE-2019-6636
- RESERVED
-CVE-2019-6635
- RESERVED
-CVE-2019-6634
- RESERVED
-CVE-2019-6633
- RESERVED
-CVE-2019-6632
- RESERVED
-CVE-2019-6631
- RESERVED
-CVE-2019-6630
- RESERVED
-CVE-2019-6629
- RESERVED
-CVE-2019-6628
- RESERVED
-CVE-2019-6627
- RESERVED
-CVE-2019-6626
- RESERVED
-CVE-2019-6625
- RESERVED
+CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl RES ...)
+ TODO: check
+CVE-2019-6640 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
+ TODO: check
+CVE-2019-6639 (On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...)
+ TODO: check
+CVE-2019-6638 (On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests ...)
+ TODO: check
+CVE-2019-6637 (On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and ...)
+ TODO: check
+CVE-2019-6636 (On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...)
+ TODO: check
+CVE-2019-6635 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
+ TODO: check
+CVE-2019-6634 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
+ TODO: check
+CVE-2019-6633 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
+ TODO: check
+CVE-2019-6632 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
+ TODO: check
+CVE-2019-6631 (On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation ma ...)
+ TODO: check
+CVE-2019-6630 (On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclose ...)
+ TODO: check
+CVE-2019-6629 (On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server ...)
+ TODO: check
+CVE-2019-6628 (On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain condi ...)
+ TODO: check
+CVE-2019-6627 (On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to ...)
+ TODO: check
+CVE-2019-6626 (On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0 ...)
+ TODO: check
+CVE-2019-6625 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
+ TODO: check
CVE-2019-6624 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6623 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
@@ -19983,8 +20002,8 @@ CVE-2019-5632
RESERVED
CVE-2019-5631
RESERVED
-CVE-2019-5630
- RESERVED
+CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 ...)
+ TODO: check
CVE-2019-5629
RESERVED
CVE-2019-5628
@@ -20039,12 +20058,12 @@ CVE-2019-5604
RESERVED
CVE-2019-5603
RESERVED
-CVE-2019-5602
- RESERVED
-CVE-2019-5601
- RESERVED
-CVE-2019-5600
- RESERVED
+CVE-2019-5602 (In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5601 (In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5600 (In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
CVE-2019-5599 (In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-REL ...)
- kfreebsd-10 <not-affected> (Only affects FreeBSD 12)
CVE-2019-5598 (In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...)
@@ -21180,10 +21199,10 @@ CVE-2019-5054
RESERVED
CVE-2019-5053
RESERVED
-CVE-2019-5052
- RESERVED
-CVE-2019-5051
- RESERVED
+CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...)
+ TODO: check
+CVE-2019-5051 (An exploitable heap-based buffer overflow vulnerability exists when lo ...)
+ TODO: check
CVE-2019-5050
RESERVED
CVE-2019-5049
@@ -24356,8 +24375,8 @@ CVE-2019-3621
RESERVED
CVE-2019-3620
RESERVED
-CVE-2019-3619
- RESERVED
+CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAfee eP ...)
+ TODO: check
CVE-2019-3618
RESERVED
CVE-2019-3617
@@ -38312,10 +38331,10 @@ CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation
NOT-FOR-US: Trend Micro
CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
NOT-FOR-US: Trend Micro
-CVE-2018-18326
- RESERVED
-CVE-2018-18325
- RESERVED
+CVE-2018-18326 (DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption ...)
+ TODO: check
+CVE-2018-18325 (DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorith ...)
+ TODO: check
CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via t ...)
NOT-FOR-US: CentOS Web Panel
CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local Fil ...)
@@ -44711,8 +44730,8 @@ CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() i
NOTE: https://sourceforge.net/p/podofo/tickets/27/
CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering ordinary use ...)
NOT-FOR-US: ASPCMS
-CVE-2017-18346
- RESERVED
+CVE-2017-18346 (SQL injection vulnerability in /wbg/core/_includes/authorization.inc.p ...)
+ TODO: check
CVE-2015-9265
REJECTED
CVE-2015-9264 (Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute ...)
@@ -44995,10 +45014,10 @@ CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at
NOT-FOR-US: FastStone Image Viewer
CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
NOT-FOR-US: FastStone Image Viewer
-CVE-2018-15812
- RESERVED
-CVE-2018-15811
- RESERVED
+CVE-2018-15812 (DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption ...)
+ TODO: check
+CVE-2018-15811 (DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorith ...)
+ TODO: check
CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory travers ...)
NOT-FOR-US: Visiology Flipbox Software Suite
CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Mo ...)
@@ -47216,22 +47235,22 @@ CVE-2018-14868 (Incorrect access control in the Password Encryption module in Od
NOT-FOR-US: Odoo
CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...)
NOT-FOR-US: Odoo
-CVE-2018-14866
- RESERVED
-CVE-2018-14865
- RESERVED
-CVE-2018-14864
- RESERVED
-CVE-2018-14863
- RESERVED
-CVE-2018-14862
- RESERVED
-CVE-2018-14861
- RESERVED
-CVE-2018-14860
- RESERVED
-CVE-2018-14859
- RESERVED
+CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...)
+ TODO: check
+CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo ...)
+ TODO: check
+CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...)
+ TODO: check
+CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...)
+ TODO: check
+CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...)
+ TODO: check
+CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo ...)
+ TODO: check
+CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...)
+ TODO: check
+CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...)
+ TODO: check
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...)
@@ -52676,8 +52695,8 @@ CVE-2018-12717
RESERVED
CVE-2018-12716 (The API service on Google Home and Chromecast devices before mid-July ...)
NOT-FOR-US: Google services
-CVE-2018-12715
- RESERVED
+CVE-2018-12715 (DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid ...)
+ TODO: check
CVE-2018-12714 (An issue was discovered in the Linux kernel through 4.17.2. The filter ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1
@@ -54292,8 +54311,8 @@ CVE-2018-12252
RESERVED
CVE-2018-12251
RESERVED
-CVE-2018-12250
- RESERVED
+CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.p ...)
+ TODO: check
CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #901652)
[stretch] - mruby <no-dsa> (Minor issue)
@@ -55889,8 +55908,8 @@ CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-sit
NOT-FOR-US: Ignite Realtime Openfire
CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart contract ...)
NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR)
-CVE-2018-11686
- RESERVED
+CVE-2018-11686 (The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allow ...)
+ TODO: check
CVE-2018-11685 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compi ...)
- liblouis 3.5.0-3
[stretch] - liblouis 3.0.0-3+deb9u4
@@ -56567,22 +56586,22 @@ CVE-2018-11429 (ATLANT (ATL) is a smart contract running on Ethereum. The mint f
NOT-FOR-US: smart contract
CVE-2018-11428
RESERVED
-CVE-2018-11427
- RESERVED
-CVE-2018-11426
- RESERVED
-CVE-2018-11425
- RESERVED
-CVE-2018-11424
- RESERVED
-CVE-2018-11423
- RESERVED
-CVE-2018-11422
- RESERVED
-CVE-2018-11421
- RESERVED
-CVE-2018-11420
- RESERVED
+CVE-2018-11427 (CSRF tokens are not used in the web application of Moxa OnCell G3100-H ...)
+ TODO: check
+CVE-2018-11426 (A weak Cookie parameter is used in the web application of Moxa OnCell ...)
+ TODO: check
+CVE-2018-11425 (Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Serie ...)
+ TODO: check
+CVE-2018-11424 (There is Memory corruption in the web interface of Moxa OnCell G3470A- ...)
+ TODO: check
+CVE-2018-11423 (There is Memory corruption in the web interface Moxa OnCell G3100-HSPA ...)
+ TODO: check
+CVE-2018-11422 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
+ TODO: check
+CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
+ TODO: check
+CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...)
+ TODO: check
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
NOT-FOR-US: JerryScript
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
@@ -56910,8 +56929,8 @@ CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and e
NOTE: https://www.bouncycastle.org/jira/browse/BJA-694
CVE-2018-11318
RESERVED
-CVE-2018-11317
- RESERVED
+CVE-2018-11317 (Subrion CMS before 4.1.4 has XSS. ...)
+ TODO: check
CVE-2018-11316 (The UPnP HTTP server on Sonos wireless speaker products allow unauthor ...)
NOT-FOR-US: Sonos
CVE-2018-11315 (The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below ...)
@@ -57182,8 +57201,8 @@ CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, an
NOT-FOR-US: Crestron devices
CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
NOT-FOR-US: Crestron devices
-CVE-2018-11227
- RESERVED
+CVE-2018-11227 (Monstra CMS before 3.0.4 has XSS via index.php. ...)
+ TODO: check
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 mishand ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/144
@@ -57215,8 +57234,8 @@ CVE-2018-11217
RESERVED
CVE-2018-11216
RESERVED
-CVE-2018-11215
- RESERVED
+CVE-2018-11215 (Remote code execution is possible in Cloudera Data Science Workbench v ...)
+ TODO: check
CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row function i ...)
{DLA-1638-1}
- libjpeg9 1:9c-1 (low; bug #902176)
@@ -57759,8 +57778,8 @@ CVE-2018-10988 (An issue was discovered on Diqee Diqee360 devices. A firmware up
NOT-FOR-US: Diqee
CVE-2018-10987 (An issue was discovered on Dongguan Diqee Diqee360 devices. The affect ...)
NOT-FOR-US: Diqee
-CVE-2018-10986
- RESERVED
+CVE-2018-10986 (OX Guard 2.8.0 has CSRF. ...)
+ TODO: check
CVE-2018-10985
RESERVED
CVE-2018-10984
@@ -78169,8 +78188,8 @@ CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traver
- awstats 7.6+dfsg-2 (bug #885835)
NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
-CVE-2017-17972
- RESERVED
+CVE-2017-17972 (packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the ...)
+ TODO: check
CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php in Doli ...)
- dolibarr <removed> (bug #885828)
NOTE: https://github.com/Dolibarr/dolibarr/issues/8000
@@ -113071,12 +113090,12 @@ CVE-2017-9329
RESERVED
CVE-2017-9328 (Shell metacharacter injection vulnerability in /usr/www/include/ajax/G ...)
NOT-FOR-US: TerraMaster TOS
-CVE-2017-9327
- RESERVED
-CVE-2017-9326
- RESERVED
-CVE-2017-9325
- RESERVED
+CVE-2017-9327 (Secret data of processes managed by CM is not secured by file permissi ...)
+ TODO: check
+CVE-2017-9326 (The keystore password for the Spark History Server may be exposed in u ...)
+ TODO: check
+CVE-2017-9325 (The provided secure solrconfig.xml sample configuration does not enfor ...)
+ TODO: check
CVE-2017-9334 (An incorrect "pair?" check in the Scheme "length" procedure results in ...)
- chicken 4.12.0-0.2 (low; bug #863884)
[stretch] - chicken <no-dsa> (Minor issue)
@@ -121139,8 +121158,8 @@ CVE-2017-6902
REJECTED
CVE-2017-6901
RESERVED
-CVE-2017-6900
- RESERVED
+CVE-2017-6900 (An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue ...)
+ TODO: check
CVE-2017-6899 (The msm_bus_dbg_update_request_write function in drivers/platform/msm/ ...)
NOT-FOR-US: android_kernel_huawei_msm8916 in LineageOS (and other kernels for MSM devices)
CVE-2017-6898
@@ -123250,8 +123269,8 @@ CVE-2017-6218
RESERVED
CVE-2017-6217
RESERVED
-CVE-2017-6216
- RESERVED
+CVE-2017-6216 (novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a ref ...)
+ TODO: check
CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the sampl ...)
NOT-FOR-US: PayPal permissions-sdk-php
CVE-2017-6213 (paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fded050f3b7bf2aabca44cb812053e3d6a70cc0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fded050f3b7bf2aabca44cb812053e3d6a70cc0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190703/b75a0832/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list