[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 11 21:10:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba84ecfc by security tracker role at 2019-07-11T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2019-13567
+ RESERVED
+CVE-2019-13566
+ RESERVED
+CVE-2019-13565
+ RESERVED
+CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 1.5. ...)
+ TODO: check
+CVE-2019-13563 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the enti ...)
+ TODO: check
+CVE-2019-13562 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstra ...)
+ TODO: check
+CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers ...)
+ TODO: check
+CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers ...)
+ TODO: check
+CVE-2019-13559
+ RESERVED
+CVE-2019-13558
+ RESERVED
+CVE-2019-13557
+ RESERVED
+CVE-2019-13556
+ RESERVED
+CVE-2019-13555
+ RESERVED
+CVE-2019-13554
+ RESERVED
+CVE-2019-13553
+ RESERVED
+CVE-2019-13552
+ RESERVED
+CVE-2019-13551
+ RESERVED
+CVE-2019-13550
+ RESERVED
+CVE-2019-13549
+ RESERVED
+CVE-2019-13548
+ RESERVED
+CVE-2019-13547
+ RESERVED
+CVE-2019-13546
+ RESERVED
+CVE-2019-13545
+ RESERVED
+CVE-2019-13544
+ RESERVED
+CVE-2019-13543
+ RESERVED
+CVE-2019-13542
+ RESERVED
+CVE-2019-13541
+ RESERVED
+CVE-2019-13540
+ RESERVED
+CVE-2019-13539
+ RESERVED
+CVE-2019-13538
+ RESERVED
+CVE-2019-13537
+ RESERVED
+CVE-2019-13536
+ RESERVED
+CVE-2019-13535
+ RESERVED
+CVE-2019-13534
+ RESERVED
+CVE-2019-13533
+ RESERVED
+CVE-2019-13532
+ RESERVED
+CVE-2019-13531
+ RESERVED
+CVE-2019-13530
+ RESERVED
+CVE-2019-13529
+ RESERVED
+CVE-2019-13528
+ RESERVED
+CVE-2019-13527
+ RESERVED
+CVE-2019-13526
+ RESERVED
+CVE-2019-13525
+ RESERVED
+CVE-2019-13524
+ RESERVED
+CVE-2019-13523
+ RESERVED
+CVE-2019-13522
+ RESERVED
+CVE-2019-13521
+ RESERVED
+CVE-2019-13520
+ RESERVED
+CVE-2019-13519
+ RESERVED
+CVE-2019-13518
+ RESERVED
+CVE-2019-13517
+ RESERVED
+CVE-2019-13516
+ RESERVED
+CVE-2019-13515
+ RESERVED
+CVE-2019-13514
+ RESERVED
+CVE-2019-13513
+ RESERVED
+CVE-2019-13512
+ RESERVED
+CVE-2019-13511
+ RESERVED
+CVE-2019-13510
+ RESERVED
+CVE-2019-13509
+ RESERVED
+CVE-2019-13508
+ RESERVED
+CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...)
+ TODO: check
+CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandle ...)
+ TODO: check
+CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...)
+ TODO: check
CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...)
TODO: check
CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...)
@@ -1149,8 +1275,8 @@ CVE-2019-13032 (An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL
NOTE: Negligible security impact
CVE-2019-13030
RESERVED
-CVE-2019-13029
- RESERVED
+CVE-2019-13029 (Multiple stored Cross-site scripting (XSS) issues in the admin panel a ...)
+ TODO: check
CVE-2019-13028 (An incorrect implementation of a local web server in eID client (Windo ...)
NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic)
CVE-2019-13027
@@ -1658,8 +1784,7 @@ CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation erro
NOT-FOR-US: OrangeHRM
CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via t ...)
NOT-FOR-US: "Count per Day" plugin for WordPress
-CVE-2019-12838 [security issue related to the sacctmgr archive load]
- RESERVED
+CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
- slurm-llnl <unfixed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
CVE-2019-12837
@@ -2245,12 +2370,12 @@ CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows S
NOT-FOR-US: SuiteCRM
CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
NOT-FOR-US: SuiteCRM
-CVE-2019-12597
- RESERVED
-CVE-2019-12596
- RESERVED
-CVE-2019-12595
- RESERVED
+CVE-2019-12597 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
+ TODO: check
+CVE-2019-12596 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
+ TODO: check
+CVE-2019-12595 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
+ TODO: check
CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
{DSA-4478-1 DLA-1845-1}
- dosbox <unfixed> (bug #931222)
@@ -2362,14 +2487,14 @@ CVE-2019-12542 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.
NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-12541 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk
-CVE-2019-12540
- RESERVED
-CVE-2019-12539
- RESERVED
+CVE-2019-12540 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Th ...)
+ TODO: check
+CVE-2019-12539 (An issue was discovered in the Purchase component of Zoho ManageEngine ...)
+ TODO: check
CVE-2019-12538 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk
-CVE-2019-12537
- RESERVED
+CVE-2019-12537 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
+ TODO: check
CVE-2019-12536
RESERVED
CVE-2019-12535
@@ -2384,16 +2509,16 @@ CVE-2019-12531
RESERVED
CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
NOT-FOR-US: Dashboard plugin for GLPI
-CVE-2019-12529
- RESERVED
+CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...)
+ TODO: check
CVE-2019-12528
RESERVED
-CVE-2019-12527
- RESERVED
+CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...)
+ TODO: check
CVE-2019-12526
RESERVED
-CVE-2019-12525
- RESERVED
+CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through ...)
+ TODO: check
CVE-2019-12524
RESERVED
CVE-2019-12523
@@ -2856,8 +2981,8 @@ CVE-2019-12365
RESERVED
CVE-2019-12364
RESERVED
-CVE-2019-12363
- RESERVED
+CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2 ...)
+ TODO: check
CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doacti ...)
NOT-FOR-US: EmpireCMS
CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.ph ...)
@@ -5714,8 +5839,8 @@ CVE-2019-11270
RESERVED
CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
NOT-FOR-US: Spring Security OAuth
-CVE-2019-11268
- RESERVED
+CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
+ TODO: check
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
{DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1}
- drupal7 <removed> (bug #927330)
@@ -6219,8 +6344,8 @@ CVE-2019-11064
RESERVED
CVE-2019-11063
RESERVED
-CVE-2019-11062
- RESERVED
+CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...)
+ TODO: check
CVE-2019-11061
RESERVED
CVE-2019-11060
@@ -7372,8 +7497,8 @@ CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL injection
NOT-FOR-US: Hsycms
CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...)
NOT-FOR-US: flatCore
-CVE-2019-10651
- RESERVED
+CVE-2019-10651 (An issue was discovered in the Core Server in Ivanti Endpoint Manager ...)
+ TODO: check
CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in ...)
{DSA-4436-1 DLA-1785-1}
- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #926091)
@@ -7986,30 +8111,30 @@ CVE-2019-10353
RESERVED
CVE-2019-10352
RESERVED
-CVE-2019-10351
- RESERVED
-CVE-2019-10350
- RESERVED
-CVE-2019-10349
- RESERVED
-CVE-2019-10348
- RESERVED
-CVE-2019-10347
- RESERVED
-CVE-2019-10346
- RESERVED
+CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in job config ...)
+ TODO: check
+CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted in job co ...)
+ TODO: check
+CVE-2019-10349 (A stored cross site scripting vulnerability in Jenkins Dependency Grap ...)
+ TODO: check
+CVE-2019-10348 (Jenkins Gogs Plugin stored credentials unencrypted in job config.xml f ...)
+ TODO: check
+CVE-2019-10347 (Jenkins Mashup Portlets Plugin stored credentials unencrypted on the J ...)
+ TODO: check
+CVE-2019-10346 (A reflected cross site scripting vulnerability in Jenkins Embeddable B ...)
+ TODO: check
CVE-2019-10345
RESERVED
CVE-2019-10344
RESERVED
CVE-2019-10343
RESERVED
-CVE-2019-10342
- RESERVED
-CVE-2019-10341
- RESERVED
-CVE-2019-10340
- RESERVED
+CVE-2019-10342 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...)
+ TODO: check
+CVE-2019-10341 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...)
+ TODO: check
+CVE-2019-10340 (A cross-site request forgery vulnerability in Jenkins Docker Plugin 1. ...)
+ TODO: check
CVE-2019-10339 (A missing permission check in Jenkins JX Resources Plugin 1.0.36 and e ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10338 (A cross-site request forgery vulnerability in Jenkins JX Resources Plu ...)
@@ -8368,11 +8493,9 @@ CVE-2019-10196
NOT-FOR-US: nodejs-http-proxy-agent
CVE-2019-10195
RESERVED
-CVE-2019-10194
- RESERVED
+CVE-2019-10194 (Sensitive passwords used in deployment and configuration of oVirt Metr ...)
NOT-FOR-US: ovirt-engine-metrics
-CVE-2019-10193 [Stack buffer overflow]
- RESERVED
+CVE-2019-10193 (A stack-buffer overflow vulnerability was found in the Redis hyperlogl ...)
- redis 5:5.0.4-1 (bug #931625)
[stretch] - redis <not-affected> (vulnerable code added later)
[jessie] - redis <not-affected> (vulnerable code added later)
@@ -8381,8 +8504,7 @@ CVE-2019-10193 [Stack buffer overflow]
NOTE: https://github.com/antirez/redis/issues/6215 (upstream announcement)
NOTE: https://github.com/antirez/redis/commit/a4b90be9fcd5e1668ac941cabce3b1ab38dbe326 (master)
NOTE: https://github.com/antirez/redis/commit/12b5ff109508c2a192f700c7738da7e7f09670f1 (5.0.4)
-CVE-2019-10192 [Heap buffer overflow]
- RESERVED
+CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis hyperloglo ...)
{DLA-1850-1}
- redis 5:5.0.4-1 (bug #931625)
NOTE: https://github.com/antirez/redis/issues/6215 (upstream announcement)
@@ -8594,8 +8716,7 @@ CVE-2019-10137 (A path traversal flaw was found in spacewalk-proxy, all versions
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2019-10136 (It was found that Spacewalk, all versions through 2.9, did not safely ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2019-10135
- RESERVED
+CVE-2019-10135 (A flaw was found in the yaml.load() function in the osbs-client versio ...)
NOTE: OpenShift Build Service client
CVE-2019-10134 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...)
- moodle <removed>
@@ -9915,8 +10036,8 @@ CVE-2019-1010005
RESERVED
CVE-2019-1010004
RESERVED
-CVE-2019-1010003
- RESERVED
+CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS ...)
+ TODO: check
CVE-2019-1010002
RESERVED
CVE-2019-1010001
@@ -9931,8 +10052,8 @@ CVE-2019-9893 (libseccomp before 2.4.0 did not correctly generate 64-bit syscall
NOTE: No security issue by itself
CVE-2019-9887
RESERVED
-CVE-2019-9886
- RESERVED
+CVE-2019-9886 (Any URLs with download_attachment.php under templates or home folders ...)
+ TODO: check
CVE-2019-9885
RESERVED
CVE-2019-9884
@@ -10670,8 +10791,8 @@ CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...)
NOTE: https://github.com/checkstyle/checkstyle/issues/6478
NOTE: https://github.com/checkstyle/checkstyle/pull/6476
NOTE: https://github.com/checkstyle/checkstyle/commit/180b4fe37a2249d4489d584505f2b7b3ab162ec6
-CVE-2019-9657
- RESERVED
+CVE-2019-9657 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a d ...)
+ TODO: check
CVE-2019-9656 (An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dere ...)
- libofx <unfixed> (unimportant; bug #924350)
NOTE: https://github.com/libofx/libofx/issues/22
@@ -17357,8 +17478,8 @@ CVE-2019-7005
RESERVED
CVE-2019-7004
RESERVED
-CVE-2019-7003
- RESERVED
+CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...)
+ TODO: check
CVE-2019-7002
RESERVED
CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
@@ -24481,8 +24602,7 @@ CVE-2019-3890
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678313
NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/commit/915226eca9454b8b3e5adb6f2fff9698451778de
NOTE: Depends on evolution-data-server patch: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/6672b8236139bd6ef41ecb915f4c72e2a052dba5
-CVE-2019-3889
- RESERVED
+CVE-2019-3889 (A reflected XSS vulnerability exists in authorization flow of OpenShif ...)
NOT-FOR-US: OpenShift
CVE-2019-3888 (A vulnerability was found in Undertow web server before 2.0.21. An inf ...)
- undertow <unfixed> (bug #930349)
@@ -24644,7 +24764,7 @@ CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds wri
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3854
- RESERVED
+ REJECTED
CVE-2019-3853
RESERVED
CVE-2019-3852 (A vulnerability was found in moodle before version 3.6.3. The get_with ...)
@@ -34917,8 +35037,8 @@ CVE-2018-19590
RESERVED
CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
NOT-FOR-US: Utimaco CryptoServer HSM
-CVE-2018-19588
- RESERVED
+CVE-2018-19588 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. ...)
+ TODO: check
CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
@@ -42298,12 +42418,12 @@ CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contai
NOTE: PoC: https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig
CVE-2018-17153 (It was discovered that the Western Digital My Cloud device before 2.30 ...)
NOT-FOR-US: Western Digital My Cloud device
-CVE-2018-17152
- RESERVED
-CVE-2018-17151
- RESERVED
-CVE-2018-17150
- RESERVED
+CVE-2018-17152 (Intersystems Cache 2017.2.2.865.0 allows XXE. ...)
+ TODO: check
+CVE-2018-17151 (Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. ...)
+ TODO: check
+CVE-2018-17150 (Intersystems Cache 2017.2.2.865.0 allows XSS. ...)
+ TODO: check
CVE-2018-17149
RESERVED
CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to credential di ...)
@@ -56563,8 +56683,8 @@ CVE-2018-11746 (In Puppet Discovery prior to 1.2.0, when running Discovery again
NOT-FOR-US: Puppet Discovery
CVE-2018-11745
RESERVED
-CVE-2018-11744
- RESERVED
+CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control. ...)
+ TODO: check
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_cop ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #900845)
[stretch] - mruby <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba84ecfc33c80257c96cedf6c4820cd60605621e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba84ecfc33c80257c96cedf6c4820cd60605621e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190711/79b6551f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list