[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jul 18 09:10:26 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7795d274 by security tracker role at 2019-07-18T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-13647 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
+	TODO: check
+CVE-2019-13646 (Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack ...)
+	TODO: check
+CVE-2019-13645 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
+	TODO: check
+CVE-2019-13644 (Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of ...)
+	TODO: check
+CVE-2019-13643 (Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute  ...)
+	TODO: check
+CVE-2019-13642
+	RESERVED
+CVE-2019-13641
+	RESERVED
+CVE-2019-13640 (In qBittorrent before 4.1.7, the function Application::runExternalProg ...)
+	TODO: check
+CVE-2019-13639
+	RESERVED
+CVE-2019-13638
+	RESERVED
+CVE-2019-13637 (In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbit ...)
+	TODO: check
+CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishandled in ...)
+	TODO: check
+CVE-2019-13635
+	RESERVED
+CVE-2019-13634
+	RESERVED
 CVE-2019-13633
 	RESERVED
 CVE-2019-13632
@@ -29,8 +57,7 @@ CVE-2019-13621
 	RESERVED
 CVE-2019-13620
 	RESERVED
-CVE-2019-13619 [ASN.1 BER and related dissectors crash]
-	RESERVED
+CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the  ...)
 	- wireshark 2.6.10-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
@@ -1114,8 +1141,8 @@ CVE-2019-13579
 	RESERVED
 CVE-2019-13578
 	RESERVED
-CVE-2019-13577
-	RESERVED
+CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...)
+	TODO: check
 CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
 	- python3.7 3.7.3~rc1-1
 	- python3.5 <removed>
@@ -1300,8 +1327,8 @@ CVE-2019-13495
 	RESERVED
 CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
 	NOT-FOR-US: Castle Rock SNMPc
-CVE-2019-13493
-	RESERVED
+CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library ...)
+	TODO: check
 CVE-2019-13492
 	RESERVED
 CVE-2019-13491
@@ -1403,10 +1430,10 @@ CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312
 	NOT-FOR-US: Zoom Client and RingCentral on MacOS
 CVE-2019-13449 (In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a ...)
 	NOT-FOR-US: Zoom Client on macOS
-CVE-2019-13448
-	RESERVED
-CVE-2019-13447
-	RESERVED
+CVE-2019-13448 (An issue was discovered in Sertek Xpare 3.67. The login form does not  ...)
+	TODO: check
+CVE-2019-13447 (An issue was discovered in Sertek Xpare 3.67. The login form does not  ...)
+	TODO: check
 CVE-2019-13446
 	REJECTED
 CVE-2019-13445
@@ -2775,14 +2802,14 @@ CVE-2019-12916
 	RESERVED
 CVE-2019-12915
 	RESERVED
-CVE-2019-12914
-	RESERVED
-CVE-2019-12913
-	RESERVED
-CVE-2019-12912
-	RESERVED
-CVE-2019-12911
-	RESERVED
+CVE-2019-12914 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...)
+	TODO: check
+CVE-2019-12913 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...)
+	TODO: check
+CVE-2019-12912 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...)
+	TODO: check
+CVE-2019-12911 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...)
+	TODO: check
 CVE-2019-12910
 	RESERVED
 CVE-2019-12909
@@ -2866,8 +2893,8 @@ CVE-2019-12878
 	RESERVED
 CVE-2019-12877
 	RESERVED
-CVE-2019-12876
-	RESERVED
+CVE-2019-12876 (Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and De ...)
+	TODO: check
 CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged member of the ...)
 	NOT-FOR-US: Alpine Linux
 CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demux/mkv/ ...)
@@ -4881,7 +4908,7 @@ CVE-2019-12104
 	RESERVED
 CVE-2019-12103
 	RESERVED
-CVE-2019-12102 (Kentico 11 through 12 lets attackers upload and explore files without  ...)
+CVE-2019-12102 (** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore ...)
 	NOT-FOR-US: Kentico
 CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain ...)
 	NOT-FOR-US: LibNyoci
@@ -5586,10 +5613,10 @@ CVE-2019-11774
 	RESERVED
 CVE-2019-11773
 	RESERVED
-CVE-2019-11772
-	RESERVED
-CVE-2019-11771
-	RESERVED
+CVE-2019-11772 (In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], ...)
+	TODO: check
+CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which ...)
+	TODO: check
 CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files indicate ...)
 	NOT-FOR-US: Eclipse Buildship
 CVE-2019-11769
@@ -6369,8 +6396,8 @@ CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /uploa
 	NOT-FOR-US: osTicket
 CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3 ...)
 	NOT-FOR-US: Kalki Kalkitech
-CVE-2019-11535
-	RESERVED
+CVE-2019-11535 (Unsanitized user input in the web interface for Linksys WiFi extender  ...)
+	TODO: check
 CVE-2019-11534
 	RESERVED
 CVE-2019-11533 (Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 a ...)
@@ -10731,16 +10758,16 @@ CVE-2019-1010289
 	RESERVED
 CVE-2019-1010288
 	RESERVED
-CVE-2019-1010287
-	RESERVED
+CVE-2019-1010287 (Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Script ...)
+	TODO: check
 CVE-2019-1010286
 	RESERVED
 CVE-2019-1010285
 	RESERVED
 CVE-2019-1010284
 	RESERVED
-CVE-2019-1010283
-	RESERVED
+CVE-2019-1010283 (Univention Corporate Server univention-directory-notifier 12.0.1-3 and ...)
+	TODO: check
 CVE-2019-1010282
 	RESERVED
 CVE-2019-1010281
@@ -10755,8 +10782,8 @@ CVE-2019-1010277
 	RESERVED
 CVE-2019-1010276
 	RESERVED
-CVE-2019-1010275
-	RESERVED
+CVE-2019-1010275 (helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Valida ...)
+	TODO: check
 CVE-2019-1010274
 	RESERVED
 CVE-2019-1010273
@@ -10773,14 +10800,14 @@ CVE-2019-1010268
 	RESERVED
 CVE-2019-1010267
 	RESERVED
-CVE-2019-1010266
-	RESERVED
+CVE-2019-1010266 (lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource  ...)
+	TODO: check
 CVE-2019-1010265
 	RESERVED
 CVE-2019-1010264
 	RESERVED
-CVE-2019-1010263
-	RESERVED
+CVE-2019-1010263 (Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Contro ...)
+	TODO: check
 CVE-2019-1010262
 	RESERVED
 CVE-2019-1010261
@@ -13266,7 +13293,7 @@ CVE-2019-9189 (On Prima Systems FlexAir devices through 2.4.9api3, an authentica
 	NOT-FOR-US: Prima Systems FlexAir devices
 CVE-2019-9188
 	RESERVED
-CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226  ...)
+CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228  ...)
 	{DSA-4399-1 DLA-1716-1}
 	- ikiwiki 3.20190228-1
 	NOTE: https://ikiwiki.info/security/#cve-2019-9187
@@ -14092,10 +14119,10 @@ CVE-2019-8933 (In DedeCMS 5.7SP2, attackers can upload a .php file to the upload
 CVE-2019-8935 (Collabtive 3.1 allows XSS via the manageuser.php?action=profile id par ...)
 	- collabtive <removed>
 	[jessie] - collabtive <ignored> (Minor issue)
-CVE-2019-8932
-	RESERVED
-CVE-2019-8931
-	RESERVED
+CVE-2019-8932 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...)
+	TODO: check
+CVE-2019-8931 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...)
+	TODO: check
 CVE-2019-8930
 	RESERVED
 CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
@@ -23160,8 +23187,8 @@ CVE-2019-5224
 	RESERVED
 CVE-2019-5223
 	RESERVED
-CVE-2019-5222
-	RESERVED
+CVE-2019-5222 (There is an information disclosure vulnerability on Secure Input of ce ...)
+	TODO: check
 CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software  ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...)
@@ -25706,16 +25733,16 @@ CVE-2019-3975
 	RESERVED
 CVE-2019-3974
 	RESERVED
-CVE-2019-3973
-	RESERVED
-CVE-2019-3972
-	RESERVED
-CVE-2019-3971
-	RESERVED
-CVE-2019-3970
-	RESERVED
-CVE-2019-3969
-	RESERVED
+CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Deni ...)
+	TODO: check
+CVE-2019-3972 (Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Deni ...)
+	TODO: check
+CVE-2019-3971 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local  ...)
+	TODO: check
+CVE-2019-3970 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrar ...)
+	TODO: check
+CVE-2019-3969 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Pr ...)
+	TODO: check
 CVE-2019-3968
 	RESERVED
 CVE-2019-3967
@@ -32622,14 +32649,14 @@ CVE-2019-1945
 	RESERVED
 CVE-2019-1944
 	RESERVED
-CVE-2019-1943
-	RESERVED
-CVE-2019-1942
-	RESERVED
-CVE-2019-1941
-	RESERVED
-CVE-2019-1940
-	RESERVED
+CVE-2019-1943 (A vulnerability in the web interface of Cisco Small Business 200, 300, ...)
+	TODO: check
+CVE-2019-1942 (A vulnerability in the sponsor portal web interface for Cisco Identity ...)
+	TODO: check
+CVE-2019-1941 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
+CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA) feature of ...)
+	TODO: check
 CVE-2019-1939
 	RESERVED
 CVE-2019-1938
@@ -32662,20 +32689,20 @@ CVE-2019-1925
 	RESERVED
 CVE-2019-1924
 	RESERVED
-CVE-2019-1923
-	RESERVED
+CVE-2019-1923 (A vulnerability in Cisco Small Business SPA500 Series IP Phones could  ...)
+	TODO: check
 CVE-2019-1922 (A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1921 (A vulnerability in the attachment scanning of Cisco AsyncOS Software f ...)
 	NOT-FOR-US: Cisco
-CVE-2019-1920
-	RESERVED
-CVE-2019-1919
-	RESERVED
+CVE-2019-1920 (A vulnerability in the 802.11r Fast Transition (FT) implementation for ...)
+	TODO: check
+CVE-2019-1919 (A vulnerability in the Cisco FindIT Network Management Software virtua ...)
+	TODO: check
 CVE-2019-1918
 	RESERVED
-CVE-2019-1917
-	RESERVED
+CVE-2019-1917 (A vulnerability in the REST API interface of Cisco Vision Dynamic Sign ...)
+	TODO: check
 CVE-2019-1916
 	RESERVED
 CVE-2019-1915



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7795d274dffb3f5e2a396d657a7c5dbcd82be0ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7795d274dffb3f5e2a396d657a7c5dbcd82be0ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190718/cd54e404/attachment.html>


More information about the debian-security-tracker-commits mailing list