[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jun 1 09:10:21 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bec7a74 by security tracker role at 2019-06-01T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3696,8 +3696,8 @@ CVE-2019-10983
 	RESERVED
 CVE-2019-10982
 	RESERVED
-CVE-2019-10981
-	RESERVED
+CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulner ...)
+	TODO: check
 CVE-2019-10980
 	RESERVED
 CVE-2019-10979
@@ -5777,8 +5777,8 @@ CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux k
 	NOTE: https://git.kernel.org/linus/84c4e1f89fefe70554da0ab33be72c9be7994379
 CVE-2019-10124
 	REJECTED
-CVE-2019-10123
-	RESERVED
+CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which ...)
+	TODO: check
 CVE-2019-10122
 	RESERVED
 CVE-2019-10121
@@ -5837,8 +5837,7 @@ CVE-2019-10100
 	RESERVED
 CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
 	NOT-FOR-US: article2pdf Wordpress plugin
-CVE-2018-20815 [device_tree: heap buffer overflow while loading device tree blob]
-	RESERVED
+CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated  ...)
 	{DLA-1781-1}
 	- qemu 1:3.1+dfsg-7
 	[stretch] - qemu <postponed> (Minor issue)
@@ -5912,8 +5911,8 @@ CVE-2019-10071
 	RESERVED
 CVE-2019-10070
 	RESERVED
-CVE-2019-10069
-	RESERVED
+CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to the des ...)
+	TODO: check
 CVE-2019-10068 (An issue was discovered in Kentico before 12.0.15. Due to a failure to ...)
 	NOT-FOR-US: Kentico
 CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...)
@@ -5978,16 +5977,16 @@ CVE-2019-10050 (A buffer over-read issue was discovered in Suricata 4.1.x before
 	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2884
 	NOTE: https://github.com/OISF/suricata/commit/4609d5c80acda9adf02f8fb9a6aa8238495bfa13
-CVE-2019-10049
-	RESERVED
-CVE-2019-10048
-	RESERVED
-CVE-2019-10047
-	RESERVED
-CVE-2019-10046
-	RESERVED
-CVE-2019-10045
-	RESERVED
+CVE-2019-10049 (It is possible for an attacker with regular user access to the web app ...)
+	TODO: check
+CVE-2019-10048 (The ImageMagick plugin that is installed by default in Pydio through 8 ...)
+	TODO: check
+CVE-2019-10047 (A stored XSS vulnerability exists in the web application of Pydio thro ...)
+	TODO: check
+CVE-2019-10046 (An unauthenticated attacker can obtain information about the Pydio 8.2 ...)
+	TODO: check
+CVE-2019-10045 (The "action" get_sess_id in the web application of Pydio through 8.2.2 ...)
+	TODO: check
 CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram applicatio ...)
 	- telegram-desktop <unfixed> (bug #927711)
 	NOTE: https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt
@@ -6001,8 +6000,8 @@ CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only checks the random token w
 	NOT-FOR-US: D-Link
 CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
 	NOT-FOR-US: D-Link
-CVE-2019-10038
-	RESERVED
+CVE-2019-10038 (Evernote 7.9 on macOS allows attackers to execute arbitrary programs b ...)
+	TODO: check
 CVE-2019-10037
 	RESERVED
 CVE-2019-10036
@@ -6374,8 +6373,8 @@ CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS) 5.x
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685
 	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34
 	NOTE: https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
-CVE-2019-9891
-	RESERVED
+CVE-2019-9891 (The function getopt_simple as described in Advanced Bash Scripting Gui ...)
+	TODO: check
 CVE-2019-9890 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
 	[experimental] - gitlab 11.8.2-1
 	- gitlab 11.8.2-2 (bug #924447)
@@ -7054,16 +7053,16 @@ CVE-2019-9877 (There is an invalid memory access vulnerability in the function T
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which doesn't contain the vulnerable code)
 CVE-2019-9876
 	RESERVED
-CVE-2019-9875
-	RESERVED
-CVE-2019-9874
-	RESERVED
+CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Sitecore  ...)
+	TODO: check
+CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...)
+	TODO: check
 CVE-2019-9873
 	RESERVED
 CVE-2019-9872
 	RESERVED
-CVE-2019-9871
-	RESERVED
+CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...)
+	TODO: check
 CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...)
 	NOT-FOR-US: w8tcha oEmbed plugin for CKEditor
 CVE-2019-9869
@@ -7771,8 +7770,8 @@ CVE-2019-9655
 	RESERVED
 CVE-2019-9654
 	RESERVED
-CVE-2019-9653
-	RESERVED
+CVE-2019-9653 (NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauth ...)
+	TODO: check
 CVE-2019-9652 (There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit re ...)
 	NOT-FOR-US: SDCMS
 CVE-2019-9651 (An issue was discovered in SDCMS V1.7. In the \app\admin\controller\th ...)
@@ -9163,10 +9162,10 @@ CVE-2019-9108 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&
 	NOT-FOR-US: WUZHI CMS
 CVE-2019-9107 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecu ...)
 	NOT-FOR-US: WUZHI CMS
-CVE-2019-9106
-	RESERVED
-CVE-2019-9105
-	RESERVED
+CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
+	TODO: check
+CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
+	TODO: check
 CVE-2019-9104
 	RESERVED
 CVE-2019-9103
@@ -15078,8 +15077,8 @@ CVE-2019-6727 (This vulnerability allows remote attackers to execute arbitrary c
 	NOT-FOR-US: Foxit Reader
 CVE-2019-6726
 	RESERVED
-CVE-2019-6725
-	RESERVED
+CVE-2019-6725 (The rpWLANRedirect.asp ASP page is accessible without authentication o ...)
+	TODO: check
 CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to versio ...)
 	NOT-FOR-US: Barracuda VPN Client
 CVE-2019-6723
@@ -17837,8 +17836,8 @@ CVE-2019-5680
 	RESERVED
 CVE-2019-5679
 	RESERVED
-CVE-2019-5678
-	RESERVED
+CVE-2019-5678 (NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerabil ...)
+	TODO: check
 CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
 CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
@@ -119971,6 +119970,7 @@ CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the Fil
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
 	NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
 CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...)
+	{DLA-1812-1}
 	- doxygen 1.8.12-1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762934
 	NOTE: https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081 (Release_1_8_12)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bec7a74ff9670413c28b90163e04d7416df435e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bec7a74ff9670413c28b90163e04d7416df435e
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190601/9429307c/attachment.html>

More information about the debian-security-tracker-commits mailing list