[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 4 09:10:21 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53c56da1 by security tracker role at 2019-06-04T08:10:11Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,37 @@
-CVE-2019-12615 [mdesc: fix a missing-check bug in get_vdev_port_node_info()]
+CVE-2019-12618
+ RESERVED
+CVE-2019-12617
+ RESERVED
+CVE-2019-12616
+ RESERVED
+CVE-2019-12613
+ RESERVED
+CVE-2019-12612
+ RESERVED
+CVE-2019-12611
+ RESERVED
+CVE-2019-12610
+ RESERVED
+CVE-2019-12609
+ RESERVED
+CVE-2019-12608
+ RESERVED
+CVE-2019-12607
+ RESERVED
+CVE-2019-12606
+ RESERVED
+CVE-2019-12605
+ RESERVED
+CVE-2019-12604
+ RESERVED
+CVE-2019-12603
+ RESERVED
+CVE-2019-12602
+ RESERVED
+CVE-2019-12615 (An issue was discovered in get_vdev_port_node_info in arch/sparc/kerne ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/80caf43549e7e41a695c6d1e11066286538b336f
-CVE-2019-12614 [powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()]
+CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/powerpc/pla ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2019/6/3/526
CVE-2019-12601
@@ -108,8 +138,8 @@ CVE-2019-12550
RESERVED
CVE-2019-12549
RESERVED
-CVE-2019-12548
- RESERVED
+CVE-2019-12548 (Bludit before 3.9.0 allows remote code execution for an authenticated ...)
+ TODO: check
CVE-2019-12547
RESERVED
CVE-2019-12546
@@ -506,16 +536,16 @@ CVE-2019-12379 (An issue was discovered in con_insert_unipair in drivers/tty/vt/
- linux <unfixed>
CVE-2019-12378 (An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c ...)
- linux <unfixed>
-CVE-2019-12377
- RESERVED
-CVE-2019-12376
- RESERVED
-CVE-2019-12375
- RESERVED
-CVE-2019-12374
- RESERVED
-CVE-2019-12373
- RESERVED
+CVE-2019-12377 (A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK M ...)
+ TODO: check
+CVE-2019-12376 (Use of a hard-coded encryption key in Ivanti LANDESK Management Suite ...)
+ TODO: check
+CVE-2019-12375 (Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoin ...)
+ TODO: check
+CVE-2019-12374 (A SQL Injection vulnerability exists in Ivanti LANDESK Management Suit ...)
+ TODO: check
+CVE-2019-12373 (Improper access control and open directories in Ivanti LANDESK Managem ...)
+ TODO: check
CVE-2019-12372 (Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via ...)
NOT-FOR-US: Petraware pTransformer ADC
CVE-2019-12371
@@ -1000,10 +1030,10 @@ CVE-2019-12179
RESERVED
CVE-2019-12178
RESERVED
-CVE-2019-12177
- RESERVED
-CVE-2019-12176
- RESERVED
+CVE-2019-12177 (Privilege escalation due to insecure directory permissions affecting V ...)
+ TODO: check
+CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and "ViveportDesktop ...)
+ TODO: check
CVE-2019-12175
RESERVED
CVE-2019-12174
@@ -1016,8 +1046,8 @@ CVE-2019-12171
RESERVED
CVE-2019-12170 (ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the m ...)
NOT-FOR-US: ATutor
-CVE-2019-12169
- RESERVED
+CVE-2019-12169 (ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, res ...)
+ TODO: check
CVE-2019-12168 (Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code ...)
NOT-FOR-US: Four-Faith Wireless Mobile Router F3x24 devices
CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1 ...)
@@ -1188,12 +1218,13 @@ CVE-2019-12100
CVE-2019-12099 (In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated us ...)
NOT-FOR-US: PHP-Fusion
CVE-2019-12098 (In the client side of Heimdal before 7.6.0, failure to verify anonymou ...)
+ {DSA-4455-1}
- heimdal 7.5.0+dfsg-3 (bug #929064)
[jessie] - heimdal <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf (7.6.0)
NOTE: Introduced by: https://github.com/heimdal/heimdal/commit/a1ef548600c5bb51cf52a9a9ea12676506ede19f (1.4.0)
-CVE-2019-12097
- RESERVED
+CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoop ...)
+ TODO: check
CVE-2019-12096
RESERVED
CVE-2019-12095
@@ -2565,8 +2596,8 @@ CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS v
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
-CVE-2019-11509
- RESERVED
+CVE-2019-11509 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
+ TODO: check
CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9. ...)
@@ -2968,14 +2999,14 @@ CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overf
- bwa <unfixed> (unimportant)
NOTE: https://github.com/lh3/bwa/issues/239
NOTE: Neutralised by toolchain hardening
-CVE-2019-11370
- RESERVED
-CVE-2019-11369
- RESERVED
-CVE-2019-11368
- RESERVED
-CVE-2019-11367
- RESERVED
+CVE-2019-11370 (Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstr ...)
+ TODO: check
+CVE-2019-11369 (An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw ...)
+ TODO: check
+CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via ...)
+ TODO: check
+CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 1.3.0. The w ...)
+ TODO: check
CVE-2019-11364
RESERVED
CVE-2019-11363
@@ -3004,8 +3035,8 @@ CVE-2019-11359 (Cross-site scripting (XSS) vulnerability in display.php in I, Li
- i-librarian <itp> (bug #649291)
CVE-2019-11357
RESERVED
-CVE-2019-11356
- RESERVED
+CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0 ...)
+ TODO: check
CVE-2019-11355
RESERVED
CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...)
@@ -3408,8 +3439,8 @@ CVE-2019-11187
RESERVED
CVE-2019-11186
RESERVED
-CVE-2019-11185
- RESERVED
+CVE-2019-11185 (The WP Live Chat Support Pro plugin through 8.0.26 for WordPress conta ...)
+ TODO: check
CVE-2019-11184
RESERVED
CVE-2019-11183
@@ -4217,8 +4248,8 @@ CVE-2019-10885 (An issue was discovered in Ivanti Workspace Control before 10.3.
NOT-FOR-US: Ivanti Workspace Control
CVE-2019-10884 (Uniqkey Password Manager 1.14 contains a vulnerability because it fail ...)
NOT-FOR-US: Uniqkey Password Manager
-CVE-2019-10883
- RESERVED
+CVE-2019-10883 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center ...)
+ TODO: check
CVE-2019-10882
RESERVED
CVE-2019-10881
@@ -6365,8 +6396,8 @@ CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet
NOT-FOR-US: Jenzabar
CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark ...)
NOT-FOR-US: PHP League CommonMark library
-CVE-2019-10009
- RESERVED
+CVE-2019-10009 (A Directory Traversal issue was discovered in the Web GUI in Titan FTP ...)
+ TODO: check
CVE-2019-10008 (Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privile ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-10007
@@ -7400,10 +7431,10 @@ CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS vi
[stretch] - phamm <no-dsa> (Minor issue)
[jessie] - phamm <no-dsa> (Minor issue)
NOTE: https://github.com/lota/phamm/issues/24
-CVE-2019-9839
- RESERVED
-CVE-2019-9838
- RESERVED
+CVE-2019-9839 (VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descri ...)
+ TODO: check
+CVE-2019-9838 (VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera par ...)
+ TODO: check
CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorke ...)
- ruby-doorkeeper-openid-connect 1.5.5-1 (bug #924747)
NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
@@ -7447,8 +7478,7 @@ CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows Denial
NOTE: Fixed by https://github.com/phpbb/phpbb/commit/3075d2fecc9f5bb780bb478c0851a704c7f9b392
CVE-2019-9825 (FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arb ...)
NOT-FOR-US: FeiFeiCMS
-CVE-2019-9824
- RESERVED
+CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 u ...)
{DSA-4454-1 DLA-1781-1}
- qemu 1:3.1+dfsg-6
- qemu-kvm <removed>
@@ -15619,8 +15649,8 @@ CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under cert
NOT-FOR-US: BIG-IP
CVE-2019-6589 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6. ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2019-6588
- RESERVED
+CVE-2019-6588 (In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in th ...)
+ TODO: check
CVE-2019-6587
RESERVED
CVE-2019-6586
@@ -40359,7 +40389,7 @@ CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman compo
- foreman <itp> (bug #663101)
CVE-2018-16860 [Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum]
RESERVED
- {DSA-4443-1 DLA-1788-1}
+ {DSA-4455-1 DSA-4443-1 DLA-1788-1}
- heimdal 7.5.0+dfsg-3 (bug #928966)
[jessie] - heimdal <no-dsa> (Minor issue)
- samba 2:4.9.5+dfsg-4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53c56da18f2dd652e149f23ef93b4a1975010f9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53c56da18f2dd652e149f23ef93b4a1975010f9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190604/f243381e/attachment.html>
More information about the debian-security-tracker-commits
mailing list