[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jun 7 21:10:37 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3273484a by security tracker role at 2019-06-07T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-12778
+	RESERVED
+CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
+	TODO: check
+CVE-2019-12776 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
+	TODO: check
+CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
+	TODO: check
+CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...)
+	TODO: check
+CVE-2019-12773
+	RESERVED
+CVE-2019-12772
+	RESERVED
+CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...)
+	TODO: check
+CVE-2019-12770
+	RESERVED
+CVE-2019-12769
+	RESERVED
+CVE-2019-12768
+	RESERVED
+CVE-2019-12767
+	RESERVED
+CVE-2019-12766
+	RESERVED
+CVE-2019-12765
+	RESERVED
+CVE-2019-12764
+	RESERVED
+CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android stores po ...)
+	TODO: check
 CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
 	NOT-FOR-US: Xiaomi Mi 5s Plus devices
 CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
@@ -336,14 +368,14 @@ CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/power
 	NOTE: https://lkml.org/lkml/2019/6/3/526
 	NOTE: This is a potential null pointer dereference that looks like it can
 	NOTE: only be invoked by root or the hypervisor.  Probably no security impact.
-CVE-2019-12601
-	RESERVED
-CVE-2019-12600
-	RESERVED
-CVE-2019-12599
-	RESERVED
-CVE-2019-12598
-	RESERVED
+CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
+	TODO: check
+CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
+	TODO: check
+CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Inj ...)
+	TODO: check
+CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
+	TODO: check
 CVE-2019-12597
 	RESERVED
 CVE-2019-12596
@@ -595,8 +627,8 @@ CVE-2019-12479
 	RESERVED
 CVE-2019-12478
 	RESERVED
-CVE-2019-12477
-	RESERVED
+CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
+	TODO: check
 CVE-2019-12476
 	RESERVED
 CVE-2019-12475
@@ -884,7 +916,7 @@ CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux kernel
 CVE-2019-12379 (An issue was discovered in con_insert_unipair in drivers/tty/vt/consol ...)
 	- linux <unfixed> (unimportant)
 	NOTE: No real security issue and fix introduces real security issue, see kernel-sec
-CVE-2019-12378 (An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c  ...)
+CVE-2019-12378 (** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/i ...)
 	- linux <unfixed> (unimportant)
 	NOTE: Issue with no security impact, see kernel-sec, invalid issue
 CVE-2019-12377 (A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK M ...)
@@ -6322,8 +6354,8 @@ CVE-2019-10162
 	RESERVED
 CVE-2019-10161
 	RESERVED
-CVE-2019-10160
-	RESERVED
+CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python since  ...)
+	TODO: check
 CVE-2019-10159
 	RESERVED
 CVE-2019-10158
@@ -12003,10 +12035,10 @@ CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a h
 	NOT-FOR-US: Kaspersky Lab Antivirus Engine
 CVE-2019-8284
 	RESERVED
-CVE-2019-8283
-	RESERVED
-CVE-2019-8282
-	RESERVED
+CVE-2019-8283 (Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7 ...)
+	TODO: check
+CVE-2019-8282 (Gemalto Admin Control Center, all versions prior to 7.92, uses clearte ...)
+	TODO: check
 CVE-2019-8281
 	RESERVED
 CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...)
@@ -16165,12 +16197,12 @@ CVE-2019-6534 (The uncontrolled search path element vulnerability in Gemalto Sen
 	NOT-FOR-US: Gemalto Sentinel UltraPro Client Library ux32w.dll
 CVE-2019-6533 (Registers used to store Modbus values can be read and written from the ...)
 	NOT-FOR-US: PR100088 Modbus
-CVE-2019-6532
-	RESERVED
+CVE-2019-6532 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created  ...)
+	TODO: check
 CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request from the  ...)
 	NOT-FOR-US: Kunbus
-CVE-2019-6530
-	RESERVED
+CVE-2019-6530 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created  ...)
+	TODO: check
 CVE-2019-6529
 	RESERVED
 CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit fa ...)
@@ -21825,16 +21857,16 @@ CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Stan
 	NOT-FOR-US: IBM
 CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard  ...)
 	NOT-FOR-US: IBM
-CVE-2019-4070
-	RESERVED
-CVE-2019-4069
-	RESERVED
-CVE-2019-4068
-	RESERVED
-CVE-2019-4067
-	RESERVED
-CVE-2019-4066
-	RESERVED
+CVE-2019-4070 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
+	TODO: check
+CVE-2019-4069 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not p ...)
+	TODO: check
+CVE-2019-4068 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
+	TODO: check
+CVE-2019-4067 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not r ...)
+	TODO: check
+CVE-2019-4066 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allo ...)
+	TODO: check
 CVE-2019-4065
 	RESERVED
 CVE-2019-4064
@@ -23395,8 +23427,8 @@ CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight Log
 	NOT-FOR-US: ArcSight Logger
 CVE-2019-3478
 	RESERVED
-CVE-2019-3477
-	RESERVED
+CVE-2019-3477 (Micro Focus Solution Business Manager versions prior to 11.4.2 is susc ...)
+	TODO: check
 CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, version ...)
 	NOT-FOR-US: Micro Focus Data Protector
 CVE-2019-3475 (A local privilege escalation vulnerability in the famtd component of M ...)
@@ -23884,8 +23916,8 @@ CVE-2018-20525 (Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, co
 	NOT-FOR-US: Roxy Fileman
 CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted us ...)
 	NOT-FOR-US: Chat Anywhere Chrome extension
-CVE-2018-20523
-	RESERVED
+CVE-2018-20523 (Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and o ...)
+	TODO: check
 CVE-2018-20522
 	RESERVED
 CVE-2018-20521
@@ -27305,8 +27337,8 @@ CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the Page title, Meta descriptio
 	NOT-FOR-US: FUEL CMS
 CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Vari ...)
 	NOT-FOR-US: FUEL CMS
-CVE-2018-20135
-	RESERVED
+CVE-2018-20135 (Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostnam ...)
+	TODO: check
 CVE-2018-20134
 	RESERVED
 CVE-2018-20133 (ymlref allows code injection. ...)
@@ -27444,8 +27476,8 @@ CVE-2018-20093
 	RESERVED
 CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory trav ...)
 	NOT-FOR-US: PTC ThingWorx Platform
-CVE-2018-20091
-	RESERVED
+CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...)
+	TODO: check
 CVE-2018-20090
 	RESERVED
 CVE-2018-20089
@@ -28529,8 +28561,8 @@ CVE-2018-20016
 	RESERVED
 CVE-2018-20015 (YzmCMS v5.2 has admin/role/add.html CSRF. ...)
 	NOT-FOR-US: YzmCMS
-CVE-2018-20014
-	RESERVED
+CVE-2018-20014 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
+	TODO: check
 CVE-2018-20013
 	RESERVED
 CVE-2018-20012 (PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=memb ...)
@@ -28582,8 +28614,8 @@ CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the range_
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1141
 CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstr ...)
 	NOT-FOR-US: Apereo Bedework bw-webdav
-CVE-2018-19999
-	RESERVED
+CVE-2018-19999 (The local management interface in SolarWinds Serv-U FTP Server 15.1.6. ...)
+	TODO: check
 CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...)
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
@@ -29851,8 +29883,7 @@ CVE-2018-19862 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote att
 	NOT-FOR-US: MiniShare
 CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
 	NOT-FOR-US: MiniShare
-CVE-2018-19860
-	RESERVED
+CVE-2018-19860 (Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11,  ...)
 	NOT-FOR-US: Broadcom components for Android
 CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a relative p ...)
 	NOT-FOR-US: OpenRefine
@@ -30012,12 +30043,12 @@ CVE-2018-19804
 	RESERVED
 CVE-2018-19803
 	RESERVED
-CVE-2018-19802
-	RESERVED
-CVE-2018-19801
-	RESERVED
-CVE-2018-19800
-	RESERVED
+CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3). ...)
+	TODO: check
+CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6). ...)
+	TODO: check
+CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3). ...)
+	TODO: check
 CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= X ...)
 	- dolibarr <removed>
 CVE-2018-19798
@@ -33577,16 +33608,16 @@ CVE-2018-19467
 	RESERVED
 CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. Portainer stores ...)
 	NOT-FOR-US: Portainer
-CVE-2018-19465
-	RESERVED
+CVE-2018-19465 (Maccms through 8.0 allows XSS via the site_keywords field to index.php ...)
+	TODO: check
 CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting. ...)
 	NOT-FOR-US: Discuz!
 CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through  ...)
 	NOT-FOR-US: Z-BlogPHP
-CVE-2018-19462
-	RESERVED
-CVE-2018-19461
-	RESERVED
+CVE-2018-19462 (admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to ...)
+	TODO: check
+CVE-2018-19461 (admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL ...)
+	TODO: check
 CVE-2018-19460
 	RESERVED
 CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List ...)
@@ -33641,10 +33672,10 @@ CVE-2018-19454
 	RESERVED
 CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
 	NOT-FOR-US: Kentico CMS
-CVE-2018-19452
-	RESERVED
-CVE-2018-19451
-	RESERVED
+CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IReader_Co ...)
+	TODO: check
+CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
+	TODO: check
 CVE-2018-19450
 	RESERVED
 CVE-2018-19449
@@ -69966,8 +69997,8 @@ CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vu
 	NOTE: issued covered by: http://www.ghostscript.com/cgi-bin/findgit.cgi?fa9cd085533f68367c299e058ab3fbb7ad8a2dc6
 CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via ...)
 	NOT-FOR-US: Citrix NetScaler VPX
-CVE-2018-6185
-	RESERVED
+CVE-2018-6185 (In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ...)
+	TODO: check
 CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next r ...)
 	NOT-FOR-US: ZEIT Next.js
 CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges  ...)
@@ -71390,8 +71421,8 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and
 	NOTE: https://nodesecurity.io/advisories/563
 CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
 	NOT-FOR-US: Zoho
-CVE-2018-5798
-	RESERVED
+CVE-2018-5798 (This CVE relates to an unspecified cross site scripting vulnerability  ...)
+	TODO: check
 CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
 	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
 CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
@@ -72976,10 +73007,10 @@ CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to
 	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
 	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
-CVE-2018-5265
-	RESERVED
-CVE-2018-5264
-	RESERVED
+CVE-2018-5265 (Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attacke ...)
+	TODO: check
+CVE-2018-5264 (Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote att ...)
+	TODO: check
 CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0. ...)
 	NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
 CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier  ...)
@@ -121824,7 +121855,7 @@ CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use afte ...)
 	NOT-FOR-US: NVIDIA driver for Android
-CVE-2017-6261 (NVIDIA’s Vibrante Linux version 1.1, 2.0, and 2.2 contains a vul ...)
+CVE-2017-6261 (NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerabili ...)
 	TODO: check
 CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3273484a04272a69d35a7589ee8f909e51b7f38f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3273484a04272a69d35a7589ee8f909e51b7f38f
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190607/e3972cc8/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list