[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 7 21:10:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3273484a by security tracker role at 2019-06-07T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-12778
+ RESERVED
+CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
+ TODO: check
+CVE-2019-12776 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
+ TODO: check
+CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
+ TODO: check
+CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...)
+ TODO: check
+CVE-2019-12773
+ RESERVED
+CVE-2019-12772
+ RESERVED
+CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...)
+ TODO: check
+CVE-2019-12770
+ RESERVED
+CVE-2019-12769
+ RESERVED
+CVE-2019-12768
+ RESERVED
+CVE-2019-12767
+ RESERVED
+CVE-2019-12766
+ RESERVED
+CVE-2019-12765
+ RESERVED
+CVE-2019-12764
+ RESERVED
+CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android stores po ...)
+ TODO: check
CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
@@ -336,14 +368,14 @@ CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/power
NOTE: https://lkml.org/lkml/2019/6/3/526
NOTE: This is a potential null pointer dereference that looks like it can
NOTE: only be invoked by root or the hypervisor. Probably no security impact.
-CVE-2019-12601
- RESERVED
-CVE-2019-12600
- RESERVED
-CVE-2019-12599
- RESERVED
-CVE-2019-12598
- RESERVED
+CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
+ TODO: check
+CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
+ TODO: check
+CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Inj ...)
+ TODO: check
+CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
+ TODO: check
CVE-2019-12597
RESERVED
CVE-2019-12596
@@ -595,8 +627,8 @@ CVE-2019-12479
RESERVED
CVE-2019-12478
RESERVED
-CVE-2019-12477
- RESERVED
+CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
+ TODO: check
CVE-2019-12476
RESERVED
CVE-2019-12475
@@ -884,7 +916,7 @@ CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux kernel
CVE-2019-12379 (An issue was discovered in con_insert_unipair in drivers/tty/vt/consol ...)
- linux <unfixed> (unimportant)
NOTE: No real security issue and fix introduces real security issue, see kernel-sec
-CVE-2019-12378 (An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c ...)
+CVE-2019-12378 (** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/i ...)
- linux <unfixed> (unimportant)
NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12377 (A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK M ...)
@@ -6322,8 +6354,8 @@ CVE-2019-10162
RESERVED
CVE-2019-10161
RESERVED
-CVE-2019-10160
- RESERVED
+CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python since ...)
+ TODO: check
CVE-2019-10159
RESERVED
CVE-2019-10158
@@ -12003,10 +12035,10 @@ CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a h
NOT-FOR-US: Kaspersky Lab Antivirus Engine
CVE-2019-8284
RESERVED
-CVE-2019-8283
- RESERVED
-CVE-2019-8282
- RESERVED
+CVE-2019-8283 (Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7 ...)
+ TODO: check
+CVE-2019-8282 (Gemalto Admin Control Center, all versions prior to 7.92, uses clearte ...)
+ TODO: check
CVE-2019-8281
RESERVED
CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...)
@@ -16165,12 +16197,12 @@ CVE-2019-6534 (The uncontrolled search path element vulnerability in Gemalto Sen
NOT-FOR-US: Gemalto Sentinel UltraPro Client Library ux32w.dll
CVE-2019-6533 (Registers used to store Modbus values can be read and written from the ...)
NOT-FOR-US: PR100088 Modbus
-CVE-2019-6532
- RESERVED
+CVE-2019-6532 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created ...)
+ TODO: check
CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request from the ...)
NOT-FOR-US: Kunbus
-CVE-2019-6530
- RESERVED
+CVE-2019-6530 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created ...)
+ TODO: check
CVE-2019-6529
RESERVED
CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit fa ...)
@@ -21825,16 +21857,16 @@ CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Stan
NOT-FOR-US: IBM
CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard ...)
NOT-FOR-US: IBM
-CVE-2019-4070
- RESERVED
-CVE-2019-4069
- RESERVED
-CVE-2019-4068
- RESERVED
-CVE-2019-4067
- RESERVED
-CVE-2019-4066
- RESERVED
+CVE-2019-4070 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
+ TODO: check
+CVE-2019-4069 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not p ...)
+ TODO: check
+CVE-2019-4068 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
+ TODO: check
+CVE-2019-4067 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not r ...)
+ TODO: check
+CVE-2019-4066 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allo ...)
+ TODO: check
CVE-2019-4065
RESERVED
CVE-2019-4064
@@ -23395,8 +23427,8 @@ CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight Log
NOT-FOR-US: ArcSight Logger
CVE-2019-3478
RESERVED
-CVE-2019-3477
- RESERVED
+CVE-2019-3477 (Micro Focus Solution Business Manager versions prior to 11.4.2 is susc ...)
+ TODO: check
CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, version ...)
NOT-FOR-US: Micro Focus Data Protector
CVE-2019-3475 (A local privilege escalation vulnerability in the famtd component of M ...)
@@ -23884,8 +23916,8 @@ CVE-2018-20525 (Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, co
NOT-FOR-US: Roxy Fileman
CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted us ...)
NOT-FOR-US: Chat Anywhere Chrome extension
-CVE-2018-20523
- RESERVED
+CVE-2018-20523 (Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and o ...)
+ TODO: check
CVE-2018-20522
RESERVED
CVE-2018-20521
@@ -27305,8 +27337,8 @@ CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the Page title, Meta descriptio
NOT-FOR-US: FUEL CMS
CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Vari ...)
NOT-FOR-US: FUEL CMS
-CVE-2018-20135
- RESERVED
+CVE-2018-20135 (Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostnam ...)
+ TODO: check
CVE-2018-20134
RESERVED
CVE-2018-20133 (ymlref allows code injection. ...)
@@ -27444,8 +27476,8 @@ CVE-2018-20093
RESERVED
CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory trav ...)
NOT-FOR-US: PTC ThingWorx Platform
-CVE-2018-20091
- RESERVED
+CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...)
+ TODO: check
CVE-2018-20090
RESERVED
CVE-2018-20089
@@ -28529,8 +28561,8 @@ CVE-2018-20016
RESERVED
CVE-2018-20015 (YzmCMS v5.2 has admin/role/add.html CSRF. ...)
NOT-FOR-US: YzmCMS
-CVE-2018-20014
- RESERVED
+CVE-2018-20014 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
+ TODO: check
CVE-2018-20013
RESERVED
CVE-2018-20012 (PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=memb ...)
@@ -28582,8 +28614,8 @@ CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the range_
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1141
CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstr ...)
NOT-FOR-US: Apereo Bedework bw-webdav
-CVE-2018-19999
- RESERVED
+CVE-2018-19999 (The local management interface in SolarWinds Serv-U FTP Server 15.1.6. ...)
+ TODO: check
CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...)
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
@@ -29851,8 +29883,7 @@ CVE-2018-19862 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote att
NOT-FOR-US: MiniShare
CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
NOT-FOR-US: MiniShare
-CVE-2018-19860
- RESERVED
+CVE-2018-19860 (Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, ...)
NOT-FOR-US: Broadcom components for Android
CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a relative p ...)
NOT-FOR-US: OpenRefine
@@ -30012,12 +30043,12 @@ CVE-2018-19804
RESERVED
CVE-2018-19803
RESERVED
-CVE-2018-19802
- RESERVED
-CVE-2018-19801
- RESERVED
-CVE-2018-19800
- RESERVED
+CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3). ...)
+ TODO: check
+CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6). ...)
+ TODO: check
+CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3). ...)
+ TODO: check
CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= X ...)
- dolibarr <removed>
CVE-2018-19798
@@ -33577,16 +33608,16 @@ CVE-2018-19467
RESERVED
CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. Portainer stores ...)
NOT-FOR-US: Portainer
-CVE-2018-19465
- RESERVED
+CVE-2018-19465 (Maccms through 8.0 allows XSS via the site_keywords field to index.php ...)
+ TODO: check
CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting. ...)
NOT-FOR-US: Discuz!
CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through ...)
NOT-FOR-US: Z-BlogPHP
-CVE-2018-19462
- RESERVED
-CVE-2018-19461
- RESERVED
+CVE-2018-19462 (admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to ...)
+ TODO: check
+CVE-2018-19461 (admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL ...)
+ TODO: check
CVE-2018-19460
RESERVED
CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List ...)
@@ -33641,10 +33672,10 @@ CVE-2018-19454
RESERVED
CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
NOT-FOR-US: Kentico CMS
-CVE-2018-19452
- RESERVED
-CVE-2018-19451
- RESERVED
+CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IReader_Co ...)
+ TODO: check
+CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
+ TODO: check
CVE-2018-19450
RESERVED
CVE-2018-19449
@@ -69966,8 +69997,8 @@ CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vu
NOTE: issued covered by: http://www.ghostscript.com/cgi-bin/findgit.cgi?fa9cd085533f68367c299e058ab3fbb7ad8a2dc6
CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via ...)
NOT-FOR-US: Citrix NetScaler VPX
-CVE-2018-6185
- RESERVED
+CVE-2018-6185 (In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ...)
+ TODO: check
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next r ...)
NOT-FOR-US: ZEIT Next.js
CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges ...)
@@ -71390,8 +71421,8 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and
NOTE: https://nodesecurity.io/advisories/563
CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
NOT-FOR-US: Zoho
-CVE-2018-5798
- RESERVED
+CVE-2018-5798 (This CVE relates to an unspecified cross site scripting vulnerability ...)
+ TODO: check
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
@@ -72976,10 +73007,10 @@ CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to
NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
-CVE-2018-5265
- RESERVED
-CVE-2018-5264
- RESERVED
+CVE-2018-5265 (Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attacke ...)
+ TODO: check
+CVE-2018-5264 (Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote att ...)
+ TODO: check
CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0. ...)
NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier ...)
@@ -121824,7 +121855,7 @@ CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use afte ...)
NOT-FOR-US: NVIDIA driver for Android
-CVE-2017-6261 (NVIDIA’s Vibrante Linux version 1.1, 2.0, and 2.2 contains a vul ...)
+CVE-2017-6261 (NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerabili ...)
TODO: check
CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3273484a04272a69d35a7589ee8f909e51b7f38f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3273484a04272a69d35a7589ee8f909e51b7f38f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190607/e3972cc8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list