[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 18 21:10:39 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c4ae1ca by security tracker role at 2019-06-18T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged member of the ...)
+ TODO: check
+CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demux/mkv/ ...)
+ TODO: check
+CVE-2019-12873
+ RESERVED
+CVE-2019-12872 (dotCMS before 5.1.6 is vulnerable to a SQL injection that can be explo ...)
+ TODO: check
+CVE-2019-12871
+ RESERVED
+CVE-2019-12870
+ RESERVED
+CVE-2019-12869
+ RESERVED
+CVE-2019-12868 (app/Model/Server.php in MISP 2.4.109 allows remote command execution b ...)
+ TODO: check
+CVE-2019-12867
+ RESERVED
+CVE-2019-12866
+ RESERVED
+CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...)
+ TODO: check
+CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when wide c ...)
+ TODO: check
CVE-2019-12864
RESERVED
CVE-2019-12863
@@ -86,8 +110,8 @@ CVE-2019-12825
RESERVED
CVE-2019-12824
RESERVED
-CVE-2019-12823
- RESERVED
+CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
+ TODO: check
CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a he ...)
NOT-FOR-US: Embedthis GoAhead
CVE-2019-12821
@@ -970,6 +994,7 @@ CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when
CVE-2019-12451
RESERVED
CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 ...)
+ {DLA-1826-1}
- glib2.0 2.58.3-2 (bug #929753)
[stretch] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
@@ -1478,7 +1503,7 @@ CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with t
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index. ...)
NOT-FOR-US: UCMS
-CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via the http ...)
+CVE-2019-12250 (** DISPUTED ** IdentityServer IdentityServer4 through 2.4 has stored X ...)
NOT-FOR-US: IdentityServer
CVE-2019-12249
RESERVED
@@ -4672,8 +4697,8 @@ CVE-2019-11000 (An issue was discovered in GitLab Enterprise Edition before 11.7
NOTE: https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer o ...)
NOT-FOR-US: D-Link
-CVE-2019-10998
- RESERVED
+CVE-2019-10998 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
+ TODO: check
CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
TODO: check
CVE-2019-10996
@@ -5327,6 +5352,7 @@ CVE-2019-10734 (In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP e
CVE-2019-10733
RESERVED
CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypt ...)
+ {DLA-1825-1}
- kf5-messagelib <unfixed> (bug #926996)
[buster] - kf5-messagelib <postponed> (Revisit when fixed upstream)
- kdepim <removed>
@@ -13911,8 +13937,8 @@ CVE-2019-7590
RESERVED
CVE-2019-7589
RESERVED
-CVE-2019-7588
- RESERVED
+CVE-2019-7588 (A vulnerability in the exacqVision Enterprise System Manager (ESM) v5. ...)
+ TODO: check
CVE-2019-7587 (Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/co ...)
NOT-FOR-US: Bo-blog Wind
CVE-2019-7586
@@ -15147,8 +15173,8 @@ CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Trav ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-7159
- RESERVED
+CVE-2019-7159 (OX App Suite 7.10.1 and earlier allows Information Exposure. ...)
+ TODO: check
CVE-2019-7158 (OX App Suite 7.10.0 and earlier has Incorrect Access Control. ...)
NOT-FOR-US: Open-Xchange App Suite
CVE-2019-7157
@@ -15632,8 +15658,8 @@ CVE-2019-6967 (AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. ...)
NOT-FOR-US: AirTies devices
CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in ...)
NOT-FOR-US: Bento4
-CVE-2019-6965
- RESERVED
+CVE-2019-6965 (An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/ ...)
+ TODO: check
CVE-2019-6964
RESERVED
CVE-2019-6963
@@ -20311,10 +20337,10 @@ CVE-2019-5018 (An exploitable use after free vulnerability exists in the window
[stretch] - sqlite3 <not-affected> (windowfuncs introduced in 3.25.0)
[jessie] - sqlite3 <not-affected> (windowfuncs introduced in 3.25.0)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
-CVE-2019-5017
- RESERVED
-CVE-2019-5016
- RESERVED
+CVE-2019-5017 (An exploitable information disclosure vulnerability exists in the KCod ...)
+ TODO: check
+CVE-2019-5016 (An exploitable arbitrary memory read vulnerability exists in the KCode ...)
+ TODO: check
CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS X vers ...)
NOT-FOR-US: Apple
CVE-2019-5014 (An exploitable improper access control vulnerability exists in the blu ...)
@@ -22094,8 +22120,8 @@ CVE-2019-4144
RESERVED
CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 ...)
NOT-FOR-US: IBM
-CVE-2019-4142
- RESERVED
+CVE-2019-4142 (IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cros ...)
+ TODO: check
CVE-2019-4141
RESERVED
CVE-2019-4140
@@ -28950,8 +28976,8 @@ CVE-2018-20015 (YzmCMS v5.2 has admin/role/add.html CSRF. ...)
NOT-FOR-US: YzmCMS
CVE-2018-20014 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
TODO: check
-CVE-2018-20013
- RESERVED
+CVE-2018-20013 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
+ TODO: check
CVE-2018-20012 (PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=memb ...)
NOT-FOR-US: PHPCMF
CVE-2018-20011 (DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Nam ...)
@@ -34074,20 +34100,20 @@ CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IRea
NOT-FOR-US: Foxit Reader
CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
NOT-FOR-US: Foxit Reader
-CVE-2018-19450
- RESERVED
-CVE-2018-19449
- RESERVED
-CVE-2018-19448
- RESERVED
-CVE-2018-19447
- RESERVED
-CVE-2018-19446
- RESERVED
-CVE-2018-19445
- RESERVED
-CVE-2018-19444
- RESERVED
+CVE-2018-19450 (A command injection can occur for specially crafted PDF files in Foxit ...)
+ TODO: check
+CVE-2018-19449 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
+ TODO: check
+CVE-2018-19448 (In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialize ...)
+ TODO: check
+CVE-2018-19447 (A stack-based buffer overflow can occur for specially crafted PDF file ...)
+ TODO: check
+CVE-2018-19446 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
+ TODO: check
+CVE-2018-19445 (A command injection can occur for specially crafted PDF files in Foxit ...)
+ TODO: check
+CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader_Conte ...)
+ TODO: check
CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
NOT-FOR-US: Neato Botvac Connected
CVE-2018-19441
@@ -35247,8 +35273,8 @@ CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain in
- caddy <itp> (bug #810890)
CVE-2018-19147
RESERVED
-CVE-2018-19146
- RESERVED
+CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by ...)
+ TODO: check
CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS vulnerability i ...)
NOT-FOR-US: S-CMS
CVE-2018-19144
@@ -35713,8 +35739,8 @@ CVE-2018-18960 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3,
NOT-FOR-US: Epson
CVE-2018-18959 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51 ...)
NOT-FOR-US: Epson
-CVE-2018-18958
- RESERVED
+CVE-2018-18958 (OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. ...)
+ TODO: check
CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffe ...)
NOT-FOR-US: libIEC61850
CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x b ...)
@@ -35754,8 +35780,8 @@ CVE-2018-18946
RESERVED
CVE-2018-18945
RESERVED
-CVE-2018-18944
- RESERVED
+CVE-2018-18944 (Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow. ...)
+ TODO: check
CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the Register New ...)
NOT-FOR-US: baserCMS
CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remot ...)
@@ -35888,8 +35914,8 @@ CVE-2018-18888 (An issue was discovered in laravelCMS through 2018-04-02. \app\H
NOT-FOR-US: laravelCMS
CVE-2018-18887 (S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type ...)
NOT-FOR-US: S-CMS
-CVE-2018-18886
- RESERVED
+CVE-2018-18886 (Helpy v2.1.0 has Stored XSS via the Ticket title. ...)
+ TODO: check
CVE-2018-18885
RESERVED
CVE-2018-18884
@@ -35898,18 +35924,18 @@ CVE-2018-18882 (A stored cross-site scripting (XSS) issue was discovered in Cont
NOT-FOR-US: ControlByWeb
CVE-2018-18881 (A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M- ...)
NOT-FOR-US: ControlByWeb
-CVE-2018-18880
- RESERVED
-CVE-2018-18879
- RESERVED
-CVE-2018-18878
- RESERVED
-CVE-2018-18877
- RESERVED
-CVE-2018-18876
- RESERVED
-CVE-2018-18875
- RESERVED
+CVE-2018-18880 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a net ...)
+ TODO: check
+CVE-2018-18879 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
+ TODO: check
+CVE-2018-18878 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the B ...)
+ TODO: check
+CVE-2018-18877 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
+ TODO: check
+CVE-2018-18876 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a rea ...)
+ TODO: check
+CVE-2018-18875 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a sto ...)
+ TODO: check
CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: nc-cms
CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer dere ...)
@@ -35956,8 +35982,8 @@ CVE-2018-18854 (Lightbend Spray spray-json through 1.3.4 allows remote attackers
NOT-FOR-US: Lightbend Spray spray-json
CVE-2018-18853 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ca ...)
NOT-FOR-US: Lightbend Spray spray-json
-CVE-2018-18852
- RESERVED
+CVE-2018-18852 (Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection ...)
+ TODO: check
CVE-2018-18851
RESERVED
CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authen ...)
@@ -35987,14 +36013,14 @@ CVE-2018-18841 (XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.p
NOT-FOR-US: SEMCMS PHP
CVE-2018-18840 (XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Cla ...)
NOT-FOR-US: SEMCMS PHP
-CVE-2018-18839
- RESERVED
-CVE-2018-18838
- RESERVED
-CVE-2018-18837
- RESERVED
-CVE-2018-18836
- RESERVED
+CVE-2018-18839 (** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Di ...)
+ TODO: check
+CVE-2018-18838 (An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forge ...)
+ TODO: check
+CVE-2018-18837 (An issue was discovered in Netdata 1.10.0. HTTP Header Injection exist ...)
+ TODO: check
+CVE-2018-18836 (An issue was discovered in Netdata 1.10.0. JSON injection exists via t ...)
+ TODO: check
CVE-2018-18835 (upload_template() in system/changeskin.php in DocCms 2016.5.12 allows ...)
NOT-FOR-US: DocCms
CVE-2018-18834 (An issue has been found in libIEC61850 v1.3. It is a heap-based buffer ...)
@@ -36089,8 +36115,8 @@ CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login sc
NOT-FOR-US: Bakeshop Inventory System
CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the login sc ...)
NOT-FOR-US: Curriculum Evaluation System
-CVE-2018-18802
- RESERVED
+CVE-2018-18802 (The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin ...)
+ TODO: check
CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via student/index.php ...)
NOT-FOR-US: BSEN Ordering software
CVE-2018-18800 (The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection ...)
@@ -108139,20 +108165,20 @@ CVE-2017-10726 (Winamp 5.666 Build 3516(x86) might allow attackers to execute ar
NOT-FOR-US: Winamp
CVE-2017-10725 (Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary cod ...)
NOT-FOR-US: Winamp
-CVE-2017-10724
- RESERVED
-CVE-2017-10723
- RESERVED
-CVE-2017-10722
- RESERVED
-CVE-2017-10721
- RESERVED
-CVE-2017-10720
- RESERVED
-CVE-2017-10719
- RESERVED
-CVE-2017-10718
- RESERVED
+CVE-2017-10724 (Recently it was discovered as a part of the research on IoT devices in ...)
+ TODO: check
+CVE-2017-10723 (Recently it was discovered as a part of the research on IoT devices in ...)
+ TODO: check
+CVE-2017-10722 (Recently it was discovered as a part of the research on IoT devices in ...)
+ TODO: check
+CVE-2017-10721 (Recently it was discovered as a part of the research on IoT devices in ...)
+ TODO: check
+CVE-2017-10720 (Recently it was discovered as a part of the research on IoT devices in ...)
+ TODO: check
+CVE-2017-10719 (Recently it was discovered as a part of the research on IoT devices in ...)
+ TODO: check
+CVE-2017-10718 (Recently it was discovered as a part of the research on IoT devices in ...)
+ TODO: check
CVE-2017-10717
RESERVED
CVE-2017-10716
@@ -111963,28 +111989,28 @@ CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity Govern
NOT-FOR-US: CA Identity Governance
CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote a ...)
NOT-FOR-US: CA Identity Manager
-CVE-2017-9392
- RESERVED
-CVE-2017-9391
- RESERVED
+CVE-2017-9392 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
+CVE-2017-9391 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
NOT-FOR-US: Vera devices
-CVE-2017-9389
- RESERVED
+CVE-2017-9389 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
NOT-FOR-US: Vera devices
-CVE-2017-9387
- RESERVED
-CVE-2017-9386
- RESERVED
-CVE-2017-9385
- RESERVED
+CVE-2017-9387 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
+CVE-2017-9386 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
+CVE-2017-9385 (An issue was discovered on Vera Veralite 1.7.481 devices. The device h ...)
+ TODO: check
CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
NOT-FOR-US: Vera devices
-CVE-2017-9383
- RESERVED
-CVE-2017-9382
- RESERVED
+CVE-2017-9383 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
+CVE-2017-9382 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
NOT-FOR-US: Vera devices
CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of ...)
@@ -115280,10 +115306,10 @@ CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthe
NOT-FOR-US: MikroTik
CVE-2017-8337
RESERVED
-CVE-2017-8336
- RESERVED
-CVE-2017-8335
- RESERVED
+CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
+CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
+ TODO: check
CVE-2017-8334
RESERVED
CVE-2017-8333
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c4ae1ca681b43aac8e40d4a94f25b81c6c1b7df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c4ae1ca681b43aac8e40d4a94f25b81c6c1b7df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190618/6a002767/attachment.html>
More information about the debian-security-tracker-commits
mailing list