[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 8 08:10:27 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6df58f5 by security tracker role at 2019-03-08T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...)
+ TODO: check
+CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via ...)
+ TODO: check
+CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2019-9630
+ RESERVED
+CVE-2019-9629
+ RESERVED
+CVE-2019-9628
+ RESERVED
CVE-2019-9627
RESERVED
CVE-2019-9626 (PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to ...)
@@ -60,8 +72,8 @@ CVE-2019-9600 (The Olive Tree FTP Server (aka com.theolivetree.ftpserver) applic
NOT-FOR-US: Olive Tree FTP Server application for Android
CVE-2019-9599 (The AirDroid application through 4.2.1.6 for Android allows remote ...)
NOT-FOR-US: AirDroid application for Android
-CVE-2019-9598
- RESERVED
+CVE-2019-9598 (An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF ...)
+ TODO: check
CVE-2019-9597
RESERVED
CVE-2019-9596
@@ -980,8 +992,8 @@ CVE-2019-9187 [Server-side request forgery via aggregate plugin]
NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
CVE-2019-9186
RESERVED
-CVE-2019-9185
- RESERVED
+CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt ...)
+ TODO: check
CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)
NOT-FOR-US: J2Store plugin for Joomla!
CVE-2019-9183
@@ -1165,16 +1177,16 @@ CVE-2019-9123 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The
NOT-FOR-US: D-Link
CVE-2019-9122 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They ...)
NOT-FOR-US: D-Link
-CVE-2019-9121
- RESERVED
-CVE-2019-9120
- RESERVED
-CVE-2019-9119
- RESERVED
-CVE-2019-9118
- RESERVED
-CVE-2019-9117
- RESERVED
+CVE-2019-9121 (An issue was discovered on Motorola C1 and M2 devices with firmware ...)
+ TODO: check
+CVE-2019-9120 (An issue was discovered on Motorola C1 and M2 devices with firmware ...)
+ TODO: check
+CVE-2019-9119 (An issue was discovered on Motorola C1 and M2 devices with firmware ...)
+ TODO: check
+CVE-2019-9118 (An issue was discovered on Motorola C1 and M2 devices with firmware ...)
+ TODO: check
+CVE-2019-9117 (An issue was discovered on Motorola C1 and M2 devices with firmware ...)
+ TODO: check
CVE-2019-9116 (** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version ...)
NOT-FOR-US: Sublime Text Windows build
CVE-2019-9115 (In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file ...)
@@ -1564,8 +1576,8 @@ CVE-2019-8988
RESERVED
CVE-2019-8987
RESERVED
-CVE-2019-8986
- RESERVED
+CVE-2019-8986 (The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO ...)
+ TODO: check
CVE-2019-8985 (On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based ...)
NOT-FOR-US: Netis devices
CVE-2019-8984 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). ...)
@@ -2731,14 +2743,14 @@ CVE-2019-8442
RESERVED
CVE-2019-8441
RESERVED
-CVE-2019-8440
- RESERVED
-CVE-2019-8439
- RESERVED
-CVE-2019-8438
- RESERVED
-CVE-2019-8437
- RESERVED
+CVE-2019-8440 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS ...)
+ TODO: check
+CVE-2019-8439 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS ...)
+ TODO: check
+CVE-2019-8438 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS ...)
+ TODO: check
+CVE-2019-8437 (njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to ...)
+ TODO: check
CVE-2019-8436 (imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] ...)
NOT-FOR-US: imcat
CVE-2019-8435 (admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. ...)
@@ -4394,10 +4406,10 @@ CVE-2019-7663 (An Invalid Address dereference was discovered in ...)
CVE-2019-7662 (An assertion failure was discovered in ...)
- binaryen 66-1
NOTE: https://github.com/WebAssembly/binaryen/issues/1872
-CVE-2019-7661
- RESERVED
-CVE-2019-7660
- RESERVED
+CVE-2019-7661 (An issue was discovered in PHPMyWind 5.5. The method parameter of the ...)
+ TODO: check
+CVE-2019-7660 (An issue was discovered in PHPMyWind 5.5. The username parameter of the ...)
+ TODO: check
CVE-2019-7659 (Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a ...)
{DLA-1681-1}
- gsoap 2.8.75-1
@@ -5701,8 +5713,8 @@ CVE-2019-7176
RESERVED
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-7175
- RESERVED
+CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...)
+ TODO: check
CVE-2019-7174
RESERVED
CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...)
@@ -6795,8 +6807,8 @@ CVE-2019-6712
RESERVED
CVE-2019-6711
RESERVED
-CVE-2019-6710
- RESERVED
+CVE-2019-6710 (Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. ...)
+ TODO: check
CVE-2018-20742 (An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. ...)
NOT-FOR-US: UC Berkeley RISE Opaque
CVE-2019-6709
@@ -7902,8 +7914,8 @@ CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expressio
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
CVE-2018-20711
RESERVED
-CVE-2018-20710
- RESERVED
+CVE-2018-20710 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka ...)
+ TODO: check
CVE-2018-20709
RESERVED
CVE-2018-20708
@@ -10775,8 +10787,8 @@ CVE-2019-5021
RESERVED
CVE-2019-5020
RESERVED
-CVE-2019-5019
- RESERVED
+CVE-2019-5019 (A heap overflow vulnerability exists in the PowerPoint document ...)
+ TODO: check
CVE-2019-5018
RESERVED
CVE-2019-5017
@@ -20128,12 +20140,12 @@ CVE-2019-1602
RESERVED
CVE-2019-1601
RESERVED
-CVE-2019-1600
- RESERVED
-CVE-2019-1599
- RESERVED
-CVE-2019-1598
- RESERVED
+CVE-2019-1600 (A vulnerability in the file system permissions of Cisco FXOS Software ...)
+ TODO: check
+CVE-2019-1599 (A vulnerability in the network stack of Cisco NX-OS Software could ...)
+ TODO: check
+CVE-2019-1598 (Multiple vulnerabilities in the implementation of the Lightweight ...)
+ TODO: check
CVE-2019-1597 (Multiple vulnerabilities in the implementation of the Lightweight ...)
NOT-FOR-US: Cisco
CVE-2019-1596 (A vulnerability in the Bash shell implementation for Cisco NX-OS ...)
@@ -24761,8 +24773,8 @@ CVE-2019-0194
RESERVED
CVE-2019-0193
RESERVED
-CVE-2019-0192
- RESERVED
+CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config ...)
+ TODO: check
CVE-2019-0191
RESERVED
- apache-karaf <itp> (bug #881297)
@@ -26086,10 +26098,10 @@ CVE-2018-18818
RESERVED
CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with Leostream ...)
NOT-FOR-US: Leostream Agent
-CVE-2018-18816
- RESERVED
-CVE-2018-18815
- RESERVED
+CVE-2018-18816 (The repository component of TIBCO Software Inc.'s TIBCO JasperReports ...)
+ TODO: check
+CVE-2018-18815 (The REST API component of TIBCO Software Inc.'s TIBCO JasperReports ...)
+ TODO: check
CVE-2018-18814 (The TIBCO Spotfire authentication component of TIBCO Software Inc.'s ...)
NOT-FOR-US: TIBCO
CVE-2018-18813 (The Spotfire web server component of TIBCO Software Inc.'s TIBCO ...)
@@ -26100,10 +26112,10 @@ CVE-2018-18811
RESERVED
CVE-2018-18810 (The Administrator Service component of TIBCO Software Inc.'s TIBCO ...)
NOT-FOR-US: TIBCO
-CVE-2018-18809
- RESERVED
-CVE-2018-18808
- RESERVED
+CVE-2018-18809 (The default server implementation of TIBCO Software Inc.'s TIBCO ...)
+ TODO: check
+CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO ...)
+ TODO: check
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO ...)
NOT-FOR-US: TIBCO
CVE-2017-18350
@@ -27083,8 +27095,8 @@ CVE-2018-18451
RESERVED
CVE-2018-18450 (apps\admin\controller\content\SingleController.php in PbootCMS before ...)
NOT-FOR-US: PbooCMS
-CVE-2018-18449
- RESERVED
+CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for adding a user account via an ...)
+ TODO: check
CVE-2018-18448
RESERVED
CVE-2018-18447
@@ -28409,8 +28421,8 @@ CVE-2018-17990
RESERVED
CVE-2018-17989
RESERVED
-CVE-2018-17988
- RESERVED
+CVE-2018-17988 (LayerBB 1.1.1 has SQL Injection via the search.php search_query ...)
+ TODO: check
CVE-2018-17987 (The determineWinner function of a smart contract implementation for ...)
NOT-FOR-US: Some Ethereum application
CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
@@ -28437,14 +28449,11 @@ CVE-2014-10076 (The wp-db-backup plugin 2.2.4 for WordPress relies on a five-cha
NOT-FOR-US: wp-db-backup plugin WordPress
CVE-2014-10075 (The karo gem 2.3.8 for Ruby allows Remote command injection via the ...)
NOT-FOR-US: karo gem
-CVE-2013-7468
- RESERVED
+CVE-2013-7468 (Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the ...)
NOT-FOR-US: Simple Machines Forum (SMF)
-CVE-2013-7467
- RESERVED
+CVE-2013-7467 (Simple Machines Forum (SMF) 2.0.4 allows XSS via the ...)
NOT-FOR-US: Simple Machines Forum (SMF)
-CVE-2013-7466
- RESERVED
+CVE-2013-7466 (Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with ...)
NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require ...)
NOT-FOR-US: Ice Cold Apps Servers Ultimate
@@ -29778,42 +29787,42 @@ CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote ..
NOT-FOR-US: Comodo UTM
CVE-2018-17430
RESERVED
-CVE-2018-17429
- RESERVED
+CVE-2018-17429 (/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has ...)
+ TODO: check
CVE-2018-17428 (An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL ...)
NOT-FOR-US: OPAC EasyWeb Five
CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a denial of ...)
NOT-FOR-US: SIMDComp
-CVE-2018-17426
- RESERVED
-CVE-2018-17425
- RESERVED
+CVE-2018-17426 (WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in ...)
+ TODO: check
+CVE-2018-17425 (WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ...)
+ TODO: check
CVE-2018-17424
RESERVED
CVE-2018-17423
RESERVED
-CVE-2018-17422
- RESERVED
-CVE-2018-17421
- RESERVED
-CVE-2018-17420
- RESERVED
-CVE-2018-17419
- RESERVED
-CVE-2018-17418
- RESERVED
+CVE-2018-17422 (dotCMS before 5.0.2 has open redirects via the ...)
+ TODO: check
+CVE-2018-17421 (An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file ...)
+ TODO: check
+CVE-2018-17420 (An issue was discovered in ZrLog 2.0.3. There is a SQL injection ...)
+ TODO: check
+CVE-2018-17419 (An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS ...)
+ TODO: check
+CVE-2018-17418 (Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code ...)
+ TODO: check
CVE-2018-17417
RESERVED
-CVE-2018-17416
- RESERVED
-CVE-2018-17415
- RESERVED
-CVE-2018-17414
- RESERVED
-CVE-2018-17413
- RESERVED
-CVE-2018-17412
- RESERVED
+CVE-2018-17416 (A SQL injection vulnerability exists in zzcms v8.3 via the ...)
+ TODO: check
+CVE-2018-17415 (zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id ...)
+ TODO: check
+CVE-2018-17414 (zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass ...)
+ TODO: check
+CVE-2018-17413 (XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin ...)
+ TODO: check
+CVE-2018-17412 (zzcms v8.3 contains a SQL Injection vulnerability in ...)
+ TODO: check
CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data Quality ...)
NOT-FOR-US: iWay Data Quality Suite Web Console
CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request to the ...)
@@ -31443,10 +31452,10 @@ CVE-2018-16811
RESERVED
CVE-2018-16810
RESERVED
-CVE-2018-16809
- RESERVED
-CVE-2018-16808
- RESERVED
+CVE-2018-16809 (An issue was discovered in Dolibarr through 7.0.0. ...)
+ TODO: check
+CVE-2018-16808 (An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS ...)
+ TODO: check
CVE-2018-16807 (In Bro through 2.5.5, there is a memory leak potentially leading to DoS ...)
- bro <unfixed> (low; bug #908614)
[stretch] - bro <no-dsa> (Minor issue)
@@ -31455,8 +31464,8 @@ CVE-2018-16806 (A Pektron Passive Keyless Entry and Start (PKES) system, as used
NOT-FOR-US: Tesla
CVE-2018-16805 (In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles ...)
NOT-FOR-US: b3log
-CVE-2018-16804
- RESERVED
+CVE-2018-16804 (An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, ...)
+ TODO: check
CVE-2018-16803 (In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows ...)
NOT-FOR-US: CIMTechniques CIMScan
CVE-2018-16801
@@ -37426,10 +37435,10 @@ CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, relate
[jessie] - mitmproxy <ignored> (Minor issue)
NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234
NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243
-CVE-2018-14499
- RESERVED
-CVE-2018-14498
- RESERVED
+CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an XSS ...)
+ TODO: check
+CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG ...)
+ TODO: check
CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
NOT-FOR-US: Tenda D152 ADSL routers
CVE-2018-14496
@@ -38643,8 +38652,8 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-
NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-14039
RESERVED
-CVE-2018-14038
- RESERVED
+CVE-2018-14038 (The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File ...)
+ TODO: check
CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor ...)
NOT-FOR-US: Progress Kendo UI Editor
CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
@@ -92962,8 +92971,8 @@ CVE-2017-12448 (The bfd_cache_close function in bfd/cache.c in the Binary File .
[wheezy] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21787
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24
-CVE-2017-12447
- RESERVED
+CVE-2017-12447 (GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus ...)
+ TODO: check
CVE-2017-12446
RESERVED
CVE-2017-12445 (The JB2BitmapCoder::code_row_by_refinement function in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6df58f569bd621ce84cb37adebb0e834fac5276
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6df58f569bd621ce84cb37adebb0e834fac5276
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190308/a5f4788c/attachment.html>
More information about the debian-security-tracker-commits
mailing list