[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Mar 28 20:10:25 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
716bcc3a by security tracker role at 2019-03-28T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,20 +1,44 @@
-CVE-2019-1003048
+CVE-2019-10261
+	RESERVED
+CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html ( ...)
+	TODO: check
+CVE-2019-10259
+	RESERVED
+CVE-2019-10258
+	RESERVED
+CVE-2019-10257
+	RESERVED
+CVE-2019-10256
+	RESERVED
+CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
+	TODO: check
+CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp default layou ...)
+	TODO: check
+CVE-2019-10253
+	RESERVED
+CVE-2019-10252
+	RESERVED
+CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for Android uses H ...)
+	TODO: check
+CVE-2019-10250 (UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading cer ...)
+	TODO: check
+CVE-2019-1003048 (A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attack ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003047
+CVE-2019-1003047 (A missing permission check in Jenkins Fortify on Demand Uploader Plugi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003046
+CVE-2019-1003046 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003045
+CVE-2019-1003045 (A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allo ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003044
+CVE-2019-1003044 (A cross-site request forgery vulnerability in Jenkins Slack Notificati ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003043
+CVE-2019-1003043 (A missing permission check in Jenkins Slack Notification Plugin 2.19 a ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003042
+CVE-2019-1003042 (A cross site scripting vulnerability in Jenkins Lockable Resources Plu ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003041
+CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003040
+CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10249
 	RESERVED
@@ -672,6 +696,7 @@ CVE-2019-9944
 CVE-2019-9943
 	RESERVED
 CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...)
+	{DLA-1733-1}
 	- wpa 2:2.6-7
 	NOTE: https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
 	NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based
@@ -1501,8 +1526,8 @@ CVE-2019-9866 [Project Runner Token Exposed Through Issues Quick Actions]
 	NOTE: https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
 CVE-2019-9865
 	RESERVED
-CVE-2019-9864
-	RESERVED
+CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tamperi ...)
+	TODO: check
 CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS  ...)
 	NOT-FOR-US: ABUS
 CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system FUAA5000 ...)
@@ -3212,12 +3237,12 @@ CVE-2019-9206
 	RESERVED
 CVE-2019-9205
 	RESERVED
-CVE-2019-9204
-	RESERVED
-CVE-2019-9203
-	RESERVED
-CVE-2019-9202
-	RESERVED
+CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...)
+	TODO: check
+CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) before 2.2. ...)
+	TODO: check
+CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated u ...)
+	TODO: check
 CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...)
 	NOT-FOR-US: Phoenix Contact ILC
 CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...)
@@ -3334,10 +3359,10 @@ CVE-2019-9167
 	RESERVED
 CVE-2019-9166
 	RESERVED
-CVE-2019-9165
-	RESERVED
-CVE-2019-9164
-	RESERVED
+CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows attacker ...)
+	TODO: check
+CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...)
+	TODO: check
 CVE-2019-9163
 	RESERVED
 CVE-2019-9161
@@ -7209,8 +7234,8 @@ CVE-2019-7526
 	RESERVED
 CVE-2019-7525
 	RESERVED
-CVE-2019-7524 [Buffer overflow when reading extension header from dovecot index files]
-	RESERVED
+CVE-2019-7524 (In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker  ...)
+	{DSA-4418-1}
 	- dovecot 1:2.3.4.1-3
 CVE-2019-7523
 	RESERVED
@@ -7975,8 +8000,7 @@ CVE-2019-7253
 	RESERVED
 CVE-2019-7252
 	RESERVED
-CVE-2019-7251 [Remote crash vulnerability with SDP protocol violation]
-	RESERVED
+CVE-2019-7251 (An Integer Signedness issue (for a return code) in the res_pjsip_sdp_r ...)
 	- asterisk 1:16.2.1~dfsg-1 (bug #923690)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	[jessie] - asterisk <not-affected> (Vulnerable code introduced later)
@@ -9603,8 +9627,8 @@ CVE-2019-6544
 	RESERVED
 CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
 	NOT-FOR-US: AVEVA
-CVE-2019-6542
-	RESERVED
+CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior t ...)
+	TODO: check
 CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON LeviStu ...)
 	NOT-FOR-US: WECON
 CVE-2019-6540 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
@@ -11711,15 +11735,13 @@ CVE-2019-5741
 	RESERVED
 CVE-2019-5740
 	RESERVED
-CVE-2019-5739 [Node.js: Denial of Service with keep-alive HTTP connections]
-	RESERVED
+CVE-2019-5739 (Keep-alive HTTP and HTTPS connections can remain open and inactive for ...)
 	- nodejs 8.9.3~dfsg-5 (unimportant)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
 	NOTE: Nodejs not covered by security support
 CVE-2019-5738
 	RESERVED
-CVE-2019-5737 [Node.js: Slowloris HTTP Denial of Service with keep-alive]
-	RESERVED
+CVE-2019-5737 (An attacker can cause a Denial of Service (DoS) by establishing an HTT ...)
 	- nodejs 10.15.2~dfsg-1 (unimportant)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
 	NOTE: Nodejs not covered by security support
@@ -11735,8 +11757,8 @@ CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of boun
 	NOTE: applying the partial fix. The followup commit
 	NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
 	NOTE: is needed to fix the issue completely.
-CVE-2018-20678
-	RESERVED
+CVE-2018-20678 (LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php ...)
+	TODO: check
 CVE-2019-8308 (Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc  ...)
 	{DSA-4390-1}
 	- flatpak 1.2.3-1 (bug #922059)
@@ -11936,8 +11958,8 @@ CVE-2019-5676
 	RESERVED
 CVE-2019-5675
 	RESERVED
-CVE-2019-5674
-	RESERVED
+CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
+	TODO: check
 CVE-2019-5673
 	RESERVED
 CVE-2019-5672
@@ -13236,13 +13258,13 @@ CVE-2019-5030
 CVE-2019-5029
 	RESERVED
 CVE-2019-5028
-	RESERVED
+	REJECTED
 CVE-2019-5027
-	RESERVED
+	REJECTED
 CVE-2019-5026
-	RESERVED
+	REJECTED
 CVE-2019-5025
-	RESERVED
+	REJECTED
 CVE-2019-5024
 	RESERVED
 CVE-2019-5023
@@ -15605,8 +15627,7 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before
 	NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
 CVE-2019-3870
 	RESERVED
-CVE-2019-3869
-	RESERVED
+CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, applicatio ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2019-3868
 	RESERVED
@@ -16060,8 +16081,8 @@ CVE-2019-3712 (Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wy
 	NOT-FOR-US: Dell
 CVE-2019-3711 (RSA Authentication Manager versions prior to 8.4 P1 contain an Insecur ...)
 	NOT-FOR-US: RSA
-CVE-2019-3710
-	RESERVED
+CVE-2019-3710 (Dell Networking OS10 has been updated to address a vulnerability which ...)
+	TODO: check
 CVE-2019-3709
 	RESERVED
 CVE-2019-3708
@@ -20465,8 +20486,7 @@ CVE-2018-20147 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could mo
 	{DSA-4401-1 DLA-1673-1}
 	- wordpress 5.0.1+dfsg1-1 (bug #916403)
 	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
-CVE-2018-20144 [Arbitrary File read in GitLab project import with Git LFS]
-	RESERVED
+CVE-2018-20144 (GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x be ...)
 	- gitlab 11.5.4+dfsg-1
 	NOTE: https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/
 CVE-2018-20143
@@ -22897,8 +22917,8 @@ CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers t
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
 CVE-2018-19880
 	RESERVED
-CVE-2018-19879
-	RESERVED
+CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...)
+	TODO: check
 CVE-2018-19878
 	RESERVED
 CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Bu ...)
@@ -34748,8 +34768,8 @@ CVE-2018-16531
 	REJECTED
 CVE-2018-16530
 	RESERVED
-CVE-2018-16529
-	RESERVED
+CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
+	TODO: check
 CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
 	NOT-FOR-US: FreeRTOS
 CVE-2018-16527 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
@@ -62474,8 +62494,8 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
 	NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
 CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
 	NOT-FOR-US: Buck parser-cache
-CVE-2018-6330
-	RESERVED
+CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php  ...)
+	TODO: check
 CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
 	NOT-FOR-US: Unitrends Backup
 CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/716bcc3adbc5dcf07d76f1634ff4ce2c4218b93a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/716bcc3adbc5dcf07d76f1634ff4ce2c4218b93a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190328/4fc4ad57/attachment.html>


More information about the debian-security-tracker-commits mailing list