[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 28 20:10:25 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
716bcc3a by security tracker role at 2019-03-28T20:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,20 +1,44 @@
-CVE-2019-1003048
+CVE-2019-10261
+ RESERVED
+CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html ( ...)
+ TODO: check
+CVE-2019-10259
+ RESERVED
+CVE-2019-10258
+ RESERVED
+CVE-2019-10257
+ RESERVED
+CVE-2019-10256
+ RESERVED
+CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
+ TODO: check
+CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp default layou ...)
+ TODO: check
+CVE-2019-10253
+ RESERVED
+CVE-2019-10252
+ RESERVED
+CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for Android uses H ...)
+ TODO: check
+CVE-2019-10250 (UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading cer ...)
+ TODO: check
+CVE-2019-1003048 (A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attack ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003047
+CVE-2019-1003047 (A missing permission check in Jenkins Fortify on Demand Uploader Plugi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003046
+CVE-2019-1003046 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003045
+CVE-2019-1003045 (A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003044
+CVE-2019-1003044 (A cross-site request forgery vulnerability in Jenkins Slack Notificati ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003043
+CVE-2019-1003043 (A missing permission check in Jenkins Slack Notification Plugin 2.19 a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003042
+CVE-2019-1003042 (A cross site scripting vulnerability in Jenkins Lockable Resources Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003041
+CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003040
+CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10249
RESERVED
@@ -672,6 +696,7 @@ CVE-2019-9944
CVE-2019-9943
RESERVED
CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...)
+ {DLA-1733-1}
- wpa 2:2.6-7
NOTE: https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based
@@ -1501,8 +1526,8 @@ CVE-2019-9866 [Project Runner Token Exposed Through Issues Quick Actions]
NOTE: https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
CVE-2019-9865
RESERVED
-CVE-2019-9864
- RESERVED
+CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tamperi ...)
+ TODO: check
CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS ...)
NOT-FOR-US: ABUS
CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system FUAA5000 ...)
@@ -3212,12 +3237,12 @@ CVE-2019-9206
RESERVED
CVE-2019-9205
RESERVED
-CVE-2019-9204
- RESERVED
-CVE-2019-9203
- RESERVED
-CVE-2019-9202
- RESERVED
+CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...)
+ TODO: check
+CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) before 2.2. ...)
+ TODO: check
+CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated u ...)
+ TODO: check
CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...)
NOT-FOR-US: Phoenix Contact ILC
CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...)
@@ -3334,10 +3359,10 @@ CVE-2019-9167
RESERVED
CVE-2019-9166
RESERVED
-CVE-2019-9165
- RESERVED
-CVE-2019-9164
- RESERVED
+CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows attacker ...)
+ TODO: check
+CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...)
+ TODO: check
CVE-2019-9163
RESERVED
CVE-2019-9161
@@ -7209,8 +7234,8 @@ CVE-2019-7526
RESERVED
CVE-2019-7525
RESERVED
-CVE-2019-7524 [Buffer overflow when reading extension header from dovecot index files]
- RESERVED
+CVE-2019-7524 (In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker ...)
+ {DSA-4418-1}
- dovecot 1:2.3.4.1-3
CVE-2019-7523
RESERVED
@@ -7975,8 +8000,7 @@ CVE-2019-7253
RESERVED
CVE-2019-7252
RESERVED
-CVE-2019-7251 [Remote crash vulnerability with SDP protocol violation]
- RESERVED
+CVE-2019-7251 (An Integer Signedness issue (for a return code) in the res_pjsip_sdp_r ...)
- asterisk 1:16.2.1~dfsg-1 (bug #923690)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
[jessie] - asterisk <not-affected> (Vulnerable code introduced later)
@@ -9603,8 +9627,8 @@ CVE-2019-6544
RESERVED
CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
NOT-FOR-US: AVEVA
-CVE-2019-6542
- RESERVED
+CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior t ...)
+ TODO: check
CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON LeviStu ...)
NOT-FOR-US: WECON
CVE-2019-6540 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
@@ -11711,15 +11735,13 @@ CVE-2019-5741
RESERVED
CVE-2019-5740
RESERVED
-CVE-2019-5739 [Node.js: Denial of Service with keep-alive HTTP connections]
- RESERVED
+CVE-2019-5739 (Keep-alive HTTP and HTTPS connections can remain open and inactive for ...)
- nodejs 8.9.3~dfsg-5 (unimportant)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
NOTE: Nodejs not covered by security support
CVE-2019-5738
RESERVED
-CVE-2019-5737 [Node.js: Slowloris HTTP Denial of Service with keep-alive]
- RESERVED
+CVE-2019-5737 (An attacker can cause a Denial of Service (DoS) by establishing an HTT ...)
- nodejs 10.15.2~dfsg-1 (unimportant)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
NOTE: Nodejs not covered by security support
@@ -11735,8 +11757,8 @@ CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of boun
NOTE: applying the partial fix. The followup commit
NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
NOTE: is needed to fix the issue completely.
-CVE-2018-20678
- RESERVED
+CVE-2018-20678 (LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php ...)
+ TODO: check
CVE-2019-8308 (Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc ...)
{DSA-4390-1}
- flatpak 1.2.3-1 (bug #922059)
@@ -11936,8 +11958,8 @@ CVE-2019-5676
RESERVED
CVE-2019-5675
RESERVED
-CVE-2019-5674
- RESERVED
+CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
+ TODO: check
CVE-2019-5673
RESERVED
CVE-2019-5672
@@ -13236,13 +13258,13 @@ CVE-2019-5030
CVE-2019-5029
RESERVED
CVE-2019-5028
- RESERVED
+ REJECTED
CVE-2019-5027
- RESERVED
+ REJECTED
CVE-2019-5026
- RESERVED
+ REJECTED
CVE-2019-5025
- RESERVED
+ REJECTED
CVE-2019-5024
RESERVED
CVE-2019-5023
@@ -15605,8 +15627,7 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before
NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
CVE-2019-3870
RESERVED
-CVE-2019-3869
- RESERVED
+CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, applicatio ...)
NOT-FOR-US: Ansible Tower
CVE-2019-3868
RESERVED
@@ -16060,8 +16081,8 @@ CVE-2019-3712 (Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wy
NOT-FOR-US: Dell
CVE-2019-3711 (RSA Authentication Manager versions prior to 8.4 P1 contain an Insecur ...)
NOT-FOR-US: RSA
-CVE-2019-3710
- RESERVED
+CVE-2019-3710 (Dell Networking OS10 has been updated to address a vulnerability which ...)
+ TODO: check
CVE-2019-3709
RESERVED
CVE-2019-3708
@@ -20465,8 +20486,7 @@ CVE-2018-20147 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could mo
{DSA-4401-1 DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
-CVE-2018-20144 [Arbitrary File read in GitLab project import with Git LFS]
- RESERVED
+CVE-2018-20144 (GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x be ...)
- gitlab 11.5.4+dfsg-1
NOTE: https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/
CVE-2018-20143
@@ -22897,8 +22917,8 @@ CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers t
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
CVE-2018-19880
RESERVED
-CVE-2018-19879
- RESERVED
+CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...)
+ TODO: check
CVE-2018-19878
RESERVED
CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Bu ...)
@@ -34748,8 +34768,8 @@ CVE-2018-16531
REJECTED
CVE-2018-16530
RESERVED
-CVE-2018-16529
- RESERVED
+CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
+ TODO: check
CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
NOT-FOR-US: FreeRTOS
CVE-2018-16527 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
@@ -62474,8 +62494,8 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
NOT-FOR-US: Buck parser-cache
-CVE-2018-6330
- RESERVED
+CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ...)
+ TODO: check
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/716bcc3adbc5dcf07d76f1634ff4ce2c4218b93a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/716bcc3adbc5dcf07d76f1634ff4ce2c4218b93a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190328/4fc4ad57/attachment.html>
More information about the debian-security-tracker-commits
mailing list