[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 1 09:10:28 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
805434bc by security tracker role at 2019-05-01T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated administrators to execute arb ...)
+	TODO: check
+CVE-2019-11630
+	RESERVED
+CVE-2019-11629
+	RESERVED
+CVE-2019-11628 (An issue was discovered in QlikView Server before 11.20 SR19, 12.00 an ...)
+	TODO: check
+CVE-2019-11626 (routers/ajaxRouter.php in doorGets 7.0 has a web site physical path le ...)
+	TODO: check
+CVE-2019-11625 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
+	TODO: check
+CVE-2019-11624 (doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets ...)
+	TODO: check
+CVE-2019-11623 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
+	TODO: check
+CVE-2019-11622 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
+	TODO: check
+CVE-2019-11621 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
+	TODO: check
+CVE-2019-11620 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
+	TODO: check
+CVE-2019-11619 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
+	TODO: check
+CVE-2019-11618 (doorGets 7.0 has a default administrator credential vulnerability. A r ...)
+	TODO: check
+CVE-2019-11617 (doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/c ...)
+	TODO: check
+CVE-2019-11616 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
+	TODO: check
+CVE-2019-11615 (/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload v ...)
+	TODO: check
+CVE-2019-11614 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ ...)
+	TODO: check
+CVE-2019-11613 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ ...)
+	TODO: check
+CVE-2019-11612 (doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/ ...)
+	TODO: check
+CVE-2019-11611 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
+	TODO: check
+CVE-2019-11610 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
+	TODO: check
+CVE-2019-11609 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
+	TODO: check
+CVE-2019-11608 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
+	TODO: check
+CVE-2019-11607 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
+	TODO: check
+CVE-2019-11606 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
+	TODO: check
 CVE-2019-11605
 	RESERVED
 CVE-2019-11604
@@ -39,7 +89,7 @@ CVE-2018-20824
 	RESERVED
 CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 ha ...)
 	NOT-FOR-US: NodeBB
-CVE-2019-11627 [gpg-key2ps: Shell injection vulnerability in UIDs rendering]
+CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an un ...)
 	- signing-party <unfixed> (bug #928256)
 	[stretch] - signing-party <no-dsa> (Will be fixed via point release)
 	NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
@@ -18945,36 +18995,36 @@ CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attacker
 	NOT-FOR-US: Advantech WebAccess
 CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via una ...)
 	NOT-FOR-US: Advantech WebAccess
-CVE-2019-3939
-	RESERVED
-CVE-2019-3938
-	RESERVED
-CVE-2019-3937
-	RESERVED
-CVE-2019-3936
-	RESERVED
-CVE-2019-3935
-	RESERVED
-CVE-2019-3934
-	RESERVED
-CVE-2019-3933
-	RESERVED
-CVE-2019-3932
-	RESERVED
-CVE-2019-3931
-	RESERVED
-CVE-2019-3930
-	RESERVED
-CVE-2019-3929
-	RESERVED
-CVE-2019-3928
-	RESERVED
-CVE-2019-3927
-	RESERVED
-CVE-2019-3926
-	RESERVED
-CVE-2019-3925
-	RESERVED
+CVE-2019-3939 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3938 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3937 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3936 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3935 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3934 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3933 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3932 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3931 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3930 (The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1 ...)
+	TODO: check
+CVE-2019-3929 (The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1 ...)
+	TODO: check
+CVE-2019-3928 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3927 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3926 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
+CVE-2019-3925 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
+	TODO: check
 CVE-2019-3924 (MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is v ...)
 	NOT-FOR-US: MikroTik
 CVE-2019-3923 (Nessus versions 8.2.1 and earlier were found to contain a stored XSS v ...)
@@ -30982,11 +31032,9 @@ CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mo
 	[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0215
-CVE-2019-0214
-	RESERVED
+CVE-2019-0214 (In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the  ...)
 	NOT-FOR-US: Apache Archiva
-CVE-2019-0213
-	RESERVED
+CVE-2019-0213 (In Apache Archiva before 2.2.4, it is possible to write files to the a ...)
 	NOT-FOR-US: Apache Archiva
 CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1 ...)
 	NOT-FOR-US: Apache HBase
@@ -31042,8 +31090,8 @@ CVE-2019-0196 [mod_http2, read-after-free on a string compare]
 	NOTE: https://svn.apache.org/r1852989
 CVE-2019-0195
 	RESERVED
-CVE-2019-0194
-	RESERVED
+CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...)
+	TODO: check
 CVE-2019-0193
 	RESERVED
 CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/805434bca02c27c613769599e5551937c36c2ca1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/805434bca02c27c613769599e5551937c36c2ca1
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190501/ff34640a/attachment.html>

More information about the debian-security-tracker-commits mailing list