[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 7 21:10:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc2686e5 by security tracker role at 2019-05-07T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4. There is a u ...)
+ TODO: check
+CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL point ...)
+ TODO: check
+CVE-2019-11809
+ RESERVED
+CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
+ TODO: check
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...)
TODO: check
CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...)
@@ -383,8 +391,8 @@ CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated administrators to execu
- moodle <removed>
CVE-2019-11630
RESERVED
-CVE-2019-11629
- RESERVED
+CVE-2019-11629 (Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. ...)
+ TODO: check
CVE-2019-11628 (An issue was discovered in QlikView Server before 11.20 SR19, 12.00 an ...)
NOT-FOR-US: Qlik products
CVE-2019-11626 (routers/ajaxRouter.php in doorGets 7.0 has a web site physical path le ...)
@@ -575,8 +583,8 @@ CVE-2019-11562
RESERVED
CVE-2019-11561
RESERVED
-CVE-2019-11560
- RESERVED
+CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...)
+ TODO: check
CVE-2019-11559
RESERVED
CVE-2019-11558
@@ -1081,10 +1089,12 @@ CVE-2016-10748
CVE-2016-10747
RESERVED
CVE-2019-11366 (An issue was discovered in atftpd in atftp 0.7.1. It does not lock the ...)
+ {DSA-4438-1}
- atftp 0.7.git20120829-3.1 (bug #927553)
NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
NOTE: https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
CVE-2019-11365 (An issue was discovered in atftpd in atftp 0.7.1. A remote attacker ma ...)
+ {DSA-4438-1}
- atftp 0.7.git20120829-3.1 (bug #927553)
NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
NOTE: https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/
@@ -2300,8 +2310,8 @@ CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
CVE-2019-10870
RESERVED
-CVE-2019-10869
- RESERVED
+CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja Forms ...)
+ TODO: check
CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...)
NOT-FOR-US: Pimcore
CVE-2019-10866
@@ -2554,8 +2564,8 @@ CVE-2019-10744
RESERVED
CVE-2019-10743
RESERVED
-CVE-2019-10742
- RESERVED
+CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a denial of ...)
+ TODO: check
CVE-2019-10741 (K-9 Mail v5.600 can include the original quoted HTML code of a special ...)
NOT-FOR-US: K-9 Mail
CVE-2019-10740 (In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP ...)
@@ -5800,10 +5810,10 @@ CVE-2019-9711 (An issue was discovered in Joomla! before 3.9.4. The item_title l
NOT-FOR-US: Joomla!
CVE-2019-9710 (An issue was discovered in webargs before 5.1.3, as used with marshmal ...)
NOT-FOR-US: webargs
-CVE-2019-9709
- RESERVED
-CVE-2019-9708
- RESERVED
+CVE-2019-9709 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 1 ...)
+ TODO: check
+CVE-2019-9708 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 1 ...)
+ TODO: check
CVE-2019-9707
RESERVED
CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
@@ -10474,10 +10484,10 @@ CVE-2019-7748 (_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php
NOT-FOR-US: DbNinja
CVE-2019-7747 (DbNinja 3.2.7 allows session fixation via the data.php sessid paramete ...)
NOT-FOR-US: DbNinja
-CVE-2019-7746
- RESERVED
-CVE-2019-7745
- RESERVED
+CVE-2019-7746 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...)
+ TODO: check
+CVE-2019-7745 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...)
+ TODO: check
CVE-2019-7744 (An issue was discovered in Joomla! before 3.9.3. Inadequate filtering ...)
NOT-FOR-US: Joomla!
CVE-2019-7743 (An issue was discovered in Joomla! before 3.9.3. The phar:// stream wr ...)
@@ -10623,8 +10633,8 @@ CVE-2019-7689
RESERVED
CVE-2019-7688
RESERVED
-CVE-2019-7687
- RESERVED
+CVE-2019-7687 (cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices ...)
+ TODO: check
CVE-2018-20771 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, ...)
NOT-FOR-US: Xerox devices
CVE-2018-20770 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, ...)
@@ -11001,8 +11011,8 @@ CVE-2019-7566 (CSZ CMS 1.1.8 has CSRF via admin/users/new/add. ...)
NOT-FOR-US: CSZ CMS
CVE-2019-7565
RESERVED
-CVE-2019-7564
- RESERVED
+CVE-2019-7564 (An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 ...)
+ TODO: check
CVE-2019-7563
RESERVED
CVE-2019-7562
@@ -11078,8 +11088,8 @@ CVE-2018-20760 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/
[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
NOTE: https://github.com/gpac/gpac/issues/1177
-CVE-2019-7541
- RESERVED
+CVE-2019-7541 (Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=use ...)
+ TODO: check
CVE-2019-7540
RESERVED
CVE-2019-7539 (A code injection issue was discovered in ipycache through 2016-05-31. ...)
@@ -11335,8 +11345,7 @@ CVE-2019-7445
RESERVED
CVE-2019-7444
RESERVED
-CVE-2019-7443 [Insecure handling of arguments in helpers]
- RESERVED
+CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbitrary ...)
- kauth 5.54.0-2 (bug #921995)
[stretch] - kauth 5.28.0-2+deb9u1
- kde4libs <unfixed> (bug #922727)
@@ -11375,10 +11384,10 @@ CVE-2019-7429 (PHP Scripts Mall Property Rental Software 2.1.4 has directory tra
NOT-FOR-US: PHP Scripts Mall
CVE-2019-7428
RESERVED
-CVE-2019-7427
- RESERVED
-CVE-2019-7426
- RESERVED
+CVE-2019-7427 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
+ TODO: check
+CVE-2019-7426 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
+ TODO: check
CVE-2019-7425 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7424 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
@@ -18898,10 +18907,10 @@ CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication
NOT-FOR-US: IBM
CVE-2019-4209
RESERVED
-CVE-2019-4208
- RESERVED
-CVE-2019-4207
- RESERVED
+CVE-2019-4208 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an X ...)
+ TODO: check
+CVE-2019-4207 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitiv ...)
+ TODO: check
CVE-2019-4206
RESERVED
CVE-2019-4205
@@ -21282,8 +21291,8 @@ CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a malformed
NOTE: https://sqlite.org/src/info/1a84668dcfdebaf12415d
CVE-2018-20504
RESERVED
-CVE-2018-20503
- RESERVED
+CVE-2018-20503 (Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.p ...)
+ TODO: check
CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ex ...)
NOT-FOR-US: Bento4
CVE-2018-20501 [Missing authorization control merge requests]
@@ -30897,8 +30906,8 @@ CVE-2018-19458 (In PHP Proxy 3.0.3, any user can read files from the server with
NOT-FOR-US: PHP Proxy
CVE-2018-19457 (Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which le ...)
NOT-FOR-US: Logicspice FAQ Script
-CVE-2018-19456
- RESERVED
+CVE-2018-19456 (The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPr ...)
+ TODO: check
CVE-2018-19455
RESERVED
CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the current ...)
@@ -44347,8 +44356,8 @@ CVE-2018-14487
RESERVED
CVE-2018-14486 (DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via ...)
NOT-FOR-US: DNN
-CVE-2018-14485
- RESERVED
+CVE-2018-14485 (BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog. ...)
+ TODO: check
CVE-2018-14484
RESERVED
CVE-2018-14483
@@ -44361,8 +44370,7 @@ CVE-2018-14480
RESERVED
CVE-2018-14479
RESERVED
-CVE-2018-14478
- RESERVED
+CVE-2018-14478 (ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sen ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2018-14477
RESERVED
@@ -45669,17 +45677,13 @@ CVE-2018-13996 (Genann through 2018-07-08 has a stack-based buffer over-read in
CVE-2018-13995
RESERVED
NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13994
- RESERVED
+CVE-2018-13994 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13993
- RESERVED
+CVE-2018-13993 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13992
- RESERVED
+CVE-2018-13992 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13991
- RESERVED
+CVE-2018-13991 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13990 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior ...)
NOT-FOR-US: Phoenix Contact FL switch
@@ -79241,8 +79245,8 @@ CVE-2018-2010
RESERVED
CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an information dis ...)
NOT-FOR-US: IBM
-CVE-2018-2008
- RESERVED
+CVE-2018-2008 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensit ...)
+ TODO: check
CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected crypto ...)
NOT-FOR-US: IBM
CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
@@ -79255,8 +79259,8 @@ CVE-2018-2003
RESERVED
CVE-2018-2002
RESERVED
-CVE-2018-2001
- RESERVED
+CVE-2018-2001 (IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is v ...)
+ TODO: check
CVE-2018-2000 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...)
NOT-FOR-US: IBM
CVE-2018-1999 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc2686e5a523dbd8f01a1d9fac6aa5daf1fd6349
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc2686e5a523dbd8f01a1d9fac6aa5daf1fd6349
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190507/e1f62353/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list