[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 14 21:10:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a139e2fc by security tracker role at 2019-05-14T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-12093
+ RESERVED
+CVE-2019-12092
+ RESERVED
+CVE-2019-12091
+ RESERVED
+CVE-2019-12090
+ RESERVED
+CVE-2019-12089
+ RESERVED
+CVE-2019-12088
+ RESERVED
CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...)
NOT-FOR-US: Samsung devices
CVE-2019-12086
@@ -487,12 +499,12 @@ CVE-2019-11847
RESERVED
CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu ...)
NOT-FOR-US: Typesetter CMS
-CVE-2019-11846
- RESERVED
-CVE-2019-11845
- RESERVED
-CVE-2019-11844
- RESERVED
+CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XS ...)
+ TODO: check
+CVE-2019-11845 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
+ TODO: check
+CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
+ TODO: check
CVE-2019-11843
RESERVED
CVE-2019-11841
@@ -1541,8 +1553,8 @@ CVE-2019-11421
RESERVED
CVE-2019-11420
RESERVED
-CVE-2019-11419
- RESERVED
+CVE-2019-11419 (vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application th ...)
+ TODO: check
CVE-2019-11418 (apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer over ...)
NOT-FOR-US: TRENDnet router
CVE-2019-11417 (system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused ...)
@@ -1741,8 +1753,8 @@ CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of dup
NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
CVE-2019-11337
RESERVED
-CVE-2019-11336
- RESERVED
+CVE-2019-11336 (Sony Bravia Smart TV devices allow remote attackers to retrieve the st ...)
+ TODO: check
CVE-2019-11335
RESERVED
CVE-2019-11334
@@ -5956,8 +5968,8 @@ CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the
NOT-FOR-US: ABUS
CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system FUAA5000 ...)
NOT-FOR-US: ABUS
-CVE-2019-9861
- RESERVED
+CVE-2019-9861 (Due to the use of an insecure RFID technology (MIFARE Classic), ABUS p ...)
+ TODO: check
CVE-2019-9860 (Due to unencrypted signal communication and predictability of rolling ...)
NOT-FOR-US: ABUS
CVE-2019-9859
@@ -8413,8 +8425,8 @@ CVE-2019-8979 (Kohana through 3.3.6 has SQL Injection when the order_by() parame
[jessie] - libkohana2-php <not-affected> (orderby function properly checks for allowed values)
NOTE: https://github.com/huzr2018/orderby_SQLi/tree/master/kohana
NOTE: https://github.com/koseven/koseven/issues/323
-CVE-2019-8978
- RESERVED
+CVE-2019-8978 (An improper authentication vulnerability can be exploited through a ra ...)
+ TODO: check
CVE-2019-8977
RESERVED
CVE-2019-8976
@@ -8572,8 +8584,8 @@ CVE-2019-8925
RESERVED
CVE-2019-8924
RESERVED
-CVE-2019-8923
- RESERVED
+CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...)
+ TODO: check
CVE-2019-8922
RESERVED
CVE-2019-8921
@@ -9686,8 +9698,8 @@ CVE-2019-8406
RESERVED
CVE-2019-8405
RESERVED
-CVE-2019-8404
- RESERVED
+CVE-2019-8404 (An issue was discovered in Webiness Inventory 2.3. The ProductModel co ...)
+ TODO: check
CVE-2019-8403
RESERVED
CVE-2019-8402
@@ -9726,10 +9738,10 @@ CVE-2019-8393 (Hotels_Server through 2018-11-05 has SQL Injection via the API be
NOT-FOR-US: Hotels_Server
CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with firmware 1.02B ...)
NOT-FOR-US: D-Link
-CVE-2019-8391
- RESERVED
-CVE-2019-8390
- RESERVED
+CVE-2019-8391 (qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?typ ...)
+ TODO: check
+CVE-2019-8390 (qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keyword ...)
+ TODO: check
CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer feature ...)
NOT-FOR-US: Musicloud
CVE-2019-8388
@@ -14234,16 +14246,16 @@ CVE-2019-6518 (Moxa IKS and EDS store plaintext passwords, which may allow sensi
NOT-FOR-US: Moxa
CVE-2019-6517 (BD FACSLyric Research Use Only, Windows 10 Professional Operating Syst ...)
NOT-FOR-US: BD FACSLyric
-CVE-2019-6516
- RESERVED
-CVE-2019-6515
- RESERVED
-CVE-2019-6514
- RESERVED
+CVE-2019-6516 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible ...)
+ TODO: check
+CVE-2019-6515 (An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents ...)
+ TODO: check
+CVE-2019-6514 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible ...)
+ TODO: check
CVE-2019-6513
RESERVED
-CVE-2019-6512
- RESERVED
+CVE-2019-6512 (An issue was discovered in WSO2 API Manager 2.6.0. It is possible to f ...)
+ TODO: check
CVE-2019-6511
RESERVED
CVE-2019-6510 (An issue was discovered in creditease-sec insight through 2018-09-11. ...)
@@ -33641,8 +33653,8 @@ CVE-2018-18802
RESERVED
CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via student/index.php ...)
NOT-FOR-US: BSEN Ordering software
-CVE-2018-18800
- RESERVED
+CVE-2018-18800 (The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection ...)
+ TODO: check
CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via event/controller. ...)
NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18798 (Attendance Monitoring System 1.0 has SQL Injection via the 'id' parame ...)
@@ -38778,6 +38790,7 @@ CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman compo
- foreman <itp> (bug #663101)
CVE-2018-16860 [Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum]
RESERVED
+ {DSA-4443-1}
- heimdal <unfixed> (bug #928966)
[stretch] - heimdal <no-dsa> (Minor issue)
- samba 2:4.9.5+dfsg-4
@@ -52468,8 +52481,8 @@ CVE-2018-11693 (An issue was discovered in LibSass through 3.5.4. An out-of-boun
NOTE: https://github.com/sass/libsass/issues/2661
CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3 ...)
NOT-FOR-US: Canon devices
-CVE-2018-11691
- RESERVED
+CVE-2018-11691 (Emerson VE6046 09.0.12 devices have hardcoded admin credentials allowi ...)
+ TODO: check
CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for ...)
NOT-FOR-US: Balbooa Gridbox extension for Joomla!
CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cr ...)
@@ -59834,8 +59847,8 @@ CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1093
CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmware EU ...)
NOT-FOR-US: D-Link
-CVE-2018-8940
- RESERVED
+CVE-2018-8940 (ClientServiceConfigController.cs in Enghouse Cloud Contact Center Plat ...)
+ TODO: check
CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold bef ...)
NOT-FOR-US: Ipswitch
CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswi ...)
@@ -65704,8 +65717,8 @@ CVE-2018-6887
RESERVED
CVE-2018-6886
RESERVED
-CVE-2018-6885
- RESERVED
+CVE-2018-6885 (An issue was discovered in MicroStrategy Web Services (the Microsoft O ...)
+ TODO: check
CVE-2018-6884
RESERVED
CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the adminis ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a139e2fc7cf52ce7a60f053b4df18266aee67642
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a139e2fc7cf52ce7a60f053b4df18266aee67642
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190514/b1533f73/attachment.html>
More information about the debian-security-tracker-commits
mailing list