[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 29 21:10:35 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c047b3e by security tracker role at 2019-05-29T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-12453
+ RESERVED
+CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when the -- ...)
+ TODO: check
+CVE-2019-12451
+ RESERVED
+CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 ...)
+ TODO: check
+CVE-2019-12449 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
+ TODO: check
+CVE-2019-12448 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
+ TODO: check
+CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
+ TODO: check
+CVE-2019-12446
+ RESERVED
+CVE-2019-12445
+ RESERVED
+CVE-2019-12444
+ RESERVED
+CVE-2019-12443
+ RESERVED
+CVE-2019-12442
+ RESERVED
+CVE-2019-12441
+ RESERVED
+CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauth ...)
+ TODO: check
+CVE-2019-12439 (bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories ...)
+ TODO: check
CVE-2019-12438
RESERVED
CVE-2019-12437
@@ -185,8 +215,8 @@ CVE-2019-12349
RESERVED
CVE-2019-12348
RESERVED
-CVE-2019-12347
- RESERVED
+CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers ...)
+ TODO: check
CVE-2019-12346
RESERVED
CVE-2019-12345 (XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. ...)
@@ -631,8 +661,8 @@ CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert Challeng
NOT-FOR-US: Emerson Network Power Liebert Challenger
CVE-2019-12166
RESERVED
-CVE-2019-12165
- RESERVED
+CVE-2019-12165 (MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, ...)
+ TODO: check
CVE-2019-12164
RESERVED
CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to obtain pot ...)
@@ -1254,8 +1284,8 @@ CVE-2019-11874
RESERVED
CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...)
- wolfssl <unfixed> (bug #929468)
-CVE-2019-11872
- RESERVED
+CVE-2019-11872 (The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnera ...)
+ TODO: check
CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...)
NOT-FOR-US: Custom Field Suite plugin for WordPress
CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in t ...)
@@ -6883,12 +6913,11 @@ CVE-2019-9868 (An issue was discovered in the Web Console in Veritas NetBackup A
NOT-FOR-US: Veritas NetBackup Appliance
CVE-2019-9867 (An issue was discovered in the Web Console in Veritas NetBackup Applia ...)
NOT-FOR-US: Veritas NetBackup Appliance
-CVE-2019-9866 [Project Runner Token Exposed Through Issues Quick Actions]
- RESERVED
+CVE-2019-9866 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab 11.8.3-1 (bug #925196)
NOTE: https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
-CVE-2019-9865
- RESERVED
+CVE-2019-9865 (When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specia ...)
+ TODO: check
CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tamperi ...)
NOT-FOR-US: PHP Scripts Mall Amazon Affiliate Store
CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS ...)
@@ -6901,8 +6930,8 @@ CVE-2019-9860 (Due to unencrypted signal communication and predictability of rol
NOT-FOR-US: ABUS
CVE-2019-9859
RESERVED
-CVE-2019-9858
- RESERVED
+CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5.2.22 ...)
+ TODO: check
CVE-2019-9856
RESERVED
CVE-2019-9855
@@ -7389,8 +7418,8 @@ CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5 writes POST and GET paramete
NOT-FOR-US: aquaverde Aquarius CMS
CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
NOT-FOR-US: JFrog Artifactory
-CVE-2019-9732
- RESERVED
+CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
+ TODO: check
CVE-2019-9731
RESERVED
CVE-2019-9730
@@ -8078,8 +8107,7 @@ CVE-2019-9487
RESERVED
CVE-2019-9486 (STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTE ...)
NOT-FOR-US: STRATO HiDrive Desktop Client
-CVE-2019-9485 [Privilege escalation impersonate user]
- RESERVED
+CVE-2019-9485 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
@@ -8617,8 +8645,7 @@ CVE-2019-9222 (An issue was discovered in GitLab Community and Enterprise Editio
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9221 [Arbitrary file read via MergeRequestDiff]
- RESERVED
+CVE-2019-9221 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
@@ -8630,8 +8657,8 @@ CVE-2019-9219 (An issue was discovered in GitLab Community and Enterprise Editio
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9218
- RESERVED
+CVE-2019-9218 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
+ TODO: check
CVE-2019-9217 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
@@ -8770,8 +8797,8 @@ CVE-2019-9178 (An issue was discovered in GitLab Community and Enterprise Editio
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9177
- RESERVED
+CVE-2019-9177 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
+ TODO: check
CVE-2019-9176 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
@@ -12771,8 +12798,8 @@ CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x befor
NOT-FOR-US: Cantemo Portal
CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whe ...)
NOT-FOR-US: JForum
-CVE-2019-7549
- RESERVED
+CVE-2019-7549 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
+ TODO: check
CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ...)
{DLA-1718-1}
[experimental] - sqlalchemy 1.3.0~b3+ds1-1
@@ -13959,8 +13986,8 @@ CVE-2019-7131
RESERVED
CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...)
NOT-FOR-US: Adobe
-CVE-2019-7129
- RESERVED
+CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...)
+ TODO: check
CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
@@ -14361,10 +14388,10 @@ CVE-2019-6960
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6959
RESERVED
-CVE-2019-6958
- RESERVED
-CVE-2019-6957
- RESERVED
+CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Video M ...)
+ TODO: check
+CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
+ TODO: check
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
- faad2 <unfixed> (bug #914641)
[buster] - faad2 <no-dsa> (Minor issue)
@@ -20543,8 +20570,8 @@ CVE-2019-4266
RESERVED
CVE-2019-4265
RESERVED
-CVE-2019-4264
- RESERVED
+CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sen ...)
+ TODO: check
CVE-2019-4263
RESERVED
CVE-2019-4262
@@ -20559,8 +20586,8 @@ CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition
NOT-FOR-US: IBM
CVE-2019-4257
RESERVED
-CVE-2019-4256
- RESERVED
+CVE-2019-4256 (IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryp ...)
+ TODO: check
CVE-2019-4255
RESERVED
CVE-2019-4254
@@ -20703,8 +20730,8 @@ CVE-2019-4186
RESERVED
CVE-2019-4185
RESERVED
-CVE-2019-4184
- RESERVED
+CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...)
+ TODO: check
CVE-2019-4183
RESERVED
CVE-2019-4182
@@ -20793,12 +20820,12 @@ CVE-2019-4141
RESERVED
CVE-2019-4140
RESERVED
-CVE-2019-4139
- RESERVED
-CVE-2019-4138
- RESERVED
-CVE-2019-4137
- RESERVED
+CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-s ...)
+ TODO: check
+CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could al ...)
+ TODO: check
+CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulne ...)
+ TODO: check
CVE-2019-4136
RESERVED
CVE-2019-4135
@@ -23979,7 +24006,7 @@ CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and C
NOT-FOR-US: Atlassian
CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and Cruci ...)
NOT-FOR-US: Atlassian
-CVE-2018-20239 (Application Links before version 5.0.11, from version 5.1.0 before 5.2 ...)
+CVE-2018-20239 (Application Links before version 3.4.3, 4.6.x before 4.7.0, 5.0.x befo ...)
NOT-FOR-US: Atlassian
CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and fro ...)
NOT-FOR-US: Atlassian
@@ -27733,10 +27760,10 @@ CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers
NOT-FOR-US: Anker Nebula Capsule Pro devices
CVE-2018-19979
RESERVED
-CVE-2018-19978
- RESERVED
-CVE-2018-19977
- RESERVED
+CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE configuration in ...)
+ TODO: check
+CVE-2018-19977 (A command injection (missing input validation, escaping) in the ftp up ...)
+ TODO: check
CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule is expose ...)
- yara 3.8.1-2 (bug #916932)
[stretch] - yara <no-dsa> (Minor issue)
@@ -41634,16 +41661,16 @@ CVE-2018-16223 (Insecure Cryptographic Storage of credentials in com.vestiacom.q
NOT-FOR-US: QBee Cam application for Android
CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml configurat ...)
NOT-FOR-US: iSmartAlarm application for Android
-CVE-2018-16221
- RESERVED
+CVE-2018-16221 (The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone S ...)
+ TODO: check
CVE-2018-16220 (Cross Site Scripting in different input fields (domain field and perso ...)
NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16219 (A missing password verification in the web interface in AudioCodes 405 ...)
NOT-FOR-US: AudioCodes 405HD VoIP phone
-CVE-2018-16218
- RESERVED
-CVE-2018-16217
- RESERVED
+CVE-2018-16218 (A CSRF (Cross Site Request Forgery) in the web interface of the Yeahli ...)
+ TODO: check
+CVE-2018-16217 (The network diagnostic function (ping) in the Yeahlink Ultra-elegant I ...)
+ TODO: check
CVE-2018-16216 (A command injection (missing input validation, escaping) in the monito ...)
NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16215
@@ -48840,8 +48867,8 @@ CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for
NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384
RESERVED
-CVE-2018-13383
- RESERVED
+CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in ...)
+ TODO: check
CVE-2018-13382
RESERVED
CVE-2018-13381
@@ -96290,7 +96317,7 @@ CVE-2017-14188
RESERVED
CVE-2017-14187 (A local privilege escalation and local code execution vulnerability in ...)
NOT-FOR-US: Fortinet
-CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 t ...)
+CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...)
NOT-FOR-US: Fortinet
CVE-2017-14185 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5 ...)
NOT-FOR-US: Fortinet FortiOS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c047b3e14403a9864b4e13d9784584abfc963f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c047b3e14403a9864b4e13d9784584abfc963f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190529/40636bb4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list