[Git][security-tracker-team/security-tracker][master] automatic update

Fri May 31 21:10:31 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b5b0604 by security tracker role at 2019-05-31T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2019-12508
+	RESERVED
+CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative Path) thr ...)
+	TODO: check
+CVE-2019-12506
+	RESERVED
+CVE-2019-12505
+	RESERVED
+CVE-2019-12504
+	RESERVED
+CVE-2019-12503
+	RESERVED
+CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...)
+	TODO: check
+CVE-2019-12501
+	RESERVED
+CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "su ...)
+	TODO: check
+CVE-2019-12498
+	RESERVED
+CVE-2019-12497
+	RESERVED
+CVE-2019-12496 (An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt  ...)
+	TODO: check
+CVE-2019-12495 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
+	TODO: check
+CVE-2019-12494
+	RESERVED
+CVE-2019-12493 (A stack-based buffer over-read exists in PostScriptFunction::transform ...)
+	TODO: check
+CVE-2019-12492
+	RESERVED
+CVE-2019-12491
+	RESERVED
+CVE-2019-12490
+	RESERVED
+CVE-2019-12489
+	RESERVED
+CVE-2019-12488
+	RESERVED
+CVE-2019-12487
+	RESERVED
+CVE-2019-12486
+	RESERVED
+CVE-2019-12485
+	RESERVED
+CVE-2019-12484
+	RESERVED
+CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buffer ov ...)
+	TODO: check
+CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
+	TODO: check
+CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
+	TODO: check
+CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 could allow an unauthenticated, re ...)
+	TODO: check
+CVE-2019-12479
+	RESERVED
+CVE-2019-12478
+	RESERVED
+CVE-2019-12477
+	RESERVED
+CVE-2019-12476
+	RESERVED
 CVE-2019-12475
 	RESERVED
 CVE-2019-12474
@@ -38,7 +102,7 @@ CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. ...)
 	NOT-FOR-US: FileRun
 CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-In with ...)
 	TODO: check
-CVE-2019-12499 [binary can be truncated by root under certain conditions]
+CVE-2019-12499 (Firejail before 0.9.60 allows truncation (resizing to length 0) of the ...)
 	- firejail 0.9.58.2-2 (bug #929733)
 	NOTE: https://github.com/netblue30/firejail/issues/2401
 CVE-2019-XXXX [seccomp bypass when joining jails]
@@ -5169,26 +5233,26 @@ CVE-2019-10332
 	RESERVED
 CVE-2019-10331
 	RESERVED
-CVE-2019-10330
-	RESERVED
-CVE-2019-10329
-	RESERVED
-CVE-2019-10328
-	RESERVED
-CVE-2019-10327
-	RESERVED
-CVE-2019-10326
-	RESERVED
-CVE-2019-10325
-	RESERVED
-CVE-2019-10324
-	RESERVED
-CVE-2019-10323
-	RESERVED
-CVE-2019-10322
-	RESERVED
-CVE-2019-10321
-	RESERVED
+CVE-2019-10330 (Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revis ...)
+	TODO: check
+CVE-2019-10329 (Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypte ...)
+	TODO: check
+CVE-2019-10328 (Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custo ...)
+	TODO: check
+CVE-2019-10327 (An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven ...)
+	TODO: check
+CVE-2019-10326 (A cross-site request forgery vulnerability in Jenkins Warnings NG Plug ...)
+	TODO: check
+CVE-2019-10325 (A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0 ...)
+	TODO: check
+CVE-2019-10324 (A cross-site request forgery vulnerability in Jenkins Artifactory Plug ...)
+	TODO: check
+CVE-2019-10323 (A missing permission check in Jenkins Artifactory Plugin 3.2.2 and ear ...)
+	TODO: check
+CVE-2019-10322 (A missing permission check in Jenkins Artifactory Plugin 3.2.2 and ear ...)
+	TODO: check
+CVE-2019-10321 (A cross-site request forgery vulnerability in Jenkins Artifactory Plug ...)
+	TODO: check
 CVE-2019-10320 (Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permi ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10319 (A missing permission check in Jenkins PAM Authentication Plugin 1.5 an ...)
@@ -7496,8 +7560,8 @@ CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5 writes POST and GET paramete
 CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
 	NOT-FOR-US: JFrog Artifactory
 CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
-        [experimental] - gitlab 11.8.2-1
-        - gitlab 11.8.2-2
+	[experimental] - gitlab 11.8.2-1
+	- gitlab 11.8.2-2
 	NOTE: https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/
 CVE-2019-9731
 	RESERVED
@@ -172205,8 +172269,8 @@ CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kern
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf (v4.3-rc4)
 CVE-2015-7610 (Cross-site request forgery (CSRF) vulnerability in the login form in Z ...)
 	NOT-FOR-US: Zimbra
-CVE-2015-7609
-	RESERVED
+CVE-2015-7609 (Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the er ...)
+	TODO: check
 CVE-2015-7608
 	RESERVED
 CVE-2015-7607
@@ -187704,8 +187768,8 @@ CVE-2015-2232
 	RESERVED
 CVE-2015-2231
 	RESERVED
-CVE-2015-2230
-	RESERVED
+CVE-2015-2230 (Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS ...)
+	TODO: check
 CVE-2015-2229
 	RESERVED
 CVE-2015-2228



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b5b06045542f405e9b3c5ce11ecc281148a753e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b5b06045542f405e9b3c5ce11ecc281148a753e
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190531/370e8a47/attachment.html>
