[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 28 Mar 2019 13:10:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
716bcc3a by security tracker role at 2019-03-28T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,20 +1,44 @@
-CVE-2019-1003048
+CVE-2019-10261
+       RESERVED
+CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to 
themes/admin/views/index.html ( ...)
+       TODO: check
+CVE-2019-10259
+       RESERVED
+CVE-2019-10258
+       RESERVED
+CVE-2019-10257
+       RESERVED
+CVE-2019-10256
+       RESERVED
+CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter 
Notebook be ...)
+       TODO: check
+CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp 
default layou ...)
+       TODO: check
+CVE-2019-10253
+       RESERVED
+CVE-2019-10252
+       RESERVED
+CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for 
Android uses H ...)
+       TODO: check
+CVE-2019-10250 (UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for 
downloading cer ...)
+       TODO: check
+CVE-2019-1003048 (A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier 
allows attack ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003047
+CVE-2019-1003047 (A missing permission check in Jenkins Fortify on Demand 
Uploader Plugi ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003046
+CVE-2019-1003046 (A cross-site request forgery vulnerability in Jenkins 
Fortify on Deman ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003045
+CVE-2019-1003045 (A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and 
earlier allo ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003044
+CVE-2019-1003044 (A cross-site request forgery vulnerability in Jenkins Slack 
Notificati ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003043
+CVE-2019-1003043 (A missing permission check in Jenkins Slack Notification 
Plugin 2.19 a ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003042
+CVE-2019-1003042 (A cross site scripting vulnerability in Jenkins Lockable 
Resources Plu ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003041
+CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy 
Plugin 2.64 ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-1003040
+CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security 
Plugin 1.55  ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-10249
        RESERVED
@@ -672,6 +696,7 @@ CVE-2019-9944
 CVE-2019-9943
        RESERVED
 CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality 
PRNG that i ...)
+       {DLA-1733-1}
        - wpa 2:2.6-7
        NOTE: 
https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
        NOTE: There was already a 2.6 upload late in 2016 but then reverted to 
a 2.4 based
@@ -1501,8 +1526,8 @@ CVE-2019-9866 [Project Runner Token Exposed Through 
Issues Quick Actions]
        NOTE: 
https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
 CVE-2019-9865
        RESERVED
-CVE-2019-9864
-       RESERVED
+CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter 
Tamperi ...)
+       TODO: check
 CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in 
the ABUS  ...)
        NOT-FOR-US: ABUS
 CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system 
FUAA5000 ...)
@@ -3212,12 +3237,12 @@ CVE-2019-9206
        RESERVED
 CVE-2019-9205
        RESERVED
-CVE-2019-9204
-       RESERVED
-CVE-2019-9203
-       RESERVED
-CVE-2019-9202
-       RESERVED
+CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios 
XI) befo ...)
+       TODO: check
+CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) 
before 2.2. ...)
+       TODO: check
+CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows 
authenticated u ...)
+       TODO: check
 CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 
151 ETH/ ...)
        NOT-FOR-US: Phoenix Contact ILC
 CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() 
locate ...)
@@ -3334,10 +3359,10 @@ CVE-2019-9167
        RESERVED
 CVE-2019-9166
        RESERVED
-CVE-2019-9165
-       RESERVED
-CVE-2019-9164
-       RESERVED
+CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows 
attacker ...)
+       TODO: check
+CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an 
authenticated u ...)
+       TODO: check
 CVE-2019-9163
        RESERVED
 CVE-2019-9161
@@ -7209,8 +7234,8 @@ CVE-2019-7526
        RESERVED
 CVE-2019-7525
        RESERVED
-CVE-2019-7524 [Buffer overflow when reading extension header from dovecot 
index files]
-       RESERVED
+CVE-2019-7524 (In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local 
attacker  ...)
+       {DSA-4418-1}
        - dovecot 1:2.3.4.1-3
 CVE-2019-7523
        RESERVED
@@ -7975,8 +8000,7 @@ CVE-2019-7253
        RESERVED
 CVE-2019-7252
        RESERVED
-CVE-2019-7251 [Remote crash vulnerability with SDP protocol violation]
-       RESERVED
+CVE-2019-7251 (An Integer Signedness issue (for a return code) in the 
res_pjsip_sdp_r ...)
        - asterisk 1:16.2.1~dfsg-1 (bug #923690)
        [stretch] - asterisk <not-affected> (Vulnerable code not present)
        [jessie] - asterisk <not-affected> (Vulnerable code introduced later)
@@ -9603,8 +9627,8 @@ CVE-2019-6544
        RESERVED
 CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 
SP3 and I ...)
        NOT-FOR-US: AVEVA
-CVE-2019-6542
-       RESERVED
+CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions 
prior t ...)
+       TODO: check
 CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON 
LeviStu ...)
        NOT-FOR-US: WECON
 CVE-2019-6540 (The Conexus telemetry protocol utilized within Medtronic 
MyCareLink Mo ...)
@@ -11711,15 +11735,13 @@ CVE-2019-5741
        RESERVED
 CVE-2019-5740
        RESERVED
-CVE-2019-5739 [Node.js: Denial of Service with keep-alive HTTP connections]
-       RESERVED
+CVE-2019-5739 (Keep-alive HTTP and HTTPS connections can remain open and 
inactive for ...)
        - nodejs 8.9.3~dfsg-5 (unimportant)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
        NOTE: Nodejs not covered by security support
 CVE-2019-5738
        RESERVED
-CVE-2019-5737 [Node.js: Slowloris HTTP Denial of Service with keep-alive]
-       RESERVED
+CVE-2019-5737 (An attacker can cause a Denial of Service (DoS) by establishing 
an HTT ...)
        - nodejs 10.15.2~dfsg-1 (unimportant)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
        NOTE: Nodejs not covered by security support
@@ -11735,8 +11757,8 @@ CVE-2018-20679 (An issue was discovered in BusyBox 
before 1.30.0. An out of boun
        NOTE: applying the partial fix. The followup commit
        NOTE: 
https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
        NOTE: is needed to fix the issue completely.
-CVE-2018-20678
-       RESERVED
+CVE-2018-20678 (LibreNMS through 1.47 allows SQL injection via the 
html/ajax_table.php ...)
+       TODO: check
 CVE-2019-8308 (Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes 
/proc  ...)
        {DSA-4390-1}
        - flatpak 1.2.3-1 (bug #922059)
@@ -11936,8 +11958,8 @@ CVE-2019-5676
        RESERVED
 CVE-2019-5675
        RESERVED
-CVE-2019-5674
-       RESERVED
+CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability 
when Sh ...)
+       TODO: check
 CVE-2019-5673
        RESERVED
 CVE-2019-5672
@@ -13236,13 +13258,13 @@ CVE-2019-5030
 CVE-2019-5029
        RESERVED
 CVE-2019-5028
-       RESERVED
+       REJECTED
 CVE-2019-5027
-       RESERVED
+       REJECTED
 CVE-2019-5026
-       RESERVED
+       REJECTED
 CVE-2019-5025
-       RESERVED
+       REJECTED
 CVE-2019-5024
        RESERVED
 CVE-2019-5023
@@ -15605,8 +15627,7 @@ CVE-2019-3871 (A vulnerability was found in PowerDNS 
Authoritative Server before
        NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
 CVE-2019-3870
        RESERVED
-CVE-2019-3869
-       RESERVED
+CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, 
applicatio ...)
        NOT-FOR-US: Ansible Tower
 CVE-2019-3868
        RESERVED
@@ -16060,8 +16081,8 @@ CVE-2019-3712 (Dell WES Wyse Device Agent versions 
prior to 14.1.2.9 and Dell Wy
        NOT-FOR-US: Dell
 CVE-2019-3711 (RSA Authentication Manager versions prior to 8.4 P1 contain an 
Insecur ...)
        NOT-FOR-US: RSA
-CVE-2019-3710
-       RESERVED
+CVE-2019-3710 (Dell Networking OS10 has been updated to address a 
vulnerability which ...)
+       TODO: check
 CVE-2019-3709
        RESERVED
 CVE-2019-3708
@@ -20465,8 +20486,7 @@ CVE-2018-20147 (In WordPress before 4.9.9 and 5.x 
before 5.0.1, authors could mo
        {DSA-4401-1 DLA-1673-1}
        - wordpress 5.0.1+dfsg1-1 (bug #916403)
        NOTE: 
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
-CVE-2018-20144 [Arbitrary File read in GitLab project import with Git LFS]
-       RESERVED
+CVE-2018-20144 (GitLab Community and Enterprise Edition 11.x before 11.3.13, 
11.4.x be ...)
        - gitlab 11.5.4+dfsg-1
        NOTE: 
https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/
 CVE-2018-20143
@@ -22897,8 +22917,8 @@ CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c 
allows remote attackers t
        NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
 CVE-2018-19880
        RESERVED
-CVE-2018-19879
-       RESERVED
+CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX 
(e.g., RU ...)
+       TODO: check
 CVE-2018-19878
        RESERVED
 CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the 
Login Bu ...)
@@ -34748,8 +34768,8 @@ CVE-2018-16531
        REJECTED
 CVE-2018-16530
        RESERVED
-CVE-2018-16529
-       RESERVED
+CVE-2018-16529 (A password reset vulnerability has been discovered in 
Forcepoint Email ...)
+       TODO: check
 CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote 
attacke ...)
        NOT-FOR-US: FreeRTOS
 CVE-2018-16527 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up 
to V10.0 ...)
@@ -62474,8 +62494,8 @@ CVE-2018-6332 (A potential denial-of-service issue in 
the Proxygen handling of i
        NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
 CVE-2018-6331 (Buck parser-cache command loads/saves state using Java 
serialized obje ...)
        NOT-FOR-US: Buck parser-cache
-CVE-2018-6330
-       RESERVED
+CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in 
save.php  ...)
+       TODO: check
 CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 
libbpex ...)
        NOT-FOR-US: Unitrends Backup
 CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 
user in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/716bcc3adbc5dcf07d76f1634ff4ce2c4218b93a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/716bcc3adbc5dcf07d76f1634ff4ce2c4218b93a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to