Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aca2f079 by security tracker role at 2019-04-02T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the
4/js/scms.php?action=unlike i ...)
+ TODO: check
+CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter.
...)
+ TODO: check
+CVE-2019-10706
+ RESERVED
+CVE-2019-10705
+ RESERVED
+CVE-2019-10704
+ RESERVED
+CVE-2019-10703
+ RESERVED
+CVE-2019-10702
+ RESERVED
+CVE-2019-10701
+ RESERVED
+CVE-2019-10700
+ RESERVED
+CVE-2019-10699
+ RESERVED
+CVE-2019-10698
+ RESERVED
+CVE-2019-10697
+ RESERVED
+CVE-2019-10696
+ RESERVED
+CVE-2019-10695
+ RESERVED
+CVE-2019-10694
+ RESERVED
+CVE-2019-10693
+ RESERVED
+CVE-2019-10692 (In the wp-google-maps plugin before 7.11.18 for WordPress,
includes/cl ...)
+ TODO: check
+CVE-2019-10691
+ RESERVED
CVE-2019-10690
RESERVED
CVE-2019-10689
@@ -1592,8 +1628,7 @@ CVE-2019-9947 (An issue was discovered in urllib2 in
Python 2.x through 2.7.16 a
- python2.7 <unfixed>
NOTE: https://bugs.python.org/issue35906
NOTE: Introduced by:
https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262
-CVE-2019-9946 [Incorrect rule injection in CNI portmap plugin]
- RESERVED
+CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container
Networking Int ...)
- kubernetes <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1692712
TODO: singularity-container seems to embed as well a copy of cni
@@ -1871,8 +1906,8 @@ CVE-2019-1010262
RESERVED
CVE-2019-1010261
RESERVED
-CVE-2019-1010260
- RESERVED
+CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can
result in arb ...)
+ TODO: check
CVE-2019-1010259
RESERVED
CVE-2019-1010258
@@ -2800,8 +2835,8 @@ CVE-2019-9761 (An XXE issue was discovered in PHPSHE 1.7,
which can be used to r
NOT-FOR-US: PHPSHE
CVE-2019-9760 (FTPGetter Standard v.5.97.0.177 allows remote code execution
when a us ...)
NOT-FOR-US: FTPGetter
-CVE-2019-9759
- RESERVED
+CVE-2019-9759 (An issue was discovered in TONGDA Office Anywhere 10.18.190121.
There ...)
+ TODO: check
CVE-2019-9758
RESERVED
CVE-2019-9757
@@ -8272,14 +8307,14 @@ CVE-2019-7479
RESERVED
CVE-2019-7478
RESERVED
-CVE-2019-7477
- RESERVED
+CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC
Cipher allow ...)
+ TODO: check
CVE-2019-7476
RESERVED
-CVE-2019-7475
- RESERVED
-CVE-2019-7474
- RESERVED
+CVE-2019-7475 (A vulnerability in SonicWall SonicOS and SonicOSv with
management enab ...)
+ TODO: check
+CVE-2019-7474 (A vulnerability in SonicWall SonicOS and SonicOSv, allow
authenticated ...)
+ TODO: check
CVE-2019-7473
RESERVED
CVE-2019-7472
@@ -8659,7 +8694,8 @@ CVE-2018-20753 (Kaseya VSA RMM before R9.3 9.3.0.35, R9.4
before 9.4.0.36, and R
CVE-2018-20752 (An issue was discovered in Recon-ng before 4.9.5. Lack of
validation i ...)
- recon-ng 4.9.5-1
NOTE:
https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in
-CVE-2018-1000999 (Fastnet SA MailCleaner version 2018092601 contains a Command
Injection ...)
+CVE-2018-1000999
+ REJECTED
NOT-FOR-US: Fastnet SA MailCleaner
CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a Cross Site Scripting
(XSS) vulne ...)
- cvsweb 3:3.0.0-1
@@ -13222,8 +13258,8 @@ CVE-2019-5526
RESERVED
CVE-2019-5525
RESERVED
-CVE-2019-5524
- RESERVED
+CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before
10.1.6 ...)
+ TODO: check
CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to
9.5.0.3 up ...)
NOT-FOR-US: VMware vCloud Director for Service Providers
CVE-2019-5522
@@ -13240,8 +13276,8 @@ CVE-2019-5517
RESERVED
CVE-2019-5516
RESERVED
-CVE-2019-5515
- RESERVED
+CVE-2019-5515 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and
Fusion ...)
+ TODO: check
CVE-2019-5514 (VMware VMware Fusion (11.x before 11.0.3) contains a security
vulnerab ...)
NOT-FOR-US: VMware
CVE-2019-5513
@@ -16119,8 +16155,8 @@ CVE-2019-4095
RESERVED
CVE-2019-4094 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
-CVE-2019-4093
- RESERVED
+CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could
allow a ...)
+ TODO: check
CVE-2019-4092
RESERVED
CVE-2019-4091
@@ -16145,8 +16181,8 @@ CVE-2019-4082
RESERVED
CVE-2019-4081
RESERVED
-CVE-2019-4080
- RESERVED
+CVE-2019-4080 (IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5,
and 9.0 ...)
+ TODO: check
CVE-2019-4079
RESERVED
CVE-2019-4078
@@ -16219,8 +16255,8 @@ CVE-2019-4045
RESERVED
CVE-2019-4044
RESERVED
-CVE-2019-4043
- RESERVED
+CVE-2019-4043 (IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0
is vuln ...)
+ TODO: check
CVE-2019-4042
RESERVED
CVE-2019-4041
@@ -28398,8 +28434,8 @@ CVE-2018-19277 (securityScan() in PHPOffice
PhpSpreadsheet through 1.5.0 allows
NOT-FOR-US: PHPOffice
CVE-2018-19276 (OpenMRS before 2.24.0 is affected by an Insecure Object
Deserializatio ...)
NOT-FOR-US: OpenMRS
-CVE-2018-19275
- RESERVED
+CVE-2018-19275 (The BluStar component in Mitel InAttend before 2.5 SP3 and CMG
before ...)
+ TODO: check
CVE-2018-19274 (Passing an absolute path to a file_exists check in phpBB
before 3.2.4 ...)
{DLA-1593-1}
- phpbb3 <removed>
@@ -39179,8 +39215,8 @@ CVE-2018-15182 (PHP Scripts Mall Car Rental Script
2.0.8 has XSS via the FirstNa
NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2018-15181 (JioFi 4G Hotspot M2S devices allow attackers to cause a denial
of serv ...)
NOT-FOR-US: JioFi 4G Hotspot M2S devices
-CVE-2018-15180
- RESERVED
+CVE-2018-15180 (qTest Portal in QASymphony qTest Manager 9.0.0 has an Open
Redirect vi ...)
+ TODO: check
CVE-2018-15179
RESERVED
CVE-2018-15178 (Open redirect vulnerability in Gogs before 0.12 allows remote
attacker ...)
@@ -45440,10 +45476,10 @@ CVE-2018-12682
RESERVED
CVE-2018-12681
RESERVED
-CVE-2018-12680
- RESERVED
-CVE-2018-12679
- RESERVED
+CVE-2018-12680 (The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0,
4.0.1, and ...)
+ TODO: check
+CVE-2018-12679 (The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1
mishandl ...)
+ TODO: check
CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to
the webso ...)
NOT-FOR-US: Portainer
CVE-2018-12677
@@ -69995,16 +70031,16 @@ CVE-2018-4055 (A local privilege escalation
vulnerability exists in the install
NOT-FOR-US: Renderman
CVE-2018-4054 (A local privilege escalation vulnerability exists in the
install helpe ...)
NOT-FOR-US: Renderman
-CVE-2018-4053
- RESERVED
-CVE-2018-4052
- RESERVED
-CVE-2018-4051
- RESERVED
+CVE-2018-4053 (An exploitable local denial-of-service vulnerability exists in
the pri ...)
+ TODO: check
+CVE-2018-4052 (An exploitable local information leak vulnerability exists in
the priv ...)
+ TODO: check
+CVE-2018-4051 (An exploitable local privilege escalation vulnerability exists
in the ...)
+ TODO: check
CVE-2018-4050 (An exploitable local privilege escalation vulnerability exists
in the ...)
NOT-FOR-US: GOG Galaxy's Games for MacOS
-CVE-2018-4049
- RESERVED
+CVE-2018-4049 (An exploitable local privilege elevation vulnerability exists
in the f ...)
+ TODO: check
CVE-2018-4048
RESERVED
CVE-2018-4047 (An exploitable privilege escalation vulnerability exists in the
helper ...)
@@ -70167,8 +70203,8 @@ CVE-2018-3976 (An exploitable out-of-bounds write
exists in the CALS Raster file
NOT-FOR-US: Canvas Draw
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in
the RTF- ...)
NOT-FOR-US: Atlantis Word Processor
-CVE-2018-3974
- RESERVED
+CVE-2018-3974 (An exploitable local privilege elevation vulnerability exists
in the f ...)
+ TODO: check
CVE-2018-3973 (An exploitable out of bounds write exists in the CAL parsing
functiona ...)
NOT-FOR-US: Canvas Draw
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin
deseri ...)
@@ -76196,8 +76232,8 @@ CVE-2018-1919
RESERVED
CVE-2018-1918 (IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6
is vul ...)
NOT-FOR-US: IBM
-CVE-2018-1917
- RESERVED
+CVE-2018-1917 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could
allow an ...)
+ TODO: check
CVE-2018-1916 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager
5.0 th ...)
NOT-FOR-US: IBM
CVE-2018-1915
@@ -76218,8 +76254,8 @@ CVE-2018-1908 (IBM Robotic Process Automation with
Automation Anywhere 11 is vul
NOT-FOR-US: IBM
CVE-2018-1907
RESERVED
-CVE-2018-1906
- RESERVED
+CVE-2018-1906 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7could
allow an a ...)
+ TODO: check
CVE-2018-1905 (IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is
vulnerable ...)
NOT-FOR-US: IBM
CVE-2018-1904 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow re ...)
@@ -76282,8 +76318,8 @@ CVE-2018-1876 (IBM Robotic Process Automation with
Automation Anywhere 11 could
NOT-FOR-US: IBM
CVE-2018-1875 (IBM InfoSphere Information Governance Catalog 11.3, 11.5, and
11.7 cou ...)
NOT-FOR-US: IBM
-CVE-2018-1874
- RESERVED
+CVE-2018-1874 (IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly
sensitive ...)
+ TODO: check
CVE-2018-1873
RESERVED
CVE-2018-1872 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site
scripting. ...)
@@ -76670,8 +76706,8 @@ CVE-2018-1682
RESERVED
CVE-2018-1681
RESERVED
-CVE-2018-1680
- RESERVED
+CVE-2018-1680 (IBM Security Privileged Identity Manager Virtual Appliance
2.2.1 does ...)
+ TODO: check
CVE-2018-1679 (IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6
could a ...)
NOT-FOR-US: IBM
CVE-2018-1678
@@ -76750,8 +76786,8 @@ CVE-2018-1642
RESERVED
CVE-2018-1641
RESERVED
-CVE-2018-1640
- RESERVED
+CVE-2018-1640 (IBM Security Privileged Identity Manager Virtual Appliance
2.2.1 could ...)
+ TODO: check
CVE-2018-1639 (The Report Builder of Jazz Reporting Service 5.0 through 5.0.2
and 6.0 ...)
NOT-FOR-US: IBM
CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not
enforce Two ...)
@@ -76778,24 +76814,24 @@ CVE-2018-1628
RESERVED
CVE-2018-1627
RESERVED
-CVE-2018-1626
- RESERVED
-CVE-2018-1625
- RESERVED
+CVE-2018-1626 (IBM Security Privileged Identity Manager Virtual Appliance
2.2.1 does ...)
+ TODO: check
+CVE-2018-1625 (IBM Security Privileged Identity Manager Virtual Appliance
2.2.1 gener ...)
+ TODO: check
CVE-2018-1624
RESERVED
-CVE-2018-1623
- RESERVED
-CVE-2018-1622
- RESERVED
+CVE-2018-1623 (IBM Security Privileged Identity Manager Virtual Appliance
2.2.1 allow ...)
+ TODO: check
+CVE-2018-1622 (IBM Security Privileged Identity Manager Virtual Appliance
2.2.1 is vu ...)
+ TODO: check
CVE-2018-1621 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1620
RESERVED
CVE-2018-1619
RESERVED
-CVE-2018-1618
- RESERVED
+CVE-2018-1618 (IBM Security Privileged Identity Manager Virtual Appliance
2.2.1 could ...)
+ TODO: check
CVE-2018-1617
RESERVED
CVE-2018-1616
@@ -88942,7 +88978,7 @@ CVE-2017-14955 (Check_MK before 1.2.8p26 mishandles
certain errors within the fa
CVE-2017-14954 (The waitid implementation in kernel/exit.c in the Linux kernel
through ...)
- linux <not-affected> (Vulnerable code introduced in v4.13-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
-CVE-2017-14953 (HikVision Wi-Fi IP cameras, when used in a wired
configuration, allow ...)
+CVE-2017-14953 (** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a
wired config ...)
NOT-FOR-US: HikVision
CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components
for Unico ...)
- icu 57.1-7 (bug #878840)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aca2f07954283a4d816769efdf17381fbb4badd1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aca2f07954283a4d816769efdf17381fbb4badd1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
