Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd735666 by security tracker role at 2019-04-25T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php,
/upload/scp/ ...)
+ TODO: check
+CVE-2019-11536
+ RESERVED
+CVE-2019-11535
+ RESERVED
+CVE-2019-11534
+ RESERVED
+CVE-2019-11533
+ RESERVED
+CVE-2019-11532
+ RESERVED
+CVE-2019-11531
+ RESERVED
+CVE-2019-11530
+ RESERVED
+CVE-2019-11529
+ RESERVED
+CVE-2019-11528
+ RESERVED
+CVE-2019-11527
+ RESERVED
+CVE-2019-11526
+ RESERVED
+CVE-2019-11525
+ RESERVED
+CVE-2019-11524
+ RESERVED
+CVE-2019-11523
+ RESERVED
+CVE-2019-11522
+ RESERVED
+CVE-2019-11521
+ RESERVED
+CVE-2019-11520
+ RESERVED
+CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in
nopComme ...)
+ TODO: check
+CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php
allows AID[] ...)
+ TODO: check
+CVE-2019-11517
+ RESERVED
+CVE-2019-11516
+ RESERVED
+CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to
cause a deni ...)
+ TODO: check
CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows
admin/db_backup?d ...)
NOT-FOR-US: Gila CMS
CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before
0.1.0-beta.8 mis ...)
@@ -1315,8 +1361,8 @@ CVE-2019-10957
RESERVED
CVE-2019-10956
RESERVED
-CVE-2019-10955
- RESERVED
+CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A,
All Versi ...)
+ TODO: check
CVE-2019-10954
RESERVED
CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO -
Programmable ...)
@@ -3802,11 +3848,9 @@ CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in
Poppler 0.74.0 mishandles dict
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd
CVE-2019-9902
RESERVED
-CVE-2019-9901
- RESERVED
+CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A
remote att ...)
NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
-CVE-2019-9900
- RESERVED
+CVE-2019-9900 (When parsing HTTP/1.x header values, Envoy 1.9.0 and before
does not r ...)
NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
CVE-2019-9899
RESERVED
@@ -5146,8 +5190,8 @@ CVE-2019-9671
RESERVED
CVE-2019-9670
RESERVED
-CVE-2019-9669
- RESERVED
+CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a
unique attac ...)
+ TODO: check
CVE-2019-9668
RESERVED
CVE-2019-9667
@@ -6504,16 +6548,16 @@ CVE-2019-9141
RESERVED
CVE-2019-9140
RESERVED
-CVE-2019-9139
- RESERVED
-CVE-2019-9138
- RESERVED
-CVE-2019-9137
- RESERVED
-CVE-2019-9136
- RESERVED
-CVE-2019-9135
- RESERVED
+CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow
vulnera ...)
+ TODO: check
+CVE-2019-9138 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow
vulnera ...)
+ TODO: check
+CVE-2019-9137 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow
vulnera ...)
+ TODO: check
+CVE-2019-9136 (DaviewIndy 8.98.7 and earlier versions have a Heap-based
overflow vuln ...)
+ TODO: check
+CVE-2019-9135 (DaviewIndy 8.98.7 and earlier versions have a Heap-based
overflow vuln ...)
+ TODO: check
CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have
a Stack ...)
NOT-FOR-US: Architectural Information System
CVE-2019-9133 (When processing subtitles format media file, KMPlayer version
2018.12. ...)
@@ -8657,7 +8701,7 @@ CVE-2019-8279 (Multiple stored XSS in Vanilla Forums
before 2.5 allow remote att
NOT-FOR-US: Vanilla Forums
CVE-2019-8278 (Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads
to Rem ...)
NOT-FOR-US: Invision Power Board
-CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-655)
in VNC ...)
+CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-665)
in VNC ...)
NOT-FOR-US: UltraVNC
CVE-2019-8276 (UltraVNC revision 1211 has a stack buffer overflow
vulnerability in VN ...)
NOT-FOR-US: UltraVNC
@@ -15642,7 +15686,8 @@ CVE-2019-5430
RESERVED
CVE-2019-5429
RESERVED
-CVE-2019-5428 (A prototype pollution vulnerability exists in jQuery versions
< 3.4 ...)
+CVE-2019-5428
+ REJECTED
NOTE: Duplicate of CVE-2019-11358
TODO: check (MITRE already contacted)
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs
attack ...)
@@ -18072,8 +18117,8 @@ CVE-2019-4240
RESERVED
CVE-2019-4239
RESERVED
-CVE-2019-4238
- RESERVED
+CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is
vulnerable t ...)
+ TODO: check
CVE-2019-4237
RESERVED
CVE-2019-4236
@@ -18104,8 +18149,8 @@ CVE-2019-4224
RESERVED
CVE-2019-4223
RESERVED
-CVE-2019-4222
- RESERVED
+CVE-2019-4222 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 could ...)
+ TODO: check
CVE-2019-4221
RESERVED
CVE-2019-4220
@@ -18252,12 +18297,12 @@ CVE-2019-4150
RESERVED
CVE-2019-4149
RESERVED
-CVE-2019-4148
- RESERVED
+CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
+ TODO: check
CVE-2019-4147
RESERVED
-CVE-2019-4146
- RESERVED
+CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 could ...)
+ TODO: check
CVE-2019-4145
RESERVED
CVE-2019-4144
@@ -18364,8 +18409,8 @@ CVE-2019-4094 (IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could
allow a ...)
NOT-FOR-US: IBM
-CVE-2019-4092
- RESERVED
+CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote
attacker to ...)
+ TODO: check
CVE-2019-4091
RESERVED
CVE-2019-4090
@@ -18394,16 +18439,16 @@ CVE-2019-4079
RESERVED
CVE-2019-4078
RESERVED
-CVE-2019-4077
- RESERVED
-CVE-2019-4076
- RESERVED
-CVE-2019-4075
- RESERVED
-CVE-2019-4074
- RESERVED
-CVE-2019-4073
- RESERVED
+CVE-2019-4077 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
+ TODO: check
+CVE-2019-4076 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
+ TODO: check
+CVE-2019-4075 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
+ TODO: check
+CVE-2019-4074 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
+ TODO: check
+CVE-2019-4073 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
+ TODO: check
CVE-2019-4072
RESERVED
CVE-2019-4071
@@ -18482,8 +18527,8 @@ CVE-2019-4035 (IBM Content Navigator 3.0CD could allow
attackers to direct web t
NOT-FOR-US: IBM
CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to
execute arbi ...)
NOT-FOR-US: IBM
-CVE-2019-4033
- RESERVED
+CVE-2019-4033 (IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to
cross-site scri ...)
+ TODO: check
CVE-2019-4032 (IBM Financial Transaction Manager for Digital Payments for
Multi-Platf ...)
NOT-FOR-US: IBM
CVE-2019-4031
@@ -18756,6 +18801,7 @@ CVE-2019-3904
CVE-2019-3903
RESERVED
CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to
use symli ...)
+ {DLA-1764-1}
- mercurial 4.9-1 (bug #927674)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/6c10eba6b9cd
@@ -18765,8 +18811,7 @@ CVE-2019-3901 (A race condition in perf_event_open()
allows local attackers to l
- linux 4.6.1-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
NOTE: Fixed by:
https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
-CVE-2019-3900 [vhost_net: fix possible infinite loop]
- RESERVED
+CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module
in Lin ...)
- linux <unfixed>
CVE-2019-3899 (It was found that default configuration of Heketi does not
require any ...)
- heketi <itp> (bug #903384)
@@ -24056,10 +24101,10 @@ CVE-2018-20055
RESERVED
CVE-2018-20054
RESERVED
-CVE-2018-20053
- RESERVED
-CVE-2018-20052
- RESERVED
+CVE-2018-20053 (An issue was discovered on Cerner Connectivity Engine (CCE) 4
devices. ...)
+ TODO: check
+CVE-2018-20052 (An issue was discovered on Cerner Connectivity Engine (CCE) 4
devices. ...)
+ TODO: check
CVE-2018-20051 (Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with
firmware 2 ...)
NOT-FOR-US: Jooan JA-Q1H Wi-Fi camera
CVE-2018-20050 (Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi
camera with f ...)
@@ -30154,8 +30199,8 @@ CVE-2018-19445
RESERVED
CVE-2018-19444
RESERVED
-CVE-2018-19442
- RESERVED
+CVE-2018-19442 (A Buffer Overflow in
Network::AuthenticationClient::VerifySignature in ...)
+ TODO: check
CVE-2018-19441
RESERVED
CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
@@ -33299,8 +33344,8 @@ CVE-2018-18371
RESERVED
CVE-2018-18370
RESERVED
-CVE-2018-18369
- RESERVED
+CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE
(Windows ...)
+ TODO: check
CVE-2018-18368
RESERVED
CVE-2018-18367
@@ -33528,8 +33573,8 @@ CVE-2018-18288
RESERVED
CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers
can discov ...)
NOT-FOR-US: ASUS RT-AC58U devices
-CVE-2018-18286
- RESERVED
+CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and
earlier, could ...)
+ TODO: check
CVE-2018-18285
RESERVED
CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a sand ...)
@@ -49387,8 +49432,8 @@ CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior
to 1.11.21 is susceptible
NOT-FOR-US: Symantec
CVE-2018-12245 (Symantec Endpoint Protection prior to 14.2 MP1 may be
susceptible to a ...)
NOT-FOR-US: Symantec Endpoint Protection
-CVE-2018-12244
- RESERVED
+CVE-2018-12244 (SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior
to 14.2 ...)
+ TODO: check
CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be
suscepti ...)
NOT-FOR-US: Symantec
CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be
suscepti ...)
@@ -79011,8 +79056,8 @@ CVE-2018-1722 (IBM Security Access Manager Appliance
9.0.4.0 and 9.0.5.0 could a
NOT-FOR-US: IBM
CVE-2018-1721
RESERVED
-CVE-2018-1720
- RESERVED
+CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1,
5.2.6.3_6, 6.0.0 ...)
+ TODO: check
CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide
weaker than ...)
NOT-FOR-US: IBM
CVE-2018-1718 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3
is vuln ...)
@@ -80058,8 +80103,8 @@ CVE-2017-17553 (The Dolphin Browser for Android 12.0.2
suffers from an insecure
NOT-FOR-US: Dolphin Browser for Android
CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 -
6613 allo ...)
NOT-FOR-US: Zoho ManageEngine AD Manager Plus
-CVE-2018-1360
- RESERVED
+CVE-2018-1360 (A cleartext transmission of sensitive information vulnerability
in For ...)
+ TODO: check
CVE-2018-1359
RESERVED
CVE-2018-1358
@@ -86397,8 +86442,8 @@ CVE-2017-16560 (SanDisk Secure Access 3.01 vault
decrypts and copies encrypted f
NOT-FOR-US: SanDisk Secure Access
CVE-2017-16559
RESERVED
-CVE-2017-16558
- RESERVED
+CVE-2017-16558 (Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL
injection vu ...)
+ TODO: check
CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to
gain privi ...)
NOT-FOR-US: K7 Antivirus
CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled
input can be ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd735666043a400bc2d9b8573105ed5fd90f313d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd735666043a400bc2d9b8573105ed5fd90f313d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
