[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 07 May 2019 13:13:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bc2686e5 by security tracker role at 2019-05-07T20:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4. 
There is a u ...)
+       TODO: check
+CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A 
NULL point ...)
+       TODO: check
+CVE-2019-11809
+       RESERVED
+CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There 
is a ra ...)
+       TODO: check
 CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a 
cryptograp ...)
        TODO: check
 CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for 
WordPress allow ...)
@@ -383,8 +391,8 @@ CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated 
administrators to execu
        - moodle <removed>
 CVE-2019-11630
        RESERVED
-CVE-2019-11629
-       RESERVED
+CVE-2019-11629 (Sonatype Nexus Repository Manager 2.x before 2.14.13 allows 
XSS. ...)
+       TODO: check
 CVE-2019-11628 (An issue was discovered in QlikView Server before 11.20 SR19, 
12.00 an ...)
        NOT-FOR-US: Qlik products
 CVE-2019-11626 (routers/ajaxRouter.php in doorGets 7.0 has a web site physical 
path le ...)
@@ -575,8 +583,8 @@ CVE-2019-11562
        RESERVED
 CVE-2019-11561
        RESERVED
-CVE-2019-11560
-       RESERVED
+CVE-2019-11560 (A buffer overflow vulnerability in the streaming server 
provided by hi ...)
+       TODO: check
 CVE-2019-11559
        RESERVED
 CVE-2019-11558
@@ -1081,10 +1089,12 @@ CVE-2016-10748
 CVE-2016-10747
        RESERVED
 CVE-2019-11366 (An issue was discovered in atftpd in atftp 0.7.1. It does not 
lock the ...)
+       {DSA-4438-1}
        - atftp 0.7.git20120829-3.1 (bug #927553)
        NOTE: 
https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
        NOTE: 
https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
 CVE-2019-11365 (An issue was discovered in atftpd in atftp 0.7.1. A remote 
attacker ma ...)
+       {DSA-4438-1}
        - atftp 0.7.git20120829-3.1 (bug #927553)
        NOTE: 
https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
        NOTE: 
https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/
@@ -2300,8 +2310,8 @@ CVE-2019-10871 (An issue was discovered in Poppler 
0.74.0. There is a heap-based
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
 CVE-2019-10870
        RESERVED
-CVE-2019-10869
-       RESERVED
+CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the 
Ninja Forms  ...)
+       TODO: check
 CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker 
with clas ...)
        NOT-FOR-US: Pimcore
 CVE-2019-10866
@@ -2554,8 +2564,8 @@ CVE-2019-10744
        RESERVED
 CVE-2019-10743
        RESERVED
-CVE-2019-10742
-       RESERVED
+CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a 
denial of ...)
+       TODO: check
 CVE-2019-10741 (K-9 Mail v5.600 can include the original quoted HTML code of a 
special ...)
        NOT-FOR-US: K-9 Mail
 CVE-2019-10740 (In Roundcube Webmail 1.3.4, an attacker in possession of 
S/MIME or PGP ...)
@@ -5800,10 +5810,10 @@ CVE-2019-9711 (An issue was discovered in Joomla! 
before 3.9.4. The item_title l
        NOT-FOR-US: Joomla!
 CVE-2019-9710 (An issue was discovered in webargs before 5.1.3, as used with 
marshmal ...)
        NOT-FOR-US: webargs
-CVE-2019-9709
-       RESERVED
-CVE-2019-9708
-       RESERVED
+CVE-2019-9709 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 
before 1 ...)
+       TODO: check
+CVE-2019-9708 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 
before 1 ...)
+       TODO: check
 CVE-2019-9707
        RESERVED
 CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local 
users to  ...)
@@ -10474,10 +10484,10 @@ CVE-2019-7748 (_includes\online.php in DbNinja 3.2.7 
allows XSS via the data.php
        NOT-FOR-US: DbNinja
 CVE-2019-7747 (DbNinja 3.2.7 allows session fixation via the data.php sessid 
paramete ...)
        NOT-FOR-US: DbNinja
-CVE-2019-7746
-       RESERVED
-CVE-2019-7745
-       RESERVED
+CVE-2019-7746 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote 
attackers to ...)
+       TODO: check
+CVE-2019-7745 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote 
attackers to ...)
+       TODO: check
 CVE-2019-7744 (An issue was discovered in Joomla! before 3.9.3. Inadequate 
filtering  ...)
        NOT-FOR-US: Joomla!
 CVE-2019-7743 (An issue was discovered in Joomla! before 3.9.3. The phar:// 
stream wr ...)
@@ -10623,8 +10633,8 @@ CVE-2019-7689
        RESERVED
 CVE-2019-7688
        RESERVED
-CVE-2019-7687
-       RESERVED
+CVE-2019-7687 (cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 
devices  ...)
+       TODO: check
 CVE-2018-20771 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 
58XXi,  ...)
        NOT-FOR-US: Xerox devices
 CVE-2018-20770 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 
58XXi,  ...)
@@ -11001,8 +11011,8 @@ CVE-2019-7566 (CSZ CMS 1.1.8 has CSRF via 
admin/users/new/add. ...)
        NOT-FOR-US: CSZ CMS
 CVE-2019-7565
        RESERVED
-CVE-2019-7564
-       RESERVED
+CVE-2019-7564 (An issue was discovered on Shenzhen Coship WM3300 WiFi Router 
5.0.0.55 ...)
+       TODO: check
 CVE-2019-7563
        RESERVED
 CVE-2019-7562
@@ -11078,8 +11088,8 @@ CVE-2018-20760 (In GPAC 0.7.1 and earlier, 
gf_text_get_utf8_line in media_tools/
        [stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
        NOTE: 
https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
        NOTE: https://github.com/gpac/gpac/issues/1177
-CVE-2019-7541
-       RESERVED
+CVE-2019-7541 (Rukovoditel through 2.4.1 allows XSS via a URL that lacks a 
module=use ...)
+       TODO: check
 CVE-2019-7540
        RESERVED
 CVE-2019-7539 (A code injection issue was discovered in ipycache through 
2016-05-31. ...)
@@ -11335,8 +11345,7 @@ CVE-2019-7445
        RESERVED
 CVE-2019-7444
        RESERVED
-CVE-2019-7443 [Insecure handling of arguments in helpers]
-       RESERVED
+CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with 
arbitrary  ...)
        - kauth 5.54.0-2 (bug #921995)
        [stretch] - kauth 5.28.0-2+deb9u1
        - kde4libs <unfixed> (bug #922727)
@@ -11375,10 +11384,10 @@ CVE-2019-7429 (PHP Scripts Mall Property Rental 
Software 2.1.4 has directory tra
        NOT-FOR-US: PHP Scripts Mall
 CVE-2019-7428
        RESERVED
-CVE-2019-7427
-       RESERVED
-CVE-2019-7426
-       RESERVED
+CVE-2019-7427 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional 
v7.0.0.2 ...)
+       TODO: check
+CVE-2019-7426 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional 
v7.0.0.2 ...)
+       TODO: check
 CVE-2019-7425 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional 
v7.0.0.2 ...)
        NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
 CVE-2019-7424 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional 
v7.0.0.2 ...)
@@ -18898,10 +18907,10 @@ CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a 
user to bypass authentication
        NOT-FOR-US: IBM
 CVE-2019-4209
        RESERVED
-CVE-2019-4208
-       RESERVED
-CVE-2019-4207
-       RESERVED
+CVE-2019-4208 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable 
to an X ...)
+       TODO: check
+CVE-2019-4207 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose 
sensitiv ...)
+       TODO: check
 CVE-2019-4206
        RESERVED
 CVE-2019-4205
@@ -21282,8 +21291,8 @@ CVE-2018-20505 (SQLite 3.25.2, when queries are run on 
a table with a malformed
        NOTE: https://sqlite.org/src/info/1a84668dcfdebaf12415d
 CVE-2018-20504
        RESERVED
-CVE-2018-20503
-       RESERVED
+CVE-2018-20503 (Allied Telesis 8100L/8 devices allow XSS via the 
edit-ipv4_interface.p ...)
+       TODO: check
 CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an 
attempt at ex ...)
        NOT-FOR-US: Bento4
 CVE-2018-20501 [Missing authorization control merge requests]
@@ -30897,8 +30906,8 @@ CVE-2018-19458 (In PHP Proxy 3.0.3, any user can read 
files from the server with
        NOT-FOR-US: PHP Proxy
 CVE-2018-19457 (Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, 
which le ...)
        NOT-FOR-US: Logicspice FAQ Script
-CVE-2018-19456
-       RESERVED
+CVE-2018-19456 (The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 
for WordPr ...)
+       TODO: check
 CVE-2018-19455
        RESERVED
 CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the 
current ...)
@@ -44347,8 +44356,8 @@ CVE-2018-14487
        RESERVED
 CVE-2018-14486 (DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting 
(XSS) via  ...)
        NOT-FOR-US: DNN
-CVE-2018-14485
-       RESERVED
+CVE-2018-14485 (BlogEngine.NET 3.3 allows XXE attacks via the POST body to 
metaweblog. ...)
+       TODO: check
 CVE-2018-14484
        RESERVED
 CVE-2018-14483
@@ -44361,8 +44370,7 @@ CVE-2018-14480
        RESERVED
 CVE-2018-14479
        RESERVED
-CVE-2018-14478
-       RESERVED
+CVE-2018-14478 (ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via 
the sen ...)
        NOT-FOR-US: Coppermine Photo Gallery
 CVE-2018-14477
        RESERVED
@@ -45669,17 +45677,13 @@ CVE-2018-13996 (Genann through 2018-07-08 has a 
stack-based buffer over-read in
 CVE-2018-13995
        RESERVED
        NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13994
-       RESERVED
+CVE-2018-13994 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 
versions 1.0 t ...)
        NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13993
-       RESERVED
+CVE-2018-13993 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 
versions 1.0 t ...)
        NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13992
-       RESERVED
+CVE-2018-13992 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 
versions 1.0 t ...)
        NOT-FOR-US: Phoenix Contact FL switch
-CVE-2018-13991
-       RESERVED
+CVE-2018-13991 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 
versions 1.0 t ...)
        NOT-FOR-US: Phoenix Contact FL switch
 CVE-2018-13990 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 
versions prior ...)
        NOT-FOR-US: Phoenix Contact FL switch
@@ -79241,8 +79245,8 @@ CVE-2018-2010
        RESERVED
 CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an 
information dis ...)
        NOT-FOR-US: IBM
-CVE-2018-2008
-       RESERVED
+CVE-2018-2008 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose 
sensit ...)
+       TODO: check
 CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected 
crypto ...)
        NOT-FOR-US: IBM
 CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 
could allow ...)
@@ -79255,8 +79259,8 @@ CVE-2018-2003
        RESERVED
 CVE-2018-2002
        RESERVED
-CVE-2018-2001
-       RESERVED
+CVE-2018-2001 (IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 
7.0.5 is v ...)
+       TODO: check
 CVE-2018-2000 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is 
vulnerable t ...)
        NOT-FOR-US: IBM
 CVE-2018-1999 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 
18.0.0.2 coul ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc2686e5a523dbd8f01a1d9fac6aa5daf1fd6349

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc2686e5a523dbd8f01a1d9fac6aa5daf1fd6349
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to