[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 29 May 2019 13:10:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1c047b3e by security tracker role at 2019-05-29T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-12453
+       RESERVED
+CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, 
when the -- ...)
+       TODO: check
+CVE-2019-12451
+       RESERVED
+CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 
2.61.1  ...)
+       TODO: check
+CVE-2019-12449 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. 
daemon/gv ...)
+       TODO: check
+CVE-2019-12448 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. 
daemon/gv ...)
+       TODO: check
+CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. 
daemon/gv ...)
+       TODO: check
+CVE-2019-12446
+       RESERVED
+CVE-2019-12445
+       RESERVED
+CVE-2019-12444
+       RESERVED
+CVE-2019-12443
+       RESERVED
+CVE-2019-12442
+       RESERVED
+CVE-2019-12441
+       RESERVED
+CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows 
an unauth ...)
+       TODO: check
+CVE-2019-12439 (bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary 
directories  ...)
+       TODO: check
 CVE-2019-12438
        RESERVED
 CVE-2019-12437
@@ -185,8 +215,8 @@ CVE-2019-12349
        RESERVED
 CVE-2019-12348
        RESERVED
-CVE-2019-12347
-       RESERVED
+CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when 
attackers  ...)
+       TODO: check
 CVE-2019-12346
        RESERVED
 CVE-2019-12345 (XSS exists in the Kiboko Hostel plugin before 1.1.4 for 
WordPress. ...)
@@ -631,8 +661,8 @@ CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network 
Power Liebert Challeng
        NOT-FOR-US: Emerson Network Power Liebert Challenger
 CVE-2019-12166
        RESERVED
-CVE-2019-12165
-       RESERVED
+CVE-2019-12165 (MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and 
earlier,  ...)
+       TODO: check
 CVE-2019-12164
        RESERVED
 CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to 
obtain pot ...)
@@ -1254,8 +1284,8 @@ CVE-2019-11874
        RESERVED
 CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in 
tls13.c when ...)
        - wolfssl <unfixed> (bug #929468)
-CVE-2019-11872
-       RESERVED
+CVE-2019-11872 (The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is 
vulnera ...)
+       TODO: check
 CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has 
XSS for  ...)
        NOT-FOR-US: Custom Field Suite plugin for WordPress
 CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is 
mishandled in t ...)
@@ -6883,12 +6913,11 @@ CVE-2019-9868 (An issue was discovered in the Web 
Console in Veritas NetBackup A
        NOT-FOR-US: Veritas NetBackup Appliance
 CVE-2019-9867 (An issue was discovered in the Web Console in Veritas NetBackup 
Applia ...)
        NOT-FOR-US: Veritas NetBackup Appliance
-CVE-2019-9866 [Project Runner Token Exposed Through Issues Quick Actions]
-       RESERVED
+CVE-2019-9866 (An issue was discovered in GitLab Community and Enterprise 
Edition 11. ...)
        - gitlab 11.8.3-1 (bug #925196)
        NOTE: 
https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
-CVE-2019-9865
-       RESERVED
+CVE-2019-9865 (When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a 
specia ...)
+       TODO: check
 CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter 
Tamperi ...)
        NOT-FOR-US: PHP Scripts Mall Amazon Affiliate Store
 CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in 
the ABUS  ...)
@@ -6901,8 +6930,8 @@ CVE-2019-9860 (Due to unencrypted signal communication 
and predictability of rol
        NOT-FOR-US: ABUS
 CVE-2019-9859
        RESERVED
-CVE-2019-9858
-       RESERVED
+CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 
5.2.22 ...)
+       TODO: check
 CVE-2019-9856
        RESERVED
 CVE-2019-9855
@@ -7389,8 +7418,8 @@ CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5 
writes POST and GET paramete
        NOT-FOR-US: aquaverde Aquarius CMS
 CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, 
the ac ...)
        NOT-FOR-US: JFrog Artifactory
-CVE-2019-9732
-       RESERVED
+CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise 
Edition 10. ...)
+       TODO: check
 CVE-2019-9731
        RESERVED
 CVE-2019-9730
@@ -8078,8 +8107,7 @@ CVE-2019-9487
        RESERVED
 CVE-2019-9486 (STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from 
a SYSTE ...)
        NOT-FOR-US: STRATO HiDrive Desktop Client
-CVE-2019-9485 [Privilege escalation impersonate user]
-       RESERVED
+CVE-2019-9485 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        [experimental] - gitlab 11.8.2-1
        - gitlab 11.8.2-2 (bug #924447)
        NOTE: 
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
@@ -8617,8 +8645,7 @@ CVE-2019-9222 (An issue was discovered in GitLab 
Community and Enterprise Editio
        [experimental] - gitlab 11.8.2-1
        - gitlab 11.8.2-2 (bug #924447)
        NOTE: 
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9221 [Arbitrary file read via MergeRequestDiff]
-       RESERVED
+CVE-2019-9221 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        [experimental] - gitlab 11.8.2-1
        - gitlab 11.8.2-2 (bug #924447)
        NOTE: 
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
@@ -8630,8 +8657,8 @@ CVE-2019-9219 (An issue was discovered in GitLab 
Community and Enterprise Editio
        [experimental] - gitlab 11.8.2-1
        - gitlab 11.8.2-2 (bug #924447)
        NOTE: 
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9218
-       RESERVED
+CVE-2019-9218 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
+       TODO: check
 CVE-2019-9217 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        [experimental] - gitlab 11.8.2-1
        - gitlab 11.8.2-2 (bug #924447)
@@ -8770,8 +8797,8 @@ CVE-2019-9178 (An issue was discovered in GitLab 
Community and Enterprise Editio
        [experimental] - gitlab 11.8.2-1
        - gitlab 11.8.2-2 (bug #924447)
        NOTE: 
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9177
-       RESERVED
+CVE-2019-9177 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
+       TODO: check
 CVE-2019-9176 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        [experimental] - gitlab 11.8.2-1
        - gitlab 11.8.2-2 (bug #924447)
@@ -12771,8 +12798,8 @@ CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x 
before 3.3.8, and 3.4.x befor
        NOT-FOR-US: Cantemo Portal
 CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can 
enumerate whe ...)
        NOT-FOR-US: JForum
-CVE-2019-7549
-       RESERVED
+CVE-2019-7549 (An issue was discovered in GitLab Community and Enterprise 
Edition 10. ...)
+       TODO: check
 CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter 
can be ...)
        {DLA-1718-1}
        [experimental] - sqlalchemy 1.3.0~b3+ds1-1
@@ -13959,8 +13986,8 @@ CVE-2019-7131
        RESERVED
 CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow 
vulnerability. Suc ...)
        NOT-FOR-US: Adobe
-CVE-2019-7129
-       RESERVED
+CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a 
stored ...)
+       TODO: check
 CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 
2019.010 ...)
        NOT-FOR-US: Adobe
 CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 
2019.010 ...)
@@ -14361,10 +14388,10 @@ CVE-2019-6960
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6959
        RESERVED
-CVE-2019-6958
-       RESERVED
-CVE-2019-6957
-       RESERVED
+CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch 
Video M ...)
+       TODO: check
+CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch 
Video M ...)
+       TODO: check
 CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 
(FAAD2) 2 ...)
        - faad2 <unfixed> (bug #914641)
        [buster] - faad2 <no-dsa> (Minor issue)
@@ -20543,8 +20570,8 @@ CVE-2019-4266
        RESERVED
 CVE-2019-4265
        RESERVED
-CVE-2019-4264
-       RESERVED
+CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to 
obtain sen ...)
+       TODO: check
 CVE-2019-4263
        RESERVED
 CVE-2019-4262
@@ -20559,8 +20586,8 @@ CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 
6.0.0.1 Standard Edition
        NOT-FOR-US: IBM
 CVE-2019-4257
        RESERVED
-CVE-2019-4256
-       RESERVED
+CVE-2019-4256 (IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than 
expected cryp ...)
+       TODO: check
 CVE-2019-4255
        RESERVED
 CVE-2019-4254
@@ -20703,8 +20730,8 @@ CVE-2019-4186
        RESERVED
 CVE-2019-4185
        RESERVED
-CVE-2019-4184
-       RESERVED
+CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to 
cross- ...)
+       TODO: check
 CVE-2019-4183
        RESERVED
 CVE-2019-4182
@@ -20793,12 +20820,12 @@ CVE-2019-4141
        RESERVED
 CVE-2019-4140
        RESERVED
-CVE-2019-4139
-       RESERVED
-CVE-2019-4138
-       RESERVED
-CVE-2019-4137
-       RESERVED
+CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to 
cross-s ...)
+       TODO: check
+CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 
could al ...)
+       TODO: check
+CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 
is vulne ...)
+       TODO: check
 CVE-2019-4136
        RESERVED
 CVE-2019-4135
@@ -23979,7 +24006,7 @@ CVE-2018-20241 (The Edit upload resource for a review 
in Atlassian Fisheye and C
        NOT-FOR-US: Atlassian
 CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye 
and Cruci ...)
        NOT-FOR-US: Atlassian
-CVE-2018-20239 (Application Links before version 5.0.11, from version 5.1.0 
before 5.2 ...)
+CVE-2018-20239 (Application Links before version 3.4.3, 4.6.x before 4.7.0, 
5.0.x befo ...)
        NOT-FOR-US: Atlassian
 CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 
and fro ...)
        NOT-FOR-US: Atlassian
@@ -27733,10 +27760,10 @@ CVE-2018-19980 (Anker Nebula Capsule Pro 
NBUI_M1_V2.1.9 devices allow attackers
        NOT-FOR-US: Anker Nebula Capsule Pro devices
 CVE-2018-19979
        RESERVED
-CVE-2018-19978
-       RESERVED
-CVE-2018-19977
-       RESERVED
+CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE 
configuration in ...)
+       TODO: check
+CVE-2018-19977 (A command injection (missing input validation, escaping) in 
the ftp up ...)
+       TODO: check
 CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule 
is expose ...)
        - yara 3.8.1-2 (bug #916932)
        [stretch] - yara <no-dsa> (Minor issue)
@@ -41634,16 +41661,16 @@ CVE-2018-16223 (Insecure Cryptographic Storage of 
credentials in com.vestiacom.q
        NOT-FOR-US: QBee Cam application for Android
 CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml 
configurat ...)
        NOT-FOR-US: iSmartAlarm application for Android
-CVE-2018-16221
-       RESERVED
+CVE-2018-16221 (The diagnostics web interface in the Yeahlink Ultra-elegant IP 
Phone S ...)
+       TODO: check
 CVE-2018-16220 (Cross Site Scripting in different input fields (domain field 
and perso ...)
        NOT-FOR-US: AudioCodes 405HD VoIP phone
 CVE-2018-16219 (A missing password verification in the web interface in 
AudioCodes 405 ...)
        NOT-FOR-US: AudioCodes 405HD VoIP phone
-CVE-2018-16218
-       RESERVED
-CVE-2018-16217
-       RESERVED
+CVE-2018-16218 (A CSRF (Cross Site Request Forgery) in the web interface of 
the Yeahli ...)
+       TODO: check
+CVE-2018-16217 (The network diagnostic function (ping) in the Yeahlink 
Ultra-elegant I ...)
+       TODO: check
 CVE-2018-16216 (A command injection (missing input validation, escaping) in 
the monito ...)
        NOT-FOR-US: AudioCodes 405HD VoIP phone
 CVE-2018-16215
@@ -48840,8 +48867,8 @@ CVE-2018-13385 (There was an argument injection 
vulnerability in Sourcetree for
        NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-13384
        RESERVED
-CVE-2018-13383
-       RESERVED
+CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS all versions below 
6.0.5 in ...)
+       TODO: check
 CVE-2018-13382
        RESERVED
 CVE-2018-13381
@@ -96290,7 +96317,7 @@ CVE-2017-14188
        RESERVED
 CVE-2017-14187 (A local privilege escalation and local code execution 
vulnerability in ...)
        NOT-FOR-US: Fortinet
-CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 
5.6.0 t ...)
+CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 
6.0.0 t ...)
        NOT-FOR-US: Fortinet
 CVE-2017-14185 (An Information Disclosure vulnerability in Fortinet FortiOS 
5.6.0 to 5 ...)
        NOT-FOR-US: Fortinet FortiOS



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c047b3e14403a9864b4e13d9784584abfc963f4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c047b3e14403a9864b4e13d9784584abfc963f4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to