Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b5b0604 by security tracker role at 2019-05-31T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2019-12508
+ RESERVED
+CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative
Path) thr ...)
+ TODO: check
+CVE-2019-12506
+ RESERVED
+CVE-2019-12505
+ RESERVED
+CVE-2019-12504
+ RESERVED
+CVE-2019-12503
+ RESERVED
+CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14
MX-V4.2.1.61 ca ...)
+ TODO: check
+CVE-2019-12501
+ RESERVED
+CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows
spoofing of "su ...)
+ TODO: check
+CVE-2019-12498
+ RESERVED
+CVE-2019-12497
+ RESERVED
+CVE-2019-12496 (An issue was discovered in Hybrid Group Gobot before 1.13.0.
The mqtt ...)
+ TODO: check
+CVE-2019-12495 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC)
0.9.27. ...)
+ TODO: check
+CVE-2019-12494
+ RESERVED
+CVE-2019-12493 (A stack-based buffer over-read exists in
PostScriptFunction::transform ...)
+ TODO: check
+CVE-2019-12492
+ RESERVED
+CVE-2019-12491
+ RESERVED
+CVE-2019-12490
+ RESERVED
+CVE-2019-12489
+ RESERVED
+CVE-2019-12488
+ RESERVED
+CVE-2019-12487
+ RESERVED
+CVE-2019-12486
+ RESERVED
+CVE-2019-12485
+ RESERVED
+CVE-2019-12484
+ RESERVED
+CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based
buffer ov ...)
+ TODO: check
+CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer
derefer ...)
+ TODO: check
+CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer
derefer ...)
+ TODO: check
+CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 could allow an
unauthenticated, re ...)
+ TODO: check
+CVE-2019-12479
+ RESERVED
+CVE-2019-12478
+ RESERVED
+CVE-2019-12477
+ RESERVED
+CVE-2019-12476
+ RESERVED
CVE-2019-12475
RESERVED
CVE-2019-12474
@@ -38,7 +102,7 @@ CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs
Directory Listing. ...)
NOT-FOR-US: FileRun
CVE-2018-20840 (An unhandled exception vulnerability exists during Google
Sign-In with ...)
TODO: check
-CVE-2019-12499 [binary can be truncated by root under certain conditions]
+CVE-2019-12499 (Firejail before 0.9.60 allows truncation (resizing to length
0) of the ...)
- firejail 0.9.58.2-2 (bug #929733)
NOTE: https://github.com/netblue30/firejail/issues/2401
CVE-2019-XXXX [seccomp bypass when joining jails]
@@ -5169,26 +5233,26 @@ CVE-2019-10332
RESERVED
CVE-2019-10331
RESERVED
-CVE-2019-10330
- RESERVED
-CVE-2019-10329
- RESERVED
-CVE-2019-10328
- RESERVED
-CVE-2019-10327
- RESERVED
-CVE-2019-10326
- RESERVED
-CVE-2019-10325
- RESERVED
-CVE-2019-10324
- RESERVED
-CVE-2019-10323
- RESERVED
-CVE-2019-10322
- RESERVED
-CVE-2019-10321
- RESERVED
+CVE-2019-10330 (Jenkins Gitea Plugin 1.1.1 and earlier did not implement
trusted revis ...)
+ TODO: check
+CVE-2019-10329 (Jenkins InfluxDB Plugin 1.21 and earlier stored credentials
unencrypte ...)
+ TODO: check
+CVE-2019-10328 (Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided
a custo ...)
+ TODO: check
+CVE-2019-10327 (An XML external entities (XXE) vulnerability in Jenkins
Pipeline Maven ...)
+ TODO: check
+CVE-2019-10326 (A cross-site request forgery vulnerability in Jenkins Warnings
NG Plug ...)
+ TODO: check
+CVE-2019-10325 (A cross-site scripting vulnerability in Jenkins Warnings NG
Plugin 5.0 ...)
+ TODO: check
+CVE-2019-10324 (A cross-site request forgery vulnerability in Jenkins
Artifactory Plug ...)
+ TODO: check
+CVE-2019-10323 (A missing permission check in Jenkins Artifactory Plugin 3.2.2
and ear ...)
+ TODO: check
+CVE-2019-10322 (A missing permission check in Jenkins Artifactory Plugin 3.2.2
and ear ...)
+ TODO: check
+CVE-2019-10321 (A cross-site request forgery vulnerability in Jenkins
Artifactory Plug ...)
+ TODO: check
CVE-2019-10320 (Jenkins Credentials Plugin 2.1.18 and earlier allowed users
with permi ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10319 (A missing permission check in Jenkins PAM Authentication
Plugin 1.5 an ...)
@@ -7496,8 +7560,8 @@ CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5
writes POST and GET paramete
CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default,
the ac ...)
NOT-FOR-US: JFrog Artifactory
CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
- [experimental] - gitlab 11.8.2-1
- - gitlab 11.8.2-2
+ [experimental] - gitlab 11.8.2-1
+ - gitlab 11.8.2-2
NOTE: https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/
CVE-2019-9731
RESERVED
@@ -172205,8 +172269,8 @@ CVE-2015-7613 (Race condition in the IPC object
implementation in the Linux kern
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf
(v4.3-rc4)
CVE-2015-7610 (Cross-site request forgery (CSRF) vulnerability in the login
form in Z ...)
NOT-FOR-US: Zimbra
-CVE-2015-7609
- RESERVED
+CVE-2015-7609 (Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via
the er ...)
+ TODO: check
CVE-2015-7608
RESERVED
CVE-2015-7607
@@ -187704,8 +187768,8 @@ CVE-2015-2232
RESERVED
CVE-2015-2231
RESERVED
-CVE-2015-2230
- RESERVED
+CVE-2015-2230 (Synacor Zimbra Collaboration Server 8.x before 8.7.0 has
Reflected XSS ...)
+ TODO: check
CVE-2015-2229
RESERVED
CVE-2015-2228
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b5b06045542f405e9b3c5ce11ecc281148a753e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b5b06045542f405e9b3c5ce11ecc281148a753e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
