Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5bec7a74 by security tracker role at 2019-06-01T08:10:11Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3696,8 +3696,8 @@ CVE-2019-10983
RESERVED
CVE-2019-10982
RESERVED
-CVE-2019-10981
- RESERVED
+CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40,
a vulner ...)
+ TODO: check
CVE-2019-10980
RESERVED
CVE-2019-10979
@@ -5777,8 +5777,8 @@ CVE-2019-10125 (An issue was discovered in aio_poll() in
fs/aio.c in the Linux k
NOTE:
https://git.kernel.org/linus/84c4e1f89fefe70554da0ab33be72c9be7994379
CVE-2019-10124
REJECTED
-CVE-2019-10123
- RESERVED
+CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server
67 (which ...)
+ TODO: check
CVE-2019-10122
RESERVED
CVE-2019-10121
@@ -5837,8 +5837,7 @@ CVE-2019-10100
RESERVED
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in
article2pdf_getfile.p ...)
NOT-FOR-US: article2pdf Wordpress plugin
-CVE-2018-20815 [device_tree: heap buffer overflow while loading device tree
blob]
- RESERVED
+CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the
deprecated ...)
{DLA-1781-1}
- qemu 1:3.1+dfsg-7
[stretch] - qemu <postponed> (Minor issue)
@@ -5912,8 +5911,8 @@ CVE-2019-10071
RESERVED
CVE-2019-10070
RESERVED
-CVE-2019-10069
- RESERVED
+CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to
the des ...)
+ TODO: check
CVE-2019-10068 (An issue was discovered in Kentico before 12.0.15. Due to a
failure to ...)
NOT-FOR-US: Kentico
CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS)
7.x throu ...)
@@ -5978,16 +5977,16 @@ CVE-2019-10050 (A buffer over-read issue was discovered
in Suricata 4.1.x before
[jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://redmine.openinfosecfoundation.org/issues/2884
NOTE:
https://github.com/OISF/suricata/commit/4609d5c80acda9adf02f8fb9a6aa8238495bfa13
-CVE-2019-10049
- RESERVED
-CVE-2019-10048
- RESERVED
-CVE-2019-10047
- RESERVED
-CVE-2019-10046
- RESERVED
-CVE-2019-10045
- RESERVED
+CVE-2019-10049 (It is possible for an attacker with regular user access to the
web app ...)
+ TODO: check
+CVE-2019-10048 (The ImageMagick plugin that is installed by default in Pydio
through 8 ...)
+ TODO: check
+CVE-2019-10047 (A stored XSS vulnerability exists in the web application of
Pydio thro ...)
+ TODO: check
+CVE-2019-10046 (An unauthenticated attacker can obtain information about the
Pydio 8.2 ...)
+ TODO: check
+CVE-2019-10045 (The "action" get_sess_id in the web application of Pydio
through 8.2.2 ...)
+ TODO: check
CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram
applicatio ...)
- telegram-desktop <unfixed> (bug #927711)
NOTE:
https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt
@@ -6001,8 +6000,8 @@ CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only
checks the random token w
NOT-FOR-US: D-Link
CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token
when au ...)
NOT-FOR-US: D-Link
-CVE-2019-10038
- RESERVED
+CVE-2019-10038 (Evernote 7.9 on macOS allows attackers to execute arbitrary
programs b ...)
+ TODO: check
CVE-2019-10037
RESERVED
CVE-2019-10036
@@ -6374,8 +6373,8 @@ CVE-2019-9892 (An issue was discovered in Open Ticket
Request System (OTRS) 5.x
NOTE: OTRS 6:
https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685
NOTE: OTRS 5:
https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34
NOTE:
https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
-CVE-2019-9891
- RESERVED
+CVE-2019-9891 (The function getopt_simple as described in Advanced Bash
Scripting Gui ...)
+ TODO: check
CVE-2019-9890 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
@@ -7054,16 +7053,16 @@ CVE-2019-9877 (There is an invalid memory access
vulnerability in the function T
- xpdf <not-affected> (xpdf in Debian uses poppler, which doesn't
contain the vulnerable code)
CVE-2019-9876
RESERVED
-CVE-2019-9875
- RESERVED
-CVE-2019-9874
- RESERVED
+CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in
Sitecore ...)
+ TODO: check
+CVE-2019-9874 (Deserialization of Untrusted Data in the
Sitecore.Security.AntiCSRF (a ...)
+ TODO: check
CVE-2019-9873
RESERVED
CVE-2019-9872
RESERVED
-CVE-2019-9871
- RESERVED
+CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution
because the ...)
+ TODO: check
CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for
CKEditor m ...)
NOT-FOR-US: w8tcha oEmbed plugin for CKEditor
CVE-2019-9869
@@ -7771,8 +7770,8 @@ CVE-2019-9655
RESERVED
CVE-2019-9654
RESERVED
-CVE-2019-9653
- RESERVED
+CVE-2019-9653 (NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows
unauth ...)
+ TODO: check
CVE-2019-9652 (There is a CSRF in SDCMS V1.7 via an
m=admin&c=theme&a=edit re ...)
NOT-FOR-US: SDCMS
CVE-2019-9651 (An issue was discovered in SDCMS V1.7. In the
\app\admin\controller\th ...)
@@ -9163,10 +9162,10 @@ CVE-2019-9108 (XSS exists in WUZHI CMS 4.1.0 via
index.php?m=core&f=map&
NOT-FOR-US: WUZHI CMS
CVE-2019-9107 (XSS exists in WUZHI CMS 4.1.0 via
index.php?m=attachment&f=imagecu ...)
NOT-FOR-US: WUZHI CMS
-CVE-2019-9106
- RESERVED
-CVE-2019-9105
- RESERVED
+CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali
TEBE Sma ...)
+ TODO: check
+CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali
TEBE Sma ...)
+ TODO: check
CVE-2019-9104
RESERVED
CVE-2019-9103
@@ -15078,8 +15077,8 @@ CVE-2019-6727 (This vulnerability allows remote
attackers to execute arbitrary c
NOT-FOR-US: Foxit Reader
CVE-2019-6726
RESERVED
-CVE-2019-6725
- RESERVED
+CVE-2019-6725 (The rpWLANRedirect.asp ASP page is accessible without
authentication o ...)
+ TODO: check
CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to
versio ...)
NOT-FOR-US: Barracuda VPN Client
CVE-2019-6723
@@ -17837,8 +17836,8 @@ CVE-2019-5680
RESERVED
CVE-2019-5679
RESERVED
-CVE-2019-5678
- RESERVED
+CVE-2019-5678 (NVIDIA GeForce Experience versions prior to 3.19 contains a
vulnerabil ...)
+ TODO: check
CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all
versions) ...)
NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all
versions) ...)
@@ -119971,6 +119970,7 @@ CVE-2017-6512 (Race condition in the rmtree and
remove_tree functions in the Fil
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
NOTE:
https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
CVE-2016-10245 (Insufficient sanitization of the query parameter in
templates/html/sea ...)
+ {DLA-1812-1}
- doxygen 1.8.12-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762934
NOTE:
https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081
(Release_1_8_12)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bec7a74ff9670413c28b90163e04d7416df435e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bec7a74ff9670413c28b90163e04d7416df435e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
