[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 18 Jul 2019 01:11:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7795d274 by security tracker role at 2019-07-18T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-13647 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to 
lack of ...)
+       TODO: check
+CVE-2019-13646 (Firefly III before 4.7.17.3 is vulnerable to reflected XSS due 
to lack ...)
+       TODO: check
+CVE-2019-13645 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to 
lack of ...)
+       TODO: check
+CVE-2019-13644 (Firefly III before 4.7.17.1 is vulnerable to stored XSS due to 
lack of ...)
+       TODO: check
+CVE-2019-13643 (Stored XSS in EspoCRM before 5.6.4 allows remote attackers to 
execute  ...)
+       TODO: check
+CVE-2019-13642
+       RESERVED
+CVE-2019-13641
+       RESERVED
+CVE-2019-13640 (In qBittorrent before 4.1.7, the function 
Application::runExternalProg ...)
+       TODO: check
+CVE-2019-13639
+       RESERVED
+CVE-2019-13638
+       RESERVED
+CVE-2019-13637 (In LogMeIn join.me before 3.16.0.5505, an attacker could 
execute arbit ...)
+       TODO: check
+CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is 
mishandled in ...)
+       TODO: check
+CVE-2019-13635
+       RESERVED
+CVE-2019-13634
+       RESERVED
 CVE-2019-13633
        RESERVED
 CVE-2019-13632
@@ -29,8 +57,7 @@ CVE-2019-13621
        RESERVED
 CVE-2019-13620
        RESERVED
-CVE-2019-13619 [ASN.1 BER and related dissectors crash]
-       RESERVED
+CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 
2.4.15, the  ...)
        - wireshark 2.6.10-1
        NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
@@ -1114,8 +1141,8 @@ CVE-2019-13579
        RESERVED
 CVE-2019-13578
        RESERVED
-CVE-2019-13577
-       RESERVED
+CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an 
Unauthe ...)
+       TODO: check
 CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in 
Lib/http/cookiejar.py ...)
        - python3.7 3.7.3~rc1-1
        - python3.5 <removed>
@@ -1300,8 +1327,8 @@ CVE-2019-13495
        RESERVED
 CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x 
before 10.0. ...)
        NOT-FOR-US: Castle Rock SNMPc
-CVE-2019-13493
-       RESERVED
+CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media 
Library ...)
+       TODO: check
 CVE-2019-13492
        RESERVED
 CVE-2019-13491
@@ -1403,10 +1430,10 @@ CVE-2019-13450 (In the Zoom Client through 4.4.4 and 
RingCentral 7.0.136380.0312
        NOT-FOR-US: Zoom Client and RingCentral on MacOS
 CVE-2019-13449 (In the Zoom Client before 4.4.2 on macOS, remote attackers can 
cause a ...)
        NOT-FOR-US: Zoom Client on macOS
-CVE-2019-13448
-       RESERVED
-CVE-2019-13447
-       RESERVED
+CVE-2019-13448 (An issue was discovered in Sertek Xpare 3.67. The login form 
does not  ...)
+       TODO: check
+CVE-2019-13447 (An issue was discovered in Sertek Xpare 3.67. The login form 
does not  ...)
+       TODO: check
 CVE-2019-13446
        REJECTED
 CVE-2019-13445
@@ -2775,14 +2802,14 @@ CVE-2019-12916
        RESERVED
 CVE-2019-12915
        RESERVED
-CVE-2019-12914
-       RESERVED
-CVE-2019-12913
-       RESERVED
-CVE-2019-12912
-       RESERVED
-CVE-2019-12911
-       RESERVED
+CVE-2019-12914 (Redbrick Shift through 3.4.3 allows an attacker to extract 
authenticat ...)
+       TODO: check
+CVE-2019-12913 (Redbrick Shift through 3.4.3 allows an attacker to extract 
emails of s ...)
+       TODO: check
+CVE-2019-12912 (Redbrick Shift through 3.4.3 allows an attacker to extract 
emails of s ...)
+       TODO: check
+CVE-2019-12911 (Redbrick Shift through 3.4.3 allows an attacker to extract 
authenticat ...)
+       TODO: check
 CVE-2019-12910
        RESERVED
 CVE-2019-12909
@@ -2866,8 +2893,8 @@ CVE-2019-12878
        RESERVED
 CVE-2019-12877
        RESERVED
-CVE-2019-12876
-       RESERVED
+CVE-2019-12876 (Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 
5.7, and De ...)
+       TODO: check
 CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged 
member of the ...)
        NOT-FOR-US: Alpine Linux
 CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in 
modules/demux/mkv/ ...)
@@ -4881,7 +4908,7 @@ CVE-2019-12104
        RESERVED
 CVE-2019-12103
        RESERVED
-CVE-2019-12102 (Kentico 11 through 12 lets attackers upload and explore files 
without  ...)
+CVE-2019-12102 (** DISPUTED ** Kentico 11 through 12 lets attackers upload and 
explore ...)
        NOT-FOR-US: Kentico
 CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles 
certain ...)
        NOT-FOR-US: LibNyoci
@@ -5586,10 +5613,10 @@ CVE-2019-11774
        RESERVED
 CVE-2019-11773
        RESERVED
-CVE-2019-11772
-       RESERVED
-CVE-2019-11771
-       RESERVED
+CVE-2019-11772 (In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, 
byte[], ...)
+       TODO: check
+CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused 
RPATHs which ...)
+       TODO: check
 CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files 
indicate ...)
        NOT-FOR-US: Eclipse Buildship
 CVE-2019-11769
@@ -6369,8 +6396,8 @@ CVE-2019-11537 (In osTicket before 1.12, XSS exists via 
/upload/file.php, /uploa
        NOT-FOR-US: osTicket
 CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 
2.24.0, 3 ...)
        NOT-FOR-US: Kalki Kalkitech
-CVE-2019-11535
-       RESERVED
+CVE-2019-11535 (Unsanitized user input in the web interface for Linksys WiFi 
extender  ...)
+       TODO: check
 CVE-2019-11534
        RESERVED
 CVE-2019-11533 (Cross-site scripting (XSS) vulnerability in ProjectSend before 
r1070 a ...)
@@ -10731,16 +10758,16 @@ CVE-2019-1010289
        RESERVED
 CVE-2019-1010288
        RESERVED
-CVE-2019-1010287
-       RESERVED
+CVE-2019-1010287 (Timesheet Next Gen 1.5.3 and earlier is affected by: Cross 
Site Script ...)
+       TODO: check
 CVE-2019-1010286
        RESERVED
 CVE-2019-1010285
        RESERVED
 CVE-2019-1010284
        RESERVED
-CVE-2019-1010283
-       RESERVED
+CVE-2019-1010283 (Univention Corporate Server univention-directory-notifier 
12.0.1-3 and ...)
+       TODO: check
 CVE-2019-1010282
        RESERVED
 CVE-2019-1010281
@@ -10755,8 +10782,8 @@ CVE-2019-1010277
        RESERVED
 CVE-2019-1010276
        RESERVED
-CVE-2019-1010275
-       RESERVED
+CVE-2019-1010275 (helm Before 2.7.2 is affected by: CWE-295: Improper 
Certificate Valida ...)
+       TODO: check
 CVE-2019-1010274
        RESERVED
 CVE-2019-1010273
@@ -10773,14 +10800,14 @@ CVE-2019-1010268
        RESERVED
 CVE-2019-1010267
        RESERVED
-CVE-2019-1010266
-       RESERVED
+CVE-2019-1010266 (lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled 
Resource  ...)
+       TODO: check
 CVE-2019-1010265
        RESERVED
 CVE-2019-1010264
        RESERVED
-CVE-2019-1010263
-       RESERVED
+CVE-2019-1010263 (Perl Crypt::JWT prior to 0.023 is affected by: Incorrect 
Access Contro ...)
+       TODO: check
 CVE-2019-1010262
        RESERVED
 CVE-2019-1010261
@@ -13266,7 +13293,7 @@ CVE-2019-9189 (On Prima Systems FlexAir devices through 
2.4.9api3, an authentica
        NOT-FOR-US: Prima Systems FlexAir devices
 CVE-2019-9188
        RESERVED
-CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 
3.20190226  ...)
+CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 
3.20190228  ...)
        {DSA-4399-1 DLA-1716-1}
        - ikiwiki 3.20190228-1
        NOTE: https://ikiwiki.info/security/#cve-2019-9187
@@ -14092,10 +14119,10 @@ CVE-2019-8933 (In DedeCMS 5.7SP2, attackers can 
upload a .php file to the upload
 CVE-2019-8935 (Collabtive 3.1 allows XSS via the manageuser.php?action=profile 
id par ...)
        - collabtive <removed>
        [jessie] - collabtive <ignored> (Minor issue)
-CVE-2019-8932
-       RESERVED
-CVE-2019-8931
-       RESERVED
+CVE-2019-8932 (Redbrick Shift through 3.4.3 allows an attacker to extract 
authenticat ...)
+       TODO: check
+CVE-2019-8931 (Redbrick Shift through 3.4.3 allows an attacker to extract 
emails of s ...)
+       TODO: check
 CVE-2019-8930
        RESERVED
 CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer 
Professi ...)
@@ -23160,8 +23187,8 @@ CVE-2019-5224
        RESERVED
 CVE-2019-5223
        RESERVED
-CVE-2019-5222
-       RESERVED
+CVE-2019-5222 (There is an information disclosure vulnerability on Secure 
Input of ce ...)
+       TODO: check
 CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The 
software  ...)
        NOT-FOR-US: Huawei
 CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability 
on seve ...)
@@ -25706,16 +25733,16 @@ CVE-2019-3975
        RESERVED
 CVE-2019-3974
        RESERVED
-CVE-2019-3973
-       RESERVED
-CVE-2019-3972
-       RESERVED
-CVE-2019-3971
-       RESERVED
-CVE-2019-3970
-       RESERVED
-CVE-2019-3969
-       RESERVED
+CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable 
to Deni ...)
+       TODO: check
+CVE-2019-3972 (Comodo Antivirus versions 12.0.0.6810 and below are vulnerable 
to Deni ...)
+       TODO: check
+CVE-2019-3971 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a 
local  ...)
+       TODO: check
+CVE-2019-3970 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to 
Arbitrar ...)
+       TODO: check
+CVE-2019-3969 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to 
Local Pr ...)
+       TODO: check
 CVE-2019-3968
        RESERVED
 CVE-2019-3967
@@ -32622,14 +32649,14 @@ CVE-2019-1945
        RESERVED
 CVE-2019-1944
        RESERVED
-CVE-2019-1943
-       RESERVED
-CVE-2019-1942
-       RESERVED
-CVE-2019-1941
-       RESERVED
-CVE-2019-1940
-       RESERVED
+CVE-2019-1943 (A vulnerability in the web interface of Cisco Small Business 
200, 300, ...)
+       TODO: check
+CVE-2019-1942 (A vulnerability in the sponsor portal web interface for Cisco 
Identity ...)
+       TODO: check
+CVE-2019-1941 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
+       TODO: check
+CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA) 
feature of ...)
+       TODO: check
 CVE-2019-1939
        RESERVED
 CVE-2019-1938
@@ -32662,20 +32689,20 @@ CVE-2019-1925
        RESERVED
 CVE-2019-1924
        RESERVED
-CVE-2019-1923
-       RESERVED
+CVE-2019-1923 (A vulnerability in Cisco Small Business SPA500 Series IP Phones 
could  ...)
+       TODO: check
 CVE-2019-1922 (A vulnerability in Cisco SIP IP Phone Software for Cisco IP 
Phone 7800 ...)
        NOT-FOR-US: Cisco
 CVE-2019-1921 (A vulnerability in the attachment scanning of Cisco AsyncOS 
Software f ...)
        NOT-FOR-US: Cisco
-CVE-2019-1920
-       RESERVED
-CVE-2019-1919
-       RESERVED
+CVE-2019-1920 (A vulnerability in the 802.11r Fast Transition (FT) 
implementation for ...)
+       TODO: check
+CVE-2019-1919 (A vulnerability in the Cisco FindIT Network Management Software 
virtua ...)
+       TODO: check
 CVE-2019-1918
        RESERVED
-CVE-2019-1917
-       RESERVED
+CVE-2019-1917 (A vulnerability in the REST API interface of Cisco Vision 
Dynamic Sign ...)
+       TODO: check
 CVE-2019-1916
        RESERVED
 CVE-2019-1915



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7795d274dffb3f5e2a396d657a7c5dbcd82be0ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7795d274dffb3f5e2a396d657a7c5dbcd82be0ce
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to