Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba84ecfc by security tracker role at 2019-07-11T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2019-13567
+ RESERVED
+CVE-2019-13566
+ RESERVED
+CVE-2019-13565
+ RESERVED
+CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before
1.5. ...)
+ TODO: check
+CVE-2019-13563 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for
the enti ...)
+ TODO: check
+CVE-2019-13562 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as
demonstra ...)
+ TODO: check
+CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote
attackers ...)
+ TODO: check
+CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote
attackers ...)
+ TODO: check
+CVE-2019-13559
+ RESERVED
+CVE-2019-13558
+ RESERVED
+CVE-2019-13557
+ RESERVED
+CVE-2019-13556
+ RESERVED
+CVE-2019-13555
+ RESERVED
+CVE-2019-13554
+ RESERVED
+CVE-2019-13553
+ RESERVED
+CVE-2019-13552
+ RESERVED
+CVE-2019-13551
+ RESERVED
+CVE-2019-13550
+ RESERVED
+CVE-2019-13549
+ RESERVED
+CVE-2019-13548
+ RESERVED
+CVE-2019-13547
+ RESERVED
+CVE-2019-13546
+ RESERVED
+CVE-2019-13545
+ RESERVED
+CVE-2019-13544
+ RESERVED
+CVE-2019-13543
+ RESERVED
+CVE-2019-13542
+ RESERVED
+CVE-2019-13541
+ RESERVED
+CVE-2019-13540
+ RESERVED
+CVE-2019-13539
+ RESERVED
+CVE-2019-13538
+ RESERVED
+CVE-2019-13537
+ RESERVED
+CVE-2019-13536
+ RESERVED
+CVE-2019-13535
+ RESERVED
+CVE-2019-13534
+ RESERVED
+CVE-2019-13533
+ RESERVED
+CVE-2019-13532
+ RESERVED
+CVE-2019-13531
+ RESERVED
+CVE-2019-13530
+ RESERVED
+CVE-2019-13529
+ RESERVED
+CVE-2019-13528
+ RESERVED
+CVE-2019-13527
+ RESERVED
+CVE-2019-13526
+ RESERVED
+CVE-2019-13525
+ RESERVED
+CVE-2019-13524
+ RESERVED
+CVE-2019-13523
+ RESERVED
+CVE-2019-13522
+ RESERVED
+CVE-2019-13521
+ RESERVED
+CVE-2019-13520
+ RESERVED
+CVE-2019-13519
+ RESERVED
+CVE-2019-13518
+ RESERVED
+CVE-2019-13517
+ RESERVED
+CVE-2019-13516
+ RESERVED
+CVE-2019-13515
+ RESERVED
+CVE-2019-13514
+ RESERVED
+CVE-2019-13513
+ RESERVED
+CVE-2019-13512
+ RESERVED
+CVE-2019-13511
+ RESERVED
+CVE-2019-13510
+ RESERVED
+CVE-2019-13509
+ RESERVED
+CVE-2019-13508
+ RESERVED
+CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
...)
+ TODO: check
+CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2,
mishandle ...)
+ TODO: check
+CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress
allows XSS vi ...)
+ TODO: check
CVE-2019-13504 (There is an out-of-bounds read in
Exiv2::MrwImage::readMetadata in mrw ...)
TODO: check
CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based
buffer o ...)
@@ -1149,8 +1275,8 @@ CVE-2019-13032 (An issue was discovered in FlightCrew
v0.9.2 and earlier. A NULL
NOTE: Negligible security impact
CVE-2019-13030
RESERVED
-CVE-2019-13029
- RESERVED
+CVE-2019-13029 (Multiple stored Cross-site scripting (XSS) issues in the admin
panel a ...)
+ TODO: check
CVE-2019-13028 (An incorrect implementation of a local web server in eID
client (Windo ...)
NOT-FOR-US: local web server in eID client (Product from the Ministry
of Interior of the Slovak Republic)
CVE-2019-13027
@@ -1658,8 +1784,7 @@ CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is
an input validation erro
NOT-FOR-US: OrangeHRM
CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows
XSS via t ...)
NOT-FOR-US: "Count per Day" plugin for WordPress
-CVE-2019-12838 [security issue related to the sacctmgr archive load]
- RESERVED
+CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0
allows SQL ...)
- slurm-llnl <unfixed>
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
CVE-2019-12837
@@ -2245,12 +2370,12 @@ CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and
7.11.x before 7.11.5 allows S
NOT-FOR-US: SuiteCRM
CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and
7.11.x before ...)
NOT-FOR-US: SuiteCRM
-CVE-2019-12597
- RESERVED
-CVE-2019-12596
- RESERVED
-CVE-2019-12595
- RESERVED
+CVE-2019-12597 (An issue was discovered in Zoho ManageEngine AssetExplorer.
There is X ...)
+ TODO: check
+CVE-2019-12596 (An issue was discovered in Zoho ManageEngine AssetExplorer.
There is X ...)
+ TODO: check
+CVE-2019-12595 (An issue was discovered in Zoho ManageEngine AssetExplorer.
There is X ...)
+ TODO: check
CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
{DSA-4478-1 DLA-1845-1}
- dosbox <unfixed> (bug #931222)
@@ -2362,14 +2487,14 @@ CVE-2019-12542 (An issue was discovered in Zoho
ManageEngine ServiceDesk Plus 9.
NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-12541 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus
9.3. The ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk
-CVE-2019-12540
- RESERVED
-CVE-2019-12539
- RESERVED
+CVE-2019-12540 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus
10.5. Th ...)
+ TODO: check
+CVE-2019-12539 (An issue was discovered in the Purchase component of Zoho
ManageEngine ...)
+ TODO: check
CVE-2019-12538 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus
9.3. The ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk
-CVE-2019-12537
- RESERVED
+CVE-2019-12537 (An issue was discovered in Zoho ManageEngine AssetExplorer.
There is X ...)
+ TODO: check
CVE-2019-12536
RESERVED
CVE-2019-12535
@@ -2384,16 +2509,16 @@ CVE-2019-12531
RESERVED
CVE-2019-12530 (Incorrect access control was discovered in the stdonato
Dashboard plug ...)
NOT-FOR-US: Dashboard plugin for GLPI
-CVE-2019-12529
- RESERVED
+CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x
through ...)
+ TODO: check
CVE-2019-12528
RESERVED
-CVE-2019-12527
- RESERVED
+CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When
checking Bas ...)
+ TODO: check
CVE-2019-12526
RESERVED
-CVE-2019-12525
- RESERVED
+CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x
through ...)
+ TODO: check
CVE-2019-12524
RESERVED
CVE-2019-12523
@@ -2856,8 +2981,8 @@ CVE-2019-12365
RESERVED
CVE-2019-12364
RESERVED
-CVE-2019-12363
- RESERVED
+CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin
through 2 ...)
+ TODO: check
CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP Referer header to
e/member/doacti ...)
NOT-FOR-US: EmpireCMS
CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to
e/member/doaction.ph ...)
@@ -5714,8 +5839,8 @@ CVE-2019-11270
RESERVED
CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior
to 2.2.5, ...)
NOT-FOR-US: Spring Security OAuth
-CVE-2019-11268
- RESERVED
+CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints
that cont ...)
+ TODO: check
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and
other produc ...)
{DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1}
- drupal7 <removed> (bug #927330)
@@ -6219,8 +6344,8 @@ CVE-2019-11064
RESERVED
CVE-2019-11063
RESERVED
-CVE-2019-11062
- RESERVED
+CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS
Command Inj ...)
+ TODO: check
CVE-2019-11061
RESERVED
CVE-2019-11060
@@ -7372,8 +7497,8 @@ CVE-2019-10653 (An issue was discovered in Hsycms V1.1.
There is a SQL injection
NOT-FOR-US: Hsycms
CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows
remote a ...)
NOT-FOR-US: flatCore
-CVE-2019-10651
- RESERVED
+CVE-2019-10651 (An issue was discovered in the Core Server in Ivanti Endpoint
Manager ...)
+ TODO: check
CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer
over-read in ...)
{DSA-4436-1 DLA-1785-1}
- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #926091)
@@ -7986,30 +8111,30 @@ CVE-2019-10353
RESERVED
CVE-2019-10352
RESERVED
-CVE-2019-10351
- RESERVED
-CVE-2019-10350
- RESERVED
-CVE-2019-10349
- RESERVED
-CVE-2019-10348
- RESERVED
-CVE-2019-10347
- RESERVED
-CVE-2019-10346
- RESERVED
+CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in
job config ...)
+ TODO: check
+CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted
in job co ...)
+ TODO: check
+CVE-2019-10349 (A stored cross site scripting vulnerability in Jenkins
Dependency Grap ...)
+ TODO: check
+CVE-2019-10348 (Jenkins Gogs Plugin stored credentials unencrypted in job
config.xml f ...)
+ TODO: check
+CVE-2019-10347 (Jenkins Mashup Portlets Plugin stored credentials unencrypted
on the J ...)
+ TODO: check
+CVE-2019-10346 (A reflected cross site scripting vulnerability in Jenkins
Embeddable B ...)
+ TODO: check
CVE-2019-10345
RESERVED
CVE-2019-10344
RESERVED
CVE-2019-10343
RESERVED
-CVE-2019-10342
- RESERVED
-CVE-2019-10341
- RESERVED
-CVE-2019-10340
- RESERVED
+CVE-2019-10342 (A missing permission check in Jenkins Docker Plugin 1.1.6 and
earlier ...)
+ TODO: check
+CVE-2019-10341 (A missing permission check in Jenkins Docker Plugin 1.1.6 and
earlier ...)
+ TODO: check
+CVE-2019-10340 (A cross-site request forgery vulnerability in Jenkins Docker
Plugin 1. ...)
+ TODO: check
CVE-2019-10339 (A missing permission check in Jenkins JX Resources Plugin
1.0.36 and e ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10338 (A cross-site request forgery vulnerability in Jenkins JX
Resources Plu ...)
@@ -8368,11 +8493,9 @@ CVE-2019-10196
NOT-FOR-US: nodejs-http-proxy-agent
CVE-2019-10195
RESERVED
-CVE-2019-10194
- RESERVED
+CVE-2019-10194 (Sensitive passwords used in deployment and configuration of
oVirt Metr ...)
NOT-FOR-US: ovirt-engine-metrics
-CVE-2019-10193 [Stack buffer overflow]
- RESERVED
+CVE-2019-10193 (A stack-buffer overflow vulnerability was found in the Redis
hyperlogl ...)
- redis 5:5.0.4-1 (bug #931625)
[stretch] - redis <not-affected> (vulnerable code added later)
[jessie] - redis <not-affected> (vulnerable code added later)
@@ -8381,8 +8504,7 @@ CVE-2019-10193 [Stack buffer overflow]
NOTE: https://github.com/antirez/redis/issues/6215 (upstream
announcement)
NOTE:
https://github.com/antirez/redis/commit/a4b90be9fcd5e1668ac941cabce3b1ab38dbe326
(master)
NOTE:
https://github.com/antirez/redis/commit/12b5ff109508c2a192f700c7738da7e7f09670f1
(5.0.4)
-CVE-2019-10192 [Heap buffer overflow]
- RESERVED
+CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis
hyperloglo ...)
{DLA-1850-1}
- redis 5:5.0.4-1 (bug #931625)
NOTE: https://github.com/antirez/redis/issues/6215 (upstream
announcement)
@@ -8594,8 +8716,7 @@ CVE-2019-10137 (A path traversal flaw was found in
spacewalk-proxy, all versions
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2019-10136 (It was found that Spacewalk, all versions through 2.9, did not
safely ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2019-10135
- RESERVED
+CVE-2019-10135 (A flaw was found in the yaml.load() function in the
osbs-client versio ...)
NOTE: OpenShift Build Service client
CVE-2019-10134 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and
3.1.18. ...)
- moodle <removed>
@@ -9915,8 +10036,8 @@ CVE-2019-1010005
RESERVED
CVE-2019-1010004
RESERVED
-CVE-2019-1010003
- RESERVED
+CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site
Scripting (XSS ...)
+ TODO: check
CVE-2019-1010002
RESERVED
CVE-2019-1010001
@@ -9931,8 +10052,8 @@ CVE-2019-9893 (libseccomp before 2.4.0 did not correctly
generate 64-bit syscall
NOTE: No security issue by itself
CVE-2019-9887
RESERVED
-CVE-2019-9886
- RESERVED
+CVE-2019-9886 (Any URLs with download_attachment.php under templates or home
folders ...)
+ TODO: check
CVE-2019-9885
RESERVED
CVE-2019-9884
@@ -10670,8 +10791,8 @@ CVE-2019-9658 (Checkstyle before 8.18 loads external
DTDs by default. ...)
NOTE: https://github.com/checkstyle/checkstyle/issues/6478
NOTE: https://github.com/checkstyle/checkstyle/pull/6476
NOTE:
https://github.com/checkstyle/checkstyle/commit/180b4fe37a2249d4489d584505f2b7b3ab162ec6
-CVE-2019-9657
- RESERVED
+CVE-2019-9657 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access
Control, a d ...)
+ TODO: check
CVE-2019-9656 (An issue was discovered in LibOFX 0.9.14. There is a NULL
pointer dere ...)
- libofx <unfixed> (unimportant; bug #924350)
NOTE: https://github.com/libofx/libofx/issues/22
@@ -17357,8 +17478,8 @@ CVE-2019-7005
RESERVED
CVE-2019-7004
RESERVED
-CVE-2019-7003
- RESERVED
+CVE-2019-7003 (A SQL injection vulnerability in the reporting component of
Avaya Cont ...)
+ TODO: check
CVE-2019-7002
RESERVED
CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP
Office Cont ...)
@@ -24481,8 +24602,7 @@ CVE-2019-3890
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678313
NOTE:
https://gitlab.gnome.org/GNOME/evolution-ews/commit/915226eca9454b8b3e5adb6f2fff9698451778de
NOTE: Depends on evolution-data-server patch:
https://gitlab.gnome.org/GNOME/evolution-data-server/commit/6672b8236139bd6ef41ecb915f4c72e2a052dba5
-CVE-2019-3889
- RESERVED
+CVE-2019-3889 (A reflected XSS vulnerability exists in authorization flow of
OpenShif ...)
NOT-FOR-US: OpenShift
CVE-2019-3888 (A vulnerability was found in Undertow web server before 2.0.21.
An inf ...)
- undertow <unfixed> (bug #930349)
@@ -24644,7 +24764,7 @@ CVE-2019-3855 (An integer overflow flaw which could
lead to an out of bounds wri
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3854
- RESERVED
+ REJECTED
CVE-2019-3853
RESERVED
CVE-2019-3852 (A vulnerability was found in moodle before version 3.6.3. The
get_with ...)
@@ -34917,8 +35037,8 @@ CVE-2018-19590
RESERVED
CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11
R2 provid ...)
NOT-FOR-US: Utimaco CryptoServer HSM
-CVE-2018-19588
- RESERVED
+CVE-2018-19588 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access
Control. ...)
+ TODO: check
CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c
mg_mqtt_a ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version
and disabled since 18.5.0~ds1-1
@@ -42298,12 +42418,12 @@ CVE-2018-1000802 (Python Software Foundation Python
(CPython) version 2.7 contai
NOTE: PoC:
https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig
CVE-2018-17153 (It was discovered that the Western Digital My Cloud device
before 2.30 ...)
NOT-FOR-US: Western Digital My Cloud device
-CVE-2018-17152
- RESERVED
-CVE-2018-17151
- RESERVED
-CVE-2018-17150
- RESERVED
+CVE-2018-17152 (Intersystems Cache 2017.2.2.865.0 allows XXE. ...)
+ TODO: check
+CVE-2018-17151 (Intersystems Cache 2017.2.2.865.0 has Incorrect Access
Control. ...)
+ TODO: check
+CVE-2018-17150 (Intersystems Cache 2017.2.2.865.0 allows XSS. ...)
+ TODO: check
CVE-2018-17149
RESERVED
CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to
credential di ...)
@@ -56563,8 +56683,8 @@ CVE-2018-11746 (In Puppet Discovery prior to 1.2.0,
when running Discovery again
NOT-FOR-US: Puppet Discovery
CVE-2018-11745
RESERVED
-CVE-2018-11744
- RESERVED
+CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control.
...)
+ TODO: check
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes
initialize_cop ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #900845)
[stretch] - mruby <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba84ecfc33c80257c96cedf6c4820cd60605621e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba84ecfc33c80257c96cedf6c4820cd60605621e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
