Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08d0b0d1 by security tracker role at 2019-02-12T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-7752
+ RESERVED
+CVE-2019-7751
+ RESERVED
+CVE-2019-7750
+ RESERVED
+CVE-2019-7749
+ RESERVED
+CVE-2019-7748 (_includes\online.php in DbNinja 3.2.7 allows XSS via the
data.php task ...)
+ TODO: check
+CVE-2019-7747 (DbNinja 3.2.7 allows session fixation via the data.php sessid
...)
+ TODO: check
+CVE-2019-7746
+ RESERVED
+CVE-2019-7745
+ RESERVED
CVE-2019-7744
RESERVED
CVE-2019-7743
@@ -10,10 +26,10 @@ CVE-2019-7740
RESERVED
CVE-2019-7739
RESERVED
-CVE-2019-7738
- RESERVED
-CVE-2019-7737
- RESERVED
+CVE-2019-7738 (C.P.Sub before 5.3 allows CSRF via a
manage.php?p=article_del&id= URI. ...)
+ TODO: check
+CVE-2019-7737 (A CSRF vulnerability was found in Verydows v2.0 that can add an
admin ...)
+ TODO: check
CVE-2019-7736 (D-Link DIR-600M C1 3.04 devices allow authentication bypass via
a ...)
NOT-FOR-US: D-Link
CVE-2019-7735
@@ -3027,8 +3043,8 @@ CVE-2019-6491
RESERVED
CVE-2019-6490
RESERVED
-CVE-2019-6489
- RESERVED
+CVE-2019-6489 (Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before
...)
+ TODO: check
CVE-2018-20741
RESERVED
CVE-2018-20740
@@ -5321,10 +5337,10 @@ CVE-2019-5598
RESERVED
CVE-2019-5597
RESERVED
-CVE-2019-5596
- RESERVED
-CVE-2019-5595
- RESERVED
+CVE-2019-5596 (In FreeBSD 11.2-STABLE after r338618 and before r343786,
12.0-STABLE ...)
+ TODO: check
+CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, ...)
+ TODO: check
CVE-2019-5594
RESERVED
CVE-2019-5593
@@ -8696,8 +8712,8 @@ CVE-2019-3925
RESERVED
CVE-2019-3924
RESERVED
-CVE-2019-3923
- RESERVED
+CVE-2019-3923 (Nessus versions 8.2.1 and earlier were found to contain a
stored XSS ...)
+ TODO: check
CVE-2019-3922
RESERVED
CVE-2019-3921
@@ -10288,7 +10304,7 @@ CVE-2018-1000890 (FrontAccounting 2.4.5 contains a Time
Based Blind SQL Injectio
CVE-2018-1000889 (Logisim Evolution version 2.14.3 and earlier contains an XML
External ...)
NOT-FOR-US: Logisim Evolution
CVE-2018-1000888 (PEAR Archive_Tar version 1.4.3 and earlier contains a
CWE-502, CWE-915 ...)
- {DSA-4378-1}
+ {DSA-4378-1 DLA-1674-1}
- php-pear 1:1.10.6+submodules+notgz-1.1 (bug #919147)
- php5 <removed>
NOTE: https://pear.php.net/bugs/bug.php?id=23782
@@ -11214,8 +11230,7 @@ CVE-2018-20244
RESERVED
CVE-2018-20243
RESERVED
-CVE-2018-20242
- RESERVED
+CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on
Apache ...)
- jspwiki <removed>
CVE-2018-20241
RESERVED
@@ -13536,26 +13551,33 @@ CVE-2019-2395 (Vulnerability in the Oracle WebLogic
Server component of Oracle F
CVE-2018-20146
RESERVED
CVE-2018-20153 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors
could ...)
+ {DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20152 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could
bypass ...)
+ {DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20151 (In WordPress before 4.9.9 and 5.x before 5.0.1, the
user-activation ...)
+ {DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20150 (In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs
could ...)
+ {DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
NOTE:
https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
CVE-2018-20149 (In WordPress before 4.9.9 and 5.x before 5.0.1, when the
Apache HTTP ...)
+ {DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
NOTE:
https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
CVE-2018-20148 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors
could ...)
+ {DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20147 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could
modify ...)
+ {DLA-1673-1}
- wordpress 5.0.1+dfsg1-1 (bug #916403)
NOTE:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20144 [Arbitrary File read in GitLab project import with Git LFS]
@@ -22284,8 +22306,8 @@ CVE-2018-18571
RESERVED
CVE-2018-18570
RESERVED
-CVE-2018-18569
- RESERVED
+CVE-2018-18569 (The Dundas BI server before 5.0.1.1010 is vulnerable to a
Server-Side ...)
+ TODO: check
CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows
...)
NOT-FOR-US: Polycom
CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows
...)
@@ -25000,8 +25022,8 @@ CVE-2018-17544
RESERVED
CVE-2018-17543
RESERVED
-CVE-2018-17542
- RESERVED
+CVE-2018-17542 (SQL Injection exists in MailSherlock before 1.5.235 for
OAKlouds ...)
+ TODO: check
CVE-2018-17541
RESERVED
CVE-2018-17540 (The gmp plugin in strongSwan before 5.7.1 has a Buffer
Overflow via a ...)
@@ -28734,19 +28756,19 @@ CVE-2018-16115 (Lightbend Akka 2.5.x before 2.5.16
allows message disclosure and
CVE-2018-16114
RESERVED
CVE-2018-16113
- RESERVED
+ REJECTED
CVE-2018-16112
- RESERVED
+ REJECTED
CVE-2018-16111
- RESERVED
+ REJECTED
CVE-2018-16110
- RESERVED
+ REJECTED
CVE-2018-16109
- RESERVED
+ REJECTED
CVE-2018-16108
- RESERVED
+ REJECTED
CVE-2018-16107
- RESERVED
+ REJECTED
CVE-2018-16106
REJECTED
CVE-2018-16105
@@ -45916,32 +45938,32 @@ CVE-2018-9596
RESERVED
CVE-2018-9595
RESERVED
-CVE-2018-9594
- RESERVED
-CVE-2018-9593
- RESERVED
-CVE-2018-9592
- RESERVED
-CVE-2018-9591
- RESERVED
-CVE-2018-9590
- RESERVED
-CVE-2018-9589
- RESERVED
-CVE-2018-9588
- RESERVED
-CVE-2018-9587
- RESERVED
-CVE-2018-9586
- RESERVED
-CVE-2018-9585
- RESERVED
-CVE-2018-9584
- RESERVED
-CVE-2018-9583
- RESERVED
-CVE-2018-9582
- RESERVED
+CVE-2018-9594 (In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, ...)
+ TODO: check
+CVE-2018-9593 (In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0,
Android-7.1.1, ...)
+ TODO: check
+CVE-2018-9592 (In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0,
Android-7.1.1, ...)
+ TODO: check
+CVE-2018-9591 (In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0,
Android-7.1.1, ...)
+ TODO: check
+CVE-2018-9590 (In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1,
...)
+ TODO: check
+CVE-2018-9589 (In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, ...)
+ TODO: check
+CVE-2018-9588 (In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, ...)
+ TODO: check
+CVE-2018-9587 (In savePhotoFromUriToUri of ContactPhotoUtils.java in
Android-7.0, ...)
+ TODO: check
+CVE-2018-9586 (In run of InstallPackageTask.java in Android-7.0,
Android-7.1.1, ...)
+ TODO: check
+CVE-2018-9585 (In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, ...)
+ TODO: check
+CVE-2018-9584 (In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0,
...)
+ TODO: check
+CVE-2018-9583 (In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0,
Android-7.1.1, ...)
+ TODO: check
+CVE-2018-9582 (In package installer in Android-8.0, Android-8.1 and Android-9,
there ...)
+ TODO: check
CVE-2018-9581
RESERVED
CVE-2018-9580 (A Elevation of privilege vulnerability in the HTC bootloader.
Product: ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/08d0b0d16dd1d8e63210cf7c4c25398152d66016
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/08d0b0d16dd1d8e63210cf7c4c25398152d66016
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
