Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
087a3d00 by security tracker role at 2019-03-22T08:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2019-9939 (The SHAREit application before 4.0.36 for Android allows a
remote atta ...)
+ TODO: check
+CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a
remote atta ...)
+ TODO: check
+CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single
transactio ...)
+ TODO: check
+CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a
transaction cou ...)
+ TODO: check
+CVE-2019-9935
+ RESERVED
+CVE-2019-9934
+ RESERVED
+CVE-2019-9933
+ RESERVED
+CVE-2019-9932
+ RESERVED
+CVE-2019-9931
+ RESERVED
+CVE-2019-9930
+ RESERVED
+CVE-2019-9929
+ RESERVED
+CVE-2019-9928
+ RESERVED
+CVE-2019-9927 (Caret before 2019-02-22 allows Remote Code Execution. ...)
+ TODO: check
+CVE-2019-9926
+ RESERVED
+CVE-2019-9925 (S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. ...)
+ TODO: check
+CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user
from mod ...)
+ TODO: check
+CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL
pointe ...)
+ TODO: check
+CVE-2019-9922
+ RESERVED
+CVE-2019-9921
+ RESERVED
+CVE-2019-9920
+ RESERVED
+CVE-2019-9919
+ RESERVED
+CVE-2019-9918
+ RESERVED
+CVE-2019-9917
+ RESERVED
+CVE-2019-9916
+ RESERVED
+CVE-2019-9915 (GetSimpleCMS 3.3.13 has an Open Redirect via the
admin/index.php redir ...)
+ TODO: check
+CVE-2019-9914 (The yop-poll plugin before 6.0.3 for WordPress has
wp-admin/admin.php? ...)
+ TODO: check
+CVE-2019-9913 (The wp-live-chat-support plugin before 8.0.18 for WordPress has
wp-adm ...)
+ TODO: check
+CVE-2019-9912 (The wp-google-maps plugin before 7.10.43 for WordPress has XSS
via the ...)
+ TODO: check
+CVE-2019-9911 (The social-networks-auto-poster-facebook-twitter-g plugin
before 4.2.8 ...)
+ TODO: check
+CVE-2019-9910 (The kingcomposer plugin 2.7.6 for WordPress has
wp-admin/admin.php?pag ...)
+ TODO: check
+CVE-2019-9909 (The "Donation Plugin and Fundraising Platform" plugin before
2.3.1 for ...)
+ TODO: check
+CVE-2019-9908 (The font-organizer plugin 2.1.1 for WordPress has
wp-admin/options-gen ...)
+ TODO: check
CVE-2019-9907
RESERVED
CVE-2019-9906
@@ -1063,6 +1127,7 @@ CVE-2019-9756
RESERVED
CVE-2019-9755 [heap buffer overflow]
RESERVED
+ {DSA-4413-1}
- ntfs-3g 1:2017.3.23AR.3-3 (bug #925255)
NOTE:
https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/
CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC)
0.9.27. ...)
@@ -4474,8 +4539,8 @@ CVE-2019-8353
RESERVED
CVE-2019-8352
RESERVED
-CVE-2019-8351
- RESERVED
+CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509
certif ...)
+ TODO: check
CVE-2019-8350
RESERVED
CVE-2019-8349
@@ -6304,12 +6369,12 @@ CVE-2019-7541
RESERVED
CVE-2019-7540
RESERVED
-CVE-2019-7539
- RESERVED
+CVE-2019-7539 (A code injection issue was discovered in ipycache through
2016-05-31. ...)
+ TODO: check
CVE-2019-7538
RESERVED
-CVE-2019-7537
- RESERVED
+CVE-2019-7537 (An issue was discovered in Donfig 0.3.0. There is a
vulnerability in t ...)
+ TODO: check
CVE-2019-7536
RESERVED
CVE-2019-7535 (index.php in Gurock TestRail 5.3.0.3603 returns potentially
sensitive ...)
@@ -14724,8 +14789,7 @@ CVE-2019-3873
RESERVED
CVE-2019-3872
RESERVED
-CVE-2019-3871 [Insufficient validation in the HTTP remote backend]
- RESERVED
+CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server
before 4.0. ...)
- pdns <unfixed> (bug #924966)
NOTE: https://github.com/PowerDNS/pdns/issues/7573
NOTE:
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
@@ -14772,8 +14836,7 @@ CVE-2019-3859 (An out of bounds read flaw was
discovered in libssh2 before 1.8.1
NOTE: https://www.libssh2.org/CVE-2019-3859.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3858 [Possible zero-byte allocation leading to an out-of-bounds read]
- RESERVED
+CVE-2019-3858 (An out of bounds read flaw was discovered in libssh2 before
1.8.1 when ...)
- libssh2 <unfixed> (bug #924965)
NOTE: https://libssh2.org/CVE-2019-3858.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
@@ -14790,8 +14853,7 @@ CVE-2019-3856 [Possible integer overflow in keyboard
interactive handling allows
NOTE: https://www.libssh2.org/CVE-2019-3856.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3855 [Possible integer overflow in transport read allows
out-of-bounds write]
- RESERVED
+CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds
write wa ...)
- libssh2 <unfixed> (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3855.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
@@ -19879,14 +19941,14 @@ CVE-2018-20036
RESERVED
CVE-2018-20035
RESERVED
-CVE-2018-20034
- RESERVED
+CVE-2018-20034 (A Denial of Service vulnerability related to adding an item to
a list ...)
+ TODO: check
CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor
daemon compo ...)
NOT-FOR-US: FlexNet Publisher
-CVE-2018-20032
- RESERVED
-CVE-2018-20031
- RESERVED
+CVE-2018-20032 (A Denial of Service vulnerability related to message decoding
in lmgrd ...)
+ TODO: check
+CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item
deletion ...)
+ TODO: check
CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and
EXIF_IFD_EX ...)
- libexif 0.6.21-5.1 (bug #918730)
[stretch] - libexif <no-dsa> (Minor issue)
@@ -27539,8 +27601,8 @@ CVE-2018-18915 (There is an infinite loop in the
Exiv2::Image::printIFDStructure
NOTE: https://github.com/Exiv2/exiv2/issues/511
CVE-2018-18914
RESERVED
-CVE-2018-18913
- RESERVED
+CVE-2018-18913 (Opera before 57.0.3098.106 is vulnerable to a DLL Search Order
hijacki ...)
+ TODO: check
CVE-2018-18912
RESERVED
CVE-2018-18911
@@ -168309,10 +168371,10 @@ CVE-2015-6460 (Multiple heap-based buffer overflows
in 3S-Smart CODESYS Gateway
NOT-FOR-US: CODESYS Gateway Server
CVE-2015-6459 (Absolute path traversal vulnerability in the download feature
in FileD ...)
NOT-FOR-US: FileDownloadServlet
-CVE-2015-6458
- RESERVED
-CVE-2015-6457
- RESERVED
+CVE-2015-6458 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow
conditi ...)
+ TODO: check
+CVE-2015-6457 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow
conditi ...)
+ TODO: check
CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise
before 3.1. ...)
NOT-FOR-US: PulseNET
CVE-2015-6455
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/087a3d002114cade6ee540f2669099724881cb09
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/087a3d002114cade6ee540f2669099724881cb09
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
