[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 10 Jun 2019 13:11:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ee55640a by security tracker role at 2019-06-10T20:10:38Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer 
over-read in th ...)
+       TODO: check
+CVE-2019-12789
+       RESERVED
+CVE-2019-12788 (An issue was discovered in Photodex ProShow Producer v9.0.3797 
(an app ...)
+       TODO: check
+CVE-2019-12787 (An issue was discovered on D-Link DIR-818LW devices from 
2.05.B03 to 2 ...)
+       TODO: check
+CVE-2019-12786 (An issue was discovered on D-Link DIR-818LW devices from 
2.05.B03 to 2 ...)
+       TODO: check
+CVE-2019-12785
+       RESERVED
+CVE-2019-12784
+       RESERVED
+CVE-2019-12783
+       RESERVED
+CVE-2019-12782
+       RESERVED
+CVE-2019-12781
+       RESERVED
+CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in 
the Wemo ...)
+       TODO: check
 CVE-2019-XXXX [security issues fixed in vlc 3.0.7]
        - vlc 3.0.7-1 (bug #930276)
        NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
@@ -898,8 +920,8 @@ CVE-2019-12389
        RESERVED
 CVE-2019-12388
        RESERVED
-CVE-2019-12387
-       RESERVED
+CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or 
sanitize URI ...)
+       TODO: check
 CVE-2019-12386
        RESERVED
 CVE-2019-12385
@@ -2095,8 +2117,8 @@ CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for 
Ruby allows directory t
        TODO: check
 CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 
V4.02.R12.00035520.1 ...)
        NOT-FOR-US: XiongMai Besder IP20H1 cameras
-CVE-2019-11877
-       RESERVED
+CVE-2019-11877 (XSS on the PIX-Link Repeater/Router LV-WR09 with firmware 
v28K.MiniRou ...)
+       TODO: check
 CVE-2019-11876 (In PrestaShop 1.7.5.2, the shop_country parameter in the 
install/index ...)
        NOT-FOR-US: PrestaShop
 CVE-2019-11875 (In AutomateAppCore.dll in Blue Prism Robotic Process 
Automation 6.4.0. ...)
@@ -3003,8 +3025,8 @@ CVE-2019-11519 
(Libraries/Nop.Services/Localization/LocalizationService.cs in no
        NOT-FOR-US: nopCommerce
 CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php 
allows AID[] ...)
        NOT-FOR-US: SEMCMS
-CVE-2019-11517
-       RESERVED
+CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the 
synchron ...)
+       TODO: check
 CVE-2019-11516
        RESERVED
 CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to 
cause a deni ...)
@@ -4281,8 +4303,8 @@ CVE-2015-9284 (The request phase of the OmniAuth Ruby gem 
is vulnerable to Cross
        - ruby-omniauth <unfixed>
        NOTE: https://github.com/omniauth/omniauth/pull/809
        NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/11
-CVE-2019-11027
-       RESERVED
+CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely 
exploitable ...)
+       TODO: check
 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 
has infini ...)
        - poppler <unfixed> (low; bug #926721)
        [buster] - poppler <ignored> (Minor issue)
@@ -7782,12 +7804,12 @@ CVE-2019-9883 (Multi modules of MailSherlock MSR35 and 
MSR45 lead to a CSRF vuln
        NOT-FOR-US: MailSherlock
 CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF 
vulnerabi ...)
        NOT-FOR-US: MailSherlock
-CVE-2019-9881
-       RESERVED
-CVE-2019-9880
-       RESERVED
-CVE-2019-9879
-       RESERVED
+CVE-2019-9881 (The createComment mutation in the WPGraphQL 0.2.3 plugin for 
WordPress ...)
+       TODO: check
+CVE-2019-9880 (An issue was discovered in the WPGraphQL 0.2.3 plugin for 
WordPress. B ...)
+       TODO: check
+CVE-2019-9879 (The WPGraphQL 0.2.3 plugin for WordPress allows remote 
attackers to re ...)
+       TODO: check
 CVE-2019-9878 (There is an invalid memory access in the function 
GfxIndexedColorSpace ...)
        - xpdf <not-affected> (xpdf in Debian uses poppler, which is not 
affected or fixed)
 CVE-2019-9877 (There is an invalid memory access vulnerability in the function 
TextPa ...)
@@ -17087,8 +17109,8 @@ CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot 
password page (aka the /
        NOT-FOR-US: Frog CMS
 CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to 
read t ...)
        NOT-FOR-US: Kentico
-CVE-2019-6241
-       RESERVED
+CVE-2019-6241 (In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet 
combined wi ...)
+       TODO: check
 CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.7+dfsg-1 (bug #919822)
        NOTE: 
https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
@@ -19501,8 +19523,8 @@ CVE-2019-5245
        RESERVED
 CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 
8.0.0.361(C636) ve ...)
        NOT-FOR-US: Huawei
-CVE-2019-5243
-       RESERVED
+CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. 
An att ...)
+       TODO: check
 CVE-2019-5242 (There is a code execution vulnerability in Huawei PCManager 
versions e ...)
        NOT-FOR-US: Huawei
 CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei 
PCManager vers ...)
@@ -24457,16 +24479,16 @@ CVE-2018-20357 (A NULL pointer dereference was 
discovered in sbr_process_channel
        [buster] - faad2 <no-dsa> (Minor issue)
        [stretch] - faad2 <no-dsa> (Minor issue)
        NOTE: https://github.com/knik0/faad2/issues/28
-CVE-2018-20356
-       RESERVED
-CVE-2018-20355
-       RESERVED
-CVE-2018-20354
-       RESERVED
-CVE-2018-20353
-       RESERVED
-CVE-2018-20352
-       RESERVED
+CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free 
vulnerability in th ...)
+       TODO: check
+CVE-2018-20355 (An invalid write of 8 bytes due to a use-after-free 
vulnerability in t ...)
+       TODO: check
+CVE-2018-20354 (An invalid read of 8 bytes due to a use-after-free 
vulnerability durin ...)
+       TODO: check
+CVE-2018-20353 (An invalid read of 8 bytes due to a use-after-free 
vulnerability durin ...)
+       TODO: check
+CVE-2018-20352 (Use-after-free vulnerability in the mg_cgi_ev_handler function 
in mong ...)
+       TODO: check
 CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on 
macOS all ...)
        NOT-FOR-US: Evernote
 CVE-2018-20350
@@ -34276,7 +34298,7 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases 
2.4.17 to 2.4.38, with MPM eve
 CVE-2019-0210
        RESERVED
 CVE-2019-0209
-       RESERVED
+       REJECTED
 CVE-2019-0208
        REJECTED
 CVE-2019-0207



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee55640ac0361eaa5c2dac65328e983afedb1c66

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee55640ac0361eaa5c2dac65328e983afedb1c66
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to