[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 20 Jun 2019 13:11:20 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
722dd91b by security tracker role at 2019-06-20T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2019-12921
+       RESERVED
+CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 
devices ...)
+       TODO: check
+CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 
devices ...)
+       TODO: check
+CVE-2019-12918
+       RESERVED
+CVE-2019-12917
+       RESERVED
+CVE-2019-12916
+       RESERVED
+CVE-2019-12915
+       RESERVED
+CVE-2019-12914
+       RESERVED
+CVE-2019-12913
+       RESERVED
+CVE-2019-12912
+       RESERVED
+CVE-2019-12911
+       RESERVED
+CVE-2019-12910
+       RESERVED
+CVE-2019-12909
+       RESERVED
+CVE-2019-12908
+       RESERVED
+CVE-2019-12907
+       RESERVED
+CVE-2019-12906
+       RESERVED
+CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the 
?module=fileman& ...)
+       TODO: check
 CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable 
to a flu ...)
        - libgcrypt20 <unfixed>
        - libgcrypt11 <removed>
@@ -409,10 +443,10 @@ CVE-2019-12747
        RESERVED
 CVE-2019-12746
        RESERVED
-CVE-2019-12745
-       RESERVED
-CVE-2019-12744
-       RESERVED
+CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored 
Cross-Site S ...)
+       TODO: check
+CVE-2019-12744 (SeedDMS before 5.1.11 allows Remote Command Execution (RCE) 
because of ...)
+       TODO: check
 CVE-2019-12743
        RESERVED
 CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change 
the passw ...)
@@ -1062,7 +1096,7 @@ CVE-2019-12589 (In Firejail before 0.9.60, seccomp 
filters are writable inside t
        - firejail 0.9.58.2-2 (bug #929732)
        NOTE: https://github.com/netblue30/firejail/issues/2718
        NOTE: 
https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
-CVE-2019-12456 (An issue was discovered in the MPT3COMMAND case in 
_ctl_ioctl_main in  ...)
+CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case 
in _ctl ...)
        - linux <unfixed>
 CVE-2019-12455 (An issue was discovered in sunxi_divs_clk_setup in 
drivers/clk/sunxi/c ...)
        - linux <unfixed> (unimportant)
@@ -1274,7 +1308,7 @@ CVE-2019-12383 (Tor Browser before 8.0.1 has an 
information exposure vulnerabili
 CVE-2019-12382 (** DISPUTED ** An issue was discovered in 
drm_load_edid_firmware in dr ...)
        - linux <unfixed> (unimportant)
        NOTE: Issue with no security impact, see kernel-sec, invalid issue
-CVE-2019-12381 (An issue was discovered in ip_ra_control in 
net/ipv4/ip_sockglue.c in  ...)
+CVE-2019-12381 (** DISPUTED ** An issue was discovered in ip_ra_control in 
net/ipv4/ip ...)
        - linux <unfixed> (unimportant)
        NOTE: Issue with no security impact, see kernel-sec, invalid issue
 CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux 
kernel throu ...)
@@ -2851,7 +2885,7 @@ CVE-2019-11708 [sandbox escape using Prompt:Open]
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708
 CVE-2019-11707
        RESERVED
-       {DSA-4466-1}
+       {DSA-4466-1 DLA-1829-1}
        - firefox 67.0.3-1
        - firefox-esr 60.7.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
@@ -12040,10 +12074,10 @@ CVE-2019-8461
        RESERVED
 CVE-2019-8460
        RESERVED
-CVE-2019-8459
-       RESERVED
-CVE-2019-8458
-       RESERVED
+CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN 
blade,  ...)
+       TODO: check
+CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with 
Anti-Malware bl ...)
+       TODO: check
 CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to 
heap out-o ...)
        - sqlite3 3.27.2-3 (bug #929775)
        NOTE: https://www.sqlite.org/src/info/90acdbfce9c08858
@@ -15763,14 +15797,14 @@ CVE-2019-6966 (An issue was discovered in Bento4 
1.5.1-628. The AP4_ElstAtom cla
        NOT-FOR-US: Bento4
 CVE-2019-6965 (An XSS issue was discovered in i-doit Open 1.12 via the 
src/tools/php/ ...)
        NOT-FOR-US: i-doit
-CVE-2019-6964
-       RESERVED
-CVE-2019-6963
-       RESERVED
-CVE-2019-6962
-       RESERVED
-CVE-2019-6961
-       RESERVED
+CVE-2019-6964 (A heap-based buffer over-read in Service_SetParamStringValue in 
cosa_x ...)
+       TODO: check
+CVE-2019-6963 (A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK 
RDKB-2018 ...)
+       TODO: check
+CVE-2019-6962 (A shell injection issue in cosa_wifi_apis.c in the RDK 
RDKB-20181217-1 ...)
+       TODO: check
+CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK 
RDKB-2 ...)
+       TODO: check
 CVE-2019-6960
        RESERVED
        - gitlab 11.5.10+dfsg-1 (bug #921059)
@@ -42258,8 +42292,8 @@ CVE-2017-1000600 (WordPress version &lt;4.9 contains a 
CWE-20 Input Validation v
        NOTE: Wordpress before 4.9 is vulnerable on its own. After 4.9 you need 
to have
        NOTE: vulnerable module installed on the site as well. Due to an 
incomplete fix
        NOTE: in 4.9 there exists CVE-2018-1000773.
-CVE-2018-16553
-       RESERVED
+CVE-2018-16553 (In Jspxcms 9.0.0, a vulnerable URL routing implementation 
allows remot ...)
+       TODO: check
 CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, 
/users/##/ ...)
        NOT-FOR-US: MicroPyramid Django-CRM
 CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by 
client/job/jo ...)
@@ -42334,8 +42368,8 @@ CVE-2018-16517 (asm/labels.c in Netwide Assembler 
(NASM) is prone to NULL Pointe
        NOTE: Crash in CLI tool, no security impact
 CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a 
crafted URL. ...)
        - python-flask-admin <itp> (bug #765509)
-CVE-2018-16514
-       RESERVED
+CVE-2018-16514 (A cross-site scripting (XSS) vulnerability in the View Filters 
page (v ...)
+       TODO: check
 CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 
3.00 may al ...)
        - jhead 1:3.00-8 (bug #907925)
        [stretch] - jhead 1:3.00-4+deb9u1
@@ -43036,16 +43070,16 @@ CVE-2018-16253 (In sig_verify() in x509.c in axTLS 
version 2.1.3 and before, the
        NOT-FOR-US: axTLS
 CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType 
XML Exter ...)
        NOT-FOR-US: FsPro Labs Event Log Explorer
-CVE-2018-16251
-       RESERVED
-CVE-2018-16250
-       RESERVED
-CVE-2018-16249
-       RESERVED
-CVE-2018-16248
-       RESERVED
-CVE-2018-16247
-       RESERVED
+CVE-2018-16251 (A "search for user discovery" injection issue exists in 
Creatiwity wit ...)
+       TODO: check
+CVE-2018-16250 (The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies 
the presen ...)
+       TODO: check
+CVE-2018-16249 (In Symphony before 3.3.0, there is XSS in the Title under 
Post. The ID ...)
+       TODO: check
+CVE-2018-16248 (b3log Solo 2.9.3 has XSS in the Input page under the "Publish 
Articles ...)
+       TODO: check
+CVE-2018-16247 (YzmCMS 5.1 has XSS via the 
admin/system_manage/user_config_add.html ti ...)
+       TODO: check
 CVE-2018-16246
        RESERVED
 CVE-2018-16245
@@ -43335,14 +43369,14 @@ CVE-2018-16121
        RESERVED
 CVE-2018-16120
        RESERVED
-CVE-2018-16119
-       RESERVED
-CVE-2018-16118
-       RESERVED
-CVE-2018-16117
-       RESERVED
-CVE-2018-16116
-       RESERVED
+CVE-2018-16119 (Stack-based buffer overflow in the httpd server of TP-Link 
WR1043nd (F ...)
+       TODO: check
+CVE-2018-16118 (A shell escape vulnerability in /webconsole/APIController in 
the API C ...)
+       TODO: check
+CVE-2018-16117 (A shell escape vulnerability in /webconsole/Controller in 
Admin Portal ...)
+       TODO: check
+CVE-2018-16116 (SQL injection vulnerability in AccountStatus.jsp in Admin 
Portal of So ...)
+       TODO: check
 CVE-2018-16115 (Lightbend Akka 2.5.x before 2.5.16 allows message disclosure 
and modif ...)
        NOT-FOR-US: Lightbend Akka
 CVE-2018-16114
@@ -43807,8 +43841,8 @@ CVE-2018-15915
        RESERVED
 CVE-2018-15914
        RESERVED
-CVE-2018-15913
-       RESERVED
+CVE-2018-15913 (An issue was discovered in Cloudera Manager 5.x through 
5.15.0. One ty ...)
+       TODO: check
 CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in 
manjaro-system  ...)
        NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
 CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH 
through 7.8 co ...)
@@ -43872,12 +43906,12 @@ CVE-2018-15894 (A SQL injection was discovered in 
/coreframe/app/admin/pay/admin
        NOT-FOR-US: WUZHI CMS
 CVE-2018-15893 (A SQL injection was discovered in 
/coreframe/app/admin/copyfrom.php in ...)
        NOT-FOR-US: WUZHI CMS
-CVE-2018-15892
-       RESERVED
-CVE-2018-15891
-       RESERVED
-CVE-2018-15890
-       RESERVED
+CVE-2018-15892 (FreePBX 13 and 14 has SQL Injection in the DISA module via the 
hangup  ...)
+       TODO: check
+CVE-2018-15891 (An issue was discovered in FreePBX core before 3.0.122.43, 
14.0.18.34, ...)
+       TODO: check
+CVE-2018-15890 (An issue was discovered in EthereumJ 1.8.2. There is Unsafe 
Deserializ ...)
+       TODO: check
 CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() 
in base ...)
        - libpodofo <unfixed> (low; bug #916167)
        [buster] - libpodofo <no-dsa> (Minor issue)
@@ -43914,10 +43948,10 @@ CVE-2018-15881 (An issue was discovered in Joomla! 
before 3.8.12. Inadequate che
        NOT-FOR-US: Joomla!
 CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate 
output fi ...)
        NOT-FOR-US: Joomla!
-CVE-2018-15879
-       RESERVED
-CVE-2018-15878
-       RESERVED
+CVE-2018-15879 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double 
Free Vu ...)
+       TODO: check
+CVE-2018-15878 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double 
Free Vu ...)
+       TODO: check
 CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an 
arbitrary fi ...)
        NOT-FOR-US: Joomla addon
 CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and 
gsgetresolutio ...)
@@ -77943,8 +77977,8 @@ CVE-2017-17946 (A buffer overflow in Handy Password 
4.9.3 allows remote attacker
        NOT-FOR-US: Handy Password
 CVE-2017-17945
        RESERVED
-CVE-2017-17944
-       RESERVED
+CVE-2017-17944 (The ASUS Vivobaby application before 1.1.09 for Android has 
Missing SS ...)
+       TODO: check
 CVE-2017-17943
        RESERVED
 CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in 
the functi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/722dd91b2d09f9568a4aeed0fa7b49b1cbe37c90

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/722dd91b2d09f9568a4aeed0fa7b49b1cbe37c90
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to