[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 28 Jun 2019 13:10:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2e804286 by security tracker role at 2019-06-28T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-13019
+       RESERVED
+CVE-2019-13018
+       RESERVED
+CVE-2019-13017
+       RESERVED
+CVE-2019-13016
+       RESERVED
+CVE-2019-13015
+       RESERVED
+CVE-2019-13014
+       RESERVED
+CVE-2019-13013
+       RESERVED
+CVE-2019-13011
+       RESERVED
+CVE-2019-13010
+       RESERVED
+CVE-2019-13009
+       RESERVED
+CVE-2019-13008
+       RESERVED
+CVE-2019-13007
+       RESERVED
+CVE-2019-13006
+       RESERVED
+CVE-2019-13005
+       RESERVED
+CVE-2019-13004
+       RESERVED
+CVE-2019-13003
+       RESERVED
+CVE-2019-13002
+       RESERVED
+CVE-2019-13001
+       RESERVED
+CVE-2019-13000
+       RESERVED
+CVE-2019-12999
+       RESERVED
+CVE-2019-12998
+       RESERVED
+CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate 
privileges from ...)
+       TODO: check
+CVE-2019-12996
+       RESERVED
+CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading 
to "Epoch ...)
+       TODO: check
+CVE-2019-12994
+       RESERVED
 CVE-2019-12993
        RESERVED
 CVE-2019-12992
@@ -142,6 +192,7 @@ CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is 
vulnerable to SQL Injection i
 CVE-2019-12938 (The Roundcube component of Analogic Poste.io 2.1.6 uses 
.htaccess to p ...)
        NOT-FOR-US: Roundcube component of Analogic Poste.io
 CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML 
names that  ...)
+       {DSA-4472-1}
        - expat 2.2.6-2 (bug #931031)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
        NOTE: https://github.com/libexpat/libexpat/issues/186
@@ -157,8 +208,8 @@ CVE-2019-12935 (Shopware before 5.5.8 has XSS via the Query 
String to the backen
        NOT-FOR-US: Shopware
 CVE-2019-12933 (An XSS issue on the PIX-Link Repeater/Router LV-WR09 with 
firmware v28 ...)
        NOT-FOR-US: PIX-Link Repeater/Router LV-WR09
-CVE-2019-12932
-       RESERVED
+CVE-2019-12932 (A stored XSS vulnerability was found in SeedDMS 5.1.11 due to 
poorly e ...)
+       TODO: check
 CVE-2019-12931
        RESERVED
 CVE-2019-12930
@@ -1313,7 +1364,7 @@ CVE-2019-12452 (types/types.go in Containous Traefik 
1.7.x through 1.7.11, when
        NOT-FOR-US: Containous Traefik
 CVE-2019-12451
        RESERVED
-CVE-2019-13012 [keyfile settings backend: Consider tightening permissions]
+CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) 
before 2.59.1 ...)
        [experimental] - glib2.0 2.60.0-1
        - glib2.0 <unfixed> (bug #931234)
        NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1658
@@ -10353,7 +10404,7 @@ CVE-2019-9213 (In the Linux kernel before 4.20.14, 
expand_downwards in mm/mmap.c
        [stretch] - linux 4.9.168-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
-CVE-2019-9212 (SOFA-Hessian through 4.0.2 allows remote attackers to execute 
arbitrar ...)
+CVE-2019-9212 (** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote 
attackers to e ...)
        NOT-FOR-US: SOFA-Hessian
 CVE-2019-9211 (There is a reachable assertion abort in the function 
write_long_string ...)
        - pspp <unfixed> (unimportant; bug #923417)
@@ -18146,6 +18197,7 @@ CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has 
infinite recursion with sta
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700442
        NOTE: 
http://www.ghostscript.com/cgi-bin/findgit.cgi?c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b
 CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of 
the fi ...)
+       {DLA-1838-1}
        - mupdf 1.14.0+ds1-3 (bug #918971)
        [stretch] - mupdf <no-dsa> (Minor issue)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
@@ -22055,8 +22107,8 @@ CVE-2019-4371
        RESERVED
 CVE-2019-4370
        RESERVED
-CVE-2019-4369
-       RESERVED
+CVE-2019-4369 (IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive 
informa ...)
+       TODO: check
 CVE-2019-4368
        RESERVED
 CVE-2019-4367
@@ -22255,8 +22307,8 @@ CVE-2019-4271
        RESERVED
 CVE-2019-4270
        RESERVED
-CVE-2019-4269
-       RESERVED
+CVE-2019-4269 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin 
Console  ...)
+       TODO: check
 CVE-2019-4268
        RESERVED
 CVE-2019-4267
@@ -39786,8 +39838,8 @@ CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has 
SQL Injection via a status
        NOT-FOR-US: Multi-Tech FaxFinder
 CVE-2018-17561
        RESERVED
-CVE-2018-17560
-       RESERVED
+CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 
prior to 1. ...)
+       TODO: check
 CVE-2018-17559
        RESERVED
 CVE-2018-17558
@@ -40790,8 +40842,8 @@ CVE-2018-17172 (The web application on Xerox AltaLink 
B80xx before 100.008.028.0
        NOT-FOR-US: Xerox
 CVE-2018-17171
        RESERVED
-CVE-2018-17170
-       RESERVED
+CVE-2018-17170 (Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on 
Windows allo ...)
+       TODO: check
 CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn 
version 4.1.4  ...)
        NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site 
Request Forger ...)
@@ -45165,8 +45217,8 @@ CVE-2018-15557 (An issue was discovered in the 
Quantenna WiFi Controller on Telu
        TODO: check
 CVE-2018-15556 (The Quantenna WiFi Controller on Telus Actiontec WEB6000Q 
v1.1.02.22 a ...)
        TODO: check
-CVE-2018-15555
-       RESERVED
+CVE-2018-15555 (On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker 
can login  ...)
+       TODO: check
 CVE-2018-15554
        RESERVED
 CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 
devices allo ...)
@@ -45236,10 +45288,10 @@ CVE-2018-15522
        RESERVED
 CVE-2018-15521
        RESERVED
-CVE-2018-15520
-       RESERVED
-CVE-2018-15519
-       RESERVED
+CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). 
...)
+       TODO: check
+CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). 
...)
+       TODO: check
 CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or 
corruption dur ...)
        {DSA-4374-1 DLA-1786-1 DLA-1627-1}
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
@@ -46532,14 +46584,14 @@ CVE-2018-14921
        RESERVED
 CVE-2018-14920
        RESERVED
-CVE-2018-14919
-       RESERVED
-CVE-2018-14918
-       RESERVED
+CVE-2018-14919 (LOYTEC LGATE-902 6.3.2 devices allow XSS. ...)
+       TODO: check
+CVE-2018-14918 (LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. ...)
+       TODO: check
 CVE-2018-14917
        REJECTED
-CVE-2018-14916
-       RESERVED
+CVE-2018-14916 (LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. 
...)
+       TODO: check
 CVE-2018-14915
        REJECTED
 CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a 
Buffer Overflo ...)
@@ -46605,12 +46657,12 @@ CVE-2018-14889 (CouchDB in Vectra Networks Cognito 
Brain and Sensor before 4.3 c
        NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
 CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like 
plugin be ...)
        NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
-CVE-2018-14887
-       RESERVED
-CVE-2018-14886
-       RESERVED
-CVE-2018-14885
-       RESERVED
+CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing 
component in ...)
+       TODO: check
+CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and 
earlier and ...)
+       TODO: check
+CVE-2018-14885 (Incorrect access control in the database manager component in 
Odoo Com ...)
+       TODO: check
 CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x 
before 7.1.1 ...)
        - php7.2 7.2.1-1
        - php7.1 7.1.13-1
@@ -46673,10 +46725,10 @@ CVE-2018-14870
        RESERVED
 CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address 
line 1, Add ...)
        NOT-FOR-US: PHP Template Store Script
-CVE-2018-14868
-       RESERVED
-CVE-2018-14867
-       RESERVED
+CVE-2018-14868 (Incorrect access control in the Password Encryption module in 
Odoo Com ...)
+       TODO: check
+CVE-2018-14867 (Incorrect access control in the portal messaging system in 
Odoo Commun ...)
+       TODO: check
 CVE-2018-14866
        RESERVED
 CVE-2018-14865
@@ -70739,7 +70791,7 @@ CVE-2018-6194 (A cross-site scripting (XSS) 
vulnerability in admin/partials/wp-s
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in 
Routers2 2.24, ...)
        NOT-FOR-US: Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in 
pdf/pdf-xre ...)
-       {DSA-4334-1}
+       {DSA-4334-1 DLA-1838-1}
        - mupdf 1.13.0+ds1-1 (bug #888487)
        [wheezy] - mupdf <no-dsa> (Minor issue)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
@@ -72656,7 +72708,7 @@ CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd 
parameter to the displayHe
 CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings 
under ad ...)
        NOT-FOR-US: NewsBee CMS
 CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and 
applicati ...)
-       {DSA-4334-1}
+       {DSA-4334-1 DLA-1838-1}
        - mupdf 1.13.0+ds1-1 (bug #887130)
        [wheezy] - mupdf <no-dsa> (Minor issue)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
@@ -85061,14 +85113,16 @@ CVE-2017-1002102 (In Kubernetes versions 1.3.x, 
1.4.x, 1.5.x, 1.6.x and prior to
 CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior 
to version ...)
        - kubernetes 1.7.16+dfsg-1 (bug #892801)
        NOTE: https://github.com/kubernetes/kubernetes/issues/60813
-CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 
may lea ...)
+CVE-2017-17457
+       REJECTED
        {DLA-1618-1}
        - libsndfile 1.0.28-5 (low; bug #884735)
        [stretch] - libsndfile <no-dsa> (Minor issue)
        [wheezy] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/erikd/libsndfile/issues/344
        NOTE: 
https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
-CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 
may lea ...)
+CVE-2017-17456
+       REJECTED
        {DLA-1618-1}
        - libsndfile 1.0.28-5 (low; bug #884735)
        [stretch] - libsndfile <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e804286b131becb2ab2a7c02e3699de3f49d947

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e804286b131becb2ab2a7c02e3699de3f49d947
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to