Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
689889ca by security tracker role at 2019-07-11T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,51 @@
-CVE-2019-13482
+CVE-2019-13504 (There is an out-of-bounds read in
Exiv2::MrwImage::readMetadata in mrw ...)
+ TODO: check
+CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based
buffer o ...)
+ TODO: check
+CVE-2019-13502
+ RESERVED
+CVE-2019-13501
+ RESERVED
+CVE-2019-13500
+ RESERVED
+CVE-2019-13499
+ RESERVED
+CVE-2019-13498
+ RESERVED
+CVE-2019-13497
+ RESERVED
+CVE-2019-13496
+ RESERVED
+CVE-2019-13495
+ RESERVED
+CVE-2019-13494
+ RESERVED
+CVE-2019-13493
RESERVED
-CVE-2019-13481
+CVE-2019-13492
RESERVED
+CVE-2019-13491
+ RESERVED
+CVE-2019-13490
+ RESERVED
+CVE-2019-13489 (Trape through 2019-05-08 has SQL injection via the data[2]
variable in ...)
+ TODO: check
+CVE-2019-13488 (A cross-site scripting (XSS) vulnerability in
static/js/trape.js in Tr ...)
+ TODO: check
+CVE-2019-13487
+ RESERVED
+CVE-2019-13486
+ RESERVED
+CVE-2019-13485
+ RESERVED
+CVE-2019-13484
+ RESERVED
+CVE-2019-13483
+ RESERVED
+CVE-2019-13482 (An issue was discovered on D-Link DIR-818LW devices with
firmware 2.06 ...)
+ TODO: check
+CVE-2019-13481 (An issue was discovered on D-Link DIR-818LW devices with
firmware 2.06 ...)
+ TODO: check
CVE-2019-13480
RESERVED
CVE-2019-13479
@@ -212,7 +256,7 @@ CVE-2019-13383
CVE-2019-13382
RESERVED
CVE-2019-13381
- RESERVED
+ REJECTED
CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data
saved from ...)
NOT-FOR-US: KEYNTO Team Password Manager
CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with
access ...)
@@ -1684,10 +1728,10 @@ CVE-2019-12806
RESERVED
CVE-2019-12805
RESERVED
-CVE-2019-12804
- RESERVED
-CVE-2019-12803
- RESERVED
+CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~
4.0.16, due to ...)
+ TODO: check
+CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~
4.0.16, the sp ...)
+ TODO: check
CVE-2019-12802 (In radare2 through 3.5.1, the rcc_context function of
libr/egg/egg_lan ...)
- radare2 <unfixed> (bug #930510)
[buster] - radare2 <no-dsa> (Minor issue)
@@ -2199,7 +2243,7 @@ CVE-2019-12596
CVE-2019-12595
RESERVED
CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
- {DLA-1845-1}
+ {DSA-4478-1 DLA-1845-1}
- dosbox <unfixed> (bug #931222)
NOTE: Fixed in 0.74-3 upstream.
NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594
@@ -16934,7 +16978,7 @@ CVE-2019-7167 (Zcash, before the Sapling network
upgrade (2018-10-28), had a cou
CVE-2019-7166
RESERVED
CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute
arbitra ...)
- {DLA-1845-1}
+ {DSA-4478-1 DLA-1845-1}
- dosbox <unfixed> (bug #931222)
NOTE: Fixed in 0.74-3 upstream.
NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/
@@ -21201,12 +21245,12 @@ CVE-2019-5448
RESERVED
CVE-2019-5447
RESERVED
-CVE-2019-5446
- RESERVED
-CVE-2019-5445
- RESERVED
-CVE-2019-5444
- RESERVED
+CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an
Admin ...)
+ TODO: check
+CVE-2019-5445 (DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to
Crash ...)
+ TODO: check
+CVE-2019-5444 (Path traversal vulnerability in version up to v1.1.3 in
serve-here.js ...)
+ TODO: check
CVE-2019-5443 (A non-privileged user or program can put code and a config file
in a k ...)
- curl <not-affected> (Windows-specific build issue)
CVE-2019-5442 (XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0
results i ...)
@@ -35348,14 +35392,14 @@ CVE-2019-0332
RESERVED
CVE-2019-0331
RESERVED
-CVE-2019-0330
- RESERVED
-CVE-2019-0329
- RESERVED
-CVE-2019-0328
- RESERVED
-CVE-2019-0327
- RESERVED
+CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the
OSCommand C ...)
+ TODO: check
+CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently
encode use ...)
+ TODO: check
+CVE-2019-0328 (ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31,
7.4, 7.5) ...)
+ TODO: check
+CVE-2019-0327 (SAP NetWeaver for Java Application Server - Web Container,
(engineapi, ...)
+ TODO: check
CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI
Workspace) (Ent ...)
NOT-FOR-US: SAP
CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary
author ...)
@@ -56744,7 +56788,7 @@ CVE-2018-11693 (An issue was discovered in LibSass
through 3.5.4. An out-of-boun
NOTE:
https://github.com/sass/libsass/commit/b3374e3fd1a0c3658644d2bad24e4a0ff2e0dcea
(master)
CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650,
LBP3370, LBP3 ...)
NOT-FOR-US: Canon devices
-CVE-2018-11691 (Emerson VE6046 09.0.12 devices have hardcoded admin
credentials allowi ...)
+CVE-2018-11691 (Emerson DeltaV Smart Switch Command Center application,
available in v ...)
NOT-FOR-US: Emerson devices
CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous
versions for ...)
NOT-FOR-US: Balbooa Gridbox extension for Joomla!
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/689889caaf53562da7e6c63500243342e938eeb1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/689889caaf53562da7e6c63500243342e938eeb1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
