Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a29f25a0 by security tracker role at 2019-07-16T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a
heap-bas ...)
+ TODO: check
+CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
+ TODO: check
+CVE-2019-13615 (VideoLAN VLC media player 3.0.7.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2019-13614
+ RESERVED
+CVE-2019-13613
+ RESERVED
+CVE-2019-13612 (MDaemon Email Server 19 skips SpamAssassin checks by default
for e-mai ...)
+ TODO: check
CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2.
There is a C ...)
- python-engineio <unfixed>
NOTE: https://github.com/miguelgrinberg/python-engineio/issues/128
@@ -997,12 +1011,12 @@ CVE-2019-13607
RESERVED
CVE-2019-13606
RESERVED
-CVE-2019-13605
- RESERVED
+CVE-2019-13605 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to
0.9.8.8 ...)
+ TODO: check
CVE-2019-13604 (There is a short key vulnerability in HID Global
DigitalPersona (forme ...)
NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader
-CVE-2019-13603
- RESERVED
+CVE-2019-13603 (An issue was discovered in the HID Global DigitalPersona
(formerly Cro ...)
+ TODO: check
CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in
modules/demux/mp4/mp4. ...)
- vlc 3.0.7.1-2 (bug #932131)
NOTE:
https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
@@ -1479,8 +1493,8 @@ CVE-2019-13385
RESERVED
CVE-2019-13384
RESERVED
-CVE-2019-13383
- RESERVED
+CVE-2019-13383 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846,
the Login ...)
+ TODO: check
CVE-2019-13382
RESERVED
CVE-2019-13381
@@ -1525,10 +1539,10 @@ CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer
overflow in add_variable i
NOT-FOR-US: Codedoc
CVE-2019-13361
RESERVED
-CVE-2019-13360
- RESERVED
-CVE-2019-13359
- RESERVED
+CVE-2019-13360 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836,
remote at ...)
+ TODO: check
+CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a
cwpsrv- ...)
+ TODO: check
CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that
allows ...)
NOT-FOR-US: OpenCats
CVE-2019-13357
@@ -2155,8 +2169,8 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an
xsl:number with certain forma
NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
CVE-2019-13116
RESERVED
-CVE-2019-13115
- RESERVED
+CVE-2019-13115 (In libssh2 before 1.9.0,
kex_method_diffie_hellman_group_exchange_sha2 ...)
+ TODO: check
CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server
to cause ...)
- exiv2 <unfixed> (low)
[buster] - exiv2 <ignored> (Minor issue)
@@ -2485,22 +2499,22 @@ CVE-2019-12994
RESERVED
CVE-2019-12993
RESERVED
-CVE-2019-12992
- RESERVED
-CVE-2019-12991
- RESERVED
-CVE-2019-12990
- RESERVED
-CVE-2019-12989
- RESERVED
-CVE-2019-12988
- RESERVED
-CVE-2019-12987
- RESERVED
-CVE-2019-12986
- RESERVED
-CVE-2019-12985
- RESERVED
+CVE-2019-12992 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
+CVE-2019-12991 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
+CVE-2019-12990 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
+CVE-2019-12989 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
+CVE-2019-12988 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
+CVE-2019-12987 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
+CVE-2019-12986 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
+CVE-2019-12985 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
+ TODO: check
CVE-2019-12984 (A NULL pointer dereference vulnerability in the function
nfc_genl_deac ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/385097a3675749cbc9e97c085c0e5dfe4269ca51
@@ -2905,8 +2919,8 @@ CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6
for Jira allows an atta
NOT-FOR-US: Bobronix JEditor editor for Jira
CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled
out-of-bounds ...)
NOT-FOR-US: Leanify
-CVE-2019-12834
- RESERVED
+CVE-2019-12834 (In HT2 Labs Learning Locker 3.15.1, it's possible to inject
malicious ...)
+ TODO: check
CVE-2019-12833
RESERVED
CVE-2019-12832
@@ -3215,7 +3229,7 @@ CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby
allows XSS. ...)
NOT-FOR-US: Chartkick Ruby gem
CVE-2019-12731 (The Windows versions of Snapview Mikogo, versions before
5.10.2 are af ...)
NOT-FOR-US: Snapview Mikogo
-CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14
does not ...)
+CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14
and 4.x ...)
{DSA-4449-1}
- ffmpeg <unfixed> (low)
[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x
branch)
@@ -9679,14 +9693,12 @@ CVE-2019-10192 (A heap-buffer overflow vulnerability
was found in the Redis hype
NOTE:
https://github.com/antirez/redis/commit/9f13b2bd4967334b1701c6eccdf53760cb13f79e
NOTE:
https://github.com/antirez/redis/commit/ef1833b3f9d02261617b757fd6ebe0ec3f1be507
(5.0.4)
NOTE:
https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f
(5.0.4)
-CVE-2019-10191 [do not cache negative answer with forged QNAME+QTYPE]
- RESERVED
+CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot
resolver before ...)
- knot-resolver <unfixed> (bug #932048)
NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839
NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
-CVE-2019-10190 [do not pass bogus negative answer to client]
- RESERVED
+CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of
knot resol ...)
- knot-resolver <unfixed> (bug #932048)
NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827
@@ -10654,12 +10666,12 @@ CVE-2019-1010294 (Linaro/OP-TEE OP-TEE 3.3.0 and
earlier is affected by: Roundin
TODO: check
CVE-2019-1010293 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by:
Boundary crossi ...)
TODO: check
-CVE-2019-1010292
- RESERVED
+CVE-2019-1010292 (Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by:
Boundary ...)
+ TODO: check
CVE-2019-1010291
RESERVED
-CVE-2019-1010290
- RESERVED
+CVE-2019-1010290 (Babel: Multilingual site Babel All is affected by: Open
Redirection. T ...)
+ TODO: check
CVE-2019-1010289
RESERVED
CVE-2019-1010288
@@ -11114,12 +11126,11 @@ CVE-2019-1010064
RESERVED
CVE-2019-1010063
RESERVED
-CVE-2019-1010062
- RESERVED
+CVE-2019-1010062 (PluckCMS 4.7.4 and earlier is affected by: CWE-434
Unrestricted Upload ...)
+ TODO: check
CVE-2019-1010061
- RESERVED
-CVE-2019-1010060 [issues in cfitsio not covered by CVE-2018-3846,
CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849]
- RESERVED
+ REJECTED
+CVE-2019-1010060 (NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow.
The impact ...)
- cfitsio 3.430-1 (low; bug #892458)
[stretch] - cfitsio <no-dsa> (Minor issue)
NOTE: The issue is specifically to other issues not covered by
CVE-2018-3846,
@@ -11130,8 +11141,8 @@ CVE-2019-1010059
RESERVED
CVE-2019-1010058
RESERVED
-CVE-2019-1010057
- RESERVED
+CVE-2019-1010057 (nfdump 1.6.16 and earlier is affected by: Buffer Overflow.
The impact ...)
+ TODO: check
CVE-2019-1010056
RESERVED
CVE-2019-1010055
@@ -11148,8 +11159,8 @@ CVE-2019-1010050
RESERVED
CVE-2019-1010049
RESERVED
-CVE-2019-1010048
- RESERVED
+CVE-2019-1010048 (UPX 3.95 is affected by: Integer Overflow. The impact is:
attacker can ...)
+ TODO: check
CVE-2019-1010047
RESERVED
CVE-2019-1010046
@@ -11158,9 +11169,10 @@ CVE-2019-1010045
RESERVED
CVE-2019-1010044 (borg-reducer c6d5240 is affected by: Buffer Overflow. The
impact is: P ...)
TODO: check
-CVE-2019-1010043
- RESERVED
-CVE-2019-1010042 (couchcms 2 is affected by: Web Site physical path leakage.
The impact ...)
+CVE-2019-1010043 (Quake3e < 5ed740d is affected by: Buffer Overflow. The
impact is: P ...)
+ TODO: check
+CVE-2019-1010042
+ REJECTED
NOT-FOR-US: CouchCMS
CVE-2019-1010041
RESERVED
@@ -11216,8 +11228,8 @@ CVE-2019-1010020
RESERVED
CVE-2019-1010019
RESERVED
-CVE-2019-1010018
- RESERVED
+CVE-2019-1010018 (Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross
Site Script ...)
+ TODO: check
CVE-2019-1010017 (libnmap < v0.6.3 is affected by: XML Injection. The
impact is: Deni ...)
- python-libnmap <unfixed> (low)
[buster] - python-libnmap <no-dsa> (Minor issue)
@@ -11925,8 +11937,8 @@ CVE-2019-9702 (Symantec Endpoint Encryption, prior to
SEE 11.3.0, may be suscept
NOT-FOR-US: Symantec
CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a
cross-site ...)
NOT-FOR-US: DLP (Symantec)
-CVE-2019-9700
- RESERVED
+CVE-2019-9700 (Norton Password Manager, prior to 6.3.0.2082, may be
susceptible to an ...)
+ TODO: check
CVE-2019-9699
RESERVED
CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to
an arbit ...)
@@ -20844,8 +20856,8 @@ CVE-2019-6162
RESERVED
CVE-2019-6161
RESERVED
-CVE-2019-6160
- RESERVED
+CVE-2019-6160 (A vulnerability in various versions of Iomega and LenovoEMC NAS
produc ...)
+ TODO: check
CVE-2019-6159
RESERVED
CVE-2019-6158 (An internal product security audit of Lenovo XClarity
Administrator (L ...)
@@ -33255,10 +33267,10 @@ CVE-2019-1578 (Cross-site scripting vulnerability in
Palo Alto Networks MineMeld
NOT-FOR-US: Palo Alto Networks MineMeld
CVE-2019-1577 (Code injection vulnerability in Palo Alto Networks Traps 5.0.5
and ear ...)
NOT-FOR-US: Palo Alto Networks Traps
-CVE-2019-1576
- RESERVED
-CVE-2019-1575
- RESERVED
+CVE-2019-1576 (Command injection in PAN-0S 9.0.2 and earlier may allow an
authenticat ...)
+ TODO: check
+CVE-2019-1575 (Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS
8.0.18 and ...)
+ TODO: check
CVE-2019-1574 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks
Expedit ...)
NOT-FOR-US: Palo Alto Networks Expedition Migration tool
CVE-2019-1573 (GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent
4.1.10 a ...)
@@ -34134,8 +34146,8 @@ CVE-2018-19631
RESERVED
CVE-2018-19630 (cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and
LEDE throu ...)
NOT-FOR-US: uhttpd (in OpenWRT and LEDE)
-CVE-2018-19629
- RESERVED
+CVE-2018-19629 (A Denial of Service vulnerability in the ImageNow Server
service in Hy ...)
+ TODO: check
CVE-2018-19628 (In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could
crash. Thi ...)
{DSA-4359-1}
- wireshark 2.6.5-1
@@ -53251,8 +53263,8 @@ CVE-2018-13444 (An issue was discovered in SeaCMS 6.61.
There is a CSRF vulnerab
NOT-FOR-US: SeaCMS
CVE-2018-13443 (EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a
crafted was ...)
NOT-FOR-US: EOS.IO jit-wasm
-CVE-2018-13442
- RESERVED
+CVE-2018-13442 (SolarWinds Network Performance Monitor 12.3 allows SQL
Injection via t ...)
+ TODO: check
CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a
NULL po ...)
- nagios4 4.3.4-3 (low; bug #917160)
NOTE:
https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a29f25a0311507a2038cb25177c3c8b13fb68f4b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a29f25a0311507a2038cb25177c3c8b13fb68f4b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
