Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc233f43 by security tracker role at 2019-07-19T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-13984 (Directus 7 API before 2.3.0 does not validate uploaded files.
Regardle ...)
+ TODO: check
+CVE-2019-13983 (Directus 7 API before 2.2.2 has insufficient anti-automation,
as demon ...)
+ TODO: check
+CVE-2019-13982 (interfaces/markdown/input.vue in Directus 7 Application before
7.7.0 d ...)
+ TODO: check
+CVE-2019-13981 (In Directus 7 API through 2.3.0, remote attackers can read
image files ...)
+ TODO: check
+CVE-2019-13980 (In Directus 7 API through 2.3.0, uploading of PHP files is
blocked onl ...)
+ TODO: check
+CVE-2019-13979 (In Directus 7 API before 2.2.1, uploading of PHP files is not
blocked, ...)
+ TODO: check
CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an
index.php ...)
NOT-FOR-US: Ovidentia
CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups,
tg=maildoms&id ...)
@@ -52,12 +64,12 @@ CVE-2019-13954
RESERVED
CVE-2019-13953
RESERVED
-CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has
a stack ...)
+CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before
2.4.3 and ...)
- gdnsd <unfixed> (unimportant; bug #932407)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
NOTE: No security impact, data is under administrative control
NOTE: Patches:
https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786
-CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has
a stack ...)
+CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x
before 3.2.1 ...)
- gdnsd <not-affected> (Vulnerable code not present, introduced in 3.x)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
NOTE: No security impact, data is under administrative control
@@ -667,8 +679,8 @@ CVE-2019-13650
RESERVED
CVE-2019-13649
RESERVED
-CVE-2019-13648
- RESERVED
+CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform,
when hardwa ...)
+ TODO: check
CVE-2018-20853
RESERVED
CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress
allows XSS ...)
@@ -1985,6 +1997,7 @@ CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in
Nuxt.js before 2.6.2, mis
CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress
allows XSS vi ...)
NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2019-13504 (There is an out-of-bounds read in
Exiv2::MrwImage::readMetadata in mrw ...)
+ {DLA-1855-1}
- exiv2 <unfixed> (low; bug #932467)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
@@ -3409,10 +3422,10 @@ CVE-2019-12948
RESERVED
CVE-2019-12947
RESERVED
-CVE-2019-12946
- RESERVED
+CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via
EventSearchByState.aspx an ...)
+ TODO: check
CVE-2019-12945
- RESERVED
+ REJECTED
CVE-2019-12944
RESERVED
CVE-2019-12943
@@ -3722,10 +3735,10 @@ CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
NOT-FOR-US: Craft CMS
CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before
5.0.1, a he ...)
NOT-FOR-US: Embedthis GoAhead
-CVE-2019-12821
- RESERVED
-CVE-2019-12820
- RESERVED
+CVE-2019-12821 (A vulnerability was found in the app 2.0 of the Shenzhen
Jisiwei i3 ro ...)
+ TODO: check
+CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen
Jisiwei i3 ro ...)
+ TODO: check
CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel
before 5.1. ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -4555,7 +4568,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1.
There is a NULL pointer d
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE:
https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
-CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 could allow an
unauthenticated, re ...)
+CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault
leading t ...)
NOT-FOR-US: BACnet Protocol Stack
CVE-2019-12479
RESERVED
@@ -4647,8 +4660,8 @@ CVE-2019-12455 (** DISPUTED ** An issue was discovered in
sunxi_divs_clk_setup i
NOTE: No/negligible security impact
CVE-2019-12454 (** DISPUTED ** An issue was discovered in
wcd9335_codec_enable_dec in ...)
- linux <not-affected> (Vulnerable code not present, introduced in
5.1-rc1)
-CVE-2019-12453
- RESERVED
+CVE-2019-12453 (In MicroStrategy Web before 10.1 patch 10, stored XSS is
possible in t ...)
+ TODO: check
CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11,
when the -- ...)
NOT-FOR-US: Containous Traefik
CVE-2019-12451
@@ -4844,7 +4857,7 @@ CVE-2019-12386
RESERVED
CVE-2019-12385
RESERVED
-CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9 might allow
attackers to h ...)
+CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow
attackers to ...)
{DLA-1831-1}
- jackson-databind 2.9.8-3 (bug #930750)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2334
@@ -5380,8 +5393,8 @@ CVE-2019-12195 (TP-Link TL-WR840N v5 00000005 devices
allow XSS via the network
NOT-FOR-US: TP-Link
CVE-2019-12194
RESERVED
-CVE-2019-12193
- RESERVED
+CVE-2019-12193 (H3C H3Cloud OS all versions allows SQL injection via the
ear/grid_even ...)
+ TODO: check
CVE-2019-12192
RESERVED
CVE-2019-12191
@@ -7042,10 +7055,10 @@ CVE-2019-11556
RESERVED
CVE-2019-11554
RESERVED
-CVE-2019-11553
- RESERVED
-CVE-2019-11552
- RESERVED
+CVE-2019-11553 (Code42 for Enterprise through 6.8.4 has Incorrect Access
Control. ...)
+ TODO: check
+CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client
version 6.7 ...)
+ TODO: check
CVE-2019-11551
RESERVED
CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x
before ...)
@@ -11543,26 +11556,26 @@ CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and
earlier is affected by: In
NOT-FOR-US: ONOS
CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL
Injection. T ...)
NOT-FOR-US: ONOS
-CVE-2019-1010247
- RESERVED
+CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is
affected by: Cr ...)
+ TODO: check
CVE-2019-1010246 (MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9
is affecte ...)
TODO: check
-CVE-2019-1010245
- RESERVED
+CVE-2019-1010245 (The Linux Foundation ONOS SDN Controller 1.15 and earlier
versions is ...)
+ TODO: check
CVE-2019-1010244
RESERVED
CVE-2019-1010243
RESERVED
CVE-2019-1010242
RESERVED
-CVE-2019-1010241
- RESERVED
+CVE-2019-1010241 (Jenkins Credentials Binding Plugin Jenkins 1.17 is affected
by: CWE-25 ...)
+ TODO: check
CVE-2019-1010240
RESERVED
-CVE-2019-1010239
- RESERVED
-CVE-2019-1010238
- RESERVED
+CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check
for Unusua ...)
+ TODO: check
+CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow.
The impact ...)
+ TODO: check
CVE-2019-1010237
RESERVED
CVE-2019-1010236
@@ -11735,8 +11748,8 @@ CVE-2019-1010153
RESERVED
CVE-2019-1010152
RESERVED
-CVE-2019-1010151
- RESERVED
+CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to
getshell. ...)
+ TODO: check
CVE-2019-1010150
RESERVED
CVE-2019-1010149
@@ -11753,8 +11766,8 @@ CVE-2019-1010144
RESERVED
CVE-2019-1010143
RESERVED
-CVE-2019-1010142
- RESERVED
+CVE-2019-1010142 (scapy 2.4.0 is affected by: Denial of Service. The impact
is: infinite ...)
+ TODO: check
CVE-2019-1010141
RESERVED
CVE-2019-1010140
@@ -11765,8 +11778,8 @@ CVE-2019-1010138
RESERVED
CVE-2019-1010137
RESERVED
-CVE-2019-1010136
- RESERVED
+CVE-2019-1010136 (ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by:
Incorrect Access ...)
+ TODO: check
CVE-2019-1010135
RESERVED
CVE-2019-1010134
@@ -11811,8 +11824,8 @@ CVE-2019-1010115
RESERVED
CVE-2019-1010114
RESERVED
-CVE-2019-1010113
- RESERVED
+CVE-2019-1010113 (Premium Software CLEditor 1.4.5 and earlier is affected by:
Cross Site ...)
+ TODO: check
CVE-2019-1010112 (OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site
Request Fo ...)
NOT-FOR-US: OECMS
CVE-2019-1010111
@@ -11835,10 +11848,10 @@ CVE-2019-1010103
RESERVED
CVE-2019-1010102
RESERVED
-CVE-2019-1010101
- RESERVED
-CVE-2019-1010100
- RESERVED
+CVE-2019-1010101 (Akeo Consulting Rufus 3.0 and earlier is affected by:
Insecure Permiss ...)
+ TODO: check
+CVE-2019-1010100 (Akeo Consulting Rufus 3.0 and earlier is affected by: DLL
search order ...)
+ TODO: check
CVE-2019-1010099
RESERVED
CVE-2019-1010098
@@ -12641,7 +12654,7 @@ CVE-2019-9735 (An issue was discovered in the iptables
firewall module in OpenSt
- neutron 2:13.0.2-13 (bug #924508)
[jessie] - neutron <not-affected> (Vulnerable code not present, all
supported protocols are handled correctly)
NOTE: https://launchpad.net/bugs/1818385
-CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5 writes POST and GET
parameters (i ...)
+CVE-2019-9734 (Aquarius CMS through 4.3.5 writes POST and GET parameters
(including p ...)
NOT-FOR-US: aquaverde Aquarius CMS
CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default,
the ac ...)
NOT-FOR-US: JFrog Artifactory
@@ -35862,8 +35875,8 @@ CVE-2019-1169
RESERVED
CVE-2019-1168
RESERVED
-CVE-2019-1167
- RESERVED
+CVE-2019-1167 (A security feature bypass vulnerability exists in Windows
Defender App ...)
+ TODO: check
CVE-2019-1166
RESERVED
CVE-2019-1165
@@ -43018,8 +43031,8 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows
a sandbox escape via "py
- python-virtualenv <unfixed> (unimportant)
NOTE: https://github.com/pypa/virtualenv/issues/1207
NOTE: No real security impact. 3rd party requested CVE rejection
-CVE-2018-17792
- RESERVED
+CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
+ TODO: check
CVE-2018-17791
RESERVED
CVE-2018-17790
@@ -176729,8 +176742,8 @@ CVE-2015-7899 (The com_content component in Joomla!
3.x before 3.4.5 does not pr
NOT-FOR-US: Joomla!
CVE-2015-7883
RESERVED
-CVE-2015-7882
- RESERVED
+CVE-2015-7882 (Improper handling of LDAP authentication in MongoDB Server
versions 3. ...)
+ TODO: check
CVE-2015-7881 (The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows
remote a ...)
NOT-FOR-US: Colorbox module for Drupal
CVE-2015-7880 (The Entity Registration module 7.x-1.x before 7.x-1.5 for
Drupal allow ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc233f43b841c9ec3cce06b81ef550f324fca179
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc233f43b841c9ec3cce06b81ef550f324fca179
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
