Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 70f0e0ad by security tracker role at 2019-08-01T20:10:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,203 +1,285 @@ -CVE-2019-14467 - RESERVED -CVE-2019-14466 - RESERVED -CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...) - - schism <unfixed> - NOTE: https://github.com/schismtracker/schismtracker/issues/198 - NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42 -CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...) - TODO: check -CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) - - libmodbus <unfixed> - NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc -CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) - - libmodbus <unfixed> - NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc -CVE-2019-14461 - RESERVED -CVE-2019-14460 - RESERVED -CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...) - TODO: check -CVE-2019-14458 - RESERVED -CVE-2019-14457 - RESERVED -CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...) - NOT-FOR-US: Opengear console server firmware -CVE-2019-14455 - RESERVED -CVE-2019-14454 - RESERVED -CVE-2013-7474 - RESERVED -CVE-2013-7473 - RESERVED -CVE-2019-14453 - RESERVED -CVE-2018-20953 - RESERVED -CVE-2018-20952 - RESERVED -CVE-2018-20951 - RESERVED -CVE-2018-20950 - RESERVED -CVE-2018-20949 - RESERVED -CVE-2018-20948 +CVE-2019-14508 RESERVED -CVE-2018-20947 +CVE-2019-14507 RESERVED -CVE-2018-20946 +CVE-2019-14506 RESERVED -CVE-2018-20945 +CVE-2019-14505 RESERVED -CVE-2018-20944 +CVE-2019-14504 RESERVED -CVE-2018-20943 +CVE-2019-14503 RESERVED -CVE-2018-20942 +CVE-2019-14502 RESERVED -CVE-2018-20941 +CVE-2019-14501 RESERVED -CVE-2018-20940 +CVE-2019-14500 RESERVED -CVE-2018-20939 +CVE-2019-14499 RESERVED -CVE-2018-20938 +CVE-2019-14498 RESERVED -CVE-2018-20937 - RESERVED -CVE-2018-20936 - RESERVED -CVE-2018-20935 - RESERVED -CVE-2018-20934 - RESERVED -CVE-2018-20933 - RESERVED -CVE-2018-20932 - RESERVED -CVE-2018-20931 - RESERVED -CVE-2018-20930 - RESERVED -CVE-2018-20929 - RESERVED -CVE-2018-20928 - RESERVED -CVE-2018-20927 - RESERVED -CVE-2018-20926 - RESERVED -CVE-2018-20925 - RESERVED -CVE-2018-20924 - RESERVED -CVE-2018-20923 - RESERVED -CVE-2018-20922 - RESERVED -CVE-2018-20921 - RESERVED -CVE-2018-20920 - RESERVED -CVE-2018-20919 - RESERVED -CVE-2018-20918 - RESERVED -CVE-2018-20917 - RESERVED -CVE-2018-20916 - RESERVED -CVE-2018-20915 - RESERVED -CVE-2018-20914 - RESERVED -CVE-2018-20913 - RESERVED -CVE-2018-20912 - RESERVED -CVE-2018-20911 - RESERVED -CVE-2018-20910 - RESERVED -CVE-2018-20909 - RESERVED -CVE-2018-20908 - RESERVED -CVE-2018-20907 - RESERVED -CVE-2018-20906 - RESERVED -CVE-2018-20905 - RESERVED -CVE-2018-20904 - RESERVED -CVE-2018-20903 - RESERVED -CVE-2018-20902 - RESERVED -CVE-2018-20901 - RESERVED -CVE-2018-20900 +CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...) + TODO: check +CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...) + TODO: check +CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...) + TODO: check +CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...) + TODO: check +CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...) + TODO: check +CVE-2019-14492 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...) + TODO: check +CVE-2019-14491 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...) + TODO: check +CVE-2019-14490 RESERVED -CVE-2018-20899 +CVE-2019-14489 RESERVED -CVE-2018-20898 +CVE-2019-14488 RESERVED -CVE-2018-20897 +CVE-2019-14487 RESERVED -CVE-2018-20896 +CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c ...) + TODO: check +CVE-2019-14485 RESERVED -CVE-2018-20895 +CVE-2019-14484 RESERVED -CVE-2018-20894 +CVE-2019-14483 RESERVED -CVE-2018-20893 +CVE-2019-14482 RESERVED -CVE-2018-20892 +CVE-2019-14481 RESERVED -CVE-2018-20891 +CVE-2019-14480 RESERVED -CVE-2018-20890 +CVE-2019-14479 RESERVED -CVE-2018-20889 +CVE-2019-14478 RESERVED -CVE-2018-20888 +CVE-2019-14477 RESERVED -CVE-2018-20887 +CVE-2019-14476 RESERVED -CVE-2018-20886 +CVE-2019-14475 RESERVED -CVE-2018-20885 +CVE-2019-14474 RESERVED -CVE-2018-20884 +CVE-2019-14473 RESERVED -CVE-2018-20883 +CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...) + TODO: check +CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...) + TODO: check +CVE-2019-14470 RESERVED -CVE-2018-20882 +CVE-2019-14469 RESERVED -CVE-2018-20881 +CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...) + TODO: check +CVE-2019-14467 RESERVED -CVE-2018-20880 +CVE-2019-14466 RESERVED -CVE-2018-20879 +CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...) + - schism <unfixed> + NOTE: https://github.com/schismtracker/schismtracker/issues/198 + NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42 +CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...) + TODO: check +CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) + - libmodbus <unfixed> + NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc +CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) + - libmodbus <unfixed> + NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc +CVE-2019-14461 RESERVED -CVE-2018-20878 +CVE-2019-14460 RESERVED -CVE-2018-20877 +CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...) + TODO: check +CVE-2019-14458 RESERVED -CVE-2018-20876 +CVE-2019-14457 RESERVED -CVE-2018-20875 +CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...) + NOT-FOR-US: Opengear console server firmware +CVE-2019-14455 RESERVED -CVE-2018-20874 +CVE-2019-14454 RESERVED -CVE-2018-20873 +CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit ...) + TODO: check +CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...) + TODO: check +CVE-2019-14453 RESERVED +CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips interface (SE ...) + TODO: check +CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use of WHM A ...) + TODO: check +CVE-2018-20951 (cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC ...) + TODO: check +CVE-2018-20950 (cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer ( ...) + TODO: check +CVE-2018-20949 (cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Incl ...) + TODO: check +CVE-2018-20948 (cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SE ...) + TODO: check +CVE-2018-20947 (cPanel before 68.0.27 allows certain file-write operations via the tel ...) + TODO: check +CVE-2018-20946 (cPanel before 68.0.27 allows attackers to read zone information becaus ...) + TODO: check +CVE-2018-20945 (bin/csvprocess in cPanel before 68.0.27 allows insecure file operation ...) + TODO: check +CVE-2018-20944 (cPanel before 68.0.27 allows attackers to read a copy of httpd.conf th ...) + TODO: check +CVE-2018-20943 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...) + TODO: check +CVE-2018-20942 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...) + TODO: check +CVE-2018-20941 (cPanel before 68.0.27 allows arbitrary file-read operations via restor ...) + TODO: check +CVE-2018-20940 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...) + TODO: check +CVE-2018-20939 (cPanel before 68.0.27 allows a user to discover contents of directorie ...) + TODO: check +CVE-2018-20938 (cPanel before 68.0.27 does not enforce ownership during addpkgext and ...) + TODO: check +CVE-2018-20937 (cPanel before 68.0.27 does not validate database and dbuser names duri ...) + TODO: check +CVE-2018-20936 (cPanel before 68.0.27 allows attackers to read the SRS secret via exim ...) + TODO: check +CVE-2018-20935 (cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone ...) + TODO: check +CVE-2018-20934 (cPanel before 70.0.23 does not prevent e-mail account suspensions from ...) + TODO: check +CVE-2018-20933 (cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action ( ...) + TODO: check +CVE-2018-20932 (cPanel before 70.0.23 exposes Apache HTTP Server logs after creation o ...) + TODO: check +CVE-2018-20931 (cPanel before 70.0.23 allows demo accounts to execute code via the Lan ...) + TODO: check +CVE-2018-20930 (cPanel before 70.0.23 allows .htaccess restrictions bypass when Htacce ...) + TODO: check +CVE-2018-20929 (cPanel before 70.0.23 allows an open redirect via the /unprotected/red ...) + TODO: check +CVE-2018-20928 (cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interf ...) + TODO: check +CVE-2018-20927 (cPanel before 70.0.23 allows jailshell escape because of incorrect cro ...) + TODO: check +CVE-2018-20926 (cPanel before 70.0.23 allows local privilege escalation via the WHM Lo ...) + TODO: check +CVE-2018-20925 (cPanel before 70.0.23 allows local privilege escalation via the WHM Le ...) + TODO: check +CVE-2018-20924 (cPanel before 70.0.23 allows arbitrary file-read and file-unlink opera ...) + TODO: check +CVE-2018-20923 (cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Reco ...) + TODO: check +CVE-2018-20922 (cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action ( ...) + TODO: check +CVE-2018-20921 (cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" ...) + TODO: check +CVE-2018-20920 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...) + TODO: check +CVE-2018-20919 (cPanel before 70.0.23 allows stored XSS via a WHM Create Account actio ...) + TODO: check +CVE-2018-20918 (cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). ...) + TODO: check +CVE-2018-20917 (cPanel before 70.0.23 allows any user to disable Solr (SEC-371). ...) + TODO: check +CVE-2018-20916 (cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-3 ...) + TODO: check +CVE-2018-20915 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...) + TODO: check +CVE-2018-20914 (In cPanel before 70.0.23, OpenID providers can inject arbitrary data i ...) + TODO: check +CVE-2018-20913 (cPanel before 70.0.23 allows attackers to read the root accesshash via ...) + TODO: check +CVE-2018-20912 (cPanel before 70.0.23 allows demo accounts to execute code via awstats ...) + TODO: check +CVE-2018-20911 (cPanel before 70.0.23 allows code execution because "." is in @INC dur ...) + TODO: check +CVE-2018-20910 (cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity ...) + TODO: check +CVE-2018-20909 (cPanel before 70.0.23 allows arbitrary file-chmod operations during le ...) + TODO: check +CVE-2018-20908 (cPanel before 71.9980.37 allows arbitrary file-read operations during ...) + TODO: check +CVE-2018-20907 (cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API ...) + TODO: check +CVE-2018-20906 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...) + TODO: check +CVE-2018-20905 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...) + TODO: check +CVE-2018-20904 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...) + TODO: check +CVE-2018-20903 (cPanel before 71.9980.37 allows self XSS in the WHM Backup Configurati ...) + TODO: check +CVE-2018-20902 (cPanel before 71.9980.37 allows attackers to read root's crontab file ...) + TODO: check +CVE-2018-20901 (cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme In ...) + TODO: check +CVE-2018-20900 (cPanel before 71.9980.37 allows stored XSS in the YUM autorepair funct ...) + TODO: check +CVE-2018-20899 (cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons install ...) + TODO: check +CVE-2018-20898 (cPanel before 71.9980.37 allows e-mail injection during cPAddons moder ...) + TODO: check +CVE-2018-20897 (cPanel before 71.9980.37 allows arbitrary file-unlink operations via t ...) + TODO: check +CVE-2018-20896 (cPanel before 71.9980.37 allows code injection in the WHM cPAddons int ...) + TODO: check +CVE-2018-20895 (In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs a ...) + TODO: check +CVE-2018-20894 (cPanel before 74.0.0 makes web-site contents accessible to other local ...) + TODO: check +CVE-2018-20893 (cPanel before 74.0.0 allows file-rename operations during account rena ...) + TODO: check +CVE-2018-20892 (cPanel before 74.0.0 allows arbitrary zone file modifications because ...) + TODO: check +CVE-2018-20891 (cPanel before 74.0.0 allows arbitrary file-read operations during File ...) + TODO: check +CVE-2018-20890 (cPanel before 74.0.0 allows arbitrary zone file modifications during r ...) + TODO: check +CVE-2018-20889 (cPanel before 74.0.0 allows certain file-read operations via password ...) + TODO: check +CVE-2018-20888 (cPanel before 74.0.0 allows file modification in the context of the ro ...) + TODO: check +CVE-2018-20887 (cPanel before 74.0.0 allows SQL injection during database backups (SEC ...) + TODO: check +CVE-2018-20886 (cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-4 ...) + TODO: check +CVE-2018-20885 (cPanel before 74.0.0 allows Apache HTTP Server configuration injection ...) + TODO: check +CVE-2018-20884 (cPanel before 74.0.0 allows stored XSS in the WHM File Restoration int ...) + TODO: check +CVE-2018-20883 (cPanel before 74.0.8 allows FTP access during account suspension (SEC- ...) + TODO: check +CVE-2018-20882 (cPanel before 74.0.8 allows arbitrary file-write operations in the con ...) + TODO: check +CVE-2018-20881 (cPanel before 74.0.8 allows self stored XSS on the Security Questions ...) + TODO: check +CVE-2018-20880 (cPanel before 74.0.8 mishandles account suspension because of an inval ...) + TODO: check +CVE-2018-20879 (cPanel before 74.0.8 allows demo accounts to execute arbitrary code vi ...) + TODO: check +CVE-2018-20878 (cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Rest ...) + TODO: check +CVE-2018-20877 (cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SE ...) + TODO: check +CVE-2018-20876 (cPanel before 74.0.8 allows self XSS in the Site Software Moderation i ...) + TODO: check +CVE-2018-20875 (cPanel before 74.0.8 allows self XSS in the WHM Security Questions int ...) + TODO: check +CVE-2018-20874 (cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" ...) + TODO: check +CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV daemon ( ...) + TODO: check CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...) NOT-FOR-US: DrayTek routers CVE-2017-18482 @@ -402,102 +484,102 @@ CVE-2017-18383 RESERVED CVE-2017-18382 RESERVED -CVE-2016-10860 - RESERVED -CVE-2016-10859 - RESERVED -CVE-2016-10858 - RESERVED -CVE-2016-10857 - RESERVED -CVE-2016-10856 - RESERVED -CVE-2016-10855 - RESERVED -CVE-2016-10854 - RESERVED -CVE-2016-10853 - RESERVED -CVE-2016-10852 - RESERVED -CVE-2016-10851 - RESERVED -CVE-2016-10850 - RESERVED -CVE-2016-10849 - RESERVED -CVE-2016-10848 - RESERVED -CVE-2016-10847 - RESERVED -CVE-2016-10846 - RESERVED -CVE-2016-10845 - RESERVED -CVE-2016-10844 - RESERVED -CVE-2016-10843 - RESERVED -CVE-2016-10842 - RESERVED -CVE-2016-10841 - RESERVED -CVE-2016-10840 - RESERVED -CVE-2016-10839 - RESERVED -CVE-2016-10838 - RESERVED -CVE-2016-10837 - RESERVED -CVE-2016-10836 - RESERVED -CVE-2016-10835 - RESERVED -CVE-2016-10834 - RESERVED -CVE-2016-10833 - RESERVED -CVE-2016-10832 - RESERVED -CVE-2016-10831 - RESERVED -CVE-2016-10830 - RESERVED -CVE-2016-10829 - RESERVED -CVE-2016-10828 - RESERVED -CVE-2016-10827 - RESERVED -CVE-2016-10826 - RESERVED -CVE-2016-10825 - RESERVED -CVE-2016-10824 - RESERVED -CVE-2016-10823 - RESERVED -CVE-2016-10822 - RESERVED -CVE-2016-10821 - RESERVED -CVE-2016-10820 - RESERVED -CVE-2016-10819 - RESERVED -CVE-2016-10818 - RESERVED -CVE-2016-10817 - RESERVED -CVE-2016-10816 - RESERVED -CVE-2016-10815 - RESERVED -CVE-2016-10814 - RESERVED -CVE-2016-10813 - RESERVED +CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the ...) + TODO: check +CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...) + TODO: check +CVE-2016-10858 (cPanel before 11.54.0.0 allows unauthenticated arbitrary code executio ...) + TODO: check +CVE-2016-10857 (cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (S ...) + TODO: check +CVE-2016-10856 (cPanel before 11.54.0.0 allows subaccounts to discover sensitive data ...) + TODO: check +CVE-2016-10855 (cPanel before 11.54.0.4 allows unauthenticated arbitrary code executio ...) + TODO: check +CVE-2016-10854 (cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner inter ...) + TODO: check +CVE-2016-10853 (cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager i ...) + TODO: check +CVE-2016-10852 (cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsyst ...) + TODO: check +CVE-2016-10851 (cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration e ...) + TODO: check +CVE-2016-10850 (cPanel before 11.54.0.4 allows arbitrary code execution via scripts/sy ...) + TODO: check +CVE-2016-10849 (cPanel before 11.54.0.4 allows certain file-chmod operations in script ...) + TODO: check +CVE-2016-10848 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in ...) + TODO: check +CVE-2016-10847 (cPanel before 11.54.0.4 allows arbitrary file-read and file-write oper ...) + TODO: check +CVE-2016-10846 (cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod ope ...) + TODO: check +CVE-2016-10845 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in ...) + TODO: check +CVE-2016-10844 (The chcpass script in cPanel before 11.54.0.4 reveals a password hash ...) + TODO: check +CVE-2016-10843 (cPanel before 11.54.0.4 allows code execution in the context of shared ...) + TODO: check +CVE-2016-10842 (cPanel before 11.54.0.4 allows certain file-read operations in bin/set ...) + TODO: check +CVE-2016-10841 (The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses pas ...) + TODO: check +CVE-2016-10840 (cPanel before 11.54.0.4 allows arbitrary code execution during locale ...) + TODO: check +CVE-2016-10839 (cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usern ...) + TODO: check +CVE-2016-10838 (cPanel before 11.54.0.4 allows arbitrary file-read operations via the ...) + TODO: check +CVE-2016-10837 (cPanel before 11.54.0.4 allows arbitrary code execution because of an ...) + TODO: check +CVE-2016-10836 (cPanel before 55.9999.141 allows arbitrary file-read operations during ...) + TODO: check +CVE-2016-10835 (cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account ...) + TODO: check +CVE-2016-10834 (cPanel before 55.9999.141 allows account-suspension bypass via ftp (SE ...) + TODO: check +CVE-2016-10833 (cPanel before 55.9999.141 mishandles username-based blocking for PRE r ...) + TODO: check +CVE-2016-10832 (cPanel before 55.9999.141 allows FTP cPHulk bypass via account name mu ...) + TODO: check +CVE-2016-10831 (cPanel before 55.9999.141 does not perform as two-factor authenticatio ...) + TODO: check +CVE-2016-10830 (cPanel before 55.9999.141 allows ACL bypass for AppConfig applications ...) + TODO: check +CVE-2016-10829 (cPanel before 55.9999.141 allows arbitrary file-read operations becaus ...) + TODO: check +CVE-2016-10828 (cPanel before 55.9999.141 allows arbitrary code execution because of a ...) + TODO: check +CVE-2016-10827 (cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Ma ...) + TODO: check +CVE-2016-10826 (cPanel before 55.9999.141 allows attackers to bypass Two Factor Authen ...) + TODO: check +CVE-2016-10825 (cPanel before 55.9999.141 allows attackers to bypass a Security Policy ...) + TODO: check +CVE-2016-10824 (cPanel before 55.9999.141 allows unauthenticated arbitrary code execut ...) + TODO: check +CVE-2016-10823 (cPanel before 55.9999.141 allows arbitrary code execution in the conte ...) + TODO: check +CVE-2016-10822 (cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Imag ...) + TODO: check +CVE-2016-10821 (In cPanel before 55.9999.141, Scripts/addpop reveals a command-line pa ...) + TODO: check +CVE-2016-10820 (cPanel before 55.9999.141 allows daemons to access their controlling T ...) + TODO: check +CVE-2016-10819 (In cPanel before 57.9999.54, user log files become world-readable when ...) + TODO: check +CVE-2016-10818 (cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsa ...) + TODO: check +CVE-2016-10817 (cPanel before 57.9999.54 allows SQL Injection via the ModSecurity Tail ...) + TODO: check +CVE-2016-10816 (cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary ...) + TODO: check +CVE-2016-10815 (cPanel before 57.9999.54 allows arbitrary file-read operations for Web ...) + TODO: check +CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_template.sto ...) + TODO: check +CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...) + TODO: check CVE-2016-10812 RESERVED CVE-2016-10811 @@ -590,8 +672,8 @@ CVE-2016-10768 RESERVED CVE-2016-10767 RESERVED -CVE-2015-9291 - RESERVED +CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read operatio ...) + TODO: check CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...) - sigil <unfixed> NOTE: https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4 @@ -887,20 +969,20 @@ CVE-2019-14340 RESERVED CVE-2019-14339 RESERVED -CVE-2019-14338 - RESERVED -CVE-2019-14337 - RESERVED -CVE-2019-14336 - RESERVED +CVE-2019-14338 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) + TODO: check +CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) + TODO: check +CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) + TODO: check CVE-2019-14335 RESERVED -CVE-2019-14334 - RESERVED -CVE-2019-14333 - RESERVED -CVE-2019-14332 - RESERVED +CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP ...) + TODO: check +CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) + TODO: check +CVE-2019-14332 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) + TODO: check CVE-2019-14331 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...) NOT-FOR-US: EspoCRM CVE-2019-14330 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...) @@ -1132,8 +1214,8 @@ CVE-2019-14261 RESERVED CVE-2019-14260 RESERVED -CVE-2019-14259 - RESERVED +CVE-2019-14259 (On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a comma ...) + TODO: check CVE-2019-14258 RESERVED CVE-2019-14257 @@ -3633,8 +3715,8 @@ CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetche - ruby-mini-magick 4.9.2-1.1 (bug #931932) CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowplayer ...) NOT-FOR-US: FolioVision FV Flowplayer Video Player plugin for WordPress -CVE-2019-13572 - RESERVED +CVE-2019-13572 (The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL ...) + TODO: check CVE-2019-13571 (A SQL injection vulnerability exists in the Vsourz Digital Advanced CF ...) NOT-FOR-US: Vsourz Digital Advanced CF7 DB plugin for WordPress CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...) @@ -5166,6 +5248,7 @@ CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) libr CVE-2019-12971 (BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload ...) NOT-FOR-US: BKS EBK Ethernet-Buskoppler Pro CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...) + {DLA-1868-1} - squirrelmail <removed> NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt NOTE: https://sourceforge.net/p/squirrelmail/code/14828/ @@ -16059,8 +16142,8 @@ CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7 NOT-FOR-US: b3log Symphony (aka Sym) CVE-2019-9141 RESERVED -CVE-2019-9140 - RESERVED +CVE-2019-9140 (When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earl ...) + TODO: check CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...) NOT-FOR-US: DaviewIndy CVE-2019-9138 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...) @@ -20648,7 +20731,7 @@ CVE-2019-7319 RESERVED CVE-2019-7318 RESERVED -CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free because ...) +CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...) {DSA-4451-1 DSA-4448-1 DSA-4435-1 DLA-1806-1 DLA-1800-1} - libpng1.6 1.6.36-4 (bug #921355) [experimental] - firefox 67.0-1 @@ -28569,8 +28652,7 @@ CVE-2019-3892 REJECTED CVE-2019-3891 (It was discovered that a world-readable log file belonging to Candlepi ...) NOT-FOR-US: Candlepin -CVE-2019-3890 - RESERVED +CVE-2019-3890 (It was discovered evolution-ews before 3.31.3 does not check the valid ...) [experimental] - evolution-ews 3.31.90-1 - evolution-ews 3.30.5-1.1 (bug #926712) [stretch] - evolution-ews <no-dsa> (Minor issue) @@ -28612,8 +28694,7 @@ CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and including NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html -CVE-2019-3884 - RESERVED +CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of atomic-o ...) NOT-FOR-US: atomic-openshift CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...) {DLA-1779-1} @@ -40665,8 +40746,8 @@ CVE-2019-0195 RESERVED CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...) NOT-FOR-US: Apache Camel -CVE-2019-0193 - RESERVED +CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module ...) + TODO: check CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config ...) - lucene-solr <not-affected> (vulnerable code is not present) NOTE: https://issues.apache.org/jira/browse/SOLR-13301 @@ -60266,7 +60347,7 @@ CVE-2018-11894 (In all android releases (Android for MSM, Firefox OS for MSM, QR CVE-2018-11893 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11892 - RESERVED + REJECTED CVE-2018-11891 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11890 @@ -63163,8 +63244,7 @@ CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before ver - network-manager-vpnc 1.2.6-1 (bug #904255) NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3 NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12 -CVE-2018-10899 - RESERVED +CVE-2018-10899 (A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affecte ...) NOT-FOR-US: Jolokia CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before v ...) - tripleo-heat-templates <removed> @@ -179660,8 +179740,7 @@ CVE-2015-7560 (The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.2 {DSA-3514-1} - samba 2:4.3.6+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2015-7560.html -CVE-2015-7559 [DoS in client via shutdown command] - RESERVED +CVE-2015-7559 (It was found that the Apache ActiveMQ client before 5.15.5 exposed a r ...) {DLA-913-1} - activemq 5.14.3-3 (bug #860866) [jessie] - activemq 5.6.0+dfsg1-4+deb8u3 @@ -205892,8 +205971,7 @@ CVE-2014-8184 [stack-based buffer overflow in findTable()] NOTE: Fixed in merge: https://github.com/liblouis/liblouis/commit/dc97ef791a4fae9da11592c79f9f79e010596e0c#diff-7ade83431f79d2120c82012aee3b05c9L4524 NOTE: CVE is for several buffer overflows in the findTable function, cf. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c7 -CVE-2014-8183 - RESERVED +CVE-2014-8183 (It was found that foreman, versions 1.x.x before 1.15.6, in Satellite ...) NOT-FOR-US: Red Hat Satellite CVE-2014-8182 [crash in ldap_domain2hostlist when processing SRV records] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70f0e0ad76d2891cbd1829eeb2493198f79d0f76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70f0e0ad76d2891cbd1829eeb2493198f79d0f76 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
