Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 78ea20b1 by security tracker role at 2019-08-29T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,46 +1,92 @@ -CVE-2019-15807 - - linux 5.2.6-1 - NOTE: https://git.kernel.org/linus/3b0541791453fbe7f42867e310e0c9eb6295364d -CVE-2019-15788 +CVE-2019-15812 RESERVED -CVE-2019-15787 +CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...) + TODO: check +CVE-2019-15810 RESERVED -CVE-2019-15786 +CVE-2019-15809 RESERVED -CVE-2019-15785 +CVE-2019-15808 RESERVED -CVE-2019-15784 +CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...) + TODO: check +CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...) + TODO: check +CVE-2019-15804 RESERVED -CVE-2019-15783 +CVE-2019-15803 RESERVED -CVE-2019-15782 +CVE-2019-15802 RESERVED -CVE-2019-15781 +CVE-2019-15801 RESERVED -CVE-2019-15780 +CVE-2019-15800 RESERVED -CVE-2019-15779 +CVE-2019-15799 RESERVED -CVE-2019-15778 +CVE-2019-15798 RESERVED -CVE-2019-15777 +CVE-2019-15797 RESERVED -CVE-2019-15776 +CVE-2019-15796 RESERVED -CVE-2019-15775 +CVE-2019-15795 RESERVED -CVE-2019-15774 +CVE-2019-15794 RESERVED -CVE-2019-15773 +CVE-2019-15793 RESERVED -CVE-2019-15772 +CVE-2019-15792 RESERVED -CVE-2019-15771 +CVE-2019-15791 RESERVED -CVE-2019-15770 +CVE-2019-15790 RESERVED -CVE-2019-15769 +CVE-2019-15789 RESERVED +CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...) + - linux 5.2.6-1 + NOTE: https://git.kernel.org/linus/3b0541791453fbe7f42867e310e0c9eb6295364d +CVE-2019-15788 (Clara Genomics Analysis before 0.2.0 has an integer overflow for cudap ...) + TODO: check +CVE-2019-15787 (libZetta.rs through 0.1.2 has an integer overflow in the zpool parser ...) + TODO: check +CVE-2019-15786 (ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large ...) + TODO: check +CVE-2019-15785 (FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs ...) + TODO: check +CVE-2019-15784 (Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array ov ...) + TODO: check +CVE-2019-15783 (Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. ...) + TODO: check +CVE-2019-15782 (WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or ...) + TODO: check +CVE-2019-15781 (The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. ...) + TODO: check +CVE-2019-15780 (The formidable plugin before 4.02.01 for WordPress has unsafe deserial ...) + TODO: check +CVE-2019-15779 (The insta-gallery plugin before 2.4.8 for WordPress has no nonce valid ...) + TODO: check +CVE-2019-15778 (The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. ...) + TODO: check +CVE-2019-15777 (The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/a ...) + TODO: check +CVE-2019-15776 (The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for W ...) + TODO: check +CVE-2019-15775 (The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX act ...) + TODO: check +CVE-2019-15774 (The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX acti ...) + TODO: check +CVE-2019-15773 (The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX actio ...) + TODO: check +CVE-2019-15772 (The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX ac ...) + TODO: check +CVE-2019-15771 (The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX a ...) + TODO: check +CVE-2019-15770 (The woo-address-book plugin before 1.6.0 for WordPress has save calls ...) + TODO: check +CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via a ...) + TODO: check CVE-2019-15768 RESERVED CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...) @@ -81,8 +127,8 @@ CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-cod TODO: check CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local users to ...) TODO: check -CVE-2018-21007 - RESERVED +CVE-2018-21007 (The woo-confirmation-email plugin before 3.2.0 for WordPress has no bl ...) + TODO: check CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...) TODO: check CVE-2019-15751 @@ -97,8 +143,8 @@ CVE-2019-15747 RESERVED CVE-2019-15746 RESERVED -CVE-2019-15745 - RESERVED +CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...) + TODO: check CVE-2019-15744 RESERVED CVE-2019-15743 @@ -153,8 +199,7 @@ CVE-2019-15719 RESERVED CVE-2019-15718 RESERVED -CVE-2019-15717 [Use after free when receiving duplicate CAP] - RESERVED +CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends ...) - irssi <unfixed> (bug #936074) [stretch] - irssi <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2019/08/29/3 @@ -747,8 +792,8 @@ CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel throu - linux <unfixed> CVE-2019-15503 (cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCM ...) NOT-FOR-US: AltaVoz Prontus -CVE-2019-15502 - RESERVED +CVE-2019-15502 (The TeamSpeak client before 3.3.2 allows remote servers to trigger a c ...) + TODO: check CVE-2019-15501 (Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-20 ...) TODO: check CVE-2019-15500 @@ -2322,12 +2367,12 @@ CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, the NOTE: https://github.com/ImageMagick/ImageMagick6/issues/43 NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4 (6.9.10-24) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 (6.9.10-42) -CVE-2019-14979 - RESERVED -CVE-2019-14978 - RESERVED -CVE-2019-14977 - RESERVED +CVE-2019-14979 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...) + TODO: check +CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...) + TODO: check +CVE-2019-14977 (card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugi ...) + TODO: check CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...) @@ -2347,8 +2392,7 @@ CVE-2019-14972 RESERVED CVE-2019-14971 RESERVED -CVE-2019-14970 - RESERVED +CVE-2019-14970 (A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3. ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) @@ -2408,8 +2452,7 @@ CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities] [experimental] - gitlab 11.11.8+dfsg-1 - gitlab <unfixed> (bug #934708) NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ -CVE-2019-14943 [Insecure Authentication Methods Disabled for Grafana By Default] - RESERVED +CVE-2019-14943 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...) - gitlab <not-affected> (Only affects GitLab CE/EE 12.0 and later) NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages] @@ -2913,20 +2956,17 @@ CVE-2016-10865 (The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress ha NOT-FOR-US: Lightbox Plus Colorbox plugin for WordPress CVE-2019-14779 RESERVED -CVE-2019-14778 - RESERVED +CVE-2019-14778 (The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.c ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html -CVE-2019-14777 - RESERVED +CVE-2019-14777 (The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html -CVE-2019-14776 - RESERVED +CVE-2019-14776 (A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) @@ -3505,20 +3545,17 @@ CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for th NOT-FOR-US: Neet AirStream NAS1.1 devices CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...) NOT-FOR-US: Neet AirStream NAS1.1 devices -CVE-2019-14535 - RESERVED +CVE-2019-14535 (A divide-by-zero error exists in the SeekIndex function of demux/asf/a ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html -CVE-2019-14534 - RESERVED +CVE-2019-14534 (In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer derefere ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html -CVE-2019-14533 - RESERVED +CVE-2019-14533 (The Control function of demux/asf/asf.c in VideoLAN VLC media player 3 ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) @@ -3610,8 +3647,7 @@ CVE-2019-14500 RESERVED CVE-2019-14499 RESERVED -CVE-2019-14498 - RESERVED +CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/caf.c i ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) @@ -4351,14 +4387,12 @@ CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1pa - freetype 2.6.1-0.1 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30 NOTE: https://savannah.nongnu.org/bugs/?45923 -CVE-2019-14438 - RESERVED +CVE-2019-14438 (A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/x ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html -CVE-2019-14437 - RESERVED +CVE-2019-14437 (The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) @@ -6376,8 +6410,8 @@ CVE-2019-13610 RESERVED CVE-2019-13609 RESERVED -CVE-2019-13608 - RESERVED +CVE-2019-13608 (Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000) ...) + TODO: check CVE-2014-1200 RESERVED CVE-2014-1199 @@ -12936,9 +12970,8 @@ CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs t NOTE: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e CVE-2019-11501 RESERVED -CVE-2019-11500 - RESERVED - {DSA-4510-1} +CVE-2019-11500 (In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole be ...) + {DSA-4510-1 DLA-1901-1} - dovecot 1:2.3.7.2-1 (bug #936014) NOTE: https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html NOTE: core: https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b @@ -13012,8 +13045,8 @@ CVE-2019-11478 (Jonathan Looney discovered that the TCP retransmission queue imp CVE-2019-11477 (Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs v ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 -CVE-2019-11476 - RESERVED +CVE-2019-11476 (An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2 ...) + TODO: check CVE-2019-11475 RESERVED CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...) @@ -13243,8 +13276,8 @@ CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 20 NOT-FOR-US: UliCMS CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M. ...) NOT-FOR-US: Rapid4 -CVE-2019-11396 - RESERVED +CVE-2019-11396 (An issue was discovered in Avira Free Security Suite 10. The permissiv ...) + TODO: check CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers to execu ...) NOT-FOR-US: MailCarrier CVE-2019-11394 @@ -24875,8 +24908,8 @@ CVE-2019-7308 (kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1711 NOTE: Fixed by: https://git.kernel.org/linus/979d63d50c0c0f7bc537bf821e056cc9fe5abd38 NOTE: Fixed by: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda -CVE-2019-7307 - RESERVED +CVE-2019-7307 (Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2. ...) + TODO: check CVE-2019-7306 [Apport hook may expose sensitive information] RESERVED - byobu <unfixed> (unimportant) @@ -31559,8 +31592,8 @@ CVE-2019-4538 RESERVED CVE-2019-4537 RESERVED -CVE-2019-4536 - RESERVED +CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a ...) + TODO: check CVE-2019-4535 RESERVED CVE-2019-4534 @@ -32365,10 +32398,10 @@ CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a NOT-FOR-US: IBM CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM -CVE-2019-4133 - RESERVED -CVE-2019-4132 - RESERVED +CVE-2019-4133 (IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the ...) + TODO: check +CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertl ...) + TODO: check CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...) NOT-FOR-US: IBM CVE-2019-4130 @@ -35449,8 +35482,8 @@ CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before NOT-FOR-US: Atlassian Confluence Server CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data Center bef ...) NOT-FOR-US: Atlassian Confluence Server -CVE-2019-3394 - RESERVED +CVE-2019-3394 (There was a local file disclosure vulnerability in Confluence Server a ...) + TODO: check CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerab ...) NOT-FOR-US: S3 Browser CVE-2018-20297 @@ -53259,17 +53292,17 @@ CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R NOT-FOR-US: Pulse Secure Pulse Desktop Client CVE-2018-16260 RESERVED -CVE-2018-16259 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...) +CVE-2018-16259 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...) NOT-FOR-US: WP All Import plugin for WordPress -CVE-2018-16258 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...) +CVE-2018-16258 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...) NOT-FOR-US: WP All Import plugin for WordPress -CVE-2018-16257 (There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 f ...) +CVE-2018-16257 (** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import ...) NOT-FOR-US: WP All Import plugin for WordPress -CVE-2018-16256 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...) +CVE-2018-16256 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...) NOT-FOR-US: WP All Import plugin for WordPress -CVE-2018-16255 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...) +CVE-2018-16255 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...) NOT-FOR-US: WP All Import plugin for WordPress -CVE-2018-16254 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...) +CVE-2018-16254 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...) NOT-FOR-US: WP All Import plugin for WordPress CVE-2018-16253 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...) NOT-FOR-US: axTLS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78ea20b1c9c0f657a6bb0907b21d23a1ff78375a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78ea20b1c9c0f657a6bb0907b21d23a1ff78375a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
