[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 10 Sep 2019 01:11:20 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c394d5e8 by security tracker role at 2019-09-10T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,89 @@
-CVE-2019-16187
+CVE-2019-16200
        RESERVED
-CVE-2019-16186
+CVE-2019-16199
        RESERVED
-CVE-2019-16185
+CVE-2019-16198
        RESERVED
-CVE-2019-16184
+CVE-2019-16197
        RESERVED
-CVE-2019-16183
+CVE-2019-16196
        RESERVED
-CVE-2019-16182
+CVE-2019-16195
        RESERVED
-CVE-2019-16181
+CVE-2019-16194
        RESERVED
-CVE-2019-16180
+CVE-2019-16193
        RESERVED
-CVE-2019-16179
+CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php 
in DocCms ...)
+       TODO: check
+CVE-2019-16191
+       RESERVED
+CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, 
DIR-885L RE ...)
+       TODO: check
+CVE-2019-16189
+       RESERVED
+CVE-2019-16188
+       RESERVED
+CVE-2017-18611
+       RESERVED
+CVE-2017-18610
+       RESERVED
+CVE-2017-18609
+       RESERVED
+CVE-2017-18608
+       RESERVED
+CVE-2017-18607
+       RESERVED
+CVE-2017-18606
+       RESERVED
+CVE-2017-18605
+       RESERVED
+CVE-2017-18604
+       RESERVED
+CVE-2017-18603
+       RESERVED
+CVE-2017-18602
        RESERVED
-CVE-2019-16178
+CVE-2017-18601
        RESERVED
-CVE-2019-16177
+CVE-2017-18600
        RESERVED
-CVE-2019-16176
+CVE-2017-18599
        RESERVED
-CVE-2019-16175
+CVE-2017-18598
        RESERVED
-CVE-2019-16174
+CVE-2017-18597
        RESERVED
+CVE-2017-18596
+       RESERVED
+CVE-2019-16187 (Limesurvey before 3.17.14 uses an anti-CSRF cookie without the 
HttpOnl ...)
+       TODO: check
+CVE-2019-16186 (In Limesurvey before 3.17.14, admin users can access the 
plugin manage ...)
+       TODO: check
+CVE-2019-16185 (In Limesurvey before 3.17.14, admin users can view, update, or 
delete  ...)
+       TODO: check
+CVE-2019-16184 (A CSV injection vulnerability was found in Limesurvey before 
3.17.14 t ...)
+       TODO: check
+CVE-2019-16183 (In Limesurvey before 3.17.14, admin users can run an integrity 
check w ...)
+       TODO: check
+CVE-2019-16182 (A reflected cross-site scripting (XSS) vulnerability was found 
in Lime ...)
+       TODO: check
+CVE-2019-16181 (In Limesurvey before 3.17.14, admin users can mark other 
users' notifi ...)
+       TODO: check
+CVE-2019-16180 (Limesurvey before 3.17.14 allows remote attackers to 
bruteforce the lo ...)
+       TODO: check
+CVE-2019-16179 (Limesurvey before 3.17.14 does not enforce SSL/TLS usage in 
the defaul ...)
+       TODO: check
+CVE-2019-16178 (A stored cross-site scripting (XSS) vulnerability was found in 
Limesur ...)
+       TODO: check
+CVE-2019-16177 (In Limesurvey before 3.17.14, the entire database is exposed 
through b ...)
+       TODO: check
+CVE-2019-16176 (A path disclosure vulnerability was found in Limesurvey before 
3.17.14 ...)
+       TODO: check
+CVE-2019-16175 (A clickjacking vulnerability was found in Limesurvey before 
3.17.14. ...)
+       TODO: check
+CVE-2019-16174 (An XML injection vulnerability was found in Limesurvey before 
3.17.14  ...)
+       TODO: check
 CVE-2019-16173 (LimeSurvey before v3.17.14 allows reflected XSS for escalating 
privile ...)
        - limesurvey <itp> (bug #472802)
 CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating 
privileges ...)
@@ -92,12 +150,12 @@ CVE-2019-16168 (In SQLite through 3.29.0, 
whereLoopAddBtreeIndex in sqlite3.c ca
        NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
 CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
        TODO: check
-CVE-2019-16147
-       RESERVED
+CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal 
article titl ...)
+       TODO: check
 CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
        TODO: check
-CVE-2019-16145
-       RESERVED
+CVE-2019-16145 (The breadcrumbs contributed module through 0.2.0 for Padrino 
Framework ...)
+       TODO: check
 CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 
for Rust. ...)
        NOT-FOR-US: Rust crate generator
 CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for 
Rust. The ...)
@@ -680,7 +738,7 @@ CVE-2019-15897
        RESERVED
 CVE-2019-15896
        RESERVED
-CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin through 
1.2.2 for Wo ...)
+CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 
for Wor ...)
        NOT-FOR-US: "Search Exclude" plugin for WordPress
 CVE-2019-15894
        RESERVED
@@ -2333,8 +2391,8 @@ CVE-2019-15299
        RESERVED
 CVE-2019-15298
        RESERVED
-CVE-2019-15297
-       RESERVED
+CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 
16.5.0 allo ...)
+       TODO: check
 CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 
(FAAD2) 2 ...)
        {DLA-1899-1}
        - faad2 2.8.8-3
@@ -5954,6 +6012,7 @@ CVE-2019-14273
 CVE-2019-14272
        RESERVED
 CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C 
Library (aka ...)
+       {DSA-4521-1}
        - docker.io 18.09.1+dfsg1-9
        NOTE: https://github.com/moby/moby/issues/39449
        NOTE: https://github.com/moby/moby/pull/39612 (19.03.x)
@@ -8691,6 +8750,7 @@ CVE-2019-13511 (Rockwell Automation Arena Simulation 
Software versions 16.00.00
 CVE-2019-13510 (Rockwell Automation Arena Simulation Software versions 
16.00.00 and ea ...)
        NOT-FOR-US: Rockwell Automation Arena Simulation Software
 CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE 
before 17.06. ...)
+       {DSA-4521-1}
        - docker.io 18.09.1+dfsg1-8 (bug #932673)
 CVE-2019-13508
        RESERVED
@@ -9670,6 +9730,7 @@ CVE-2019-13141
 CVE-2019-13140
        RESERVED
 CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of 
supplying or m ...)
+       {DSA-4521-1}
        [experimental] - docker.io 18.09.5+dfsg1-1
        - docker.io 18.09.1+dfsg1-8 (bug #933002)
        NOTE: https://github.com/moby/moby/pull/38944
@@ -17291,8 +17352,8 @@ CVE-2019-10255 (An Open Redirect vulnerability for all 
browsers in Jupyter Noteb
        NOTE: 
https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
 CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp 
default layou ...)
        NOT-FOR-US: MISP
-CVE-2019-10253
-       RESERVED
+CVE-2019-10253 (A Cross-Site Request Forgery (CSRF) vulnerability exists in 
TeamMate+  ...)
+       TODO: check
 CVE-2019-10252
        RESERVED
 CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for 
Android uses H ...)
@@ -20462,6 +20523,7 @@ CVE-2019-9520
 CVE-2019-9519
        RESERVED
 CVE-2019-9518 (Some HTTP/2 implementations are vulnerable to a flood of empty 
frames, ...)
+       {DSA-4520-1}
        - trafficserver 8.0.5+ds-1 (bug #935314)
        [stretch] - trafficserver <end-of-life> (see DSA 4520)
        NOTE: 
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
@@ -20483,7 +20545,7 @@ CVE-2019-9516 (Some HTTP/2 implementations are 
vulnerable to a header leak, pote
        NOTE: 
https://github.com/nginx/nginx/commit/dbdd9ffea81d9db46fb88b5eba828f2ad080d388 
(release-1.16.1)
        NOTE: 
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
 CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, 
potent ...)
-       {DSA-4508-1}
+       {DSA-4520-1 DSA-4508-1}
        - trafficserver 8.0.5+ds-1 (bug #934887)
        [stretch] - trafficserver <end-of-life> (see DSA 4520)
        - h2o 2.2.5+dfsg2-3 (bug #934886)
@@ -20493,7 +20555,7 @@ CVE-2019-9515 (Some HTTP/2 implementations are 
vulnerable to a settings flood, p
        NOTE: https://github.com/h2o/h2o/issues/2090
        NOTE: 
https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
 CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, 
potential ...)
-       {DSA-4508-1 DSA-4503-1}
+       {DSA-4520-1 DSA-4508-1 DSA-4503-1}
        - golang-1.13 1.13~beta1-3 (bug #934955)
        - golang-1.12 1.12.8-1
        - golang-1.11 1.11.13-1
@@ -20531,7 +20593,7 @@ CVE-2019-9513 (Some HTTP/2 implementations are 
vulnerable to resource loops, pot
        NOTE: 
https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
        NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
 CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, 
potentially ...)
-       {DSA-4508-1 DSA-4503-1}
+       {DSA-4520-1 DSA-4508-1 DSA-4503-1}
        - golang-1.13 1.13~beta1-3 (bug #934955)
        - golang-1.12 1.12.8-1
        - golang-1.11 1.11.13-1
@@ -26549,8 +26611,7 @@ CVE-2019-7178
        RESERVED
 CVE-2019-7177
        RESERVED
-CVE-2019-7176
-       RESERVED
+CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise 
Edition 8.x ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in 
DecodeImage ...)
@@ -26958,16 +27019,13 @@ CVE-2019-6999
        RESERVED
 CVE-2019-6998
        RESERVED
-CVE-2019-6997
-       RESERVED
+CVE-2019-6997 (An issue was discovered in GitLab Community and Enterprise 
Edition 10. ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6996
-       RESERVED
+CVE-2019-6996 (An issue was discovered in GitLab Enterprise Edition 10.x 
(starting in ...)
        - gitlab <not-affected> (Only affects EE)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6995
-       RESERVED
+CVE-2019-6995 (An issue was discovered in GitLab Community and Enterprise 
Edition 8.x ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6994
@@ -27090,8 +27148,7 @@ CVE-2019-6962 (A shell injection issue in 
cosa_wifi_apis.c in the RDK RDKB-20181
        NOT-FOR-US: RDK (Reference Design Kit)
 CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK 
RDKB-2 ...)
        NOT-FOR-US: RDK (Reference Design Kit)
-CVE-2019-6960
-       RESERVED
+CVE-2019-6960 (An issue was discovered in GitLab Community and Enterprise 
Edition 9.x ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6959
@@ -27437,58 +27494,46 @@ CVE-2019-6797 (An information disclosure issue was 
discovered in GitLab Enterpri
 CVE-2019-6796 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6795
-       RESERVED
+CVE-2019-6795 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6794
-       RESERVED
+CVE-2019-6794 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6793
-       RESERVED
+CVE-2019-6793 (An issue was discovered in GitLab Enterprise Edition before 
11.5.8, 11 ...)
        - gitlab <not-affected> (Only affects EE)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6792
-       RESERVED
+CVE-2019-6792 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6791
-       RESERVED
+CVE-2019-6791 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6790 (An Incorrect Access Control (issue 2 of 3) issue was discovered 
in Git ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6789
-       RESERVED
+CVE-2019-6789 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6788
-       RESERVED
+CVE-2019-6788 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6787 (An Incorrect Access Control issue was discovered in GitLab 
Community a ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6786
-       RESERVED
+CVE-2019-6786 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6785
-       RESERVED
+CVE-2019-6785 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6784
-       RESERVED
+CVE-2019-6784 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6783
-       RESERVED
+CVE-2019-6783 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6782
-       RESERVED
+CVE-2019-6782 (An issue was discovered in GitLab Community and Enterprise 
Edition bef ...)
        - gitlab 11.5.10+dfsg-1 (bug #921059)
        NOTE: 
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
 CVE-2019-6781 (An Improper Input Validation issue was discovered in GitLab 
Community  ...)
@@ -48703,7 +48748,7 @@ CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 
build 123214 allows Unre
        NOT-FOR-US: Zoho
 CVE-2018-18474
        RESERVED
-CVE-2018-18473 (A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N 
devices ...)
+CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with 
firmware versio ...)
        NOT-FOR-US: PATLITE NBM-D88N
 CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root 
Remote Comma ...)
        NOT-FOR-US: Western Digital WD My Book Live



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c394d5e8ae828ea83131634144e6ff3de74201ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c394d5e8ae828ea83131634144e6ff3de74201ca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to