Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa8c43c8 by security tracker role at 2019-09-16T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2019-16374
+ RESERVED
+CVE-2019-16373
+ RESERVED
+CVE-2019-16372
+ RESERVED
+CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a
crafted ...)
+ TODO: check
+CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the
SHA-1 algori ...)
+ TODO: check
+CVE-2019-16369
+ RESERVED
+CVE-2019-16368
+ RESERVED
+CVE-2019-16367
+ RESERVED
+CVE-2019-16366 (In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based
buffer ove ...)
+ TODO: check
+CVE-2019-16365
+ RESERVED
+CVE-2019-16364
+ RESERVED
+CVE-2019-16363
+ RESERVED
+CVE-2019-16362
+ RESERVED
+CVE-2019-16361
+ RESERVED
+CVE-2019-16360
+ RESERVED
+CVE-2019-16359
+ RESERVED
+CVE-2019-16358
+ RESERVED
+CVE-2019-16357
+ RESERVED
+CVE-2019-16356
+ RESERVED
+CVE-2019-16355 (The File Session Manager in Beego 1.10.0 allows local users to
read se ...)
+ TODO: check
+CVE-2019-16354 (The File Session Manager in Beego 1.10.0 allows local users to
read se ...)
+ TODO: check
+CVE-2019-16353 (Emerson GE Automation Proficy Machine Edition 8.0 allows an
access vio ...)
+ TODO: check
+CVE-2019-16352 (ffjpeg before 2019-08-21 has a heap-based buffer overflow in
jfif_load ...)
+ TODO: check
+CVE-2019-16351 (ffjpeg before 2019-08-18 has a NULL pointer dereference in
huffman_dec ...)
+ TODO: check
+CVE-2019-16350 (ffjpeg before 2019-08-18 has a NULL pointer dereference in
idct2d8x8() ...)
+ TODO: check
+CVE-2019-16349 (Bento4 1.5.1-628 has a NULL pointer dereference in
AP4_ByteStream::Rea ...)
+ TODO: check
+CVE-2019-16348 (marc-q libwav through 2019-08-15 has a NULL pointer
dereference in gai ...)
+ TODO: check
+CVE-2019-16347 (ngiflib 0.4 has a heap-based buffer overflow in WritePixels()
in ngifl ...)
+ TODO: check
+CVE-2019-16346 (ngiflib 0.4 has a heap-based buffer overflow in WritePixel()
in ngifli ...)
+ TODO: check
+CVE-2019-16345
+ RESERVED
+CVE-2019-16344
+ RESERVED
+CVE-2019-16343
+ RESERVED
+CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in
isomedia/box_code_base.c. ...)
+ TODO: check
+CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in
GPAC 0.7.1 ...)
+ TODO: check
+CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1
allows remot ...)
+ TODO: check
CVE-2019-16342
RESERVED
CVE-2019-16341
@@ -133,44 +203,44 @@ CVE-2019-16278
RESERVED
CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in
cstdlib/ ...)
TODO: check
-CVE-2017-18634
- RESERVED
-CVE-2016-10973
- RESERVED
-CVE-2016-10972
- RESERVED
-CVE-2016-10971
- RESERVED
-CVE-2016-10970
- RESERVED
-CVE-2016-10969
- RESERVED
-CVE-2016-10968
- RESERVED
-CVE-2016-10967
- RESERVED
-CVE-2016-10966
- RESERVED
-CVE-2016-10965
- RESERVED
-CVE-2016-10964
- RESERVED
-CVE-2016-10963
- RESERVED
-CVE-2016-10962
- RESERVED
-CVE-2016-10961
- RESERVED
-CVE-2016-10960
- RESERVED
-CVE-2016-10959
- RESERVED
-CVE-2016-10958
- RESERVED
-CVE-2016-10957
- RESERVED
-CVE-2016-10956
- RESERVED
+CVE-2017-18634 (The newspaper theme before 6.7.2 for WordPress has script
injection vi ...)
+ TODO: check
+CVE-2016-10973 (The Brafton plugin before 3.4.8 for WordPress has XSS via the
wp-admin ...)
+ TODO: check
+CVE-2016-10972 (The newspaper theme before 6.7.2 for WordPress has a lack of
options a ...)
+ TODO: check
+CVE-2016-10971 (The MemberSonic Lite plugin before 1.302 for WordPress has
incorrect l ...)
+ TODO: check
+CVE-2016-10970 (The supportflow plugin before 0.7 for WordPress has XSS via a
ticket e ...)
+ TODO: check
+CVE-2016-10969 (The supportflow plugin before 0.7 for WordPress has XSS via a
discussi ...)
+ TODO: check
+CVE-2016-10968 (The peepso-core plugin before 1.6.1 for WordPress has
PeepSoProfilePre ...)
+ TODO: check
+CVE-2016-10967 (The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via
the wp-c ...)
+ TODO: check
+CVE-2016-10966 (The real3d-flipbook-lite plugin 1.0 for WordPress has
bookName=../ dir ...)
+ TODO: check
+CVE-2016-10965 (The real3d-flipbook-lite plugin 1.0 for WordPress has
deleteBook=../ d ...)
+ TODO: check
+CVE-2016-10964 (The dwnldr plugin before 1.01 for WordPress has XSS via the
User-Agent ...)
+ TODO: check
+CVE-2016-10963 (The icegram plugin before 1.9.19 for WordPress has XSS. ...)
+ TODO: check
+CVE-2016-10962 (The icegram plugin before 1.9.19 for WordPress has CSRF via
the wp-adm ...)
+ TODO: check
+CVE-2016-10961 (The colorway theme before 3.4.2 for WordPress has XSS via the
contactN ...)
+ TODO: check
+CVE-2016-10960 (The wsecure plugin before 2.4 for WordPress has remote code
execution ...)
+ TODO: check
+CVE-2016-10959 (The estatik plugin before 2.3.1 for WordPress has
authenticated arbitr ...)
+ TODO: check
+CVE-2016-10958 (The estatik plugin before 2.3.0 for WordPress has
unauthenticated arbi ...)
+ TODO: check
+CVE-2016-10957 (The Akal theme through 2016-08-22 for WordPress has XSS via
the framew ...)
+ TODO: check
+CVE-2016-10956 (The mail-masta plugin 1.0 for WordPress has local file
inclusion in co ...)
+ TODO: check
CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and
2.2.x be ...)
NOT-FOR-US: Integard
CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon
dissector ...)
@@ -203,8 +273,8 @@ CVE-2019-16266
RESERVED
CVE-2019-16265
RESERVED
-CVE-2019-16264
- RESERVED
+CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema
Integrado d ...)
+ TODO: check
CVE-2019-16263
RESERVED
CVE-2019-16262
@@ -346,12 +416,15 @@ CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant
before 2.10 allow an inco
CVE-2019-16238 (Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be
leveraged ...)
NOT-FOR-US: Afterlogic Aurora
CVE-2019-16237 (Dino before 2019-09-10 does not properly check the source of
an MAM me ...)
+ {DSA-4524-1}
- dino-im 0.0.git20190911.2a70a4e-1
NOTE:
https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363
CVE-2019-16236 (Dino before 2019-09-10 does not check roster push
authorization in mod ...)
+ {DSA-4524-1}
- dino-im 0.0.git20190911.2a70a4e-1
NOTE:
https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9
CVE-2019-16235 (Dino before 2019-09-10 does not properly check the source of a
carbons ...)
+ {DSA-4524-1}
- dino-im 0.0.git20190911.2a70a4e-1
NOTE:
https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930
CVE-2019-16234 (drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux
kernel 5. ...)
@@ -449,8 +522,8 @@ CVE-2019-16199
RESERVED
CVE-2019-16198
RESERVED
-CVE-2019-16197
- RESERVED
+CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of
the User-A ...)
+ TODO: check
CVE-2019-16196
RESERVED
CVE-2019-16195
@@ -535,8 +608,7 @@ CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored
XSS for escalating priv
- limesurvey <itp> (bug #472802)
CVE-2019-16171
RESERVED
-CVE-2019-16170 [Project Template Functionality Could Be Used to Access
Restricted Project Data]
- RESERVED
+CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and
12.x bef ...)
[experimental] - gitlab 12.0.9-1
- gitlab <unfixed> (bug #940007)
NOTE:
https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/
@@ -807,8 +879,8 @@ CVE-2019-16059 (Sentrifugo 3.2 lacks CSRF protection. This
could lead to an atta
CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and
0.3.0 for O ...)
- pam-p11 <unfixed> (bug #939664)
NOTE:
https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c
-CVE-2019-16057
- RESERVED
+CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is
vulnera ...)
+ TODO: check
CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through
3.5.7, 3 ...)
- python3.8 3.8.0~b4-1
- python3.7 <unfixed>
@@ -1032,8 +1104,8 @@ CVE-2019-15952 (An issue was discovered in Total.js CMS
12.0.0. An authenticated
NOT-FOR-US: Total.js CMS
CVE-2019-15951
RESERVED
-CVE-2019-15950
- RESERVED
+CVE-2019-15950 (The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted
vCard d ...)
+ TODO: check
CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as
root. The ex ...)
NOT-FOR-US: Nagios XI
CVE-2019-15948
@@ -1571,55 +1643,44 @@ CVE-2019-15743
RESERVED
CVE-2019-15742
RESERVED
-CVE-2019-15741 [Privilege Escalation via Logrotate]
- RESERVED
+CVE-2019-15741 (An issue was discovered in GitLab Omnibus 7.4 through 12.2.1.
An unsaf ...)
NOT-FOR-US: GitLab Omnibus
-CVE-2019-15740 [EXIF Geolocation Data Exposure]
- RESERVED
+CVE-2019-15740 (An issue was discovered in GitLab Community and Enterprise
Edition 7.9 ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15739 [Stored XSS via Markdown]
- RESERVED
+CVE-2019-15739 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15738 [Disclosure of Merge Request IDs]
- RESERVED
+CVE-2019-15738 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (Only affects 12.0 and later)
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15737 [Weak Authentication In Certain Account Actions]
- RESERVED
+CVE-2019-15737 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15736 [Potential Denial of Service via CI Pipelines]
- RESERVED
+CVE-2019-15736 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15735
RESERVED
-CVE-2019-15734 [Disclosure of Commit Title and Comments]
- RESERVED
+CVE-2019-15734 (An issue was discovered in GitLab Community and Enterprise
Edition 8.6 ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15733 [Default Branch Name Exposure]
- RESERVED
+CVE-2019-15733 (An issue was discovered in GitLab Community and Enterprise
Edition 7.1 ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15732 [Project Visibility Restriction Bypass]
- RESERVED
+CVE-2019-15732 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (Only affects 12.2 and later)
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15731 [Merge Request Discussion Restriction Bypass]
- RESERVED
+CVE-2019-15731 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (Only affects 12.0 and later)
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15730 [Server-Side Request Forgery in Jira Integration]
- RESERVED
+CVE-2019-15730 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
@@ -1628,40 +1689,32 @@ CVE-2019-15729 [Pipeline Status Disclosure]
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15728 [Kubernetes Integration Server-Side Request Forgery]
- RESERVED
+CVE-2019-15728 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15727 [CI Metrics Disclosure]
- RESERVED
+CVE-2019-15727 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15726 [User IP Disclosed by Embedded Image and Media]
- RESERVED
+CVE-2019-15726 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15725 [IDOR in Epic Notes API]
- RESERVED
+CVE-2019-15725 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (only affects 12.0 and later)
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15724 [Label Description HTML Injection]
- RESERVED
+CVE-2019-15724 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15723 [Push Rule Bypass]
- RESERVED
+CVE-2019-15723 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
- gitlab <not-affected> (Only affects versions 11.9.4-11.10.0)
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15722 [Markdown Clientside Resource Exhaustion]
- RESERVED
+CVE-2019-15722 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15721 [Group Runner Authorization Issue]
- RESERVED
+CVE-2019-15721 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
@@ -3702,7 +3755,7 @@ CVE-2019-15054
RESERVED
CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for
Confluenc ...)
NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence
Server
-CVE-2019-15052 (The HTTP client in the Build tool in Gradle before 5.6 sends
authentic ...)
+CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication
credentials ...)
TODO: check
CVE-2019-15051
RESERVED
@@ -9341,8 +9394,8 @@ CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS
Web Panel 0.9.8.837, XSS
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument
injectio ...)
NOT-FOR-US: MobaXterm
-CVE-2019-13474
- RESERVED
+CVE-2019-13474 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo,
Imperial i110 ...)
+ TODO: check
CVE-2019-13473 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo,
Imperial i110 ...)
NOT-FOR-US: TELESTAR
CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m
parameters of the ...)
@@ -10231,8 +10284,8 @@ CVE-2019-13142 (The RzSurroundVADStreamingService
(RzSurroundVADStreamingService
NOT-FOR-US: Razer Surround
CVE-2019-13141
RESERVED
-CVE-2019-13140
- RESERVED
+CVE-2019-13140 (Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have
a JUCI ...)
+ TODO: check
CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of
supplying or m ...)
{DSA-4521-1}
[experimental] - docker.io 18.09.5+dfsg1-1
@@ -12285,12 +12338,12 @@ CVE-2019-12387 (In Twisted before 19.2.1, twisted.web
did not validate or saniti
NOTE:
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
CVE-2019-12386 (An issue was discovered in Ampache through 3.9.1. A stored XSS
exists ...)
- ampache <removed>
- NOTE: https://github.com/ampache/ampache/issues/1872
- NOTE: according to the github issue, it is not really fixed yet
+ NOTE: https://github.com/ampache/ampache/issues/1872
+ NOTE: according to the github issue, it is not really fixed yet
CVE-2019-12385 (An issue was discovered in Ampache through 3.9.1. The search
engine is ...)
- ampache <removed>
- NOTE: https://github.com/ampache/ampache/issues/1872
- NOTE: according to the github issue, it is not really fixed yet
+ NOTE: https://github.com/ampache/ampache/issues/1872
+ NOTE: according to the github issue, it is not really fixed yet
CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow
attackers to ...)
{DLA-1831-1}
- jackson-databind 2.9.8-3 (bug #930750)
@@ -15589,8 +15642,8 @@ CVE-2019-11186
RESERVED
CVE-2019-11185 (The WP Live Chat Support Pro plugin through 8.0.26 for
WordPress conta ...)
NOT-FOR-US: WP Live Chat Support Pro plugin for WordPress
-CVE-2019-11184
- RESERVED
+CVE-2019-11184 (A race condition in specific microprocessors using Intel (R)
DDIO cach ...)
+ TODO: check
CVE-2019-11183
RESERVED
CVE-2019-11182
@@ -15625,8 +15678,8 @@ CVE-2019-11168
RESERVED
CVE-2019-11167
RESERVED
-CVE-2019-11166
- RESERVED
+CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy
Streaming ...)
+ TODO: check
CVE-2019-11165
RESERVED
CVE-2019-11164
@@ -18283,6 +18336,7 @@ CVE-2019-10158
CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version
4.8.3 did ...)
NOT-FOR-US: Keycloak
CVE-2019-10156 (A flaw was discovered in the way Ansible templating was
implemented in ...)
+ {DLA-1923-1}
- ansible 2.8.3+dfsg-1 (low; bug #930065)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
@@ -18583,8 +18637,7 @@ CVE-2019-10072 (The fix for CVE-2019-0199 was
incomplete and did not address HTT
[stretch] - tomcat8 <not-affected> (Incomplete fix for CVE-2019-0199
not applied)
[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
NOTE:
https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
-CVE-2019-10071
- RESERVED
+CVE-2019-10071 (The code which checks HMAC in form submissions used
String.equals() fo ...)
NOT-FOR-US: Apache Tapestry
CVE-2019-10070
RESERVED
@@ -22359,7 +22412,7 @@ CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp
V1.6.1. In the inc/zzz_t
NOT-FOR-US: ZZZCMS
CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user
via th ...)
NOT-FOR-US: S-CMS
-CVE-2019-9039 (The Couchbase Sync Gateway 2.1.2 in combination with a
Couchbase Serve ...)
+CVE-2019-9039 (In Couchbase Sync Gateway 2.1.2, an attacker with access to the
Sync G ...)
NOT-FOR-US: Couchbase Sync Gateway
CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File
I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
@@ -24184,14 +24237,14 @@ CVE-2019-8373
RESERVED
CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager
exposes f ...)
NOT-FOR-US: LG
-CVE-2019-8371
- RESERVED
+CVE-2019-8371 (OpenEMR v5.0.1-6 allows code execution. ...)
+ TODO: check
CVE-2019-8370
RESERVED
CVE-2019-8369
RESERVED
-CVE-2019-8368
- RESERVED
+CVE-2019-8368 (OpenEMR v5.0.1-6 allows XSS. ...)
+ TODO: check
CVE-2019-8367
RESERVED
CVE-2019-8366
@@ -31467,15 +31520,13 @@ CVE-2019-5484 (Bower before 1.8.8 has a path
traversal vulnerability permitting
TODO: check
CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to
exposing ...)
TODO: check
-CVE-2019-5482 [TFTP small blocksize heap buffer overflow]
- RESERVED
+CVE-2019-5482 (Heap buffer overflow in the TFTP protocol handler in cURL
7.19.4 to 7. ...)
{DLA-1917-1}
- curl 7.66.0-1 (bug #940010)
NOTE: https://curl.haxx.se/docs/CVE-2019-5482.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/0516ce7786e9500c2e447d48aa9b3f24a6ca70f9
NOTE: Fixed by:
https://github.com/curl/curl/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d
(curl-7_66_0)
-CVE-2019-5481 [FTP-KRB double-free]
- RESERVED
+CVE-2019-5481 (Double-free vulnerability in the FTP-kerberos code in cURL
7.52.0 to 7 ...)
- curl 7.66.0-1 (bug #940009)
[jessie] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.haxx.se/docs/CVE-2019-5481.html
@@ -34318,8 +34369,8 @@ CVE-2019-4149 (IBM Business Automation Workflow
V18.0.0.0 through V18.0.0.2 and
NOT-FOR-US: IBM
CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
NOT-FOR-US: IBM
-CVE-2019-4147
- RESERVED
+CVE-2019-4147 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable
to SQL ...)
+ TODO: check
CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 could ...)
NOT-FOR-US: IBM
CVE-2019-4145 (IBM Security Access Manager 9.0.1 through 9.0.6 could reveal
highly se ...)
@@ -40799,6 +40850,7 @@ CVE-2019-2181 (In binder_transaction of binder.c in the
Android kernel, there is
- linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/0b0509508beff65c1d50541861bc0d4973487dc5
CVE-2019-2180 (In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is
a possi ...)
+ {DLA-1893-1}
- cups 2.2.12-1 (bug #934957)
[buster] - cups 2.2.10-6+deb10u1
[stretch] - cups 2.2.1-8+deb9u4
@@ -47009,8 +47061,7 @@ CVE-2019-0209
REJECTED
CVE-2019-0208
REJECTED
-CVE-2019-0207
- RESERVED
+CVE-2019-0207 (Tapestry processes assets `/assets/ctx` using classes chain
`StaticFil ...)
NOT-FOR-US: Apache Tapestry
CVE-2019-0206
REJECTED
@@ -47052,8 +47103,7 @@ CVE-2019-0196 (A vulnerability was found in Apache HTTP
Server 2.4.17 to 2.4.38.
NOTE: NOTE: HTTP/2 support introduced in 2.4.17
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0196
NOTE: https://svn.apache.org/r1852989
-CVE-2019-0195
- RESERVED
+CVE-2019-0195 (Manipulating classpath asset file URLs, an attacker could guess
the pa ...)
NOT-FOR-US: Apache Tapestry
CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel
2.21.0 ...)
NOT-FOR-US: Apache Camel
@@ -69670,7 +69720,7 @@ CVE-2018-10876 (A flaw was found in Linux kernel in the
ext4 filesystem code. A
[stretch] - linux 4.9.110-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199403
CVE-2018-10875 (A flaw was found in ansible. ansible.cfg is read from the
current work ...)
- {DSA-4396-1}
+ {DSA-4396-1 DLA-1923-1}
- ansible 2.6.1+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596533
NOTE: https://github.com/ansible/ansible/pull/42070
@@ -191486,6 +191536,7 @@ CVE-2015-8176
CVE-2015-5516 (Memory leak in the last hop kernel module in F5 BIG-IP LTM,
GTM, and L ...)
NOT-FOR-US: F5 BIG-IP
CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before
1.9.2 ...)
+ {DLA-1923-1}
- ansible 1.9.2+dfsg-1 (low)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
CVE-2015-5515 (The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x
before 7.x- ...)
@@ -196152,6 +196203,7 @@ CVE-2015-3910 (Multiple unspecified vulnerabilities
in Google V8 before 4.3.61.2
CVE-2015-3909
RESERVED
CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname
matches ...)
+ {DLA-1923-1}
- ansible 1.9.2+dfsg-1 (low)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
NOTE: Fixed in commit
https://github.com/ansible/ansible/commit/be7c59c7bbe2c7cfaad0151c42693ebd0ea4243f
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa8c43c8dd769e4850452baddab854e45fe515f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa8c43c8dd769e4850452baddab854e45fe515f8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
