Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c8bc0812 by security tracker role at 2019-09-25T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,131 @@ +CVE-2019-16888 + RESERVED +CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent ...) + TODO: check +CVE-2019-16886 + RESERVED +CVE-2019-16885 + RESERVED +CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...) + TODO: check +CVE-2019-16883 + RESERVED +CVE-2019-16882 (An issue was discovered in the string-interner crate before 0.7.1 for ...) + TODO: check +CVE-2019-16881 (An issue was discovered in the portaudio-rs crate through 0.3.1 for Ru ...) + TODO: check +CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rust. The ...) + TODO: check +CVE-2019-16879 + RESERVED +CVE-2019-16878 + RESERVED +CVE-2019-16877 + RESERVED +CVE-2019-16876 + RESERVED +CVE-2019-16875 + RESERVED +CVE-2019-16874 + RESERVED +CVE-2019-16873 + RESERVED +CVE-2019-16872 + RESERVED +CVE-2019-16871 + RESERVED +CVE-2019-16870 + RESERVED +CVE-2019-16869 + RESERVED +CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerability v ...) + TODO: check +CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...) + TODO: check +CVE-2019-16866 + RESERVED +CVE-2015-9449 + RESERVED +CVE-2015-9448 + RESERVED +CVE-2015-9447 + RESERVED +CVE-2015-9446 + RESERVED +CVE-2015-9445 + RESERVED +CVE-2015-9444 + RESERVED +CVE-2015-9443 + RESERVED +CVE-2015-9442 + RESERVED +CVE-2015-9441 + RESERVED +CVE-2015-9440 + RESERVED +CVE-2015-9439 + RESERVED +CVE-2015-9438 + RESERVED +CVE-2015-9437 + RESERVED +CVE-2015-9436 + RESERVED +CVE-2015-9435 + RESERVED +CVE-2015-9434 + RESERVED +CVE-2015-9433 + RESERVED +CVE-2015-9432 + RESERVED +CVE-2015-9431 + RESERVED +CVE-2015-9430 + RESERVED +CVE-2015-9429 + RESERVED +CVE-2015-9428 + RESERVED +CVE-2015-9427 + RESERVED +CVE-2015-9426 + RESERVED +CVE-2015-9425 + RESERVED +CVE-2015-9424 + RESERVED +CVE-2015-9423 + RESERVED +CVE-2015-9422 + RESERVED +CVE-2015-9421 + RESERVED +CVE-2015-9420 + RESERVED +CVE-2015-9419 + RESERVED +CVE-2015-9418 + RESERVED +CVE-2015-9417 + RESERVED +CVE-2015-9416 + RESERVED +CVE-2015-9415 + RESERVED +CVE-2015-9414 + RESERVED +CVE-2015-9413 + RESERVED +CVE-2015-9412 + RESERVED +CVE-2015-9411 + RESERVED +CVE-2015-9410 + RESERVED +CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...) + TODO: check CVE-2019-16865 RESERVED CVE-2019-16864 @@ -346,8 +474,8 @@ CVE-2019-16703 (admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. ...) NOT-FOR-US: PHPMyWind CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary c ...) NOT-FOR-US: Integard Pro -CVE-2019-16701 - RESERVED +CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...) + TODO: check CVE-2019-16700 RESERVED CVE-2019-16699 @@ -1727,8 +1855,8 @@ CVE-2019-16196 RESERVED CVE-2019-16195 RESERVED -CVE-2019-16194 - RESERVED +CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks ...) + TODO: check CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...) NOT-FOR-US: ArcGIS Enterprise CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...) @@ -1739,8 +1867,8 @@ CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-8 NOT-FOR-US: D-Link CVE-2019-16189 RESERVED -CVE-2019-16188 - RESERVED +CVE-2019-16188 (HCL AppScan Source before 9.03.13 is susceptible to XML External Entit ...) + TODO: check CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...) NOT-FOR-US: magic-fields plugin for WordPress CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...) @@ -4926,12 +5054,12 @@ CVE-2019-15071 RESERVED CVE-2019-15070 RESERVED -CVE-2019-15069 - RESERVED -CVE-2019-15068 - RESERVED -CVE-2019-15067 - RESERVED +CVE-2019-15069 (An unsafe authentication interface was discovered in Smart Battery A4, ...) + TODO: check +CVE-2019-15068 (A broken access control vulnerability in Smart Battery A4, a multifunc ...) + TODO: check +CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart Battery A2- ...) + TODO: check CVE-2019-15066 RESERVED CVE-2019-15065 @@ -9290,8 +9418,7 @@ CVE-2019-13629 RESERVED CVE-2019-13628 RESERVED -CVE-2019-13627 [ECDSA timing attack] - RESERVED +CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the libgcryp ...) {DLA-1931-1} - libgcrypt20 1.8.5-1 (bug #938938) - libgcrypt11 <removed> @@ -13995,8 +14122,8 @@ CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qg NOTE: Disputed upstream as not beeing exploitable. CVE-2019-12246 RESERVED -CVE-2019-12245 - RESERVED +CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected ...) + TODO: check CVE-2019-12244 RESERVED CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...) @@ -14151,12 +14278,12 @@ CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-r NOT-FOR-US: njs CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) NOT-FOR-US: njs -CVE-2019-12205 - RESERVED -CVE-2019-12204 - RESERVED -CVE-2019-12203 - RESERVED +CVE-2019-12205 (SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. ...) + TODO: check +CVE-2019-12204 (In SilverStripe through 4.3.3, a missing warning about leaving install ...) + TODO: check +CVE-2019-12203 (SilverStripe through 4.3.3 allows session fixation in the "change pass ...) + TODO: check CVE-2019-12202 RESERVED CVE-2019-12201 @@ -18865,66 +18992,66 @@ CVE-2019-10432 RESERVED CVE-2019-10431 RESERVED -CVE-2019-10430 - RESERVED -CVE-2019-10429 - RESERVED -CVE-2019-10428 - RESERVED -CVE-2019-10427 - RESERVED -CVE-2019-10426 - RESERVED -CVE-2019-10425 - RESERVED -CVE-2019-10424 - RESERVED -CVE-2019-10423 - RESERVED -CVE-2019-10422 - RESERVED -CVE-2019-10421 - RESERVED -CVE-2019-10420 - RESERVED -CVE-2019-10419 - RESERVED -CVE-2019-10418 - RESERVED -CVE-2019-10417 - RESERVED -CVE-2019-10416 - RESERVED -CVE-2019-10415 - RESERVED -CVE-2019-10414 - RESERVED -CVE-2019-10413 - RESERVED -CVE-2019-10412 - RESERVED -CVE-2019-10411 - RESERVED -CVE-2019-10410 - RESERVED -CVE-2019-10409 - RESERVED -CVE-2019-10408 - RESERVED -CVE-2019-10407 - RESERVED -CVE-2019-10406 - RESERVED -CVE-2019-10405 - RESERVED -CVE-2019-10404 - RESERVED -CVE-2019-10403 - RESERVED -CVE-2019-10402 - RESERVED -CVE-2019-10401 - RESERVED +CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored ...) + TODO: check +CVE-2019-10429 (Jenkins GitLab Logo Plugin stores credentials unencrypted in its globa ...) + TODO: check +CVE-2019-10428 (Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted co ...) + TODO: check +CVE-2019-10427 (Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configu ...) + TODO: check +CVE-2019-10426 (Jenkins Gem Publisher Plugin stores credentials unencrypted in its glo ...) + TODO: check +CVE-2019-10425 (Jenkins Google Calendar Plugin stores credentials unencrypted in job c ...) + TODO: check +CVE-2019-10424 (Jenkins elOyente Plugin stores credentials unencrypted in its global c ...) + TODO: check +CVE-2019-10423 (Jenkins CodeScan Plugin stores credentials unencrypted in its global c ...) + TODO: check +CVE-2019-10422 (Jenkins Call Remote Job Plugin stores credentials unencrypted in job c ...) + TODO: check +CVE-2019-10421 (Jenkins Azure Event Grid Build Notifier Plugin stores credentials unen ...) + TODO: check +CVE-2019-10420 (Jenkins Assembla Plugin stores credentials unencrypted in its global c ...) + TODO: check +CVE-2019-10419 (Jenkins vFabric Application Director Plugin stores credentials unencry ...) + TODO: check +CVE-2019-10418 (Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a c ...) + TODO: check +CVE-2019-10417 (Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a c ...) + TODO: check +CVE-2019-10416 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...) + TODO: check +CVE-2019-10415 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...) + TODO: check +CVE-2019-10414 (Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unenc ...) + TODO: check +CVE-2019-10413 (Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials ...) + TODO: check +CVE-2019-10412 (Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured cre ...) + TODO: check +CVE-2019-10411 (Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configu ...) + TODO: check +CVE-2019-10410 (Jenkins Log Parser Plugin 2.0 and earlier did not escape an error mess ...) + TODO: check +CVE-2019-10409 (A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 ...) + TODO: check +CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project Inherita ...) + TODO: check +CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list ...) + TODO: check +CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...) + TODO: check +CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value o ...) + TODO: check +CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...) + TODO: check +CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...) + TODO: check +CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox ...) + TODO: check +CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...) + TODO: check CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) @@ -19840,8 +19967,7 @@ CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products NOT-FOR-US: Snipe-IT CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...) NOT-FOR-US: Apache Spark -CVE-2019-10098 [mod_rewrite configurations vulnerable to open redirect] - RESERVED +CVE-2019-10098 (In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ...) {DSA-4509-1 DLA-1900-1} - apache2 2.4.41-1 NOTE: Affects upstream versions 2.4.0 to 2.4.39 @@ -29724,18 +29850,18 @@ CVE-2019-6658 RESERVED CVE-2019-6657 RESERVED -CVE-2019-6656 - RESERVED -CVE-2019-6655 - RESERVED -CVE-2019-6654 - RESERVED -CVE-2019-6653 - RESERVED -CVE-2019-6652 - RESERVED -CVE-2019-6651 - RESERVED +CVE-2019-6656 (BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs t ...) + TODO: check +CVE-2019-6655 (On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5. ...) + TODO: check +CVE-2019-6654 (On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11 ...) + TODO: check +CVE-2019-6653 (There is a Stored Cross Site Scripting vulnerability in the undisclose ...) + TODO: check +CVE-2019-6652 (In BIG-IQ 6.0.0-6.1.0, services for stats do not require authenticatio ...) + TODO: check +CVE-2019-6651 (In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...) + TODO: check CVE-2019-6650 (F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1. ...) TODO: check CVE-2019-6649 (F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...) @@ -44525,6 +44651,7 @@ CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on vul CVE-2019-1564 RESERVED CVE-2019-1563 (In situations where an attacker receives automated notification of the ...) + {DLA-1932-1} - openssl 1.1.1d-1 - openssl1.0 <removed> NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 (OpenSSL_1_1_1d) @@ -44578,6 +44705,7 @@ CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG CVE-2019-1548 RESERVED CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and this ...) + {DLA-1932-1} - openssl 1.1.1d-1 - openssl1.0 <removed> NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 (OpenSSL_1_0_2t) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8bc081221154bf6cd10a0e386fa7151e15b4ec5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8bc081221154bf6cd10a0e386fa7151e15b4ec5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits