[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 01 Oct 2019 13:12:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
26b2e6d9 by security tracker role at 2019-10-01T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,52 @@
-CVE-2019-17056 [nfc: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17074 (An issue was discovered in XunRuiCMS 4.3.1. There is a stored 
XSS in t ...)
+       TODO: check
+CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to 
delete ar ...)
+       TODO: check
+CVE-2019-17072
+       RESERVED
+CVE-2019-17071
+       RESERVED
+CVE-2019-17070
+       RESERVED
+CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a 
denial o ...)
+       TODO: check
+CVE-2019-17068 (PuTTY before 0.73 mishandles the "bracketed paste mode" 
protection mec ...)
+       TODO: check
+CVE-2019-17067 (PuTTY before 0.73 on Windows improperly opens port-forwarding 
listenin ...)
+       TODO: check
+CVE-2019-17066
+       RESERVED
+CVE-2019-17065
+       RESERVED
+CVE-2019-17064 (Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because 
Catalog ...)
+       TODO: check
+CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF 
file can ...)
+       TODO: check
+CVE-2019-17062
+       RESERVED
+CVE-2019-17061
+       RESERVED
+CVE-2019-17060
+       RESERVED
+CVE-2019-17059
+       RESERVED
+CVE-2019-17058
+       RESERVED
+CVE-2019-17057
+       RESERVED
+CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network 
module i ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
-CVE-2019-17055 [mISDN: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN 
network ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80
-CVE-2019-17054 [appletalk: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK 
network module ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
-CVE-2019-17053 [ieee802154: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the 
AF_IEEE802154 netw ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef
-CVE-2019-17052 [ax25: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network 
module in the ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c
 CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because 
the com ...)
@@ -238,10 +274,10 @@ CVE-2019-16945
        RESERVED
 CVE-2019-16944
        RESERVED
-CVE-2019-16943
-       RESERVED
-CVE-2019-16942
-       RESERVED
+CVE-2019-16943 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
+       TODO: check
+CVE-2019-16942 (A Polymorphic Typing issue was discovered in FasterXML 
jackson-databin ...)
+       TODO: check
 CVE-2019-16941 (NSA Ghidra through 9.0.4, when experimental mode is enabled, 
allows ar ...)
        - ghidra <itp> (bug #923851)
 CVE-2019-16940
@@ -1364,8 +1400,8 @@ CVE-2019-16510 (libIEC61850 through 1.3.3 has a 
use-after-free in MmsServer_wait
        NOT-FOR-US: libIEC61850
 CVE-2019-16509
        RESERVED
-CVE-2019-16508
-       RESERVED
+CVE-2019-16508 (The Imagination Technologies driver for Chrome OS before 
R74-11895.B,  ...)
+       TODO: check
 CVE-2019-16507
        RESERVED
 CVE-2019-16506
@@ -2919,8 +2955,8 @@ CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 
2.x through 2.0.5 may all
        NOTE: Vulnerability exists pre-2.0 versions, but as restrictions on 
OIDC federation
        NOTE: were added only in 2.0 the vulnerability has no effect. The 
vulnerability
        NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC 
before)
-CVE-2019-15940
-       RESERVED
+CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as 
root. ...)
+       TODO: check
 CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a 
divide-by-zero err ...)
        TODO: check
 CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer 
overflow in  ...)
@@ -5608,16 +5644,16 @@ CVE-2019-15044
        RESERVED
 CVE-2019-15043 (In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API 
allow u ...)
        - grafana <removed>
-CVE-2019-15042
-       RESERVED
+CVE-2019-15042 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had 
no SSL  ...)
+       TODO: check
 CVE-2019-15041
        RESERVED
 CVE-2019-15040
        RESERVED
-CVE-2019-15039
-       RESERVED
-CVE-2019-15038
-       RESERVED
+CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had 
a possi ...)
+       TODO: check
+CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The 
TeamCity s ...)
+       TODO: check
 CVE-2019-15037
        RESERVED
 CVE-2019-15036
@@ -5864,26 +5900,26 @@ CVE-2019-14963
        RESERVED
 CVE-2019-14962
        RESERVED
-CVE-2019-14961
-       RESERVED
-CVE-2019-14960
-       RESERVED
+CVE-2019-14961 (JetBrains Upsource before 2019.1.1412 was not properly 
escaping HTML t ...)
+       TODO: check
+CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned 
JetBrains.Rider. ...)
+       TODO: check
 CVE-2019-14959
        RESERVED
 CVE-2019-14958
        RESERVED
-CVE-2019-14957
-       RESERVED
+CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing 
individual pr ...)
+       TODO: check
 CVE-2019-14956
        RESERVED
-CVE-2019-14955
-       RESERVED
-CVE-2019-14954
-       RESERVED
-CVE-2019-14953
-       RESERVED
-CVE-2019-14952
-       RESERVED
+CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was 
no opti ...)
+       TODO: check
+CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the 
markdown plant ...)
+       TODO: check
+CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible 
XSS thr ...)
+       TODO: check
+CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible 
XSS in  ...)
+       TODO: check
 CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with 
Toyota and Le ...)
        NOT-FOR-US: Telenav Scout GPS Link app
 CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress 
has XSS vi ...)
@@ -11565,6 +11601,7 @@ CVE-2019-13377 (The implementations of SAE and EAP-pwd 
in hostapd and wpa_suppli
        NOTE: "added support for Brainpool Elliptic Curves with SAE"
        NOTE: Patches: https://w1.fi/security/2019-6/
 CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration 
Control P ...)
+       {DLA-1942-1}
        - phpbb3 <removed>
        NOTE: 
https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
        NOTE: fixed in 3.2.8 as 'SECURITY-246'
@@ -17326,8 +17363,8 @@ CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x 
versions prior to 1.7.11
        NOT-FOR-US: Cloud Foundry
 CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service 
versions ...)
        NOT-FOR-US: Pivotal
-CVE-2019-11275
-       RESERVED
+CVE-2019-11275 (Pivotal Application Manager, versions 666.0.x prior to 
666.0.36, versi ...)
+       TODO: check
 CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to 
an XSS a ...)
        NOT-FOR-US: Cloud Foundry UAA
 CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 
1.3.7, and ve ...)
@@ -19485,20 +19522,15 @@ CVE-2019-10437
        RESERVED
 CVE-2019-10436
        RESERVED
-CVE-2019-10435
-       RESERVED
+CVE-2019-10435 (Jenkins SourceGear Vault Plugin transmits configured 
credentials in pl ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-10434
-       RESERVED
+CVE-2019-10434 (Jenkins LDAP Email Plugin transmits configured credentials in 
plain te ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-10433
-       RESERVED
+CVE-2019-10433 (Jenkins Dingding[&#38025;&#38025;] Plugin stores credentials 
unencrypt ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-10432
-       RESERVED
+CVE-2019-10432 (Jenkins HTML Publisher Plugin 1.20 and earlier did not escape 
the proj ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2019-10431
-       RESERVED
+CVE-2019-10431 (A sandbox bypass vulnerability in Jenkins Script Security 
Plugin 1.64  ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier 
stored  ...)
        NOT-FOR-US: Jenkins plugin
@@ -20096,8 +20128,7 @@ CVE-2019-10203 [PowerDNS Security Advisory 2019-06: 
Denial of service via crafte
        NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a 
manual schema update
        NOTE: needs to be performed.
        NOTE: 
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html
-CVE-2019-10202
-       RESERVED
+CVE-2019-10202 (A series of deserialization vulnerabilities have been 
discovered in Co ...)
        NOT-FOR-US: Codehaus
 CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 
6.0.1, did no ...)
        NOT-FOR-US: Keycloak
@@ -27913,8 +27944,8 @@ CVE-2019-7620
        RESERVED
 CVE-2019-7619
        RESERVED
-CVE-2019-7618
-       RESERVED
+CVE-2019-7618 (A local file disclosure flaw was found in Elastic Code versions 
7.3.0, ...)
+       TODO: check
 CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is 
run as  ...)
        NOT-FOR-US: Elastic APM agent for Python
 CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side 
request f ...)
@@ -35643,14 +35674,14 @@ CVE-2019-4499
        RESERVED
 CVE-2019-4498
        RESERVED
-CVE-2019-4497
-       RESERVED
+CVE-2019-4497 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 
6.0.4, 6.0. ...)
+       TODO: check
 CVE-2019-4496
        RESERVED
-CVE-2019-4495
-       RESERVED
-CVE-2019-4494
-       RESERVED
+CVE-2019-4495 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 
6.0.4, 6.0. ...)
+       TODO: check
+CVE-2019-4494 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 
6.0.4, 6.0. ...)
+       TODO: check
 CVE-2019-4493
        RESERVED
 CVE-2019-4492
@@ -36145,8 +36176,8 @@ CVE-2019-4248
        RESERVED
 CVE-2019-4247
        RESERVED
-CVE-2019-4246
-       RESERVED
+CVE-2019-4246 (IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose 
internal para ...)
+       TODO: check
 CVE-2019-4245
        RESERVED
 CVE-2019-4244



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/26b2e6d90a4f50d0ac292ba077e0f18b03607d6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/26b2e6d90a4f50d0ac292ba077e0f18b03607d6e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to