Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24e79e76 by security tracker role at 2019-10-03T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-17109
+ RESERVED
+CVE-2019-17108
+ RESERVED
+CVE-2019-17107
+ RESERVED
+CVE-2019-17106
+ RESERVED
+CVE-2019-17105
+ RESERVED
+CVE-2019-17104
+ RESERVED
+CVE-2018-21025
+ RESERVED
+CVE-2018-21024
+ RESERVED
+CVE-2018-21023
+ RESERVED
+CVE-2018-21022
+ RESERVED
+CVE-2018-21021
+ RESERVED
+CVE-2018-21020
+ RESERVED
CVE-2019-17103
RESERVED
CVE-2019-17102
@@ -387,17 +411,17 @@ CVE-2019-16933
RESERVED
CVE-2019-16932 (A blind SSRF vulnerability exists in the Visualizer plugin
before 3.3. ...)
NOT-FOR-US: Visualizer plugin for WordPress
-CVE-2019-16931
- RESERVED
+CVE-2019-16931 (A stored XSS vulnerability in the Visualizer plugin 3.3.0 for
WordPres ...)
+ TODO: check
CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP
address of a ...)
NOT-FOR-US: Zcash
CVE-2019-16929
RESERVED
CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile
part of the ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
-CVE-2019-16926 (Flower 1.0.0 has XSS via a crafted worker name. ...)
+CVE-2019-16926 (Flower 0.9.3 has XSS via a crafted worker name. ...)
NOT-FOR-US: Flower
-CVE-2019-16925 (Flower 1.0.0 has XSS via the name parameter in an @app.task
call. ...)
+CVE-2019-16925 (Flower 0.9.3 has XSS via the name parameter in an @app.task
call. ...)
NOT-FOR-US: Flower
CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a
cleartext pass ...)
NOT-FOR-US: Nulock
@@ -557,8 +581,8 @@ CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary
file deletion vulnerabi
NOT-FOR-US: emlog
CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the
file par ...)
NOT-FOR-US: HongCMS
-CVE-2019-16866
- RESERVED
+CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which
allows remot ...)
+ TODO: check
CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL
Injecti ...)
NOT-FOR-US: microblog-poster plugin for WordPress
CVE-2015-9448 (The sendpress plugin before 1.2 for WordPress has SQL Injection
via th ...)
@@ -1934,6 +1958,7 @@ CVE-2019-16332 (In the api-bearer-auth plugin before
20190907 for WordPress, the
NOT-FOR-US: Wordpress plugin
CVE-2019-12412 [Remotely exploitable null pointer dereference bug]
RESERVED
+ {DLA-1944-1}
- libapreq2 2.13-6 (bug #939937)
NOTE: http://svn.apache.org/r1866760
CVE-2019-16331
@@ -3402,8 +3427,8 @@ CVE-2019-15811 (In DomainMOD through 4.13, the parameter
daterange in the file r
NOT-FOR-US: DomainMOD
CVE-2019-15810 (Insufficient sanitization during device search in Netdisco
2.042010 al ...)
TODO: check
-CVE-2019-15809
- RESERVED
+CVE-2019-15809 (Smart cards from the Athena SCS manufacturer, based on the
Atmel Toolb ...)
+ TODO: check
CVE-2019-15808
RESERVED
CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through
A1.00.004-180301 ...)
@@ -5246,18 +5271,18 @@ CVE-2019-15168
RESERVED
CVE-2019-15167
RESERVED
-CVE-2019-15166
- RESERVED
-CVE-2019-15165
- RESERVED
-CVE-2019-15164
- RESERVED
-CVE-2019-15163
- RESERVED
-CVE-2019-15162
- RESERVED
-CVE-2019-15161
- RESERVED
+CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before
4.9.3 l ...)
+ TODO: check
+CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate
the PHB ...)
+ TODO: check
+CVE-2019-15164 (rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a
URL may ...)
+ TODO: check
+CVE-2019-15163 (rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to
cause a de ...)
+ TODO: check
+CVE-2019-15162 (rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows
platforms provi ...)
+ TODO: check
+CVE-2019-15161 (rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain
length valu ...)
+ TODO: check
CVE-2019-15160 (The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang
and Elix ...)
NOT-FOR-US: SweetXml (aka sweet_xml) package for Erlang and Elixir
CVE-2019-15159
@@ -10058,11 +10083,9 @@ CVE-2019-13631 (In parse_hid_report_descriptor in
drivers/input/tablet/gtco.c in
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
RESERVED
-CVE-2019-13629
- RESERVED
+CVE-2019-13629 (MatrixSSL 4.2.1 and earlier contains a timing side channel in
ECDSA si ...)
- matrixssl <removed>
-CVE-2019-13628
- RESERVED
+CVE-2019-13628 (wolfSSL and wolfCrypt 4.0.0 and earlier (when configured
without --ena ...)
- wolfssl 4.1.0+dfsg-1
NOTE: https://github.com/wolfSSL/wolfssl/pull/2353
CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the
libgcryp ...)
@@ -16830,7 +16853,7 @@ CVE-2019-11512 (Contao 4.x allows SQL Injection. Fixed
in Contao 4.4.39 and Cont
NOT-FOR-US: Contao
CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS
via the ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1,
8.2 before ...)
+CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) 8.2 before
8.2R12.1, 8.3 be ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11509 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1,
8.2 before ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
@@ -35904,8 +35927,8 @@ CVE-2019-4443
RESERVED
CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could
allow a ...)
NOT-FOR-US: IBM
-CVE-2019-4441
- RESERVED
+CVE-2019-4441 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and
Liberty could ...)
+ TODO: check
CVE-2019-4440
RESERVED
CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate
session ...)
@@ -35942,8 +35965,8 @@ CVE-2019-4424 (IBM Business Automation Workflow
18.0.0.0, 18.0.0.1, 18.0.0.2, 19
NOT-FOR-US: IBM
CVE-2019-4423 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a
remote ...)
NOT-FOR-US: IBM
-CVE-2019-4422
- RESERVED
+CVE-2019-4422 (IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a
privilege ...)
+ TODO: check
CVE-2019-4421
RESERVED
CVE-2019-4420 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 could
disclose ...)
@@ -37311,8 +37334,7 @@ CVE-2019-3835 (It was found that the superexec operator
was available in the int
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=205591753126802da850ada6511a0ff8411aa287
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e6450d74619e6277efeebfc222d9a5cb91
(needed dependency)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700585
-CVE-2019-3834
- RESERVED
+CVE-2019-3834 (It was found that the fix for CVE-2014-0114 had been reverted
in JBoss ...)
NOT-FOR-US: JBoss Operations Network 3 (JON) specific CVE assignment
CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable
to infin ...)
- openwsman <itp> (bug #754501)
@@ -56961,10 +56983,10 @@ CVE-2018-16454 (PHP Scripts Mall Currency Converter
Script 2.0.5 allows remote a
NOT-FOR-US: PHP Scripts Mall Olx Clone
CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the
search b ...)
NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
-CVE-2018-16452
- RESERVED
-CVE-2018-16451
- RESERVED
+CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in
smbutil ...)
+ TODO: check
+CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads
in print- ...)
+ TODO: check
CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p
parameter. ...)
NOT-FOR-US: CraftedWeb
CVE-2018-16449 (OneThink 1.1.141212 allows CSRF for adding a page via
admin.php?s=/Cha ...)
@@ -57400,10 +57422,10 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1
allows remote attackers to
NOT-FOR-US: PDF-XChange Editor
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a
crafted fil ...)
NOT-FOR-US: MediaComm Zip-n-Go
-CVE-2018-16301
- RESERVED
-CVE-2018-16300
- RESERVED
+CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a
buffer ov ...)
+ TODO: check
+CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack
consumption in pri ...)
+ TODO: check
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory
Travers ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an
mc-admin/post.php ...)
@@ -57544,14 +57566,14 @@ CVE-2018-16232 (An authenticated command injection
vulnerability exists in IPFir
NOT-FOR-US: IPFire
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f
allows r ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
-CVE-2018-16230
- RESERVED
-CVE-2018-16229
- RESERVED
-CVE-2018-16228
- RESERVED
-CVE-2018-16227
- RESERVED
+CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read
in print ...)
+ TODO: check
+CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read
in prin ...)
+ TODO: check
+CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read
in prin ...)
+ TODO: check
+CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer
over-read ...)
+ TODO: check
CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice
Office 400 ...)
NOT-FOR-US: Mitel
CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted
network ...)
@@ -60801,14 +60823,14 @@ CVE-2018-14883 (An issue was discovered in PHP before
5.6.37, 7.0.x before 7.0.3
- php5 <removed>
NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
-CVE-2018-14882
- RESERVED
-CVE-2018-14881
- RESERVED
-CVE-2018-14880
- RESERVED
-CVE-2018-14879
- RESERVED
+CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer
over-read in pr ...)
+ TODO: check
+CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read
in print ...)
+ TODO: check
+CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer
over-read in pr ...)
+ TODO: check
+CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a
buffer ...)
+ TODO: check
CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key
content]
- xml-security-c 2.0.2-2 (bug #913136)
[stretch] - xml-security-c <no-dsa> (Minor issue; can be fixed via
point release)
@@ -62119,26 +62141,26 @@ CVE-2018-14472 (An issue was discovered in WUZHI CMS
4.1.0. The vulnerable file
NOT-FOR-US: WUZHI CMS
CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU
LibreDWG 0 ...)
- libredwg <itp> (bug #595191)
-CVE-2018-14470
- RESERVED
-CVE-2018-14469
- RESERVED
-CVE-2018-14468
- RESERVED
-CVE-2018-14467
- RESERVED
-CVE-2018-14466
- RESERVED
-CVE-2018-14465
- RESERVED
-CVE-2018-14464
- RESERVED
-CVE-2018-14463
- RESERVED
-CVE-2018-14462
- RESERVED
-CVE-2018-14461
- RESERVED
+CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer
over-read in pri ...)
+ TODO: check
+CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer
over-read in pri ...)
+ TODO: check
+CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer
over-read in pr ...)
+ TODO: check
+CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read
in print ...)
+ TODO: check
+CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read
in print- ...)
+ TODO: check
+CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read
in prin ...)
+ TODO: check
+CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read
in print ...)
+ TODO: check
+CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read
in prin ...)
+ TODO: check
+CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read
in prin ...)
+ TODO: check
+CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read
in print ...)
+ TODO: check
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- hdf5 <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
@@ -73955,12 +73977,12 @@ CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware
through DIR-815_REVB_FIRMWA
NOT-FOR-US: D-Link
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through
DIR-815_REVB_FIRMWARE_PAT ...)
NOT-FOR-US: D-Link
-CVE-2018-10105
- RESERVED
+CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data
(issue 2 of 2 ...)
+ TODO: check
CVE-2018-10104
RESERVED
-CVE-2018-10103
- RESERVED
+CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data
(issue 1 of 2 ...)
+ TODO: check
CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search
(XS-Search) ...)
NOT-FOR-US: Google Monorail
CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business
14.0.14 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e79e766ef9620f6d3d10bcf1ccb87da0f0f166
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e79e766ef9620f6d3d10bcf1ccb87da0f0f166
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
