Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4dee0fe by security tracker role at 2019-10-08T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63
can trigge ...)
+ TODO: check
+CVE-2019-17358
+ RESERVED
+CVE-2019-17357
+ RESERVED
+CVE-2019-17356
+ RESERVED
+CVE-2019-17355
+ RESERVED
+CVE-2019-17354
+ RESERVED
+CVE-2019-17353
+ RESERVED
+CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there
is a vul ...)
+ TODO: check
CVE-2019-17339
RESERVED
CVE-2019-17338
@@ -134,8 +150,8 @@ CVE-2019-17273
RESERVED
CVE-2019-17272
RESERVED
-CVE-2019-17271
- RESERVED
+CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the
ajax/api/hook/getHookList ...)
+ TODO: check
CVE-2019-17270
RESERVED
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to
execute arbitr ...)
@@ -166,50 +182,50 @@ CVE-2019-17263 (In libyal libfwsi before 20191006,
libfwsi_extension_block_copy_
[stretch] - libfwsi <no-dsa> (Minor issue)
NOTE: https://github.com/libyal/libfwsi/issues/13
NOTE:
https://github.com/libyal/libfwsi/commit/54afa5c71d6c795a555dbcb1e160fea393b98fb3
-CVE-2019-17262
- RESERVED
-CVE-2019-17261
- RESERVED
-CVE-2019-17260
- RESERVED
-CVE-2019-17259
- RESERVED
-CVE-2019-17258
- RESERVED
-CVE-2019-17257
- RESERVED
-CVE-2019-17256
- RESERVED
-CVE-2019-17255
- RESERVED
-CVE-2019-17254
- RESERVED
-CVE-2019-17253
- RESERVED
-CVE-2019-17252
- RESERVED
-CVE-2019-17251
- RESERVED
-CVE-2019-17250
- RESERVED
-CVE-2019-17249
- RESERVED
-CVE-2019-17248
- RESERVED
-CVE-2019-17247
- RESERVED
-CVE-2019-17246
- RESERVED
-CVE-2019-17245
- RESERVED
-CVE-2019-17244
- RESERVED
-CVE-2019-17243
- RESERVED
-CVE-2019-17242
- RESERVED
-CVE-2019-17241
- RESERVED
+CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at
Xwsq+0x0 ...)
+ TODO: check
+CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at
Xwsq+0x0 ...)
+ TODO: check
+CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a
Block Data M ...)
+ TODO: check
+CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at
utils!src_ne ...)
+ TODO: check
+CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control
a subseq ...)
+ TODO: check
+CVE-2019-17257 (IrfanView 4.53 allows a Exception Handler Chain to be
Corrupted starti ...)
+ TODO: check
+CVE-2019-17256 (IrfanView 4.53 allows a User Mode Write AV starting at
DPX!ReadDPX_W+0 ...)
+ TODO: check
+CVE-2019-17255 (IrfanView 4.53 allows a User Mode Write AV starting at
EXR!ReadEXR+0x0 ...)
+ TODO: check
+CVE-2019-17254 (IrfanView 4.53 allows Data from a Faulting Address to control
a subseq ...)
+ TODO: check
+CVE-2019-17253 (IrfanView 4.53 allows a User Mode Write AV starting at
JPEG_LS+0x00000 ...)
+ TODO: check
+CVE-2019-17252 (IrfanView 4.53 allows a User Mode Write AV starting at
FORMATS!Read_Ba ...)
+ TODO: check
+CVE-2019-17251 (IrfanView 4.53 allows a User Mode Write AV starting at
FORMATS!GetPlug ...)
+ TODO: check
+CVE-2019-17250 (IrfanView 4.53 allows a User Mode Write AV starting at
WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17249 (IrfanView 4.53 allows a User Mode Write AV starting at
WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17248 (IrfanView 4.53 allows a User Mode Write AV starting at
WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17247 (IrfanView 4.53 allows Data from a Faulting Address to control
a subseq ...)
+ TODO: check
+CVE-2019-17246 (IrfanView 4.53 allows a User Mode Write AV starting at
WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17245 (IrfanView 4.53 allows a User Mode Write AV starting at
WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17244 (IrfanView 4.53 allows Data from a Faulting Address to control
Code Flo ...)
+ TODO: check
+CVE-2019-17243 (IrfanView 4.53 allows Data from a Faulting Address to control
Code Flo ...)
+ TODO: check
+CVE-2019-17242 (IrfanView 4.53 allows a User Mode Write AV starting at
WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17241 (IrfanView 4.53 allows a User Mode Write AV starting at
WSQ!ReadWSQ+0x0 ...)
+ TODO: check
CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers
to bypas ...)
NOT-FOR-US: Bludit
CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in
the downl ...)
@@ -318,10 +334,10 @@ CVE-2019-17189
RESERVED
CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in
catalog/pr ...)
NOT-FOR-US: Fecshop FecMall
-CVE-2019-17187
- RESERVED
-CVE-2019-17186
- RESERVED
+CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T
1.00.M5007_ ...)
+ TODO: check
+CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T
1.00.M5007_JS_201 ...)
+ TODO: check
CVE-2019-17185
RESERVED
CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090
C8030/C8035/C8045/C8055/C ...)
@@ -424,8 +440,7 @@ CVE-2019-17136
RESERVED
CVE-2019-17135
RESERVED
-CVE-2019-17134 [agent doesn't check for client certificate]
- RESERVED
+CVE-2019-17134 (Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2,
>=3.0.0 ...)
- octavia 4.0.0-6 (bug #941897)
[buster] - octavia <no-dsa> (Minor issue in regular setups, can be
fixed via point release)
CVE-2019-17132 (vBulletin through 5.5.4 mishandles custom avatars. ...)
@@ -482,28 +497,28 @@ CVE-2019-17110 (A security issue was discovered in
kube-state-metrics 1.7.x befo
NOT-FOR-US: kube-state-metrics
CVE-2019-17109
RESERVED
-CVE-2019-17108
- RESERVED
-CVE-2019-17107
- RESERVED
-CVE-2019-17106
- RESERVED
-CVE-2019-17105
- RESERVED
-CVE-2019-17104
- RESERVED
-CVE-2018-21025
- RESERVED
-CVE-2018-21024
- RESERVED
-CVE-2018-21023
- RESERVED
-CVE-2018-21022
- RESERVED
-CVE-2018-21021
- RESERVED
-CVE-2018-21020
- RESERVED
+CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web
before 2 ...)
+ TODO: check
+CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows
authenticated ...)
+ TODO: check
+CVE-2019-17106 (In Centreon Web through 2.8.29, disclosure of external
components' pas ...)
+ TODO: check
+CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27
is pred ...)
+ TODO: check
+CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration
within the Ap ...)
+ TODO: check
+CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows
attackers to ...)
+ TODO: check
+CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows
attackers to up ...)
+ TODO: check
+CVE-2018-21023 (getStats.php in Centreon Web before 2.8.28 allows
authenticated attack ...)
+ TODO: check
+CVE-2018-21022 (makeXML_ListServices.php in Centreon Web before 2.8.28 allows
attacker ...)
+ TODO: check
+CVE-2018-21021 (img_gantt.php in Centreon Web before 2.8.27 allows attackers
to perfor ...)
+ TODO: check
+CVE-2018-21020 (In very rare cases, a PHP type juggling vulnerability in
centreonAuth. ...)
+ TODO: check
CVE-2019-17103
RESERVED
CVE-2019-17102
@@ -899,8 +914,8 @@ CVE-2019-16931 (A stored XSS vulnerability in the
Visualizer plugin 3.3.0 for Wo
NOT-FOR-US: Visualizer plugin for WordPress
CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP
address of a ...)
NOT-FOR-US: Zcash
-CVE-2019-16929
- RESERVED
+CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has Incorrect Access Control
because Iden ...)
+ TODO: check
CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile
part of the ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-16926 (Flower 0.9.3 has XSS via a crafted worker name. ...)
@@ -2173,10 +2188,10 @@ CVE-2019-16419
RESERVED
CVE-2019-16418
RESERVED
-CVE-2019-16417
- RESERVED
-CVE-2019-16416
- RESERVED
+CVE-2019-16417 (HRworks FLOW 3.36.9 allows XSS via the purpose of a
travel-expense rep ...)
+ TODO: check
+CVE-2019-16416 (HRworks 3.36.9 allows XSS via the purpose of a travel-expense
report. ...)
+ TODO: check
CVE-2019-16415
RESERVED
CVE-2019-16414 (A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding
of malici ...)
@@ -3599,6 +3614,7 @@ CVE-2019-15925 (An issue was discovered in the Linux
kernel before 5.2.3. An out
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90
CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in
color_apply_icc_pr ...)
+ {DLA-1950-1}
- openjpeg2 2.3.1-1 (bug #939553)
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
@@ -6910,10 +6926,9 @@ CVE-2019-14848
RESERVED
CVE-2019-14847
RESERVED
-CVE-2019-14846
- RESERVED
-CVE-2019-14845
- RESERVED
+CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and
ansible_engine-3.x up to ...)
+ TODO: check
+CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up
to 4.3. ...)
NOT-FOR-US: OpenShift
CVE-2019-14844 (A flaw was found in, Fedora versions of krb5 from 1.16.1 to,
including ...)
- krb5 <not-affected> (Vulnerable code not present; problematic commit
not backported; not present in any MIT krb5 release)
@@ -7476,10 +7491,10 @@ CVE-2019-14659
REJECTED
CVE-2019-14658
RESERVED
-CVE-2019-14657
- RESERVED
-CVE-2019-14656
- RESERVED
+CVE-2019-14657 (Yealink phones through 2019-08-04 have an issue with OpenVPN
file uplo ...)
+ TODO: check
+CVE-2019-14656 (Yealink phones through 2019-08-04 do not properly check user
roles in ...)
+ TODO: check
CVE-2019-14655
REJECTED
CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users
authoris ...)
@@ -12373,8 +12388,8 @@ CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote
attacker can obtain the p
NOT-FOR-US: WESEEK GROWI
CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic
authentication can b ...)
NOT-FOR-US: WESEEK GROWI
-CVE-2019-13336
- RESERVED
+CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows
remote attack ...)
+ TODO: check
CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and
7.11.7 has ...)
NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-13334
@@ -18852,8 +18867,8 @@ CVE-2019-10971 (The application (Network Configurator
for DeviceNet Safety 3.41
NOT-FOR-US: Omron
CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions
manufactured befor ...)
NOT-FOR-US: Rockwell Automation PanelView
-CVE-2019-10969
- RESERVED
+CVE-2019-10969 (Moxa EDR 810, all versions 5.1 and prior, allows an
authenticated atta ...)
+ TODO: check
CVE-2019-10968 (Philips Holter 2010 Plus, all versions. A vulnerability has
been ident ...)
NOT-FOR-US: Philips Holter 2010 Plus
CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a
stack-based ...)
@@ -18864,8 +18879,8 @@ CVE-2019-10965 (In Emerson Ovation OCR400 Controller
3.3.1 and earlier, a heap-b
NOT-FOR-US: Emerson
CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin
Pumps, ...)
NOT-FOR-US: Medtronic
-CVE-2019-10963
- RESERVED
+CVE-2019-10963 (Moxa EDR 810, all versions 5.1 and prior, allows an
unauthenticated at ...)
+ TODO: check
CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR
Build 11,1. ...)
NOT-FOR-US: BD Alaris Gateway
CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and
prior, proces ...)
@@ -19386,10 +19401,10 @@ CVE-2019-10759
RESERVED
CVE-2019-10758
RESERVED
-CVE-2019-10757
- RESERVED
-CVE-2019-10756
- RESERVED
+CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection
attack. ...)
+ TODO: check
+CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard
versions ...)
+ TODO: check
CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found
to make ...)
NOT-FOR-US: SAML2Utils.java
CVE-2019-10754 (Multiple classes used within Apereo CAS before release
6.1.0-RC5 makes ...)
@@ -20746,8 +20761,7 @@ CVE-2019-10216 [-dSAFER escape via .buildfont1]
NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
-CVE-2019-10215
- RESERVED
+CVE-2019-10215 (Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a
cross-sit ...)
NOT-FOR-US: Bootstrap-3-Typeahead
CVE-2019-10214
RESERVED
@@ -23637,12 +23651,15 @@ CVE-2019-17344 (An issue was discovered in Xen
through 4.11.x allowing x86 PV gu
[jessie] - xen <not-affected> (Introduced by ignored fix for
CVE-2018-3646)
NOTE: https://xenbits.xen.org/xsa/advisory-290.html
CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
+ {DLA-1949-1}
- xen 4.11.1+92-g6c33308a8d-1 (bug #929994)
NOTE: https://xenbits.xen.org/xsa/advisory-288.html
CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
+ {DLA-1949-1}
- xen 4.11.1+92-g6c33308a8d-1 (bug #930001)
NOTE: https://xenbits.xen.org/xsa/advisory-287.html
CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
+ {DLA-1949-1}
- xen 4.11.1+92-g6c33308a8d-1 (bug #929998)
NOTE: https://xenbits.xen.org/xsa/advisory-285.html
CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86
guest OS us ...)
@@ -49420,7 +49437,7 @@ CVE-2018-19368
CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint
(/api/users/admin/ch ...)
NOT-FOR-US: Portainer
CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
- {DSA-4369-1}
+ {DSA-4369-1 DLA-1949-1}
- xen 4.11.1-1
NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit
PV guest ...)
@@ -49439,11 +49456,11 @@ CVE-2018-19963 (An issue was discovered in Xen 4.11
allowing HVM guest OS users
[jessie] - xen <not-affected> (Only affects 4.11)
NOTE: https://xenbits.xen.org/xsa/advisory-276.txt
CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86
platforms, po ...)
- {DSA-4369-1}
+ {DSA-4369-1 DLA-1949-1}
- xen 4.11.1-1
NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86
platforms, po ...)
- {DSA-4369-1}
+ {DSA-4369-1 DLA-1949-1}
- xen 4.11.1-1
NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19366
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4dee0fe5da1ba0b6d7bdbeb966f0dc4d5f73d3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4dee0fe5da1ba0b6d7bdbeb966f0dc4d5f73d3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
