Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bbdfd8c3 by security tracker role at 2019-10-11T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO 
hash theft ...)
+       TODO: check
+CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This 
field is  ...)
+       TODO: check
+CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in 
Swagger UI b ...)
+       TODO: check
+CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
+       TODO: check
+CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the 
Problem[sample_ ...)
+       TODO: check
+CVE-2019-17492
+       RESERVED
+CVE-2019-17491 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the 
Problem[descrip ...)
+       TODO: check
+CVE-2019-17490 (app\modules\polygon\controllers\ProblemController in Jiangnan 
Online J ...)
+       TODO: check
+CVE-2019-17489 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the 
Problem[title]  ...)
+       TODO: check
+CVE-2019-17488 (b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP 
User-Agent  ...)
+       TODO: check
 CVE-2019-17487
        RESERVED
 CVE-2019-17486
@@ -265,8 +285,8 @@ CVE-2019-17388
        RESERVED
 CVE-2019-17387
        RESERVED
-CVE-2019-17386
-       RESERVED
+CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in 
edsanimat ...)
+       TODO: check
 CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...)
        NOT-FOR-US: animate-it plugin for WordPress
 CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
@@ -6136,6 +6156,7 @@ CVE-2019-15168
 CVE-2019-15167
        RESERVED
 CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 
4.9.3 l ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
 CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate 
the PHB ...)
@@ -6621,8 +6642,8 @@ CVE-2019-15052 (The HTTP client in Gradle before 5.6 
sends authentication creden
        NOTE: https://github.com/gradle/gradle/issues/10278
        NOTE: https://github.com/gradle/gradle/pull/10176
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
-CVE-2019-15051
-       RESERVED
+CVE-2019-15051 (An issue was discovered in Softing uaGate (SI, MB, 840D) 
firmware thro ...)
+       TODO: check
 CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
        NOT-FOR-US: Bento4
 CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
@@ -17725,10 +17746,10 @@ CVE-2019-11530
        RESERVED
 CVE-2019-11529
        RESERVED
-CVE-2019-11528
-       RESERVED
-CVE-2019-11527
-       RESERVED
+CVE-2019-11528 (An issue was discovered in Softing uaGate SI 1.60.01. A system 
default ...)
+       TODO: check
+CVE-2019-11527 (An issue was discovered in Softing uaGate SI 1.60.01. A CGI 
script is  ...)
+       TODO: check
 CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A 
maintenance sc ...)
        NOT-FOR-US: Softing uaGate
 CVE-2019-11525
@@ -19071,6 +19092,7 @@ CVE-2015-9284 (The request phase of the OmniAuth Ruby 
gem is vulnerable to Cross
        NOTE: https://github.com/omniauth/omniauth/pull/809
        NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/11
 CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely 
exploitable ...)
+       {DLA-1956-1}
        - ruby-openid <undetermined> (bug #930388)
        NOTE: https://github.com/openid/ruby-openid/issues/122
        NOTE: 
https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211
@@ -24125,18 +24147,18 @@ CVE-2019-9536
        RESERVED
 CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with 
tmux's c ...)
        TODO: check
-CVE-2019-9534
-       RESERVED
-CVE-2019-9533
-       RESERVED
-CVE-2019-9532
-       RESERVED
-CVE-2019-9531
-       RESERVED
-CVE-2019-9530
-       RESERVED
-CVE-2019-9529
-       RESERVED
+CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not 
validate its  ...)
+       TODO: check
+CVE-2019-9533 (The root password of the Cobham EXPLORER 710 is the same for 
all versi ...)
+       TODO: check
+CVE-2019-9532 (The web application portal of the Cobham EXPLORER 710, firmware 
versio ...)
+       TODO: check
+CVE-2019-9531 (The web application portal of the Cobham EXPLORER 710, firmware 
versio ...)
+       TODO: check
+CVE-2019-9530 (The web root directory of the Cobham EXPLORER 710, firmware 
version 1. ...)
+       TODO: check
+CVE-2019-9529 (The web application portal of the Cobham EXPLORER 710, firmware 
versio ...)
+       TODO: check
 CVE-2019-9528
        RESERVED
 CVE-2019-9527
@@ -57916,9 +57938,11 @@ CVE-2018-16454 (PHP Scripts Mall Currency Converter 
Script 2.0.5 allows remote a
 CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the 
search b ...)
        NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
 CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in 
smbutil ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778
 CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads 
in print- ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
 CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p 
parameter. ...)
@@ -58364,6 +58388,7 @@ CVE-2018-16301 (libpcap before 1.9.1, as used in 
tcpdump before 4.9.3, has a buf
        NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 (asked 
upstream for info)
        NOTE: rpcapd not built in Debian.
 CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack 
consumption in pri ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
 CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory 
Travers ...)
@@ -58507,15 +58532,19 @@ CVE-2018-16232 (An authenticated command injection 
vulnerability exists in IPFir
 CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f 
allows r ...)
        NOT-FOR-US: Michael Roth Software Personal FTP Server
 CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read 
in print ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
 CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read 
in prin ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
 CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read 
in prin ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
 CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer 
over-read  ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
 CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice 
Office 400 ...)
@@ -61768,15 +61797,19 @@ CVE-2018-14883 (An issue was discovered in PHP before 
5.6.37, 7.0.x before 7.0.3
        NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
 CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer 
over-read in pr ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
 CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read 
in print ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
 CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer 
over-read in pr ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
 CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a 
buffer  ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
 CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key 
content]
@@ -63090,33 +63123,43 @@ CVE-2018-14472 (An issue was discovered in WUZHI CMS 
4.1.0. The vulnerable file
 CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU 
LibreDWG 0 ...)
        - libredwg <itp> (bug #595191)
 CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer 
over-read in pri ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
 CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer 
over-read in pri ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
 CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer 
over-read in pr ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
 CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read 
in print ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
 CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read 
in print- ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
 CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read 
in prin ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
 CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read 
in print ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
 CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read 
in prin ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
 CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read 
in prin ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
 CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read 
in print ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
 CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a hea ...)
@@ -74936,11 +74979,13 @@ CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware 
through DIR-815_REVB_FIRMWA
 CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through 
DIR-815_REVB_FIRMWARE_PAT ...)
        NOT-FOR-US: D-Link
 CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data 
(issue 2 of 2 ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: "Fixed" by disabling SMB printing
 CVE-2018-10104
        RESERVED
 CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data 
(issue 1 of 2 ...)
+       {DLA-1955-1}
        - tcpdump 4.9.3-1 (bug #941698)
        NOTE: "Fixed" by disabling SMB printing
 CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search 
(XS-Search)  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbdfd8c3aa46578bb6b19ebae9c24060aace14f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbdfd8c3aa46578bb6b19ebae9c24060aace14f9
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to