Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
33a29c4c by security tracker role at 2019-10-17T08:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
the Lin ...)
+ TODO: check
+CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because
it load ...)
+ TODO: check
+CVE-2019-17664 (NSA Ghidra through 9.0.4 uses a potentially untrusted search
path. Whe ...)
+ TODO: check
CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via
HtmlResponseMessage in t ...)
NOT-FOR-US: D-Link
CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which
leads to a c ...)
@@ -109,16 +115,16 @@ CVE-2019-17613 (qibosoft 7 allows remote code execution
because do/jf.php makes
NOT-FOR-US: qibosoft
CVE-2019-17612 (An issue was discovered in 74CMS v5.2.8. There is a SQL
Injection gene ...)
NOT-FOR-US: 74CMS
-CVE-2019-17611
- RESERVED
-CVE-2019-17610
- RESERVED
-CVE-2019-17609
- RESERVED
-CVE-2019-17608
- RESERVED
-CVE-2019-17607
- RESERVED
+CVE-2019-17611 (HongCMS 3.0.0 has XSS via the install/index.php tableprefix
parameter. ...)
+ TODO: check
+CVE-2019-17610 (HongCMS 3.0.0 has XSS via the install/index.php dbpassword
parameter. ...)
+ TODO: check
+CVE-2019-17609 (HongCMS 3.0.0 has XSS via the install/index.php dbusername
parameter. ...)
+ TODO: check
+CVE-2019-17608 (HongCMS 3.0.0 has XSS via the install/index.php dbname
parameter. ...)
+ TODO: check
+CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername
parameter. ...)
+ TODO: check
CVE-2019-17606
RESERVED
CVE-2019-17605
@@ -456,6 +462,7 @@ CVE-2019-17506 (There are some web interfaces without
authentication requirement
CVE-2019-17505 (D-Link DAP-1320 A2-V1.21 routers have some web interfaces
without auth ...)
NOT-FOR-US: D-Link
CVE-2017-18638 (send_email in graphite-web/webapp/graphite/composer/views.py
in Graphi ...)
+ {DLA-1962-1}
- graphite-web <unfixed>
NOTE: https://github.com/graphite-project/graphite-web/issues/2008
NOTE: https://github.com/graphite-project/graphite-web/pull/2499
@@ -8817,12 +8824,14 @@ CVE-2019-14498 (A divide-by-zero error exists in the
Control function of demux/c
[jessie] - vlc <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in
MilkyTr ...)
+ {DLA-1961-1}
- milkytracker <unfixed> (bug #933964)
[buster] - milkytracker <no-dsa> (Minor issue)
[stretch] - milkytracker <no-dsa> (Minor issue)
NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
NOTE:
https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker
1.02.00 ha ...)
+ {DLA-1961-1}
- milkytracker <unfixed> (bug #933964)
[buster] - milkytracker <no-dsa> (Minor issue)
[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -8933,6 +8942,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism
Tracker 20190722 has a
NOTE: https://github.com/schismtracker/schismtracker/issues/198
NOTE:
https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker
1.02.00 has a ...)
+ {DLA-1961-1}
- milkytracker <unfixed> (bug #933964)
[buster] - milkytracker <no-dsa> (Minor issue)
[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -20118,6 +20128,7 @@ CVE-2019-10872 (An issue was discovered in Poppler
0.74.0. There is a heap-based
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a
heap-based buffe ...)
+ {DLA-1963-1}
[experimental] - poppler 0.81.0-1
- poppler <unfixed> (low; bug #926529)
[buster] - poppler <postponed> (Revisit when fixed upstream)
@@ -22549,6 +22560,7 @@ CVE-2019-9961 (A cross-site scripting (XSS)
vulnerability in ressource view in c
CVE-2019-9960 (The downloadZip function in
application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier
doesn't che ...)
+ {DLA-1963-1}
[experimental] - poppler 0.81.0-1
- poppler <unfixed> (low; bug #941776)
[buster] - poppler <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a29c4cfc19dcdf0bdd04593743ebd54bd0630a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a29c4cfc19dcdf0bdd04593743ebd54bd0630a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
