Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54f501af by security tracker role at 2019-11-07T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the
function DJVU:: ...)
+ TODO: check
+CVE-2019-18803
+ RESERVED
+CVE-2019-18802
+ RESERVED
+CVE-2019-18801
+ RESERVED
CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can
capture a vict ...)
TODO: check
CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in
Sass::Parser ...)
@@ -3243,8 +3251,8 @@ CVE-2019-18413 (In TypeStack class-validator 0.10.2,
validate() input validation
NOT-FOR-US: TypeStack class-validator
CVE-2019-18412
RESERVED
-CVE-2019-18411
- RESERVED
+CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF
on the ...)
+ TODO: check
CVE-2019-18410
RESERVED
CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows
local pr ...)
@@ -9038,10 +9046,10 @@ CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the
functionalities for customer
NOT-FOR-US: Webkul Bagisto
CVE-2019-16402
RESERVED
-CVE-2019-16401
- RESERVED
-CVE-2019-16400
- RESERVED
+CVE-2019-16401 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number:
R16NW.G9 ...)
+ TODO: check
+CVE-2019-16400 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number:
R16NW.G9 ...)
+ TODO: check
CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers
from Broke ...)
NOT-FOR-US: Western Digital
CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code
execution ca ...)
@@ -13296,11 +13304,9 @@ CVE-2019-15006
RESERVED
CVE-2019-15005
RESERVED
-CVE-2019-15004
- RESERVED
+CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk
Server and ...)
NOT-FOR-US: Atlassian
-CVE-2019-15003
- RESERVED
+CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk
Server and ...)
NOT-FOR-US: Atlassian
CVE-2019-15002
RESERVED
@@ -17547,8 +17553,8 @@ CVE-2018-20855 (An issue was discovered in the Linux
kernel before 4.18.7. In cr
CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20.
drivers/phy/m ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
-CVE-2018-20853
- RESERVED
+CVE-2018-20853 (An issue was discovered in the MailPoet Newsletters (aka
wysija-newsle ...)
+ TODO: check
CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress
allows XSS ...)
NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
CVE-2016-10762 (The CampTix Event Ticketing plugin before 1.5 for WordPress
allows CSV ...)
@@ -21901,8 +21907,7 @@ CVE-2019-12421
RESERVED
CVE-2019-12420
RESERVED
-CVE-2019-12419
- RESERVED
+CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the
components that ...)
NOT-FOR-US: Apache CFX
CVE-2019-12418
RESERVED
@@ -21928,8 +21933,7 @@ CVE-2019-12408
RESERVED
CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully
crafted plugin ...)
- jspwiki <removed>
-CVE-2019-12406
- RESERVED
+CVE-2019-12406 (Apache CXF before 3.3.4 and 3.2.11 does not restrict the
number of mes ...)
NOT-FOR-US: Apache CFX
CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control
versions ...)
NOT-FOR-US: Apache Traffic Control
@@ -42233,8 +42237,8 @@ CVE-2019-5127 (A command injection have been found in
YouPHPTube Encoder. A succ
NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5126
RESERVED
-CVE-2019-5125
- RESERVED
+CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the
JPEG2000 pars ...)
+ TODO: check
CVE-2019-5124
RESERVED
CVE-2019-5123 (Specially crafted web requests can cause SQL injections in
YouPHPTube ...)
@@ -42283,10 +42287,10 @@ CVE-2019-5102
RESERVED
CVE-2019-5101
RESERVED
-CVE-2019-5100
- RESERVED
-CVE-2019-5099
- RESERVED
+CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP
header ...)
+ TODO: check
+CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the
CMP-parsi ...)
+ TODO: check
CVE-2019-5098
RESERVED
CVE-2019-5097
@@ -42318,8 +42322,8 @@ CVE-2019-5086
RESERVED
CVE-2019-5085
RESERVED
-CVE-2019-5084
- RESERVED
+CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in
the TI ...)
+ TODO: check
CVE-2019-5083
RESERVED
CVE-2019-5082
@@ -219560,10 +219564,10 @@ CVE-2014-9028 (Heap-based buffer overflow in
stream_decoder.c in libFLAC before
NOTE: Upstream patches:
NOTE:
https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
NOTE:
https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
-CVE-2014-9014
- RESERVED
-CVE-2014-9013
- RESERVED
+CVE-2014-9014 (Directory traversal vulnerability in the ajaxinit function in
wpmarket ...)
+ TODO: check
+CVE-2014-9013 (The ajaxinit function in wpmarketplace/libs/cart.php in the WP
Marketp ...)
+ TODO: check
CVE-2014-9012
RESERVED
CVE-2014-9011
@@ -235178,8 +235182,8 @@ CVE-2014-3181 (Multiple stack-based buffer overflows
in the magicmouse_raw_event
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=100
NOTE: Upstream fix:
https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38
(v3.17-rc3)
-CVE-2014-3180
- RESERVED
+CVE-2014-3180 (** DISPUTED ** In kernel/compat.c in the Linux kernel before
3.17, as ...)
+ TODO: check
CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before
37.0.2062 ...)
{DSA-3039-1}
- chromium-browser 37.0.2062.120-1
@@ -287292,8 +287296,8 @@ CVE-2011-2810
REJECTED
CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
-CVE-2011-2808
- RESERVED
+CVE-2011-2808 (A stale layout root is set as an input element in WebKit in
Google Chr ...)
+ TODO: check
CVE-2011-2807
RESERVED
CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly
handle ...)
@@ -310997,13 +311001,11 @@ CVE-2009-3779 (Cross-site scripting (XSS)
vulnerability in vCard 5.x before 5.x-
NOT-FOR-US: module for Drupal
CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before
6.x-1.2, ...)
NOT-FOR-US: module for Drupal
-CVE-2009-5045 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5045 (Dump Servlet information leak in jetty before 6.1.22. ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5046 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54f501afffe4d4c958ec5a892f37a469550bfc2a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54f501afffe4d4c958ec5a892f37a469550bfc2a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
