[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 1 21:10:44 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70f0e0ad by security tracker role at 2019-08-01T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,203 +1,285 @@
-CVE-2019-14467
- RESERVED
-CVE-2019-14466
- RESERVED
-CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...)
- - schism <unfixed>
- NOTE: https://github.com/schismtracker/schismtracker/issues/198
- NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
-CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...)
- TODO: check
-CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
- - libmodbus <unfixed>
- NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
-CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
- - libmodbus <unfixed>
- NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
-CVE-2019-14461
- RESERVED
-CVE-2019-14460
- RESERVED
-CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...)
- TODO: check
-CVE-2019-14458
- RESERVED
-CVE-2019-14457
- RESERVED
-CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...)
- NOT-FOR-US: Opengear console server firmware
-CVE-2019-14455
- RESERVED
-CVE-2019-14454
- RESERVED
-CVE-2013-7474
- RESERVED
-CVE-2013-7473
- RESERVED
-CVE-2019-14453
- RESERVED
-CVE-2018-20953
- RESERVED
-CVE-2018-20952
- RESERVED
-CVE-2018-20951
- RESERVED
-CVE-2018-20950
- RESERVED
-CVE-2018-20949
- RESERVED
-CVE-2018-20948
+CVE-2019-14508
RESERVED
-CVE-2018-20947
+CVE-2019-14507
RESERVED
-CVE-2018-20946
+CVE-2019-14506
RESERVED
-CVE-2018-20945
+CVE-2019-14505
RESERVED
-CVE-2018-20944
+CVE-2019-14504
RESERVED
-CVE-2018-20943
+CVE-2019-14503
RESERVED
-CVE-2018-20942
+CVE-2019-14502
RESERVED
-CVE-2018-20941
+CVE-2019-14501
RESERVED
-CVE-2018-20940
+CVE-2019-14500
RESERVED
-CVE-2018-20939
+CVE-2019-14499
RESERVED
-CVE-2018-20938
+CVE-2019-14498
RESERVED
-CVE-2018-20937
- RESERVED
-CVE-2018-20936
- RESERVED
-CVE-2018-20935
- RESERVED
-CVE-2018-20934
- RESERVED
-CVE-2018-20933
- RESERVED
-CVE-2018-20932
- RESERVED
-CVE-2018-20931
- RESERVED
-CVE-2018-20930
- RESERVED
-CVE-2018-20929
- RESERVED
-CVE-2018-20928
- RESERVED
-CVE-2018-20927
- RESERVED
-CVE-2018-20926
- RESERVED
-CVE-2018-20925
- RESERVED
-CVE-2018-20924
- RESERVED
-CVE-2018-20923
- RESERVED
-CVE-2018-20922
- RESERVED
-CVE-2018-20921
- RESERVED
-CVE-2018-20920
- RESERVED
-CVE-2018-20919
- RESERVED
-CVE-2018-20918
- RESERVED
-CVE-2018-20917
- RESERVED
-CVE-2018-20916
- RESERVED
-CVE-2018-20915
- RESERVED
-CVE-2018-20914
- RESERVED
-CVE-2018-20913
- RESERVED
-CVE-2018-20912
- RESERVED
-CVE-2018-20911
- RESERVED
-CVE-2018-20910
- RESERVED
-CVE-2018-20909
- RESERVED
-CVE-2018-20908
- RESERVED
-CVE-2018-20907
- RESERVED
-CVE-2018-20906
- RESERVED
-CVE-2018-20905
- RESERVED
-CVE-2018-20904
- RESERVED
-CVE-2018-20903
- RESERVED
-CVE-2018-20902
- RESERVED
-CVE-2018-20901
- RESERVED
-CVE-2018-20900
+CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
+ TODO: check
+CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
+ TODO: check
+CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...)
+ TODO: check
+CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...)
+ TODO: check
+CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...)
+ TODO: check
+CVE-2019-14492 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...)
+ TODO: check
+CVE-2019-14491 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...)
+ TODO: check
+CVE-2019-14490
RESERVED
-CVE-2018-20899
+CVE-2019-14489
RESERVED
-CVE-2018-20898
+CVE-2019-14488
RESERVED
-CVE-2018-20897
+CVE-2019-14487
RESERVED
-CVE-2018-20896
+CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c ...)
+ TODO: check
+CVE-2019-14485
RESERVED
-CVE-2018-20895
+CVE-2019-14484
RESERVED
-CVE-2018-20894
+CVE-2019-14483
RESERVED
-CVE-2018-20893
+CVE-2019-14482
RESERVED
-CVE-2018-20892
+CVE-2019-14481
RESERVED
-CVE-2018-20891
+CVE-2019-14480
RESERVED
-CVE-2018-20890
+CVE-2019-14479
RESERVED
-CVE-2018-20889
+CVE-2019-14478
RESERVED
-CVE-2018-20888
+CVE-2019-14477
RESERVED
-CVE-2018-20887
+CVE-2019-14476
RESERVED
-CVE-2018-20886
+CVE-2019-14475
RESERVED
-CVE-2018-20885
+CVE-2019-14474
RESERVED
-CVE-2018-20884
+CVE-2019-14473
RESERVED
-CVE-2018-20883
+CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...)
+ TODO: check
+CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...)
+ TODO: check
+CVE-2019-14470
RESERVED
-CVE-2018-20882
+CVE-2019-14469
RESERVED
-CVE-2018-20881
+CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...)
+ TODO: check
+CVE-2019-14467
RESERVED
-CVE-2018-20880
+CVE-2019-14466
RESERVED
-CVE-2018-20879
+CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...)
+ - schism <unfixed>
+ NOTE: https://github.com/schismtracker/schismtracker/issues/198
+ NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
+CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...)
+ TODO: check
+CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+ - libmodbus <unfixed>
+ NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
+CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+ - libmodbus <unfixed>
+ NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
+CVE-2019-14461
RESERVED
-CVE-2018-20878
+CVE-2019-14460
RESERVED
-CVE-2018-20877
+CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...)
+ TODO: check
+CVE-2019-14458
RESERVED
-CVE-2018-20876
+CVE-2019-14457
RESERVED
-CVE-2018-20875
+CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...)
+ NOT-FOR-US: Opengear console server firmware
+CVE-2019-14455
RESERVED
-CVE-2018-20874
+CVE-2019-14454
RESERVED
-CVE-2018-20873
+CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit ...)
+ TODO: check
+CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...)
+ TODO: check
+CVE-2019-14453
RESERVED
+CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips interface (SE ...)
+ TODO: check
+CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use of WHM A ...)
+ TODO: check
+CVE-2018-20951 (cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC ...)
+ TODO: check
+CVE-2018-20950 (cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer ( ...)
+ TODO: check
+CVE-2018-20949 (cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Incl ...)
+ TODO: check
+CVE-2018-20948 (cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SE ...)
+ TODO: check
+CVE-2018-20947 (cPanel before 68.0.27 allows certain file-write operations via the tel ...)
+ TODO: check
+CVE-2018-20946 (cPanel before 68.0.27 allows attackers to read zone information becaus ...)
+ TODO: check
+CVE-2018-20945 (bin/csvprocess in cPanel before 68.0.27 allows insecure file operation ...)
+ TODO: check
+CVE-2018-20944 (cPanel before 68.0.27 allows attackers to read a copy of httpd.conf th ...)
+ TODO: check
+CVE-2018-20943 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
+ TODO: check
+CVE-2018-20942 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
+ TODO: check
+CVE-2018-20941 (cPanel before 68.0.27 allows arbitrary file-read operations via restor ...)
+ TODO: check
+CVE-2018-20940 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
+ TODO: check
+CVE-2018-20939 (cPanel before 68.0.27 allows a user to discover contents of directorie ...)
+ TODO: check
+CVE-2018-20938 (cPanel before 68.0.27 does not enforce ownership during addpkgext and ...)
+ TODO: check
+CVE-2018-20937 (cPanel before 68.0.27 does not validate database and dbuser names duri ...)
+ TODO: check
+CVE-2018-20936 (cPanel before 68.0.27 allows attackers to read the SRS secret via exim ...)
+ TODO: check
+CVE-2018-20935 (cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone ...)
+ TODO: check
+CVE-2018-20934 (cPanel before 70.0.23 does not prevent e-mail account suspensions from ...)
+ TODO: check
+CVE-2018-20933 (cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action ( ...)
+ TODO: check
+CVE-2018-20932 (cPanel before 70.0.23 exposes Apache HTTP Server logs after creation o ...)
+ TODO: check
+CVE-2018-20931 (cPanel before 70.0.23 allows demo accounts to execute code via the Lan ...)
+ TODO: check
+CVE-2018-20930 (cPanel before 70.0.23 allows .htaccess restrictions bypass when Htacce ...)
+ TODO: check
+CVE-2018-20929 (cPanel before 70.0.23 allows an open redirect via the /unprotected/red ...)
+ TODO: check
+CVE-2018-20928 (cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interf ...)
+ TODO: check
+CVE-2018-20927 (cPanel before 70.0.23 allows jailshell escape because of incorrect cro ...)
+ TODO: check
+CVE-2018-20926 (cPanel before 70.0.23 allows local privilege escalation via the WHM Lo ...)
+ TODO: check
+CVE-2018-20925 (cPanel before 70.0.23 allows local privilege escalation via the WHM Le ...)
+ TODO: check
+CVE-2018-20924 (cPanel before 70.0.23 allows arbitrary file-read and file-unlink opera ...)
+ TODO: check
+CVE-2018-20923 (cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Reco ...)
+ TODO: check
+CVE-2018-20922 (cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action ( ...)
+ TODO: check
+CVE-2018-20921 (cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" ...)
+ TODO: check
+CVE-2018-20920 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...)
+ TODO: check
+CVE-2018-20919 (cPanel before 70.0.23 allows stored XSS via a WHM Create Account actio ...)
+ TODO: check
+CVE-2018-20918 (cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). ...)
+ TODO: check
+CVE-2018-20917 (cPanel before 70.0.23 allows any user to disable Solr (SEC-371). ...)
+ TODO: check
+CVE-2018-20916 (cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-3 ...)
+ TODO: check
+CVE-2018-20915 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...)
+ TODO: check
+CVE-2018-20914 (In cPanel before 70.0.23, OpenID providers can inject arbitrary data i ...)
+ TODO: check
+CVE-2018-20913 (cPanel before 70.0.23 allows attackers to read the root accesshash via ...)
+ TODO: check
+CVE-2018-20912 (cPanel before 70.0.23 allows demo accounts to execute code via awstats ...)
+ TODO: check
+CVE-2018-20911 (cPanel before 70.0.23 allows code execution because "." is in @INC dur ...)
+ TODO: check
+CVE-2018-20910 (cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity ...)
+ TODO: check
+CVE-2018-20909 (cPanel before 70.0.23 allows arbitrary file-chmod operations during le ...)
+ TODO: check
+CVE-2018-20908 (cPanel before 71.9980.37 allows arbitrary file-read operations during ...)
+ TODO: check
+CVE-2018-20907 (cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API ...)
+ TODO: check
+CVE-2018-20906 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
+ TODO: check
+CVE-2018-20905 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
+ TODO: check
+CVE-2018-20904 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
+ TODO: check
+CVE-2018-20903 (cPanel before 71.9980.37 allows self XSS in the WHM Backup Configurati ...)
+ TODO: check
+CVE-2018-20902 (cPanel before 71.9980.37 allows attackers to read root's crontab file ...)
+ TODO: check
+CVE-2018-20901 (cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme In ...)
+ TODO: check
+CVE-2018-20900 (cPanel before 71.9980.37 allows stored XSS in the YUM autorepair funct ...)
+ TODO: check
+CVE-2018-20899 (cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons install ...)
+ TODO: check
+CVE-2018-20898 (cPanel before 71.9980.37 allows e-mail injection during cPAddons moder ...)
+ TODO: check
+CVE-2018-20897 (cPanel before 71.9980.37 allows arbitrary file-unlink operations via t ...)
+ TODO: check
+CVE-2018-20896 (cPanel before 71.9980.37 allows code injection in the WHM cPAddons int ...)
+ TODO: check
+CVE-2018-20895 (In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs a ...)
+ TODO: check
+CVE-2018-20894 (cPanel before 74.0.0 makes web-site contents accessible to other local ...)
+ TODO: check
+CVE-2018-20893 (cPanel before 74.0.0 allows file-rename operations during account rena ...)
+ TODO: check
+CVE-2018-20892 (cPanel before 74.0.0 allows arbitrary zone file modifications because ...)
+ TODO: check
+CVE-2018-20891 (cPanel before 74.0.0 allows arbitrary file-read operations during File ...)
+ TODO: check
+CVE-2018-20890 (cPanel before 74.0.0 allows arbitrary zone file modifications during r ...)
+ TODO: check
+CVE-2018-20889 (cPanel before 74.0.0 allows certain file-read operations via password ...)
+ TODO: check
+CVE-2018-20888 (cPanel before 74.0.0 allows file modification in the context of the ro ...)
+ TODO: check
+CVE-2018-20887 (cPanel before 74.0.0 allows SQL injection during database backups (SEC ...)
+ TODO: check
+CVE-2018-20886 (cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-4 ...)
+ TODO: check
+CVE-2018-20885 (cPanel before 74.0.0 allows Apache HTTP Server configuration injection ...)
+ TODO: check
+CVE-2018-20884 (cPanel before 74.0.0 allows stored XSS in the WHM File Restoration int ...)
+ TODO: check
+CVE-2018-20883 (cPanel before 74.0.8 allows FTP access during account suspension (SEC- ...)
+ TODO: check
+CVE-2018-20882 (cPanel before 74.0.8 allows arbitrary file-write operations in the con ...)
+ TODO: check
+CVE-2018-20881 (cPanel before 74.0.8 allows self stored XSS on the Security Questions ...)
+ TODO: check
+CVE-2018-20880 (cPanel before 74.0.8 mishandles account suspension because of an inval ...)
+ TODO: check
+CVE-2018-20879 (cPanel before 74.0.8 allows demo accounts to execute arbitrary code vi ...)
+ TODO: check
+CVE-2018-20878 (cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Rest ...)
+ TODO: check
+CVE-2018-20877 (cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SE ...)
+ TODO: check
+CVE-2018-20876 (cPanel before 74.0.8 allows self XSS in the Site Software Moderation i ...)
+ TODO: check
+CVE-2018-20875 (cPanel before 74.0.8 allows self XSS in the WHM Security Questions int ...)
+ TODO: check
+CVE-2018-20874 (cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" ...)
+ TODO: check
+CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV daemon ( ...)
+ TODO: check
CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...)
NOT-FOR-US: DrayTek routers
CVE-2017-18482
@@ -402,102 +484,102 @@ CVE-2017-18383
RESERVED
CVE-2017-18382
RESERVED
-CVE-2016-10860
- RESERVED
-CVE-2016-10859
- RESERVED
-CVE-2016-10858
- RESERVED
-CVE-2016-10857
- RESERVED
-CVE-2016-10856
- RESERVED
-CVE-2016-10855
- RESERVED
-CVE-2016-10854
- RESERVED
-CVE-2016-10853
- RESERVED
-CVE-2016-10852
- RESERVED
-CVE-2016-10851
- RESERVED
-CVE-2016-10850
- RESERVED
-CVE-2016-10849
- RESERVED
-CVE-2016-10848
- RESERVED
-CVE-2016-10847
- RESERVED
-CVE-2016-10846
- RESERVED
-CVE-2016-10845
- RESERVED
-CVE-2016-10844
- RESERVED
-CVE-2016-10843
- RESERVED
-CVE-2016-10842
- RESERVED
-CVE-2016-10841
- RESERVED
-CVE-2016-10840
- RESERVED
-CVE-2016-10839
- RESERVED
-CVE-2016-10838
- RESERVED
-CVE-2016-10837
- RESERVED
-CVE-2016-10836
- RESERVED
-CVE-2016-10835
- RESERVED
-CVE-2016-10834
- RESERVED
-CVE-2016-10833
- RESERVED
-CVE-2016-10832
- RESERVED
-CVE-2016-10831
- RESERVED
-CVE-2016-10830
- RESERVED
-CVE-2016-10829
- RESERVED
-CVE-2016-10828
- RESERVED
-CVE-2016-10827
- RESERVED
-CVE-2016-10826
- RESERVED
-CVE-2016-10825
- RESERVED
-CVE-2016-10824
- RESERVED
-CVE-2016-10823
- RESERVED
-CVE-2016-10822
- RESERVED
-CVE-2016-10821
- RESERVED
-CVE-2016-10820
- RESERVED
-CVE-2016-10819
- RESERVED
-CVE-2016-10818
- RESERVED
-CVE-2016-10817
- RESERVED
-CVE-2016-10816
- RESERVED
-CVE-2016-10815
- RESERVED
-CVE-2016-10814
- RESERVED
-CVE-2016-10813
- RESERVED
+CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the ...)
+ TODO: check
+CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...)
+ TODO: check
+CVE-2016-10858 (cPanel before 11.54.0.0 allows unauthenticated arbitrary code executio ...)
+ TODO: check
+CVE-2016-10857 (cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (S ...)
+ TODO: check
+CVE-2016-10856 (cPanel before 11.54.0.0 allows subaccounts to discover sensitive data ...)
+ TODO: check
+CVE-2016-10855 (cPanel before 11.54.0.4 allows unauthenticated arbitrary code executio ...)
+ TODO: check
+CVE-2016-10854 (cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner inter ...)
+ TODO: check
+CVE-2016-10853 (cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager i ...)
+ TODO: check
+CVE-2016-10852 (cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsyst ...)
+ TODO: check
+CVE-2016-10851 (cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration e ...)
+ TODO: check
+CVE-2016-10850 (cPanel before 11.54.0.4 allows arbitrary code execution via scripts/sy ...)
+ TODO: check
+CVE-2016-10849 (cPanel before 11.54.0.4 allows certain file-chmod operations in script ...)
+ TODO: check
+CVE-2016-10848 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in ...)
+ TODO: check
+CVE-2016-10847 (cPanel before 11.54.0.4 allows arbitrary file-read and file-write oper ...)
+ TODO: check
+CVE-2016-10846 (cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod ope ...)
+ TODO: check
+CVE-2016-10845 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in ...)
+ TODO: check
+CVE-2016-10844 (The chcpass script in cPanel before 11.54.0.4 reveals a password hash ...)
+ TODO: check
+CVE-2016-10843 (cPanel before 11.54.0.4 allows code execution in the context of shared ...)
+ TODO: check
+CVE-2016-10842 (cPanel before 11.54.0.4 allows certain file-read operations in bin/set ...)
+ TODO: check
+CVE-2016-10841 (The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses pas ...)
+ TODO: check
+CVE-2016-10840 (cPanel before 11.54.0.4 allows arbitrary code execution during locale ...)
+ TODO: check
+CVE-2016-10839 (cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usern ...)
+ TODO: check
+CVE-2016-10838 (cPanel before 11.54.0.4 allows arbitrary file-read operations via the ...)
+ TODO: check
+CVE-2016-10837 (cPanel before 11.54.0.4 allows arbitrary code execution because of an ...)
+ TODO: check
+CVE-2016-10836 (cPanel before 55.9999.141 allows arbitrary file-read operations during ...)
+ TODO: check
+CVE-2016-10835 (cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account ...)
+ TODO: check
+CVE-2016-10834 (cPanel before 55.9999.141 allows account-suspension bypass via ftp (SE ...)
+ TODO: check
+CVE-2016-10833 (cPanel before 55.9999.141 mishandles username-based blocking for PRE r ...)
+ TODO: check
+CVE-2016-10832 (cPanel before 55.9999.141 allows FTP cPHulk bypass via account name mu ...)
+ TODO: check
+CVE-2016-10831 (cPanel before 55.9999.141 does not perform as two-factor authenticatio ...)
+ TODO: check
+CVE-2016-10830 (cPanel before 55.9999.141 allows ACL bypass for AppConfig applications ...)
+ TODO: check
+CVE-2016-10829 (cPanel before 55.9999.141 allows arbitrary file-read operations becaus ...)
+ TODO: check
+CVE-2016-10828 (cPanel before 55.9999.141 allows arbitrary code execution because of a ...)
+ TODO: check
+CVE-2016-10827 (cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Ma ...)
+ TODO: check
+CVE-2016-10826 (cPanel before 55.9999.141 allows attackers to bypass Two Factor Authen ...)
+ TODO: check
+CVE-2016-10825 (cPanel before 55.9999.141 allows attackers to bypass a Security Policy ...)
+ TODO: check
+CVE-2016-10824 (cPanel before 55.9999.141 allows unauthenticated arbitrary code execut ...)
+ TODO: check
+CVE-2016-10823 (cPanel before 55.9999.141 allows arbitrary code execution in the conte ...)
+ TODO: check
+CVE-2016-10822 (cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Imag ...)
+ TODO: check
+CVE-2016-10821 (In cPanel before 55.9999.141, Scripts/addpop reveals a command-line pa ...)
+ TODO: check
+CVE-2016-10820 (cPanel before 55.9999.141 allows daemons to access their controlling T ...)
+ TODO: check
+CVE-2016-10819 (In cPanel before 57.9999.54, user log files become world-readable when ...)
+ TODO: check
+CVE-2016-10818 (cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsa ...)
+ TODO: check
+CVE-2016-10817 (cPanel before 57.9999.54 allows SQL Injection via the ModSecurity Tail ...)
+ TODO: check
+CVE-2016-10816 (cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary ...)
+ TODO: check
+CVE-2016-10815 (cPanel before 57.9999.54 allows arbitrary file-read operations for Web ...)
+ TODO: check
+CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_template.sto ...)
+ TODO: check
+CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...)
+ TODO: check
CVE-2016-10812
RESERVED
CVE-2016-10811
@@ -590,8 +672,8 @@ CVE-2016-10768
RESERVED
CVE-2016-10767
RESERVED
-CVE-2015-9291
- RESERVED
+CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read operatio ...)
+ TODO: check
CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
- sigil <unfixed>
NOTE: https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4
@@ -887,20 +969,20 @@ CVE-2019-14340
RESERVED
CVE-2019-14339
RESERVED
-CVE-2019-14338
- RESERVED
-CVE-2019-14337
- RESERVED
-CVE-2019-14336
- RESERVED
+CVE-2019-14338 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
+ TODO: check
+CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
+ TODO: check
+CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
+ TODO: check
CVE-2019-14335
RESERVED
-CVE-2019-14334
- RESERVED
-CVE-2019-14333
- RESERVED
-CVE-2019-14332
- RESERVED
+CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP ...)
+ TODO: check
+CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
+ TODO: check
+CVE-2019-14332 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
+ TODO: check
CVE-2019-14331 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...)
NOT-FOR-US: EspoCRM
CVE-2019-14330 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...)
@@ -1132,8 +1214,8 @@ CVE-2019-14261
RESERVED
CVE-2019-14260
RESERVED
-CVE-2019-14259
- RESERVED
+CVE-2019-14259 (On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a comma ...)
+ TODO: check
CVE-2019-14258
RESERVED
CVE-2019-14257
@@ -3633,8 +3715,8 @@ CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetche
- ruby-mini-magick 4.9.2-1.1 (bug #931932)
CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowplayer ...)
NOT-FOR-US: FolioVision FV Flowplayer Video Player plugin for WordPress
-CVE-2019-13572
- RESERVED
+CVE-2019-13572 (The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL ...)
+ TODO: check
CVE-2019-13571 (A SQL injection vulnerability exists in the Vsourz Digital Advanced CF ...)
NOT-FOR-US: Vsourz Digital Advanced CF7 DB plugin for WordPress
CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...)
@@ -5166,6 +5248,7 @@ CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) libr
CVE-2019-12971 (BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload ...)
NOT-FOR-US: BKS EBK Ethernet-Buskoppler Pro
CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...)
+ {DLA-1868-1}
- squirrelmail <removed>
NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt
NOTE: https://sourceforge.net/p/squirrelmail/code/14828/
@@ -16059,8 +16142,8 @@ CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7
NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2019-9141
RESERVED
-CVE-2019-9140
- RESERVED
+CVE-2019-9140 (When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earl ...)
+ TODO: check
CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
NOT-FOR-US: DaviewIndy
CVE-2019-9138 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
@@ -20648,7 +20731,7 @@ CVE-2019-7319
RESERVED
CVE-2019-7318
RESERVED
-CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free because ...)
+CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...)
{DSA-4451-1 DSA-4448-1 DSA-4435-1 DLA-1806-1 DLA-1800-1}
- libpng1.6 1.6.36-4 (bug #921355)
[experimental] - firefox 67.0-1
@@ -28569,8 +28652,7 @@ CVE-2019-3892
REJECTED
CVE-2019-3891 (It was discovered that a world-readable log file belonging to Candlepi ...)
NOT-FOR-US: Candlepin
-CVE-2019-3890
- RESERVED
+CVE-2019-3890 (It was discovered evolution-ews before 3.31.3 does not check the valid ...)
[experimental] - evolution-ews 3.31.90-1
- evolution-ews 3.30.5-1.1 (bug #926712)
[stretch] - evolution-ews <no-dsa> (Minor issue)
@@ -28612,8 +28694,7 @@ CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and including
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
-CVE-2019-3884
- RESERVED
+CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of atomic-o ...)
NOT-FOR-US: atomic-openshift
CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...)
{DLA-1779-1}
@@ -40665,8 +40746,8 @@ CVE-2019-0195
RESERVED
CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...)
NOT-FOR-US: Apache Camel
-CVE-2019-0193
- RESERVED
+CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module ...)
+ TODO: check
CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config ...)
- lucene-solr <not-affected> (vulnerable code is not present)
NOTE: https://issues.apache.org/jira/browse/SOLR-13301
@@ -60266,7 +60347,7 @@ CVE-2018-11894 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2018-11893 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11892
- RESERVED
+ REJECTED
CVE-2018-11891 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11890
@@ -63163,8 +63244,7 @@ CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before ver
- network-manager-vpnc 1.2.6-1 (bug #904255)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
-CVE-2018-10899
- RESERVED
+CVE-2018-10899 (A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affecte ...)
NOT-FOR-US: Jolokia
CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before v ...)
- tripleo-heat-templates <removed>
@@ -179660,8 +179740,7 @@ CVE-2015-7560 (The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.2
{DSA-3514-1}
- samba 2:4.3.6+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2015-7560.html
-CVE-2015-7559 [DoS in client via shutdown command]
- RESERVED
+CVE-2015-7559 (It was found that the Apache ActiveMQ client before 5.15.5 exposed a r ...)
{DLA-913-1}
- activemq 5.14.3-3 (bug #860866)
[jessie] - activemq 5.6.0+dfsg1-4+deb8u3
@@ -205892,8 +205971,7 @@ CVE-2014-8184 [stack-based buffer overflow in findTable()]
NOTE: Fixed in merge: https://github.com/liblouis/liblouis/commit/dc97ef791a4fae9da11592c79f9f79e010596e0c#diff-7ade83431f79d2120c82012aee3b05c9L4524
NOTE: CVE is for several buffer overflows in the findTable function, cf.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c7
-CVE-2014-8183
- RESERVED
+CVE-2014-8183 (It was found that foreman, versions 1.x.x before 1.15.6, in Satellite ...)
NOT-FOR-US: Red Hat Satellite
CVE-2014-8182 [crash in ldap_domain2hostlist when processing SRV records]
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70f0e0ad76d2891cbd1829eeb2493198f79d0f76
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70f0e0ad76d2891cbd1829eeb2493198f79d0f76
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190801/721fafd1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list