[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 3 09:10:24 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d1b4868 by security tracker role at 2019-08-03T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary code on ...)
+ TODO: check
+CVE-2019-14550
+ RESERVED
+CVE-2019-14549
+ RESERVED
+CVE-2019-14548
+ RESERVED
+CVE-2019-14547
+ RESERVED
+CVE-2019-14546
+ RESERVED
+CVE-2019-14545
+ RESERVED
+CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for route ...)
+ TODO: check
+CVE-2019-14543
+ RESERVED
+CVE-2019-14542
+ RESERVED
+CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id ...)
+ TODO: check
+CVE-2019-14540
+ RESERVED
+CVE-2019-14539
+ RESERVED
+CVE-2019-14538
+ RESERVED
+CVE-2019-14537
+ RESERVED
+CVE-2019-14536
+ RESERVED
+CVE-2017-18483
+ RESERVED
+CVE-2016-10862
+ RESERVED
+CVE-2016-10861
+ RESERVED
CVE-2019-14535
RESERVED
CVE-2019-14534
@@ -5392,7 +5430,7 @@ CVE-2019-12950
RESERVED
CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...)
NOT-FOR-US: pfSense
-CVE-2019-12948 (An RCE (Remote Code Execution) vulnerability exists in the UCS softwar ...)
+CVE-2019-12948 (A vulnerability in the web-based management interface of VVX, Trio, So ...)
TODO: check
CVE-2019-12947
RESERVED
@@ -19105,68 +19143,68 @@ CVE-2019-7953 (Adobe Experience Manager version 6.4 and ealier have a Cross-Site
NOT-FOR-US: Adobe
CVE-2019-7952
RESERVED
-CVE-2019-7951
- RESERVED
-CVE-2019-7950
- RESERVED
+CVE-2019-7951 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...)
+ TODO: check
+CVE-2019-7950 (An access control bypass vulnerability exists in Magento 2.1 prior to ...)
+ TODO: check
CVE-2019-7949
RESERVED
CVE-2019-7948
RESERVED
-CVE-2019-7947
- RESERVED
+CVE-2019-7947 (A cross-site request forgery vulnerability exists in the GiftCardAccou ...)
+ TODO: check
CVE-2019-7946
RESERVED
-CVE-2019-7945
- RESERVED
-CVE-2019-7944
- RESERVED
+CVE-2019-7945 (A stored cross-cite scripting vulnerability exists in Magento Open Sou ...)
+ TODO: check
+CVE-2019-7944 (A stored cross-site scripting vulnerability exists in the product comm ...)
+ TODO: check
CVE-2019-7943
RESERVED
-CVE-2019-7942
- RESERVED
+CVE-2019-7942 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
CVE-2019-7941 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...)
NOT-FOR-US: Adobe
-CVE-2019-7940
- RESERVED
-CVE-2019-7939
- RESERVED
-CVE-2019-7938
- RESERVED
-CVE-2019-7937
- RESERVED
-CVE-2019-7936
- RESERVED
-CVE-2019-7935
- RESERVED
-CVE-2019-7934
- RESERVED
+CVE-2019-7940 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7939 (A reflected cross-site scripting vulnerability exists on the customer ...)
+ TODO: check
+CVE-2019-7938 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7937 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7936 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7935 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7934 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
CVE-2019-7933
RESERVED
-CVE-2019-7932
- RESERVED
+CVE-2019-7932 (A remote code execution vulnerability exists in Magento Open Source pr ...)
+ TODO: check
CVE-2019-7931
RESERVED
-CVE-2019-7930
- RESERVED
-CVE-2019-7929
- RESERVED
-CVE-2019-7928
- RESERVED
-CVE-2019-7927
- RESERVED
-CVE-2019-7926
- RESERVED
-CVE-2019-7925
- RESERVED
+CVE-2019-7930 (A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18 ...)
+ TODO: check
+CVE-2019-7929 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...)
+ TODO: check
+CVE-2019-7928 (A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to ...)
+ TODO: check
+CVE-2019-7927 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7926 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7925 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...)
+ TODO: check
CVE-2019-7924
RESERVED
-CVE-2019-7923
- RESERVED
+CVE-2019-7923 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...)
+ TODO: check
CVE-2019-7922
RESERVED
-CVE-2019-7921
- RESERVED
+CVE-2019-7921 (A stored cross-site scripting vulnerability exists in the product cata ...)
+ TODO: check
CVE-2019-7920
RESERVED
CVE-2019-7919
@@ -19177,140 +19215,140 @@ CVE-2019-7917
RESERVED
CVE-2019-7916
RESERVED
-CVE-2019-7915
- RESERVED
+CVE-2019-7915 (A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.1 ...)
+ TODO: check
CVE-2019-7914
RESERVED
-CVE-2019-7913
- RESERVED
-CVE-2019-7912
- RESERVED
-CVE-2019-7911
- RESERVED
+CVE-2019-7913 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...)
+ TODO: check
+CVE-2019-7912 (A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Mag ...)
+ TODO: check
+CVE-2019-7911 (A server-side request forgery (SSRF) vulnerability exists in Magento O ...)
+ TODO: check
CVE-2019-7910
RESERVED
-CVE-2019-7909
- RESERVED
-CVE-2019-7908
- RESERVED
+CVE-2019-7909 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7908 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
CVE-2019-7907
RESERVED
CVE-2019-7906
RESERVED
CVE-2019-7905
RESERVED
-CVE-2019-7904
- RESERVED
-CVE-2019-7903
- RESERVED
+CVE-2019-7904 (Insufficient enforcement of user access controls in Magento 2.1 prior ...)
+ TODO: check
+CVE-2019-7903 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
CVE-2019-7902
RESERVED
CVE-2019-7901
RESERVED
CVE-2019-7900
RESERVED
-CVE-2019-7899
- RESERVED
-CVE-2019-7898
- RESERVED
-CVE-2019-7897
- RESERVED
-CVE-2019-7896
- RESERVED
-CVE-2019-7895
- RESERVED
+CVE-2019-7899 (Names of disabled downloadable products could be disclosed due to inad ...)
+ TODO: check
+CVE-2019-7898 (Samples of disabled downloadable products are accessible in Magento Op ...)
+ TODO: check
+CVE-2019-7897 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7896 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
+CVE-2019-7895 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
CVE-2019-7894
RESERVED
CVE-2019-7893
RESERVED
-CVE-2019-7892
- RESERVED
+CVE-2019-7892 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
CVE-2019-7891
RESERVED
-CVE-2019-7890
- RESERVED
-CVE-2019-7889
- RESERVED
-CVE-2019-7888
- RESERVED
-CVE-2019-7887
- RESERVED
-CVE-2019-7886
- RESERVED
-CVE-2019-7885
- RESERVED
+CVE-2019-7890 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
+ TODO: check
+CVE-2019-7889 (An injection vulnerability exists in Magento Open Source prior to 1.9. ...)
+ TODO: check
+CVE-2019-7888 (An information disclosure vulnerability exists in Magento 2.1 prior to ...)
+ TODO: check
+CVE-2019-7887 (A reflected cross-site scripting vulnerability exists in the admin pan ...)
+ TODO: check
+CVE-2019-7886 (A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 ...)
+ TODO: check
+CVE-2019-7885 (Insufficient input validation in the config builder of the Elastic sea ...)
+ TODO: check
CVE-2019-7884
RESERVED
CVE-2019-7883
RESERVED
-CVE-2019-7882
- RESERVED
-CVE-2019-7881
- RESERVED
-CVE-2019-7880
- RESERVED
+CVE-2019-7882 (A stored cross-site scripting vulnerability exists in the WYSIWYG edit ...)
+ TODO: check
+CVE-2019-7881 (A cross-site scripting mitigation bypass exists in Magento 2.1 prior t ...)
+ TODO: check
+CVE-2019-7880 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
CVE-2019-7879
RESERVED
CVE-2019-7878
RESERVED
-CVE-2019-7877
- RESERVED
-CVE-2019-7876
- RESERVED
-CVE-2019-7875
- RESERVED
-CVE-2019-7874
- RESERVED
-CVE-2019-7873
- RESERVED
-CVE-2019-7872
- RESERVED
-CVE-2019-7871
- RESERVED
+CVE-2019-7877 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7876 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
+ TODO: check
+CVE-2019-7875 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7874 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...)
+ TODO: check
+CVE-2019-7873 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...)
+ TODO: check
+CVE-2019-7872 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...)
+ TODO: check
+CVE-2019-7871 (A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 p ...)
+ TODO: check
CVE-2019-7870
RESERVED
-CVE-2019-7869
- RESERVED
-CVE-2019-7868
- RESERVED
-CVE-2019-7867
- RESERVED
-CVE-2019-7866
- RESERVED
-CVE-2019-7865
- RESERVED
-CVE-2019-7864
- RESERVED
-CVE-2019-7863
- RESERVED
-CVE-2019-7862
- RESERVED
-CVE-2019-7861
- RESERVED
-CVE-2019-7860
- RESERVED
-CVE-2019-7859
- RESERVED
-CVE-2019-7858
- RESERVED
-CVE-2019-7857
- RESERVED
+CVE-2019-7869 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7868 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7867 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7866 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7865 (A cross-site request forgery (CSRF) vulnerability exists in the checko ...)
+ TODO: check
+CVE-2019-7864 (An insecure direct object reference (IDOR) vulnerability exists in the ...)
+ TODO: check
+CVE-2019-7863 (A stored cross-site scripting vulnerability exists in the admin panel ...)
+ TODO: check
+CVE-2019-7862 (A reflected cross-site scripting vulnerability exists in the Product w ...)
+ TODO: check
+CVE-2019-7861 (Insufficient server-side validation of user input could allow an attac ...)
+ TODO: check
+CVE-2019-7860 (A cryptographically weak pseudo-rando number generator is used in mult ...)
+ TODO: check
+CVE-2019-7859 (A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 p ...)
+ TODO: check
+CVE-2019-7858 (A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior ...)
+ TODO: check
+CVE-2019-7857 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...)
+ TODO: check
CVE-2019-7856
RESERVED
-CVE-2019-7855
- RESERVED
-CVE-2019-7854
- RESERVED
-CVE-2019-7853
- RESERVED
-CVE-2019-7852
- RESERVED
-CVE-2019-7851
- RESERVED
+CVE-2019-7855 (A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior ...)
+ TODO: check
+CVE-2019-7854 (An insecure direct object reference (IDOR) vulnerability in Magento 2. ...)
+ TODO: check
+CVE-2019-7853 (A stored cross-site scripting vulnerability exists in Magento 2.1 prio ...)
+ TODO: check
+CVE-2019-7852 (A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, ...)
+ TODO: check
+CVE-2019-7851 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...)
+ TODO: check
CVE-2019-7850 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...)
NOT-FOR-US: Adobe
-CVE-2019-7849
- RESERVED
+CVE-2019-7849 (A defense-in-depth check was added to mitigate inadequate session vali ...)
+ TODO: check
CVE-2019-7848 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...)
NOT-FOR-US: Adobe
CVE-2019-7847 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...)
@@ -21199,8 +21237,8 @@ CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL In
- sqlalchemy 1.2.18+ds1-2 (bug #922669)
NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481
NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
-CVE-2019-7163
- RESERVED
+CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...)
+ TODO: check
CVE-2019-7162
RESERVED
CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...)
@@ -21684,10 +21722,10 @@ CVE-2019-6971 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. An att
NOT-FOR-US: TP-Link
CVE-2019-6970 (Moodle 3.5.x before 3.5.4 allows SSRF. ...)
- moodle <removed>
-CVE-2019-6969
- RESERVED
-CVE-2019-6968
- RESERVED
+CVE-2019-6969 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to an ...)
+ TODO: check
+CVE-2019-6968 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS ...)
+ TODO: check
CVE-2019-6967 (AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. ...)
NOT-FOR-US: AirTies devices
CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d1b4868a98d952200c74c6a79237ade25a89370
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d1b4868a98d952200c74c6a79237ade25a89370
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190803/3114063b/attachment.html>
More information about the debian-security-tracker-commits
mailing list