[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 6 21:10:46 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b0620f3 by security tracker role at 2019-08-06T20:10:32Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,44 @@
-CVE-2019-14697 [x87 float stack imbalance]
+CVE-2019-14710
+ RESERVED
+CVE-2019-14709
+ RESERVED
+CVE-2019-14708
+ RESERVED
+CVE-2019-14707
+ RESERVED
+CVE-2019-14706
+ RESERVED
+CVE-2019-14705
+ RESERVED
+CVE-2019-14704
+ RESERVED
+CVE-2019-14703
+ RESERVED
+CVE-2019-14702
+ RESERVED
+CVE-2019-14701
+ RESERVED
+CVE-2019-14700
+ RESERVED
+CVE-2019-14699
+ RESERVED
+CVE-2019-14698
+ RESERVED
+CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/ind ...)
+ TODO: check
+CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...)
+ TODO: check
+CVE-2019-14694
+ RESERVED
+CVE-2019-14693
+ RESERVED
+CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
+ TODO: check
+CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in ...)
+ TODO: check
+CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_ ...)
+ TODO: check
+CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...)
- musl 1.1.23-2
NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441
NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=6818c31c9bc4bbad5357f1de14bedf781e5b349e
@@ -508,8 +548,8 @@ CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14474
RESERVED
-CVE-2019-14473
- RESERVED
+CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...)
+ TODO: check
CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...)
NOT-FOR-US: Zumo
CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...)
@@ -1066,50 +1106,50 @@ CVE-2016-10799
RESERVED
CVE-2016-10798
RESERVED
-CVE-2016-10797
- RESERVED
-CVE-2016-10796
- RESERVED
-CVE-2016-10795
- RESERVED
-CVE-2016-10794
- RESERVED
-CVE-2016-10793
- RESERVED
-CVE-2016-10792
- RESERVED
-CVE-2016-10791
- RESERVED
-CVE-2016-10790
- RESERVED
-CVE-2016-10789
- RESERVED
-CVE-2016-10788
- RESERVED
-CVE-2016-10787
- RESERVED
-CVE-2016-10786
- RESERVED
-CVE-2016-10785
- RESERVED
-CVE-2016-10784
- RESERVED
-CVE-2016-10783
- RESERVED
-CVE-2016-10782
- RESERVED
-CVE-2016-10781
- RESERVED
-CVE-2016-10780
- RESERVED
-CVE-2016-10779
- RESERVED
-CVE-2016-10778
- RESERVED
-CVE-2016-10777
- RESERVED
-CVE-2016-10776
- RESERVED
+CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...)
+ TODO: check
+CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...)
+ TODO: check
+CVE-2016-10795 (cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi ...)
+ TODO: check
+CVE-2016-10794 (cPanel before 59.9999.145 allows arbitrary file-read operations becaus ...)
+ TODO: check
+CVE-2016-10793 (cPanel before 59.9999.145 allows arbitrary code execution due to an in ...)
+ TODO: check
+CVE-2016-10792 (cPanel before 59.9999.145 allows code execution in the context of othe ...)
+ TODO: check
+CVE-2016-10791 (cPanel before 60.0.15 does not ensure that system accounts lack a vali ...)
+ TODO: check
+CVE-2016-10790 (cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpa ...)
+ TODO: check
+CVE-2016-10789 (cPanel before 60.0.25 allows code execution via the cpsrvd 403 error r ...)
+ TODO: check
+CVE-2016-10788 (cPanel before 60.0.25 allows arbitrary code execution via Maketext in ...)
+ TODO: check
+CVE-2016-10787 (The Host Access Control feature in cPanel before 60.0.25 mishandles ac ...)
+ TODO: check
+CVE-2016-10786 (cPanel before 60.0.25 allows members of the nobody group to read Apach ...)
+ TODO: check
+CVE-2016-10785 (cPanel before 60.0.25 allows attackers to discover file contents durin ...)
+ TODO: check
+CVE-2016-10784 (cPanel before 60.0.25 allows self XSS in the alias upload interface (S ...)
+ TODO: check
+CVE-2016-10783 (cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182) ...)
+ TODO: check
+CVE-2016-10782 (cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs ...)
+ TODO: check
+CVE-2016-10781 (cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). ...)
+ TODO: check
+CVE-2016-10780 (cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-1 ...)
+ TODO: check
+CVE-2016-10779 (cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SE ...)
+ TODO: check
+CVE-2016-10778 (cPanel before 60.0.25 allows self stored XSS in the listftpstable API ...)
+ TODO: check
+CVE-2016-10777 (cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodi ...)
+ TODO: check
+CVE-2016-10776 (cPanel before 60.0.25 allows stored XSS during the homedir removal pha ...)
+ TODO: check
CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations via reass ...)
NOT-FOR-US: cPanel
CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi in ...)
@@ -1411,10 +1451,10 @@ CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of
NOT-FOR-US: EspoCRM
CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to ...)
NOT-FOR-US: BearDev JoomSport plugin for WordPress
-CVE-2019-14347
- RESERVED
-CVE-2019-14346
- RESERVED
+CVE-2019-14347 (Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unpriv ...)
+ TODO: check
+CVE-2019-14346 (Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CS ...)
+ TODO: check
CVE-2019-14345
RESERVED
CVE-2019-14344
@@ -1760,11 +1800,13 @@ CVE-2019-14234 [SQL injection possibility in key and index lookups for JSONField
NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x)
NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x)
CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...)
+ {DLA-1872-1}
- python-django 2:2.2.4-1 (bug #934026)
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x)
NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x)
CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...)
+ {DLA-1872-1}
- python-django 2:2.2.4-1 (bug #934026)
NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x)
@@ -5253,8 +5295,8 @@ CVE-2019-13145
RESERVED
CVE-2019-13144
REJECTED
-CVE-2019-13143
- RESERVED
+CVE-2019-13143 (An HTTP parameter pollution issue was discovered on Shenzhen Dragon Br ...)
+ TODO: check
CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) ...)
NOT-FOR-US: Razer Surround
CVE-2019-13141
@@ -5400,20 +5442,17 @@ CVE-2019-13107 (Multiple integer overflows exist in MATIO before 1.5.16, related
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
NOTE: Several commits between 1.5.15..1.5.16: https://github.com/tbeu/matio/compare/f8cd397...fabac6c
-CVE-2019-13106
- RESERVED
+CVE-2019-13106 (Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much ...)
- u-boot <unfixed> (low)
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375516.html
-CVE-2019-13105
- RESERVED
+CVE-2019-13105 (Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a ...)
- u-boot <unfixed> (low)
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375513.html
-CVE-2019-13104
- RESERVED
+CVE-2019-13104 (In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow c ...)
- u-boot <unfixed> (low)
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
@@ -5837,8 +5876,8 @@ CVE-2019-12952
CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
-CVE-2019-12950
- RESERVED
+CVE-2019-12950 (An issue was discovered in TeamPass 2.1.27.35. From the sources/items. ...)
+ TODO: check
CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...)
NOT-FOR-US: pfSense
CVE-2019-12948 (A vulnerability in the web-based management interface of VVX, Trio, So ...)
@@ -18714,7 +18753,7 @@ CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in
NOTE: Crash in CLI tool, no security impact
CVE-2019-8342 (A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0. ...)
NOT-FOR-US: Foxit Reader
-CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function is pr ...)
+CVE-2019-8341 (** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string ...)
- jinja2 <unfixed> (unimportant)
NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution
NOTE: No real security impact and upstream indicates the CVE is invalid
@@ -21743,7 +21782,7 @@ CVE-2019-7141 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201
NOT-FOR-US: Adobe
CVE-2019-7140 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7139 (An unauthenticated user can execute arbitrary code through an SQL inje ...)
+CVE-2019-7139 (An unauthenticated user can execute SQL statements that allow arbitrar ...)
NOT-FOR-US: Magento
CVE-2019-7138 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
NOT-FOR-US: Adobe
@@ -24545,22 +24584,22 @@ CVE-2019-6003
RESERVED
CVE-2019-6002 (Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 a ...)
NOT-FOR-US: Central Dogma
-CVE-2019-6001
- RESERVED
-CVE-2019-6000
- RESERVED
-CVE-2019-5999
- RESERVED
-CVE-2019-5998
- RESERVED
+CVE-2019-6001 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
+ TODO: check
+CVE-2019-6000 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
+ TODO: check
+CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
+ TODO: check
+CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
+ TODO: check
CVE-2019-5997
RESERVED
CVE-2019-5996
RESERVED
-CVE-2019-5995
- RESERVED
-CVE-2019-5994
- RESERVED
+CVE-2019-5995 (Missing authorization vulnerability exists in EOS series digital camer ...)
+ TODO: check
+CVE-2019-5994 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
+ TODO: check
CVE-2019-5993
RESERVED
CVE-2019-5992
@@ -34717,8 +34756,8 @@ CVE-2019-2388
RESERVED
CVE-2019-2387
RESERVED
-CVE-2019-2386
- RESERVED
+CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...)
+ TODO: check
CVE-2019-2385
RESERVED
CVE-2019-2384
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b0620f30a332f0f9a776ee68e0943c63066d200
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b0620f30a332f0f9a776ee68e0943c63066d200
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190806/257d4894/attachment.html>
More information about the debian-security-tracker-commits
mailing list