[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 8 21:10:46 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95768fe2 by security tracker role at 2019-08-08T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2019-14779
+ RESERVED
+CVE-2019-14778
+ RESERVED
+CVE-2019-14777
+ RESERVED
+CVE-2019-14776
+ RESERVED
+CVE-2019-14775
+ RESERVED
CVE-2019-XXXX [clamav zip DoS]
- clamav 0.101.2+dfsg-3
[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
@@ -8,8 +18,8 @@ CVE-2019-14774
RESERVED
CVE-2019-14773
RESERVED
-CVE-2019-14772
- RESERVED
+CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
+ TODO: check
CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the ...)
- backdrop <itp> (bug #914257)
CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some me ...)
@@ -44,8 +54,8 @@ CVE-2019-14756
RESERVED
CVE-2019-14755
RESERVED
-CVE-2019-14754
- RESERVED
+CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
+ TODO: check
CVE-2018-20962
RESERVED
CVE-2019-14753
@@ -175,8 +185,8 @@ CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builde
NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress
CVE-2019-14694
RESERVED
-CVE-2019-14693
- RESERVED
+CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
+ TODO: check
CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
- adplug <unfixed>
NOTE: https://github.com/adplug/adplug/issues/87
@@ -279,8 +289,8 @@ CVE-2017-18485
RESERVED
CVE-2017-18484
RESERVED
-CVE-2016-10864
- RESERVED
+CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. ...)
+ TODO: check
CVE-2016-10863
RESERVED
CVE-2019-14661
@@ -1606,8 +1616,8 @@ CVE-2019-14355
RESERVED
CVE-2019-14354
RESERVED
-CVE-2019-14353
- RESERVED
+CVE-2019-14353 (On Trezor One devices before 1.8.2, a side channel for the row-based O ...)
+ TODO: check
CVE-2019-14352 (** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also known as ...)
NOT-FOR-US: Joget Workflow
CVE-2019-14351 (EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malic ...)
@@ -1642,8 +1652,8 @@ CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.
NOT-FOR-US: D-Link
CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
NOT-FOR-US: D-Link
-CVE-2019-14335
- RESERVED
+CVE-2019-14335 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
+ TODO: check
CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP ...)
NOT-FOR-US: D-Link
CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
@@ -1901,8 +1911,8 @@ CVE-2019-14257
RESERVED
CVE-2019-14256
RESERVED
-CVE-2019-14255
- RESERVED
+CVE-2019-14255 (A Server Side Request Forgery (SSRF) vulnerability in go-camo up to ve ...)
+ TODO: check
CVE-2019-14254
RESERVED
CVE-2019-14253
@@ -1999,8 +2009,8 @@ CVE-2019-14223
RESERVED
CVE-2019-14222
RESERVED
-CVE-2019-14221
- RESERVED
+CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...)
+ TODO: check
CVE-2019-14220
RESERVED
CVE-2019-14219
@@ -5395,8 +5405,8 @@ CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 throug
NOTE: Negligible security impact, Debian live media grant a sudo root shell anyway
CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...)
NOT-FOR-US: django-rest-registration
-CVE-2019-13176
- RESERVED
+CVE-2019-13176 (An issue was discovered in the 3CX Phone system (web) management conso ...)
+ TODO: check
CVE-2019-13175 (Read the Docs before 3.5.1 has an Open Redirect if certain user-define ...)
NOT-FOR-US: Read the Docs
CVE-2019-13174
@@ -5652,8 +5662,8 @@ CVE-2019-13103 (A crafted self-referential DOS partition table will cause all Da
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375512.html
CVE-2019-13102
RESERVED
-CVE-2019-13101
- RESERVED
+CVE-2019-13101 (An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 ...)
+ TODO: check
CVE-2019-13100 (The Send Anywhere application 9.4.18 for Android stores confidential i ...)
NOT-FOR-US: Send Anywhere application for Android
CVE-2019-13099 (The Momo application 2.1.9 for Android stores confidential information ...)
@@ -5919,8 +5929,8 @@ CVE-2019-12996
RESERVED
CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
NOT-FOR-US: Istio
-CVE-2019-12994
- RESERVED
+CVE-2019-12994 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
+ TODO: check
CVE-2019-12993
RESERVED
CVE-2019-12992 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...)
@@ -6044,8 +6054,8 @@ CVE-2019-12961 (LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection i
NOT-FOR-US: LiveZilla Server
CVE-2019-12960 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in func ...)
NOT-FOR-US: LiveZilla Server
-CVE-2019-12959
- RESERVED
+CVE-2019-12959 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
+ TODO: check
CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in F ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
NOTE: CVE-2017-14976 in poppler
@@ -7493,8 +7503,7 @@ CVE-2019-12399
RESERVED
CVE-2019-12398
RESERVED
-CVE-2019-12397
- RESERVED
+CVE-2019-12397 (Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnera ...)
NOT-FOR-US: Apache Ranger
CVE-2019-12396
REJECTED
@@ -10615,8 +10624,8 @@ CVE-2019-11210
RESERVED
CVE-2019-11209
RESERVED
-CVE-2019-11208
- RESERVED
+CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
+ TODO: check
CVE-2019-11207
RESERVED
CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
@@ -13102,6 +13111,7 @@ CVE-2019-10209 [postgres: Fix execution of hashed subplans that require cross-ty
NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary type when using functional cast syntax]
RESERVED
+ {DLA-1874-1}
- postgresql-11 11.5-1
- postgresql-9.6 <removed>
- postgresql-9.4 <removed>
@@ -14467,7 +14477,7 @@ CVE-2019-1010157
RESERVED
CVE-2019-1010156
REJECTED
-CVE-2019-1010155 (D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impac ...)
+CVE-2019-1010155 (** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication By ...)
NOT-FOR-US: D-Link
CVE-2019-1010154
RESERVED
@@ -26540,8 +26550,8 @@ CVE-2019-5303
RESERVED
CVE-2019-5302
RESERVED
-CVE-2019-5301
- RESERVED
+CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E1 ...)
+ TODO: check
CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)
NOT-FOR-US: Huawei
CVE-2019-5299
@@ -26664,14 +26674,14 @@ CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei PCManager
NOT-FOR-US: Huawei
CVE-2019-5240
RESERVED
-CVE-2019-5239
- RESERVED
-CVE-2019-5238
- RESERVED
-CVE-2019-5237
- RESERVED
-CVE-2019-5236
- RESERVED
+CVE-2019-5239 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
+ TODO: check
+CVE-2019-5238 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
+ TODO: check
+CVE-2019-5237 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
+ TODO: check
+CVE-2019-5236 (Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1. ...)
+ TODO: check
CVE-2019-5235
RESERVED
CVE-2019-5234
@@ -36085,14 +36095,14 @@ CVE-2019-1975
RESERVED
CVE-2019-1974
RESERVED
-CVE-2019-1973
- RESERVED
-CVE-2019-1972
- RESERVED
-CVE-2019-1971
- RESERVED
-CVE-2019-1970
- RESERVED
+CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...)
+ TODO: check
+CVE-2019-1972 (A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVI ...)
+ TODO: check
+CVE-2019-1971 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...)
+ TODO: check
+CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
+ TODO: check
CVE-2019-1969
RESERVED
CVE-2019-1968
@@ -36109,38 +36119,38 @@ CVE-2019-1963
RESERVED
CVE-2019-1962
RESERVED
-CVE-2019-1961
- RESERVED
-CVE-2019-1960
- RESERVED
-CVE-2019-1959
- RESERVED
-CVE-2019-1958
- RESERVED
-CVE-2019-1957
- RESERVED
-CVE-2019-1956
- RESERVED
-CVE-2019-1955
- RESERVED
-CVE-2019-1954
- RESERVED
-CVE-2019-1953
- RESERVED
-CVE-2019-1952
- RESERVED
-CVE-2019-1951
- RESERVED
+CVE-2019-1961 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
+ TODO: check
+CVE-2019-1960 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
+ TODO: check
+CVE-2019-1959 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
+ TODO: check
+CVE-2019-1958 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
+ TODO: check
+CVE-2019-1957 (A vulnerability in the web interface of Cisco IoT Field Network Direct ...)
+ TODO: check
+CVE-2019-1956 (A vulnerability in the web-based interface of the Cisco SPA112 2-Port ...)
+ TODO: check
+CVE-2019-1955 (A vulnerability in the Sender Policy Framework (SPF) functionality of ...)
+ TODO: check
+CVE-2019-1954 (A vulnerability in the web-based management interface of Cisco Webex M ...)
+ TODO: check
+CVE-2019-1953 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...)
+ TODO: check
+CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
+ TODO: check
+CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...)
+ TODO: check
CVE-2019-1950
RESERVED
-CVE-2019-1949
- RESERVED
+CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
CVE-2019-1948
RESERVED
CVE-2019-1947
RESERVED
-CVE-2019-1946
- RESERVED
+CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
+ TODO: check
CVE-2019-1945 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
TODO: check
CVE-2019-1944 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
@@ -37191,8 +37201,8 @@ CVE-2018-19856 (GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x b
- gitlab 11.5.4+dfsg-1
NOTE: https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/54857
-CVE-2018-19855
- RESERVED
+CVE-2018-19855 (UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to t ...)
+ TODO: check
CVE-2018-19854 (An issue was discovered in the Linux kernel before 4.19.3. crypto_repo ...)
- linux 4.18.20-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -159478,7 +159488,7 @@ CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to caus
NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualizat ...)
NOT-FOR-US: ovirt-engine
-CVE-2016-5431 (TThe PHP JOSE Library by Gree Inc. version <= 2.2.0 is vulnerable t ...)
+CVE-2016-5431 (The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable t ...)
TODO: check
CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php ...)
NOT-FOR-US: jose-php
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95768fe25f49b1bc6c698ec109f7de0e4ba76f24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95768fe25f49b1bc6c698ec109f7de0e4ba76f24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190808/88b35477/attachment.html>
More information about the debian-security-tracker-commits
mailing list