[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Aug 17 21:10:31 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77f6f709 by security tracker role at 2019-08-17T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-15134 (RIOT through 2019.07 contains a memory leak in the TCP implementation  ...)
+	TODO: check
+CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by ...)
+	TODO: check
+CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...)
+	TODO: check
+CVE-2019-15131
+	RESERVED
+CVE-2019-15130
+	RESERVED
+CVE-2019-15129
+	RESERVED
+CVE-2019-15128
+	RESERVED
+CVE-2019-15127
+	RESERVED
+CVE-2019-15126
+	RESERVED
+CVE-2019-15125
+	RESERVED
+CVE-2018-20975
+	RESERVED
 CVE-2019-15124
 	RESERVED
 CVE-2019-15123
@@ -597,8 +619,8 @@ CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1
 	NOTE: https://github.com/mysqljs/mysql/issues/2257
 CVE-2019-14938
 	RESERVED
-CVE-2019-14937
-	RESERVED
+CVE-2019-14937 (REDCap before 9.3.0 allows time-based SQL injection in the edit calend ...)
+	TODO: check
 CVE-2019-14936
 	RESERVED
 CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...)
@@ -5513,6 +5535,7 @@ CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give
 CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...)
 	NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator
 CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
+	{DLA-1889-1}
 	- python3.7 3.7.3~rc1-1
 	- python3.5 <removed>
 	- python3.4 <removed>
@@ -6858,8 +6881,8 @@ CVE-2019-13071 (CSRF in the Agent/Center component of CyberPower PowerPanel Busi
 	NOT-FOR-US: CyberPower PowerPanel Business Edition
 CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...)
 	NOT-FOR-US: CyberPower PowerPanel Business Edition
-CVE-2019-13069
-	RESERVED
+CVE-2019-13069 (extenua SilverSHielD 6.x fails to secure its ProgramData folder, leadi ...)
+	TODO: check
 CVE-2019-13068 (public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows ...)
 	- grafana <removed>
 	NOTE: https://github.com/grafana/grafana/issues/17718



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/77f6f7096b67e6be79901f25fb052600054be2c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/77f6f7096b67e6be79901f25fb052600054be2c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190817/ab173b07/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list