[Git][security-tracker-team/security-tracker][master] automatic update

Sat Aug 24 09:10:28 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3630f08 by security tracker role at 2019-08-24T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1200,8 +1200,8 @@ CVE-2019-15094
 	RESERVED
 CVE-2019-15093
 	RESERVED
-CVE-2019-15092
-	RESERVED
+CVE-2019-15092 (The webtoffee "WordPress Users & WooCommerce Customers Import Expo ...)
+	TODO: check
 CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&am ...)
 	NOT-FOR-US: Artica Integria IMS
 CVE-2019-15089
@@ -9843,8 +9843,7 @@ CVE-2019-12402
 	RESERVED
 CVE-2019-12401
 	RESERVED
-CVE-2019-12400 [Apache Santuario potentially loads XML parsing code from an untrusted source]
-	RESERVED
+CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...)
 	- libxml-security-java <unfixed> (bug #935548)
 	[stretch] - libxml-security-java <not-affected> (Vulnerable code introduced in 2.0.3)
 	NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc
@@ -16552,6 +16551,7 @@ CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (
 CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact  ...)
 	NOT-FOR-US: Slanger
 CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: I ...)
+	{DLA-1895-1}
 	- libmspack 0.10.1-1
 	NOTE: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
 	NOTE: https://github.com/kyz/libmspack/issues/27
@@ -16697,6 +16697,7 @@ CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: In
 CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. T ...)
 	NOT-FOR-US: ONOS
 CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cr ...)
+	{DLA-1894-1}
 	- libapache2-mod-auth-openidc 2.3.10.2-1
 	NOTE: Fixed by: https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b (v2.3.10.2)
 	NOTE: https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt
@@ -23836,12 +23837,12 @@ CVE-2019-7366
 	RESERVED
 CVE-2019-7365
 	RESERVED
-CVE-2019-7364
-	RESERVED
-CVE-2019-7363
-	RESERVED
-CVE-2019-7362
-	RESERVED
+CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...)
+	TODO: check
+CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011,  ...)
+	TODO: check
+CVE-2019-7362 (DLL preloading vulnerability in Autodesk Design Review versions 2011,  ...)
+	TODO: check
 CVE-2019-7361 (An attacker may convince a victim to open a malicious action micro (.a ...)
 	NOT-FOR-US: Autodesk
 CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing functio ...)
@@ -25544,14 +25545,14 @@ CVE-2019-6700
 	RESERVED
 CVE-2019-6699
 	RESERVED
-CVE-2019-6698
-	RESERVED
+CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...)
+	TODO: check
 CVE-2019-6697
 	RESERVED
 CVE-2019-6696
 	RESERVED
-CVE-2019-6695
-	RESERVED
+CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...)
+	TODO: check
 CVE-2019-6694
 	RESERVED
 CVE-2019-6693
@@ -28486,12 +28487,12 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA
 	- kfreebsd-10 <unfixed> (unimportant)
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc
 	NOTE: kfreebsd not covered by security support
-CVE-2019-5594
-	RESERVED
+CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...)
+	TODO: check
 CVE-2019-5593
 	RESERVED
-CVE-2019-5592
-	RESERVED
+CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE,  ...)
+	TODO: check
 CVE-2019-5591
 	RESERVED
 CVE-2019-5590
@@ -59766,8 +59767,8 @@ CVE-2018-13369
 	RESERVED
 CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
 	NOT-FOR-US: Fortinet FortiClient
-CVE-2018-13367
-	RESERVED
+CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.0 and below may a ...)
+	TODO: check
 CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 ...)
@@ -160114,8 +160115,8 @@ CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in drivers/pl
 	NOTE: Introduced by: https://git.kernel.org/linus/a841178445bb72a3d566b4e6ab9d19e9b002eb47 (v4.2-rc1)
 CVE-2016-6155
 	RESERVED
-CVE-2016-6154
-	RESERVED
+CVE-2016-6154 (The authentication applet in Watchguard Fireware 11.11 Operating Syste ...)
+	TODO: check
 CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...)
 	NOT-FOR-US: eHealth
 CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3630f088d29ee82427cc4c77394cbb176b642cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3630f088d29ee82427cc4c77394cbb176b642cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190824/1a2a4f7e/attachment.html>
