[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 29 21:10:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78ea20b1 by security tracker role at 2019-08-29T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,46 +1,92 @@
-CVE-2019-15807
- - linux 5.2.6-1
- NOTE: https://git.kernel.org/linus/3b0541791453fbe7f42867e310e0c9eb6295364d
-CVE-2019-15788
+CVE-2019-15812
RESERVED
-CVE-2019-15787
+CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...)
+ TODO: check
+CVE-2019-15810
RESERVED
-CVE-2019-15786
+CVE-2019-15809
RESERVED
-CVE-2019-15785
+CVE-2019-15808
RESERVED
-CVE-2019-15784
+CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...)
+ TODO: check
+CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...)
+ TODO: check
+CVE-2019-15804
RESERVED
-CVE-2019-15783
+CVE-2019-15803
RESERVED
-CVE-2019-15782
+CVE-2019-15802
RESERVED
-CVE-2019-15781
+CVE-2019-15801
RESERVED
-CVE-2019-15780
+CVE-2019-15800
RESERVED
-CVE-2019-15779
+CVE-2019-15799
RESERVED
-CVE-2019-15778
+CVE-2019-15798
RESERVED
-CVE-2019-15777
+CVE-2019-15797
RESERVED
-CVE-2019-15776
+CVE-2019-15796
RESERVED
-CVE-2019-15775
+CVE-2019-15795
RESERVED
-CVE-2019-15774
+CVE-2019-15794
RESERVED
-CVE-2019-15773
+CVE-2019-15793
RESERVED
-CVE-2019-15772
+CVE-2019-15792
RESERVED
-CVE-2019-15771
+CVE-2019-15791
RESERVED
-CVE-2019-15770
+CVE-2019-15790
RESERVED
-CVE-2019-15769
+CVE-2019-15789
RESERVED
+CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...)
+ - linux 5.2.6-1
+ NOTE: https://git.kernel.org/linus/3b0541791453fbe7f42867e310e0c9eb6295364d
+CVE-2019-15788 (Clara Genomics Analysis before 0.2.0 has an integer overflow for cudap ...)
+ TODO: check
+CVE-2019-15787 (libZetta.rs through 0.1.2 has an integer overflow in the zpool parser ...)
+ TODO: check
+CVE-2019-15786 (ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large ...)
+ TODO: check
+CVE-2019-15785 (FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs ...)
+ TODO: check
+CVE-2019-15784 (Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array ov ...)
+ TODO: check
+CVE-2019-15783 (Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. ...)
+ TODO: check
+CVE-2019-15782 (WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or ...)
+ TODO: check
+CVE-2019-15781 (The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2019-15780 (The formidable plugin before 4.02.01 for WordPress has unsafe deserial ...)
+ TODO: check
+CVE-2019-15779 (The insta-gallery plugin before 2.4.8 for WordPress has no nonce valid ...)
+ TODO: check
+CVE-2019-15778 (The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. ...)
+ TODO: check
+CVE-2019-15777 (The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/a ...)
+ TODO: check
+CVE-2019-15776 (The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for W ...)
+ TODO: check
+CVE-2019-15775 (The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX act ...)
+ TODO: check
+CVE-2019-15774 (The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX acti ...)
+ TODO: check
+CVE-2019-15773 (The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX actio ...)
+ TODO: check
+CVE-2019-15772 (The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX ac ...)
+ TODO: check
+CVE-2019-15771 (The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX a ...)
+ TODO: check
+CVE-2019-15770 (The woo-address-book plugin before 1.6.0 for WordPress has save calls ...)
+ TODO: check
+CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via a ...)
+ TODO: check
CVE-2019-15768
RESERVED
CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...)
@@ -81,8 +127,8 @@ CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-cod
TODO: check
CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local users to ...)
TODO: check
-CVE-2018-21007
- RESERVED
+CVE-2018-21007 (The woo-confirmation-email plugin before 3.2.0 for WordPress has no bl ...)
+ TODO: check
CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...)
TODO: check
CVE-2019-15751
@@ -97,8 +143,8 @@ CVE-2019-15747
RESERVED
CVE-2019-15746
RESERVED
-CVE-2019-15745
- RESERVED
+CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...)
+ TODO: check
CVE-2019-15744
RESERVED
CVE-2019-15743
@@ -153,8 +199,7 @@ CVE-2019-15719
RESERVED
CVE-2019-15718
RESERVED
-CVE-2019-15717 [Use after free when receiving duplicate CAP]
- RESERVED
+CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends ...)
- irssi <unfixed> (bug #936074)
[stretch] - irssi <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/29/3
@@ -747,8 +792,8 @@ CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel throu
- linux <unfixed>
CVE-2019-15503 (cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCM ...)
NOT-FOR-US: AltaVoz Prontus
-CVE-2019-15502
- RESERVED
+CVE-2019-15502 (The TeamSpeak client before 3.3.2 allows remote servers to trigger a c ...)
+ TODO: check
CVE-2019-15501 (Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-20 ...)
TODO: check
CVE-2019-15500
@@ -2322,12 +2367,12 @@ CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, the
NOTE: https://github.com/ImageMagick/ImageMagick6/issues/43
NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4 (6.9.10-24)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 (6.9.10-42)
-CVE-2019-14979
- RESERVED
-CVE-2019-14978
- RESERVED
-CVE-2019-14977
- RESERVED
+CVE-2019-14979 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...)
+ TODO: check
+CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...)
+ TODO: check
+CVE-2019-14977 (card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugi ...)
+ TODO: check
CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...)
@@ -2347,8 +2392,7 @@ CVE-2019-14972
RESERVED
CVE-2019-14971
RESERVED
-CVE-2019-14970
- RESERVED
+CVE-2019-14970 (A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3. ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
@@ -2408,8 +2452,7 @@ CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities]
[experimental] - gitlab 11.11.8+dfsg-1
- gitlab <unfixed> (bug #934708)
NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
-CVE-2019-14943 [Insecure Authentication Methods Disabled for Grafana By Default]
- RESERVED
+CVE-2019-14943 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
- gitlab <not-affected> (Only affects GitLab CE/EE 12.0 and later)
NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages]
@@ -2913,20 +2956,17 @@ CVE-2016-10865 (The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress ha
NOT-FOR-US: Lightbox Plus Colorbox plugin for WordPress
CVE-2019-14779
RESERVED
-CVE-2019-14778
- RESERVED
+CVE-2019-14778 (The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.c ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
-CVE-2019-14777
- RESERVED
+CVE-2019-14777 (The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
-CVE-2019-14776
- RESERVED
+CVE-2019-14776 (A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
@@ -3505,20 +3545,17 @@ CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for th
NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...)
NOT-FOR-US: Neet AirStream NAS1.1 devices
-CVE-2019-14535
- RESERVED
+CVE-2019-14535 (A divide-by-zero error exists in the SeekIndex function of demux/asf/a ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
-CVE-2019-14534
- RESERVED
+CVE-2019-14534 (In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer derefere ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
-CVE-2019-14533
- RESERVED
+CVE-2019-14533 (The Control function of demux/asf/asf.c in VideoLAN VLC media player 3 ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
@@ -3610,8 +3647,7 @@ CVE-2019-14500
RESERVED
CVE-2019-14499
RESERVED
-CVE-2019-14498
- RESERVED
+CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/caf.c i ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
@@ -4351,14 +4387,12 @@ CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1pa
- freetype 2.6.1-0.1
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
NOTE: https://savannah.nongnu.org/bugs/?45923
-CVE-2019-14438
- RESERVED
+CVE-2019-14438 (A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/x ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
-CVE-2019-14437
- RESERVED
+CVE-2019-14437 (The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC ...)
{DSA-4504-1}
- vlc 3.0.8-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
@@ -6376,8 +6410,8 @@ CVE-2019-13610
RESERVED
CVE-2019-13609
RESERVED
-CVE-2019-13608
- RESERVED
+CVE-2019-13608 (Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000) ...)
+ TODO: check
CVE-2014-1200
RESERVED
CVE-2014-1199
@@ -12936,9 +12970,8 @@ CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs t
NOTE: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
CVE-2019-11501
RESERVED
-CVE-2019-11500
- RESERVED
- {DSA-4510-1}
+CVE-2019-11500 (In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole be ...)
+ {DSA-4510-1 DLA-1901-1}
- dovecot 1:2.3.7.2-1 (bug #936014)
NOTE: https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
NOTE: core: https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b
@@ -13012,8 +13045,8 @@ CVE-2019-11478 (Jonathan Looney discovered that the TCP retransmission queue imp
CVE-2019-11477 (Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs v ...)
{DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux 4.19.37-4
-CVE-2019-11476
- RESERVED
+CVE-2019-11476 (An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2 ...)
+ TODO: check
CVE-2019-11475
RESERVED
CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
@@ -13243,8 +13276,8 @@ CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 20
NOT-FOR-US: UliCMS
CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M. ...)
NOT-FOR-US: Rapid4
-CVE-2019-11396
- RESERVED
+CVE-2019-11396 (An issue was discovered in Avira Free Security Suite 10. The permissiv ...)
+ TODO: check
CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers to execu ...)
NOT-FOR-US: MailCarrier
CVE-2019-11394
@@ -24875,8 +24908,8 @@ CVE-2019-7308 (kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
NOTE: Fixed by: https://git.kernel.org/linus/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
NOTE: Fixed by: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda
-CVE-2019-7307
- RESERVED
+CVE-2019-7307 (Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2. ...)
+ TODO: check
CVE-2019-7306 [Apport hook may expose sensitive information]
RESERVED
- byobu <unfixed> (unimportant)
@@ -31559,8 +31592,8 @@ CVE-2019-4538
RESERVED
CVE-2019-4537
RESERVED
-CVE-2019-4536
- RESERVED
+CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a ...)
+ TODO: check
CVE-2019-4535
RESERVED
CVE-2019-4534
@@ -32365,10 +32398,10 @@ CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a
NOT-FOR-US: IBM
CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
-CVE-2019-4133
- RESERVED
-CVE-2019-4132
- RESERVED
+CVE-2019-4133 (IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the ...)
+ TODO: check
+CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertl ...)
+ TODO: check
CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...)
NOT-FOR-US: IBM
CVE-2019-4130
@@ -35449,8 +35482,8 @@ CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before
NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data Center bef ...)
NOT-FOR-US: Atlassian Confluence Server
-CVE-2019-3394
- RESERVED
+CVE-2019-3394 (There was a local file disclosure vulnerability in Confluence Server a ...)
+ TODO: check
CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerab ...)
NOT-FOR-US: S3 Browser
CVE-2018-20297
@@ -53259,17 +53292,17 @@ CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R
NOT-FOR-US: Pulse Secure Pulse Desktop Client
CVE-2018-16260
RESERVED
-CVE-2018-16259 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...)
+CVE-2018-16259 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
NOT-FOR-US: WP All Import plugin for WordPress
-CVE-2018-16258 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...)
+CVE-2018-16258 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
NOT-FOR-US: WP All Import plugin for WordPress
-CVE-2018-16257 (There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 f ...)
+CVE-2018-16257 (** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import ...)
NOT-FOR-US: WP All Import plugin for WordPress
-CVE-2018-16256 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...)
+CVE-2018-16256 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
NOT-FOR-US: WP All Import plugin for WordPress
-CVE-2018-16255 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...)
+CVE-2018-16255 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
NOT-FOR-US: WP All Import plugin for WordPress
-CVE-2018-16254 (There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPr ...)
+CVE-2018-16254 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16253 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
NOT-FOR-US: axTLS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78ea20b1c9c0f657a6bb0907b21d23a1ff78375a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78ea20b1c9c0f657a6bb0907b21d23a1ff78375a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190829/80ee0083/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list