[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 30 09:10:57 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfbf6c28 by security tracker role at 2019-08-30T08:10:42Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2019-15842
+	RESERVED
+CVE-2019-15841
+	RESERVED
+CVE-2019-15840
+	RESERVED
+CVE-2019-15839
+	RESERVED
+CVE-2019-15838
+	RESERVED
+CVE-2019-15837
+	RESERVED
+CVE-2019-15836
+	RESERVED
+CVE-2019-15835
+	RESERVED
+CVE-2019-15834
+	RESERVED
+CVE-2019-15833
+	RESERVED
+CVE-2019-15832
+	RESERVED
+CVE-2019-15831
+	RESERVED
+CVE-2019-15830
+	RESERVED
+CVE-2019-15829
+	RESERVED
+CVE-2019-15828
+	RESERVED
+CVE-2019-15827
+	RESERVED
+CVE-2019-15826
+	RESERVED
+CVE-2019-15825
+	RESERVED
+CVE-2019-15824
+	RESERVED
+CVE-2019-15823
+	RESERVED
+CVE-2019-15822
+	RESERVED
+CVE-2019-15821
+	RESERVED
+CVE-2019-15820
+	RESERVED
+CVE-2019-15819
+	RESERVED
+CVE-2019-15818
+	RESERVED
+CVE-2019-15817
+	RESERVED
+CVE-2019-15816
+	RESERVED
+CVE-2019-15815
+	RESERVED
+CVE-2019-15814
+	RESERVED
+CVE-2019-15813
+	RESERVED
+CVE-2015-9380
+	RESERVED
 CVE-2019-15812
 	RESERVED
 CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...)
@@ -1807,18 +1869,22 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GP
 CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
 	NOT-FOR-US: gpmf-parser
 CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack  ...)
+	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11
 	NOTE: https://sourceforge.net/p/djvu/bugs/298/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
 CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...)
+	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11
 	NOTE: https://sourceforge.net/p/djvu/bugs/299/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
 CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
+	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11
 	NOTE: https://sourceforge.net/p/djvu/bugs/297/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
 CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
+	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11
 	NOTE: https://sourceforge.net/p/djvu/bugs/296/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
@@ -7596,8 +7662,8 @@ CVE-2019-13528
 	RESERVED
 CVE-2019-13527
 	RESERVED
-CVE-2019-13526
-	RESERVED
+CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0  ...)
+	TODO: check
 CVE-2019-13525
 	RESERVED
 CVE-2019-13524
@@ -9729,10 +9795,10 @@ CVE-2019-12756
 	RESERVED
 CVE-2019-12755
 	RESERVED
-CVE-2019-12754
-	RESERVED
-CVE-2019-12753
-	RESERVED
+CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...)
+	TODO: check
+CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...)
+	TODO: check
 CVE-2019-12752
 	RESERVED
 CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...)
@@ -10609,8 +10675,7 @@ CVE-2019-12404
 	RESERVED
 CVE-2019-12403
 	RESERVED
-CVE-2019-12402 [Apache Commons Compress denial of service vulnerability]
-	RESERVED
+CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commons Com ...)
 	- libcommons-compress-java <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
 CVE-2019-12401
@@ -12555,8 +12620,8 @@ CVE-2019-11660
 	RESERVED
 CVE-2019-11659
 	RESERVED
-CVE-2019-11658
-	RESERVED
+CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...)
+	TODO: check
 CVE-2019-11657
 	RESERVED
 CVE-2019-11656
@@ -13371,10 +13436,10 @@ CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 1.3.
 	NOT-FOR-US: AUO Solar Data Recorder
 CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 1.3.0. The w ...)
 	NOT-FOR-US: AUO Solar Data Recorder
-CVE-2019-11364
-	RESERVED
-CVE-2019-11363
-	RESERVED
+CVE-2019-11364 (An OS Command Injection vulnerability in Snare Central before 7.4.5 al ...)
+	TODO: check
+CVE-2019-11363 (A SQL injection vulnerability in Snare Central before 7.4.5 allows rem ...)
+	TODO: check
 CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL  ...)
 	NOT-FOR-US: ROCBOSS
 CVE-2019-11361
@@ -14941,7 +15006,7 @@ CVE-2019-10753
 	RESERVED
 CVE-2019-10752
 	RESERVED
-CVE-2019-10751 (All versions of the HTTPie package are vulnerable to Open Redirect tha ...)
+CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...)
 	TODO: check
 CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 3.1.0.  ...)
 	TODO: check
@@ -18744,8 +18809,8 @@ CVE-2019-9699
 	RESERVED
 CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...)
 	NOT-FOR-US: Symantec
-CVE-2019-9697
-	RESERVED
+CVE-2019-9697 (An information disclosure vulnerability in the Management Center (MC)  ...)
+	TODO: check
 CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible to a ...)
 	NOT-FOR-US: Symantec
 CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
@@ -22019,8 +22084,8 @@ CVE-2019-8463
 	RESERVED
 CVE-2019-8462
 	RESERVED
-CVE-2019-8461
-	RESERVED
+CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
+	TODO: check
 CVE-2019-8460 (Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologi ...)
 	TODO: check
 CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN blade,  ...)
@@ -27890,8 +27955,8 @@ CVE-2019-6115
 	RESERVED
 CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An int ...)
 	NOT-FOR-US: Corel PaintShop Pro
-CVE-2019-6113
-	RESERVED
+CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
+	TODO: check
 CVE-2019-6112
 	RESERVED
 CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation  ...)
@@ -29259,16 +29324,16 @@ CVE-2019-5614
 	RESERVED
 CVE-2019-5613
 	RESERVED
-CVE-2019-5612
-	RESERVED
-CVE-2019-5611
-	RESERVED
-CVE-2019-5610
-	RESERVED
-CVE-2019-5609
-	RESERVED
-CVE-2019-5608
-	RESERVED
+CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...)
+	TODO: check
+CVE-2019-5611 (In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ...)
+	TODO: check
+CVE-2019-5610 (In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEAS ...)
+	TODO: check
+CVE-2019-5609 (In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ...)
+	TODO: check
+CVE-2019-5608 (In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEAS ...)
+	TODO: check
 CVE-2019-5607 (In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEAS ...)
 	NOT-FOR-US: FreeBSD userspace
 CVE-2019-5606 (In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...)
@@ -39539,8 +39604,8 @@ CVE-2019-1979
 	RESERVED
 CVE-2019-1978
 	RESERVED
-CVE-2019-1977
-	RESERVED
+CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...)
+	TODO: check
 CVE-2019-1976
 	RESERVED
 CVE-2019-1975
@@ -39555,14 +39620,14 @@ CVE-2019-1971 (A vulnerability in the web portal of Cisco Enterprise NFV Infrast
 	NOT-FOR-US: Cisco
 CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
 	NOT-FOR-US: Cisco
-CVE-2019-1969
-	RESERVED
-CVE-2019-1968
-	RESERVED
-CVE-2019-1967
-	RESERVED
-CVE-2019-1966
-	RESERVED
+CVE-2019-1969 (A vulnerability in the implementation of the Simple Network Management ...)
+	TODO: check
+CVE-2019-1968 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
+	TODO: check
+CVE-2019-1967 (A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX ...)
+	TODO: check
+CVE-2019-1966 (A vulnerability in a specific CLI command within the local management  ...)
+	TODO: check
 CVE-2019-1965 (A vulnerability in the Virtual Shell (VSH) session management for Cisc ...)
 	TODO: check
 CVE-2019-1964 (A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software ...)
@@ -45023,7 +45088,7 @@ CVE-2019-0204 (A specifically crafted Docker image running under the root user c
 	- apache-mesos <itp> (bug #760315)
 CVE-2019-0203 [Remote unauthenticated denial-of-service in Subversion svnserve]
 	RESERVED
-	{DSA-4490-1}
+	{DSA-4490-1 DLA-1903-1}
 	- subversion 1.10.6-1
 	NOTE: https://subversion.apache.org/security/CVE-2019-0203-advisory.txt
 CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to ...)
@@ -47636,10 +47701,10 @@ CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.
 	NOT-FOR-US: Wordpress plugin
 CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft Library CMS  ...)
 	NOT-FOR-US: KAASoft Library CMS
-CVE-2018-18371
-	RESERVED
-CVE-2018-18370
-	RESERVED
+CVE-2018-18371 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
+	TODO: check
+CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
+	TODO: check
 CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
 	NOT-FOR-US: Norton Security
 CVE-2018-18368
@@ -55243,14 +55308,14 @@ CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager CWM-100
 	NOT-FOR-US: D-Link
 CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ( ...)
 	NOT-FOR-US: Docker for Windows
-CVE-2018-15513
-	RESERVED
-CVE-2018-15512
-	RESERVED
-CVE-2018-15511
-	RESERVED
-CVE-2018-15510
-	RESERVED
+CVE-2018-15513 (Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs o ...)
+	TODO: check
+CVE-2018-15512 (Cross-site scripting (XSS) vulnerability in the 'Authorisation Service ...)
+	TODO: check
+CVE-2018-15511 (Cross-site scripting (XSS) vulnerability in the 'Notification template ...)
+	TODO: check
+CVE-2018-15510 (Cross-site scripting (XSS) vulnerability in the 'Certificate' feature  ...)
+	TODO: check
 CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 ...)
 	NOT-FOR-US: Five9 Agent Desktop Plus
 CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing ...)
@@ -64988,7 +65053,7 @@ CVE-2018-11783 (sslheaders plugin extracts information from the client certifica
 	NOTE: https://www.openwall.com/lists/oss-security/2019/02/13/6
 CVE-2018-11782 [Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev']
 	RESERVED
-	{DSA-4490-1}
+	{DSA-4490-1 DLA-1903-1}
 	- subversion 1.10.6-1
 	NOTE: https://subversion.apache.org/security/CVE-2018-11782-advisory.txt
 CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in the met ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfbf6c286ccd5210dde243beb22e7e8d3e662a1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfbf6c286ccd5210dde243beb22e7e8d3e662a1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190830/39660ad0/attachment.html>


More information about the debian-security-tracker-commits mailing list