[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 30 09:10:57 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dfbf6c28 by security tracker role at 2019-08-30T08:10:42Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2019-15842
+ RESERVED
+CVE-2019-15841
+ RESERVED
+CVE-2019-15840
+ RESERVED
+CVE-2019-15839
+ RESERVED
+CVE-2019-15838
+ RESERVED
+CVE-2019-15837
+ RESERVED
+CVE-2019-15836
+ RESERVED
+CVE-2019-15835
+ RESERVED
+CVE-2019-15834
+ RESERVED
+CVE-2019-15833
+ RESERVED
+CVE-2019-15832
+ RESERVED
+CVE-2019-15831
+ RESERVED
+CVE-2019-15830
+ RESERVED
+CVE-2019-15829
+ RESERVED
+CVE-2019-15828
+ RESERVED
+CVE-2019-15827
+ RESERVED
+CVE-2019-15826
+ RESERVED
+CVE-2019-15825
+ RESERVED
+CVE-2019-15824
+ RESERVED
+CVE-2019-15823
+ RESERVED
+CVE-2019-15822
+ RESERVED
+CVE-2019-15821
+ RESERVED
+CVE-2019-15820
+ RESERVED
+CVE-2019-15819
+ RESERVED
+CVE-2019-15818
+ RESERVED
+CVE-2019-15817
+ RESERVED
+CVE-2019-15816
+ RESERVED
+CVE-2019-15815
+ RESERVED
+CVE-2019-15814
+ RESERVED
+CVE-2019-15813
+ RESERVED
+CVE-2015-9380
+ RESERVED
CVE-2019-15812
RESERVED
CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...)
@@ -1807,18 +1869,22 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GP
CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
NOT-FOR-US: gpmf-parser
CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...)
+ {DLA-1902-1}
- djvulibre 3.5.27.1-11
NOTE: https://sourceforge.net/p/djvu/bugs/298/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...)
+ {DLA-1902-1}
- djvulibre 3.5.27.1-11
NOTE: https://sourceforge.net/p/djvu/bugs/299/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
+ {DLA-1902-1}
- djvulibre 3.5.27.1-11
NOTE: https://sourceforge.net/p/djvu/bugs/297/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
+ {DLA-1902-1}
- djvulibre 3.5.27.1-11
NOTE: https://sourceforge.net/p/djvu/bugs/296/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
@@ -7596,8 +7662,8 @@ CVE-2019-13528
RESERVED
CVE-2019-13527
RESERVED
-CVE-2019-13526
- RESERVED
+CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 ...)
+ TODO: check
CVE-2019-13525
RESERVED
CVE-2019-13524
@@ -9729,10 +9795,10 @@ CVE-2019-12756
RESERVED
CVE-2019-12755
RESERVED
-CVE-2019-12754
- RESERVED
-CVE-2019-12753
- RESERVED
+CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...)
+ TODO: check
+CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...)
+ TODO: check
CVE-2019-12752
RESERVED
CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...)
@@ -10609,8 +10675,7 @@ CVE-2019-12404
RESERVED
CVE-2019-12403
RESERVED
-CVE-2019-12402 [Apache Commons Compress denial of service vulnerability]
- RESERVED
+CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commons Com ...)
- libcommons-compress-java <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
CVE-2019-12401
@@ -12555,8 +12620,8 @@ CVE-2019-11660
RESERVED
CVE-2019-11659
RESERVED
-CVE-2019-11658
- RESERVED
+CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...)
+ TODO: check
CVE-2019-11657
RESERVED
CVE-2019-11656
@@ -13371,10 +13436,10 @@ CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 1.3.
NOT-FOR-US: AUO Solar Data Recorder
CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 1.3.0. The w ...)
NOT-FOR-US: AUO Solar Data Recorder
-CVE-2019-11364
- RESERVED
-CVE-2019-11363
- RESERVED
+CVE-2019-11364 (An OS Command Injection vulnerability in Snare Central before 7.4.5 al ...)
+ TODO: check
+CVE-2019-11363 (A SQL injection vulnerability in Snare Central before 7.4.5 allows rem ...)
+ TODO: check
CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL ...)
NOT-FOR-US: ROCBOSS
CVE-2019-11361
@@ -14941,7 +15006,7 @@ CVE-2019-10753
RESERVED
CVE-2019-10752
RESERVED
-CVE-2019-10751 (All versions of the HTTPie package are vulnerable to Open Redirect tha ...)
+CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...)
TODO: check
CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 3.1.0. ...)
TODO: check
@@ -18744,8 +18809,8 @@ CVE-2019-9699
RESERVED
CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...)
NOT-FOR-US: Symantec
-CVE-2019-9697
- RESERVED
+CVE-2019-9697 (An information disclosure vulnerability in the Management Center (MC) ...)
+ TODO: check
CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible to a ...)
NOT-FOR-US: Symantec
CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
@@ -22019,8 +22084,8 @@ CVE-2019-8463
RESERVED
CVE-2019-8462
RESERVED
-CVE-2019-8461
- RESERVED
+CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
+ TODO: check
CVE-2019-8460 (Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologi ...)
TODO: check
CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN blade, ...)
@@ -27890,8 +27955,8 @@ CVE-2019-6115
RESERVED
CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An int ...)
NOT-FOR-US: Corel PaintShop Pro
-CVE-2019-6113
- RESERVED
+CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
+ TODO: check
CVE-2019-6112
RESERVED
CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...)
@@ -29259,16 +29324,16 @@ CVE-2019-5614
RESERVED
CVE-2019-5613
RESERVED
-CVE-2019-5612
- RESERVED
-CVE-2019-5611
- RESERVED
-CVE-2019-5610
- RESERVED
-CVE-2019-5609
- RESERVED
-CVE-2019-5608
- RESERVED
+CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5611 (In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5610 (In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5609 (In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
+CVE-2019-5608 (In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEAS ...)
+ TODO: check
CVE-2019-5607 (In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEAS ...)
NOT-FOR-US: FreeBSD userspace
CVE-2019-5606 (In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...)
@@ -39539,8 +39604,8 @@ CVE-2019-1979
RESERVED
CVE-2019-1978
RESERVED
-CVE-2019-1977
- RESERVED
+CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...)
+ TODO: check
CVE-2019-1976
RESERVED
CVE-2019-1975
@@ -39555,14 +39620,14 @@ CVE-2019-1971 (A vulnerability in the web portal of Cisco Enterprise NFV Infrast
NOT-FOR-US: Cisco
CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
NOT-FOR-US: Cisco
-CVE-2019-1969
- RESERVED
-CVE-2019-1968
- RESERVED
-CVE-2019-1967
- RESERVED
-CVE-2019-1966
- RESERVED
+CVE-2019-1969 (A vulnerability in the implementation of the Simple Network Management ...)
+ TODO: check
+CVE-2019-1968 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
+ TODO: check
+CVE-2019-1967 (A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX ...)
+ TODO: check
+CVE-2019-1966 (A vulnerability in a specific CLI command within the local management ...)
+ TODO: check
CVE-2019-1965 (A vulnerability in the Virtual Shell (VSH) session management for Cisc ...)
TODO: check
CVE-2019-1964 (A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software ...)
@@ -45023,7 +45088,7 @@ CVE-2019-0204 (A specifically crafted Docker image running under the root user c
- apache-mesos <itp> (bug #760315)
CVE-2019-0203 [Remote unauthenticated denial-of-service in Subversion svnserve]
RESERVED
- {DSA-4490-1}
+ {DSA-4490-1 DLA-1903-1}
- subversion 1.10.6-1
NOTE: https://subversion.apache.org/security/CVE-2019-0203-advisory.txt
CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to ...)
@@ -47636,10 +47701,10 @@ CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.
NOT-FOR-US: Wordpress plugin
CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft Library CMS ...)
NOT-FOR-US: KAASoft Library CMS
-CVE-2018-18371
- RESERVED
-CVE-2018-18370
- RESERVED
+CVE-2018-18371 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
+ TODO: check
+CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
+ TODO: check
CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
NOT-FOR-US: Norton Security
CVE-2018-18368
@@ -55243,14 +55308,14 @@ CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager CWM-100
NOT-FOR-US: D-Link
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ( ...)
NOT-FOR-US: Docker for Windows
-CVE-2018-15513
- RESERVED
-CVE-2018-15512
- RESERVED
-CVE-2018-15511
- RESERVED
-CVE-2018-15510
- RESERVED
+CVE-2018-15513 (Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs o ...)
+ TODO: check
+CVE-2018-15512 (Cross-site scripting (XSS) vulnerability in the 'Authorisation Service ...)
+ TODO: check
+CVE-2018-15511 (Cross-site scripting (XSS) vulnerability in the 'Notification template ...)
+ TODO: check
+CVE-2018-15510 (Cross-site scripting (XSS) vulnerability in the 'Certificate' feature ...)
+ TODO: check
CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 ...)
NOT-FOR-US: Five9 Agent Desktop Plus
CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing ...)
@@ -64988,7 +65053,7 @@ CVE-2018-11783 (sslheaders plugin extracts information from the client certifica
NOTE: https://www.openwall.com/lists/oss-security/2019/02/13/6
CVE-2018-11782 [Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev']
RESERVED
- {DSA-4490-1}
+ {DSA-4490-1 DLA-1903-1}
- subversion 1.10.6-1
NOTE: https://subversion.apache.org/security/CVE-2018-11782-advisory.txt
CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in the met ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfbf6c286ccd5210dde243beb22e7e8d3e662a1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfbf6c286ccd5210dde243beb22e7e8d3e662a1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190830/39660ad0/attachment.html>
More information about the debian-security-tracker-commits
mailing list