[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 4 20:10:40 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
864622a3 by security tracker role at 2019-12-04T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2019-19576 (class.upload.php in verot.net class.upload before 1.0.3 and 2.x before ...)
+ TODO: check
+CVE-2019-19575
+ RESERVED
+CVE-2019-19574
+ RESERVED
+CVE-2019-19573
+ RESERVED
+CVE-2019-19572
+ RESERVED
+CVE-2019-19571
+ RESERVED
+CVE-2019-19570
+ RESERVED
+CVE-2019-19569
+ RESERVED
+CVE-2019-19568
+ RESERVED
+CVE-2019-19567
+ RESERVED
+CVE-2019-19566
+ RESERVED
+CVE-2019-19565
+ RESERVED
+CVE-2019-19564
+ RESERVED
+CVE-2019-19563
+ RESERVED
+CVE-2019-19562
+ RESERVED
+CVE-2019-19561
+ RESERVED
+CVE-2019-19560
+ RESERVED
+CVE-2019-19559
+ RESERVED
+CVE-2019-19558
+ RESERVED
+CVE-2019-19557
+ RESERVED
+CVE-2019-19556
+ RESERVED
+CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...)
+ TODO: check
+CVE-2019-19554
+ RESERVED
+CVE-2019-19553
+ RESERVED
+CVE-2019-19552
+ RESERVED
+CVE-2019-19551
+ RESERVED
CVE-2020-1974
RESERVED
CVE-2020-1973
@@ -308,7 +360,7 @@ CVE-2019-19498
RESERVED
CVE-2019-19497
RESERVED
-CVE-2019-19496 (Alfresco Enterprise before 5.2.6 allows stored XSS via an uploaded HTM ...)
+CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTM ...)
NOT-FOR-US: Alfresco
CVE-2019-19495
RESERVED
@@ -785,7 +837,7 @@ CVE-2019-19393
RESERVED
CVE-2019-19392
RESERVED
-CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...)
+CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...)
- luajit <unfixed> (bug #946053; unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
NOTE: Negligible security impact. The debug library is unsafe per se and one is
@@ -992,8 +1044,8 @@ CVE-2020-1691
RESERVED
CVE-2020-1690
RESERVED
-CVE-2019-19364
- RESERVED
+CVE-2019-19364 (In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Cataly ...)
+ TODO: check
CVE-2019-19363
RESERVED
CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...)
@@ -1319,6 +1371,7 @@ CVE-2019-19248
CVE-2019-19247
RESERVED
CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...)
+ {DLA-2020-1}
- libonig <unfixed>
NOTE: https://bugs.php.net/bug.php?id=78559
NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
@@ -1358,10 +1411,10 @@ CVE-2019-19231
RESERVED
CVE-2019-19230
RESERVED
-CVE-2019-19229
- RESERVED
-CVE-2019-19228
- RESERVED
+CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.1 ...)
+ TODO: check
+CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attacke ...)
+ TODO: check
CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a ...)
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
@@ -1415,6 +1468,7 @@ CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS du
CVE-2019-19205
RESERVED
CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...)
+ {DLA-2020-1}
- libonig <unfixed> (low; bug #945313)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
@@ -1572,8 +1626,8 @@ CVE-2019-19135
RESERVED
CVE-2019-19134
RESERVED
-CVE-2019-19133
- RESERVED
+CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected ...)
+ TODO: check
CVE-2019-19132
RESERVED
CVE-2019-19131
@@ -1926,6 +1980,7 @@ CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has
CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...)
NOT-FOR-US: Pagekit CMS
CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...)
+ {DLA-2020-1}
- libonig <unfixed> (bug #944959)
NOTE: https://github.com/kkos/oniguruma/issues/164
CVE-2019-19011 (MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueC ...)
@@ -2302,8 +2357,8 @@ CVE-2019-18852 (Certain D-Link devices have a hardcoded Alphanetworks user accou
NOT-FOR-US: D-Link
CVE-2019-18851
RESERVED
-CVE-2019-18850
- RESERVED
+CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a dis ...)
+ TODO: check
CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
{DLA-2005-1}
- tnef <unfixed> (bug #944851)
@@ -5863,10 +5918,10 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17
NOTE: Issue only exploitable if CVE-2016-10739 is unfixed in src:glibc. This is
NOTE: not the case in all suites, but the issue is minor in general and would
NOTE: tend to a no-dsa/ignored tag in those suites.
-CVE-2019-18347
- RESERVED
-CVE-2019-18346
- RESERVED
+CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It does no ...)
+ TODO: check
+CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an authentica ...)
+ TODO: check
CVE-2019-18345
RESERVED
CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauthentica ...)
@@ -8560,14 +8615,11 @@ CVE-2019-17558
RESERVED
CVE-2019-17557
RESERVED
-CVE-2019-17556
- RESERVED
+CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService clas ...)
NOT-FOR-US: Olingo
-CVE-2019-17555
- RESERVED
+CVE-2019-17555 (The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to ...)
NOT-FOR-US: Olingo
-CVE-2019-17554
- RESERVED
+CVE-2019-17554 (The XML content type entity deserializer in Apache Olingo versions 4.0 ...)
NOT-FOR-US: Olingo
CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...)
NOT-FOR-US: MetInfo
@@ -13925,8 +13977,8 @@ CVE-2019-15639 (main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28499
NOTE: Issue was introduced specifically only in versions 13.28.0 and 16.5.0 upstream
NOTE: and got fixed in 13.28.1 respectively 16.5.1.
-CVE-2019-15638
- RESERVED
+CVE-2019-15638 (COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Searc ...)
+ TODO: check
CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious workbo ...)
NOT-FOR-US: Tableau
CVE-2019-15636
@@ -16242,8 +16294,7 @@ CVE-2019-14911 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module
CVE-2019-14910
RESERVED
NOT-FOR-US: Keycloak
-CVE-2019-14909
- RESERVED
+CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federation LD ...)
NOT-FOR-US: Keycloak
CVE-2019-14908
RESERVED
@@ -25813,30 +25864,29 @@ CVE-2019-11942 (A remote code execution vulnerability was identified in HPE Inte
NOT-FOR-US: HPE
CVE-2019-11941 (A remote code execution vulnerability was identified in HPE Intelligen ...)
NOT-FOR-US: HPE
-CVE-2019-11940
- RESERVED
+CVE-2019-11940 (In the course of decompressing HPACK inside the HTTP2 protocol, an une ...)
+ TODO: check
CVE-2019-11939
RESERVED
CVE-2019-11938
RESERVED
-CVE-2019-11937
- RESERVED
+CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...)
NOT-FOR-US: mcrouter
NOTE: https://github.com/facebook/mcrouter/releases
-CVE-2019-11936
- RESERVED
-CVE-2019-11935
- RESERVED
-CVE-2019-11934
- RESERVED
+CVE-2019-11936 (Various APC functions accept keys containing null bytes as input, lead ...)
+ TODO: check
+CVE-2019-11935 (Insufficient boundary checks when processing a string in mb_ereg_repla ...)
+ TODO: check
+CVE-2019-11934 (Improper handling of close_notify alerts can result in an out-of-bound ...)
+ TODO: check
CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, a ...)
NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...)
NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp by sendin ...)
NOT-FOR-US: WhatsApp
-CVE-2019-11930
- RESERVED
+CVE-2019-11930 (An invalid free in mb_detect_order can cause the application to crash ...)
+ TODO: check
CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format ...)
- hhvm <removed>
CVE-2019-11928
@@ -25849,8 +25899,7 @@ CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 bloc
- hhvm <removed>
CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...)
NOT-FOR-US: fizz
-CVE-2019-11923
- RESERVED
+CVE-2019-11923 (In Mcrouter prior to v0.41.0, the deprecated ASCII parser would alloca ...)
NOT-FOR-US: mcrouter
NOTE: https://github.com/facebook/mcrouter/releases
CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...)
@@ -39953,16 +40002,16 @@ CVE-2019-7203
RESERVED
CVE-2019-7202
RESERVED
-CVE-2019-7201
- RESERVED
+CVE-2019-7201 (An unquoted service path vulnerability is reported to affect the servi ...)
+ TODO: check
CVE-2019-7200
RESERVED
CVE-2019-7199
RESERVED
CVE-2019-7198
RESERVED
-CVE-2019-7197
- RESERVED
+CVE-2019-7197 (A stored cross-site scripting (XSS) vulnerability has been reported to ...)
+ TODO: check
CVE-2019-7196
RESERVED
CVE-2019-7195
@@ -112660,12 +112709,12 @@ CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel before
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a
-CVE-2018-0730
- RESERVED
-CVE-2018-0729
- RESERVED
-CVE-2018-0728
- RESERVED
+CVE-2018-0730 (This command injection vulnerability in File Station allows attackers ...)
+ TODO: check
+CVE-2018-0729 (This command injection vulnerability in Music Station allows attackers ...)
+ TODO: check
+CVE-2018-0728 (This improper access control vulnerability in Helpdesk allows attacker ...)
+ TODO: check
CVE-2018-0727
RESERVED
CVE-2018-0726
@@ -225393,11 +225442,9 @@ CVE-2014-8181 (The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear
- linux <not-affected> (Specific to RHEL 7)
CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass authentica ...)
NOT-FOR-US: Red Hat Satellite
-CVE-2014-8179
- RESERVED
+CVE-2014-8179 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does ...)
- docker.io 1.8.3~ds1-1
-CVE-2014-8178
- RESERVED
+CVE-2014-8178 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do no ...)
- docker.io 1.8.3~ds1-1
CVE-2014-8177 (The Red Hat gluster-swift package, as used in Red Hat Gluster Storage ...)
NOT-FOR-US: gluster-swift
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/864622a37a8ae933a8a90fdc478123e9fab1d926
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/864622a37a8ae933a8a90fdc478123e9fab1d926
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191204/c417fcb5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list