[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 26 20:10:35 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7075a74d by security tracker role at 2019-12-26T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,10 +12,10 @@ CVE-2019-19998 (Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token
TODO: check
CVE-2019-19997
RESERVED
-CVE-2019-19996
- RESERVED
-CVE-2019-19995
- RESERVED
+CVE-2019-19996 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malfor ...)
+ TODO: check
+CVE-2019-19995 (A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, lead ...)
+ TODO: check
CVE-2019-19994
RESERVED
CVE-2019-19993
@@ -3585,6 +3585,7 @@ CVE-2019-19711
CVE-2019-19710
RESERVED
CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklis ...)
+ {DSA-4592-1}
- mediawiki 1:1.31.6-1
NOTE: https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
NOTE: https://phabricator.wikimedia.org/T239466
@@ -3692,8 +3693,8 @@ CVE-2019-19683 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable t
NOT-FOR-US: RoxyFileman in nopCommerce
CVE-2019-19682 (nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the co ...)
NOT-FOR-US: nopCommerce
-CVE-2019-19681
- RESERVED
+CVE-2019-19681 (Pandora FMS 7.x suffers from remote code execution vulnerability. With ...)
+ TODO: check
CVE-2019-19680
RESERVED
CVE-2019-19679 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...)
@@ -5096,12 +5097,12 @@ CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to
NOT-FOR-US: Norton Password Manager
CVE-2019-19544
RESERVED
-CVE-2019-19542
- RESERVED
-CVE-2019-19541
- RESERVED
-CVE-2019-19540
- RESERVED
+CVE-2019-19542 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...)
+ TODO: check
+CVE-2019-19541 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...)
+ TODO: check
+CVE-2019-19540 (The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS ...)
+ TODO: check
CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in serial_ ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
@@ -5806,8 +5807,8 @@ CVE-2019-19400
RESERVED
CVE-2019-19399
RESERVED
-CVE-2019-19398
- RESERVED
+CVE-2019-19398 (M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input ...)
+ TODO: check
CVE-2019-19397 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
NOT-FOR-US: Huawei
CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, allows a ...)
@@ -15868,8 +15869,8 @@ CVE-2019-16791
RESERVED
CVE-2019-16790
RESERVED
-CVE-2019-16789
- RESERVED
+CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...)
+ TODO: check
CVE-2019-16788
RESERVED
CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
@@ -15892,10 +15893,10 @@ CVE-2019-16782 (There's a possible information leak / session hijack vulnerabili
- ruby-rack <unfixed> (bug #946983)
NOTE: https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
NOTE: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
-CVE-2019-16781
- RESERVED
-CVE-2019-16780
- RESERVED
+CVE-2019-16781 (In WordPress before 5.3.1, authenticated users with lower privileges ( ...)
+ TODO: check
+CVE-2019-16780 (WordPress users with lower privileges (like contributors) can inject J ...)
+ TODO: check
CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...)
- ruby-excon <unfixed> (bug #946904)
NOTE: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
@@ -17075,10 +17076,10 @@ CVE-2019-16329
RESERVED
CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...)
- rpyc <removed>
-CVE-2019-16327
- RESERVED
-CVE-2019-16326
- RESERVED
+CVE-2019-16327 (D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypa ...)
+ TODO: check
+CVE-2019-16326 (D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token ...)
+ TODO: check
CVE-2019-16325
RESERVED
CVE-2019-16324
@@ -18969,16 +18970,16 @@ CVE-2019-15697
RESERVED
CVE-2019-15696
RESERVED
-CVE-2019-15695
- RESERVED
-CVE-2019-15694
- RESERVED
-CVE-2019-15693
- RESERVED
-CVE-2019-15692
- RESERVED
-CVE-2019-15691
- RESERVED
+CVE-2019-15695 (TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflo ...)
+ TODO: check
+CVE-2019-15694 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...)
+ TODO: check
+CVE-2019-15693 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...)
+ TODO: check
+CVE-2019-15692 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...)
+ TODO: check
+CVE-2019-15691 (TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-retu ...)
+ TODO: check
CVE-2019-15690
RESERVED
CVE-2019-15689 (Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky To ...)
@@ -48077,62 +48078,62 @@ CVE-2019-6037
RESERVED
CVE-2019-6036
RESERVED
-CVE-2019-6035
- RESERVED
-CVE-2019-6034
- RESERVED
-CVE-2019-6033
- RESERVED
-CVE-2019-6032
- RESERVED
-CVE-2019-6031
- RESERVED
-CVE-2019-6030
- RESERVED
-CVE-2019-6029
- RESERVED
+CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...)
+ TODO: check
+CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...)
+ TODO: check
+CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior to Ver ...)
+ TODO: check
+CVE-2019-6032 (The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates f ...)
+ TODO: check
+CVE-2019-6031 (Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 ...)
+ TODO: check
+CVE-2019-6030 (Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0 ...)
+ TODO: check
+CVE-2019-6029 (Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earl ...)
+ TODO: check
CVE-2019-6028
RESERVED
-CVE-2019-6027
- RESERVED
-CVE-2019-6026
- RESERVED
-CVE-2019-6025
- RESERVED
-CVE-2019-6024
- RESERVED
-CVE-2019-6023
- RESERVED
-CVE-2019-6022
- RESERVED
-CVE-2019-6021
- RESERVED
-CVE-2019-6020
- RESERVED
-CVE-2019-6019
- RESERVED
-CVE-2019-6018
- RESERVED
-CVE-2019-6017
- RESERVED
-CVE-2019-6016
- RESERVED
+CVE-2019-6027 (Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1. ...)
+ TODO: check
+CVE-2019-6026 (Privilege escalation vulnerability in Multiple MOTEX products (LanScop ...)
+ TODO: check
+CVE-2019-6025 (Open redirect vulnerability in Movable Type series Movable Type 7 r.46 ...)
+ TODO: check
+CVE-2019-6024 (Rakuma App for Android version 7.15.0 and earlier, and for iOS version ...)
+ TODO: check
+CVE-2019-6023 (Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers t ...)
+ TODO: check
+CVE-2019-6022 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 al ...)
+ TODO: check
+CVE-2019-6021 (Open redirect vulnerability in Library Information Management System L ...)
+ TODO: check
+CVE-2019-6020 (Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x ...)
+ TODO: check
+CVE-2019-6019 (Untrusted search path vulnerability in STAMP Workbench installer all v ...)
+ TODO: check
+CVE-2019-6018 (Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (Ne ...)
+ TODO: check
+CVE-2019-6017 (REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier ...)
+ TODO: check
+CVE-2019-6016 (Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.1 ...)
+ TODO: check
CVE-2019-6015 (FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firm ...)
NOT-FOR-US: FON routers
-CVE-2019-6014
- RESERVED
-CVE-2019-6013
- RESERVED
-CVE-2019-6012
- RESERVED
-CVE-2019-6011
- RESERVED
+CVE-2019-6014 (DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute ...)
+ TODO: check
+CVE-2019-6013 (DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers ...)
+ TODO: check
+CVE-2019-6012 (SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 an ...)
+ TODO: check
+CVE-2019-6011 (Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 ...)
+ TODO: check
CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to the vers ...)
NOT-FOR-US: LINE(Android)
CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows rem ...)
NOT-FOR-US: SHIRASAGI
-CVE-2019-6008
- RESERVED
+CVE-2019-6008 (An unquoted search path vulnerability in Multiple Yokogawa products fo ...)
+ TODO: check
CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows ...)
NOT-FOR-US: apng-drawable
CVE-2019-6006
@@ -50024,14 +50025,14 @@ CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information l
NOT-FOR-US: Huawei
CVE-2019-5276 (Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C0 ...)
TODO: check
-CVE-2019-5275
- RESERVED
-CVE-2019-5274
- RESERVED
-CVE-2019-5273
- RESERVED
-CVE-2019-5272
- RESERVED
+CVE-2019-5275 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
+ TODO: check
+CVE-2019-5274 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
+ TODO: check
+CVE-2019-5273 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
+ TODO: check
+CVE-2019-5272 (USG9500 with versions of V500R001C30;V500R001C60 have a missing integr ...)
+ TODO: check
CVE-2019-5271 (There is an information leak vulnerability in Huawei smart speaker Myn ...)
NOT-FOR-US: Huawei
CVE-2019-5270
@@ -54768,8 +54769,7 @@ CVE-2018-20493 [Source code disclosure merge request diff]
RESERVED
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20492 [Todos improper access control]
- RESERVED
+CVE-2018-20492 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20491 [Persistent XSS wiki in IE browser]
@@ -298991,8 +298991,7 @@ CVE-2011-1476 (Integer underflow in the Open Sound System (OSS) subsystem in the
- linux-2.6 2.6.38-4
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not p ...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
-CVE-2011-1474
- RESERVED
+CVE-2011-1474 (A locally locally exploitable DOS vulnerability was found in pax-linux ...)
NOT-FOR-US: PaX hardening patch
NOTE: http://seclists.org/oss-sec/2011/q1/579
CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7075a74d3b053c989e85556bf8a719e1ed6de3af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7075a74d3b053c989e85556bf8a719e1ed6de3af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191226/5f264f41/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list