[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 4 09:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f34e9ce7 by security tracker role at 2019-07-04T08:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2019-13225
+ RESERVED
+CVE-2019-13224
+ RESERVED
+CVE-2019-13223
+ RESERVED
+CVE-2019-13222
+ RESERVED
+CVE-2019-13221
+ RESERVED
+CVE-2019-13220
+ RESERVED
+CVE-2019-13219
+ RESERVED
+CVE-2019-13218
+ RESERVED
+CVE-2019-13217
+ RESERVED
+CVE-2019-13216
+ RESERVED
+CVE-2019-13215
+ RESERVED
+CVE-2019-13214
+ RESERVED
+CVE-2019-13213
+ RESERVED
+CVE-2019-13212
+ RESERVED
+CVE-2019-13211
+ RESERVED
+CVE-2019-13210
+ RESERVED
+CVE-2019-13209
+ RESERVED
+CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...)
+ TODO: check
+CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
+ TODO: check
+CVE-2019-13206
+ RESERVED
+CVE-2019-13205
+ RESERVED
+CVE-2019-13204
+ RESERVED
+CVE-2019-13203
+ RESERVED
+CVE-2019-13202
+ RESERVED
+CVE-2019-13201
+ RESERVED
+CVE-2019-13200
+ RESERVED
+CVE-2019-13199
+ RESERVED
+CVE-2019-13198
+ RESERVED
+CVE-2019-13197
+ RESERVED
+CVE-2019-13196
+ RESERVED
+CVE-2019-13195
+ RESERVED
CVE-2019-13194
RESERVED
CVE-2019-13193
@@ -28,12 +90,12 @@ CVE-2019-13181
RESERVED
CVE-2019-13180
RESERVED
-CVE-2019-13179 (Calamares through 3.2.4 copies a LUKS encryption keyfile from /crypto_ ...)
+CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...)
- calamares <unfixed> (bug #931392)
- calamares-settings-debian 10.0.23-1 (bug #931373)
NOTE: https://github.com/calamares/calamares/issues/1191
NOTE: https://github.com/calamares/calamares/commit/003096698627a527b589c0c929dda4d58f23fd93
-CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares through 3.2.4 has a race ...)
+CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ...)
- calamares <unfixed> (bug #931391)
NOTE: https://github.com/calamares/calamares/issues/1190
CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...)
@@ -308,8 +370,8 @@ CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerabil
NOTE: https://hackerone.com/reports/588239
NOTE: https://trac.torproject.org/projects/tor/ticket/30657
NOTE: This affects Firefox, but it's not a security issue in Firefox by itself
-CVE-2019-13074
- RESERVED
+CVE-2019-13074 (A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 c ...)
+ TODO: check
CVE-2019-13073
RESERVED
CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the ...)
@@ -876,8 +938,8 @@ CVE-2019-12854
RESERVED
CVE-2019-12853
RESERVED
-CVE-2019-12852
- RESERVED
+CVE-2019-12852 (An SSRF attack was possible on a JetBrains YouTrack server. The issue ...)
+ TODO: check
CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...)
@@ -888,18 +950,18 @@ CVE-2019-12848
RESERVED
CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...)
NOT-FOR-US: JetBrains Hub
-CVE-2019-12846
- RESERVED
-CVE-2019-12845
- RESERVED
-CVE-2019-12844
- RESERVED
-CVE-2019-12843
- RESERVED
-CVE-2019-12842
- RESERVED
-CVE-2019-12841
- RESERVED
+CVE-2019-12846 (A user without the required permissions could gain access to some JetB ...)
+ TODO: check
+CVE-2019-12845 (The generated Kotlin DSL settings allowed usage of an unencrypted conn ...)
+ TODO: check
+CVE-2019-12844 (A possible stored JavaScript injection was detected on one of the JetB ...)
+ TODO: check
+CVE-2019-12843 (A possible stored JavaScript injection requiring a deliberate server a ...)
+ TODO: check
+CVE-2019-12842 (A reflected XSS on a user page was detected on one of the JetBrains Te ...)
+ TODO: check
+CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected in Jet ...)
+ TODO: check
CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates" ...)
- webmin <removed>
CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...)
@@ -7851,12 +7913,12 @@ CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layo
NOT-FOR-US: CMS Made Simple
CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...)
NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
-CVE-2019-10103
- RESERVED
-CVE-2019-10102
- RESERVED
-CVE-2019-10101
- RESERVED
+CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...)
+ TODO: check
+CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
+ TODO: check
+CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...)
+ TODO: check
CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...)
NOT-FOR-US: JetBrains YouTrack Confluence plugin
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
@@ -9234,8 +9296,8 @@ CVE-2019-9829 (Maccms 10 allows remote attackers to execute arbitrary PHP code b
NOT-FOR-US: Maccms
CVE-2019-9828
RESERVED
-CVE-2019-9827
- RESERVED
+CVE-2019-9827 (Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote att ...)
+ TODO: check
CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows Denial of S ...)
{DLA-1775-1}
- phpbb3 <removed>
@@ -100042,8 +100104,8 @@ CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont t
- libxfont1 <removed> (unimportant)
NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
NOTE: libxfont1 is only used by xfonts-utils, no security impact
-CVE-2017-13719
- RESERVED
+CVE-2017-13719 (The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 ...)
+ TODO: check
CVE-2017-13718 (The HTTP API supported by Starry Station (aka Starry Router) allows br ...)
NOT-FOR-US: Starry Station
CVE-2017-13717 (Starry Station (aka Starry Router) sets the Access-Control-Allow-Origi ...)
@@ -116522,16 +116584,16 @@ CVE-2017-8232
RESERVED
CVE-2017-8231
RESERVED
-CVE-2017-8230
- RESERVED
-CVE-2017-8229
- RESERVED
-CVE-2017-8228
- RESERVED
-CVE-2017-8227
- RESERVED
-CVE-2017-8226
- RESERVED
+CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...)
+ TODO: check
+CVE-2017-8229 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenti ...)
+ TODO: check
+CVE-2017-8228 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots w ...)
+ TODO: check
+CVE-2017-8227 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout poli ...)
+ TODO: check
+CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default creden ...)
+ TODO: check
CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...)
- dpkg 1.18.24 (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/20/2
@@ -184722,8 +184784,8 @@ CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname mat
- ansible 1.9.2+dfsg-1 (low)
[jessie] - ansible <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
-CVE-2015-3907
- RESERVED
+CVE-2015-3907 (CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE ...)
+ TODO: check
CVE-2015-3906 (The logcat_dump_text function in wiretap/logcat.c in the Android Logca ...)
{DSA-3277-1}
- wireshark 1.12.5+g5819e5b-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34e9ce7c64b5c704e88785fcc41e99cf75d74bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34e9ce7c64b5c704e88785fcc41e99cf75d74bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190704/05622a0d/attachment.html>
More information about the debian-security-tracker-commits
mailing list