[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 5 21:11:03 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c555eee by security tracker role at 2019-07-05T20:10:50Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2019-13350
+ RESERVED
+CVE-2019-13349
+ RESERVED
+CVE-2019-13348
+ RESERVED
+CVE-2019-13347
+ RESERVED
+CVE-2019-13346
+ RESERVED
+CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
+ TODO: check
+CVE-2019-13344 (An authentication bypass vulnerability in the CRUDLab WP Like Button p ...)
+ TODO: check
+CVE-2019-13343
+ RESERVED
+CVE-2019-13342
+ RESERVED
+CVE-2019-13341 (In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment b ...)
+ TODO: check
+CVE-2019-13340 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...)
+ TODO: check
+CVE-2019-13339 (In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (cont ...)
+ TODO: check
+CVE-2019-13338
+ RESERVED
+CVE-2019-13337
+ RESERVED
+CVE-2019-13336
+ RESERVED
+CVE-2019-13335
+ RESERVED
+CVE-2019-13334
+ RESERVED
+CVE-2019-13333
+ RESERVED
+CVE-2019-13332
+ RESERVED
+CVE-2019-13331
+ RESERVED
+CVE-2019-13330
+ RESERVED
+CVE-2019-13329
+ RESERVED
+CVE-2019-13328
+ RESERVED
+CVE-2019-13327
+ RESERVED
+CVE-2019-13326
+ RESERVED
+CVE-2019-13325
+ RESERVED
+CVE-2019-13324
+ RESERVED
+CVE-2019-13323
+ RESERVED
+CVE-2019-13322
+ RESERVED
+CVE-2019-13321
+ RESERVED
+CVE-2019-13320
+ RESERVED
+CVE-2019-13319
+ RESERVED
+CVE-2019-13318
+ RESERVED
+CVE-2019-13317
+ RESERVED
+CVE-2019-13316
+ RESERVED
+CVE-2019-13315
+ RESERVED
+CVE-2019-13314 (virt-bootstrap 1.1.0 allows local users to discover a root password by ...)
+ TODO: check
+CVE-2019-13313 (libosinfo 1.5.0 allows local users to discover credentials by listing ...)
+ TODO: check
CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based b ...)
- ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/7980
@@ -308,7 +384,7 @@ CVE-2019-13188
RESERVED
CVE-2019-13187
RESERVED
-CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php. An a ...)
+CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...)
NOT-FOR-US: MiniCMS
CVE-2019-13185
RESERVED
@@ -412,7 +488,7 @@ CVE-2019-13146
CVE-2019-13145
RESERVED
CVE-2019-13144
- RESERVED
+ REJECTED
CVE-2019-13143
RESERVED
CVE-2019-13142
@@ -1379,7 +1455,7 @@ CVE-2019-12783
CVE-2019-12782
RESERVED
CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
- {DLA-1842-1}
+ {DSA-4476-1 DLA-1842-1}
- python-django 1:1.11.22-1 (bug #931316)
[buster] - python-django 1:1.11.22-1~deb10u1
NOTE: https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
@@ -2556,7 +2632,7 @@ CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have a
CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by ...)
NOT-FOR-US: dotCMS
CVE-2019-12308 (An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1. ...)
- {DLA-1814-1}
+ {DSA-4476-1 DLA-1814-1}
- python-django 1:1.11.21-1 (bug #929927)
NOTE: https://github.com/django/django/commit/deeba6d92006999fee9adfbd8be79bf0a59e8008 (master)
NOTE: https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b (1.11.21)
@@ -16905,6 +16981,7 @@ CVE-2019-6976 (libvips before 8.7.4 generates output images from uninitialized m
[jessie] - vips <ignored> (Minor Issue)
NOTE: https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2. ...)
+ {DSA-4476-1}
- python-django 1:1.11.20-1 (low; bug #922027)
[jessie] - python-django <not-affected> (Vulnerable code not present)
NOTE: Upstream re-released https://code.djangoproject.com/ticket/30175
@@ -19359,18 +19436,18 @@ CVE-2019-5986
RESERVED
CVE-2019-5985
RESERVED
-CVE-2019-5984
- RESERVED
-CVE-2019-5983
- RESERVED
-CVE-2019-5982
- RESERVED
-CVE-2019-5981
- RESERVED
-CVE-2019-5980
- RESERVED
-CVE-2019-5979
- RESERVED
+CVE-2019-5984 (Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0. ...)
+ TODO: check
+CVE-2019-5983 (Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 ...)
+ TODO: check
+CVE-2019-5982 (Improper download file verification vulnerability in VAIO Update 7.3.0 ...)
+ TODO: check
+CVE-2019-5981 (Improper authorization vulnerability in VAIO Update 7.3.0.03150 and ea ...)
+ TODO: check
+CVE-2019-5980 (Cross-site request forgery (CSRF) vulnerability in Related YouTube Vid ...)
+ TODO: check
+CVE-2019-5979 (Cross-site request forgery (CSRF) vulnerability in Personalized WooCom ...)
+ TODO: check
CVE-2019-5978
RESERVED
CVE-2019-5977
@@ -19379,36 +19456,36 @@ CVE-2019-5976
RESERVED
CVE-2019-5975
RESERVED
-CVE-2019-5974
- RESERVED
-CVE-2019-5973
- RESERVED
-CVE-2019-5972
- RESERVED
-CVE-2019-5971
- RESERVED
-CVE-2019-5970
- RESERVED
-CVE-2019-5969
- RESERVED
-CVE-2019-5968
- RESERVED
-CVE-2019-5967
- RESERVED
-CVE-2019-5966
- RESERVED
-CVE-2019-5965
- RESERVED
-CVE-2019-5964
- RESERVED
-CVE-2019-5963
- RESERVED
-CVE-2019-5962
- RESERVED
-CVE-2019-5961
- RESERVED
-CVE-2019-5960
- RESERVED
+CVE-2019-5974 (Cross-site request forgery (CSRF) vulnerability in Contest Gallery ver ...)
+ TODO: check
+CVE-2019-5973 (Cross-site request forgery (CSRF) vulnerability in Online Lesson Booki ...)
+ TODO: check
+CVE-2019-5972 (Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and ...)
+ TODO: check
+CVE-2019-5971 (Cross-site request forgery (CSRF) vulnerability in Attendance Manager ...)
+ TODO: check
+CVE-2019-5970 (Cross-site scripting vulnerability in Attendance Manager 0.5.6 and ear ...)
+ TODO: check
+CVE-2019-5969 (Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote ...)
+ TODO: check
+CVE-2019-5968 (Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and ea ...)
+ TODO: check
+CVE-2019-5967 (Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and ear ...)
+ TODO: check
+CVE-2019-5966 (Joruri Mail 2.1.4 and earlier does not properly manage sessions, which ...)
+ TODO: check
+CVE-2019-5965 (Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows re ...)
+ TODO: check
+CVE-2019-5964 (iDoors Reader 2.10.17 and earlier allows an attacker on the same netwo ...)
+ TODO: check
+CVE-2019-5963 (Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 ...)
+ TODO: check
+CVE-2019-5962 (Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier a ...)
+ TODO: check
+CVE-2019-5961 (The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does ...)
+ TODO: check
+CVE-2019-5960 (Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 ...)
+ TODO: check
CVE-2019-5959
RESERVED
CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and examin ...)
@@ -50075,8 +50152,8 @@ CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are not
[jessie] - wordpress <postponed> (can be fixed with a later update)
NOTE: https://core.trac.wordpress.org/ticket/44710
NOTE: https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
-CVE-2018-14027
- RESERVED
+CVE-2018-14027 (Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or ...)
+ TODO: check
CVE-2018-14026
RESERVED
CVE-2018-14025
@@ -53443,8 +53520,8 @@ CVE-2018-12623
RESERVED
CVE-2018-12622
RESERVED
-CVE-2018-12621
- RESERVED
+CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Op ...)
+ TODO: check
CVE-2018-12620
RESERVED
CVE-2018-12619
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c555eee2decaf907105d6d4781c1077c0d5a3b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c555eee2decaf907105d6d4781c1077c0d5a3b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190705/2eb9aa7a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list