[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 8 21:10:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1db36413 by security tracker role at 2019-07-08T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2019-13444
+ RESERVED
+CVE-2019-13443
+ RESERVED
+CVE-2019-13442
+ RESERVED
+CVE-2019-13441
+ RESERVED
+CVE-2019-13440
+ RESERVED
+CVE-2019-13439
+ RESERVED
+CVE-2019-13438
+ RESERVED
+CVE-2019-13437
+ RESERVED
+CVE-2019-13436
+ RESERVED
+CVE-2019-13435
+ RESERVED
+CVE-2019-13434
+ RESERVED
+CVE-2019-13433
+ RESERVED
+CVE-2019-13432
+ RESERVED
+CVE-2019-13431
+ RESERVED
+CVE-2019-13430
+ RESERVED
+CVE-2019-13429
+ RESERVED
+CVE-2019-13428
+ RESERVED
+CVE-2019-13427
+ RESERVED
+CVE-2019-13426
+ RESERVED
+CVE-2019-13425
+ RESERVED
+CVE-2019-13424
+ RESERVED
+CVE-2019-13423
+ RESERVED
+CVE-2019-13422
+ RESERVED
+CVE-2019-13421
+ RESERVED
+CVE-2019-13420
+ RESERVED
+CVE-2019-13419
+ RESERVED
+CVE-2019-13418
+ RESERVED
+CVE-2019-13417
+ RESERVED
+CVE-2019-13416
+ RESERVED
+CVE-2019-13415
+ RESERVED
+CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...)
+ TODO: check
+CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
+ TODO: check
+CVE-2019-13412
+ RESERVED
+CVE-2019-13411
+ RESERVED
+CVE-2019-13410
+ RESERVED
+CVE-2019-13409
+ RESERVED
+CVE-2019-13408
+ RESERVED
+CVE-2019-13407
+ RESERVED
+CVE-2019-13406
+ RESERVED
+CVE-2019-13405
+ RESERVED
CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows ...)
NOT-FOR-US: Disputed issue for Windows installer for Python
CVE-2019-13403
@@ -102,8 +182,8 @@ CVE-2019-13356
RESERVED
CVE-2019-13355
RESERVED
-CVE-2019-13354
- RESERVED
+CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org ...)
+ TODO: check
CVE-2019-13353
RESERVED
CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic ...)
@@ -653,6 +733,7 @@ CVE-2019-13133 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in t
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1600
CVE-2019-13132 [denial of service via stack overflow]
RESERVED
+ {DSA-4477-1 DLA-1849-1}
- zeromq3 4.3.1-5
NOTE: https://github.com/zeromq/libzmq/issues/3558
CVE-2019-13131 (Super Micro SuperDoctor 5, when restrictions are not implemented in ag ...)
@@ -3150,14 +3231,14 @@ CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and "ViveportD
NOT-FOR-US: HTC VIVEPORT
CVE-2019-12175
RESERVED
-CVE-2019-12174
- RESERVED
+CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege escalation vuln ...)
+ TODO: check
CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, w ...)
NOT-FOR-US: MacDown
CVE-2019-12172 (Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modifie ...)
NOT-FOR-US: Typora
-CVE-2019-12171
- RESERVED
+CVE-2019-12171 (Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Drop ...)
+ TODO: check
CVE-2019-12170 (ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the m ...)
NOT-FOR-US: ATutor
CVE-2019-12169 (ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, res ...)
@@ -5406,6 +5487,7 @@ CVE-2019-11274
CVE-2019-11273
RESERVED
CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...)
+ {DLA-1848-1}
- libspring-security-2.0-java <removed>
NOTE: https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee
CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
@@ -6179,8 +6261,8 @@ CVE-2019-10975 (An out-of-bounds read vulnerability has been identified in Fuji
NOT-FOR-US: Fuji Electric
CVE-2019-10974
RESERVED
-CVE-2019-10973
- RESERVED
+CVE-2019-10973 (Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, all ...)
+ TODO: check
CVE-2019-10972
RESERVED
CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41 and pr ...)
@@ -10481,10 +10563,10 @@ CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoResc
- poppler 0.71.0-4 (bug #926673)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
-CVE-2019-9630
- RESERVED
-CVE-2019-9629
- RESERVED
+CVE-2019-9630 (Sonatype Nexus Repository Manager before 3.17.0 has a weak default of ...)
+ TODO: check
+CVE-2019-9629 (Sonatype Nexus Repository Manager before 3.17.0 establishes a default ...)
+ TODO: check
CVE-2019-9628 (The XMLTooling library all versions prior to V3.0.4, provided with the ...)
{DSA-4407-1 DLA-1710-1}
- xmltooling 3.0.4-1 (bug #924346)
@@ -26525,7 +26607,7 @@ CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow
NOTE: binutils not covered by security support
CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC Server and We ...)
NOT-FOR-US: BOINC server (src:boinc only covers the client)
-CVE-2018-1000874 (PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Si ...)
+CVE-2018-1000874 (** DISPUTED ** PHP cebe markdown parser version 1.2.0 and earlier cont ...)
NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Inp ...)
NOT-FOR-US: Fasterxml Jackson Jackson-Modules-Java8 module
@@ -30133,50 +30215,38 @@ CVE-2019-2121
RESERVED
CVE-2019-2120
RESERVED
-CVE-2019-2119
- RESERVED
+CVE-2019-2119 (In multiple functions of key_store_service.cpp, there is a possible In ...)
NOT-FOR-US: Android
-CVE-2019-2118
- RESERVED
+CVE-2019-2118 (In various functions of Parcel.cpp, there are uninitialized or partial ...)
NOT-FOR-US: Android
-CVE-2019-2117
- RESERVED
+CVE-2019-2117 (In checkQueryPermission of TelephonyProvider.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2019-2116
- RESERVED
+CVE-2019-2116 (In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound ...)
NOT-FOR-US: Android
CVE-2019-2115
RESERVED
CVE-2019-2114
RESERVED
-CVE-2019-2113
- RESERVED
+CVE-2019-2113 (In setup wizard there is a bypass of some checks when wifi connection ...)
NOT-FOR-US: Android
-CVE-2019-2112
- RESERVED
+CVE-2019-2112 (In several functions of alarm.cc, there is possible memory corruption ...)
NOT-FOR-US: Android
-CVE-2019-2111
- RESERVED
+CVE-2019-2111 (In loop of DnsTlsSocket.cpp, there is a possible heap memory corruptio ...)
NOT-FOR-US: Android
CVE-2019-2110
RESERVED
-CVE-2019-2109
- RESERVED
+CVE-2019-2109 (In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a pos ...)
NOT-FOR-US: Android media framework
CVE-2019-2108
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2107
- RESERVED
+CVE-2019-2107 (In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out ...)
NOT-FOR-US: Android media framework
-CVE-2019-2106
- RESERVED
+CVE-2019-2106 (In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bo ...)
NOT-FOR-US: Android media framework
-CVE-2019-2105
- RESERVED
+CVE-2019-2105 (In FileInputStream::Read of file_input_stream.cc, there is a possible ...)
NOT-FOR-US: Android
-CVE-2019-2104
- RESERVED
+CVE-2019-2104 (In HIDL, safe_union, and other C++ structs/unions being sent to applic ...)
NOT-FOR-US: Android
CVE-2019-2103
RESERVED
@@ -56825,8 +56895,8 @@ CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 b
NOTE: https://bugs.launchpad.net/mahara/+bug/1772774
CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upl ...)
NOT-FOR-US: Pagekit CMS
-CVE-2018-11563
- RESERVED
+CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
+ TODO: check
CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...)
NOT-FOR-US: MISP
CVE-2018-11561 (An integer overflow in the unprotected distributeToken function of a s ...)
@@ -57816,7 +57886,7 @@ CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, an
NOT-FOR-US: Crestron devices
CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
NOT-FOR-US: Crestron devices
-CVE-2018-11227 (Monstra CMS before 3.0.4 has XSS via index.php. ...)
+CVE-2018-11227 (Monstra CMS 3.0.4 and earlier has XSS via index.php. ...)
NOT-FOR-US: Monstra CMS
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 mishand ...)
- ming <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1db36413b9b2f2168f4872746d223f3ac65ea136
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1db36413b9b2f2168f4872746d223f3ac65ea136
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190708/3a9af59d/attachment.html>
More information about the debian-security-tracker-commits
mailing list