[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 9 21:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7bafa8ba by security tracker role at 2019-07-09T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-13465
+ RESERVED
+CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...)
+ TODO: check
+CVE-2019-13463
+ RESERVED
+CVE-2019-13462
+ RESERVED
+CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
+ TODO: check
+CVE-2019-13460
+ RESERVED
+CVE-2019-13459
+ RESERVED
+CVE-2019-13458
+ RESERVED
+CVE-2019-13457
+ RESERVED
+CVE-2019-13456
+ RESERVED
+CVE-2019-13455
+ RESERVED
+CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
+ TODO: check
+CVE-2019-13453
+ RESERVED
+CVE-2019-13452
+ RESERVED
+CVE-2019-13451
+ RESERVED
CVE-2019-XXXX [No grant table and foreign mapping limits]
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-300.html
@@ -107,8 +137,8 @@ CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS ke
NOT-FOR-US: Dynacolor
CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute ...)
NOT-FOR-US: Dynacolor
-CVE-2019-13397
- RESERVED
+CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker ...)
+ TODO: check
CVE-2019-13396
RESERVED
CVE-2019-13395
@@ -398,8 +428,8 @@ CVE-2019-13282 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggere
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DC ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
-CVE-2019-13280
- RESERVED
+CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
+ TODO: check
CVE-2019-13279
RESERVED
CVE-2019-13278
@@ -710,16 +740,16 @@ CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NU
[stretch] - audiofile <no-dsa> (Minor issue)
[jessie] - audiofile <postponed> (Minor issue, local DoS)
NOTE: https://github.com/mpruett/audiofile/issues/54
-CVE-2019-13146
- RESERVED
+CVE-2019-13146 (The field_test gem 0.3.0 for Ruby has unvalidated input. A method call ...)
+ TODO: check
CVE-2019-13145
RESERVED
CVE-2019-13144
REJECTED
CVE-2019-13143
RESERVED
-CVE-2019-13142
- RESERVED
+CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) ...)
+ TODO: check
CVE-2019-13141
RESERVED
CVE-2019-13140
@@ -928,8 +958,8 @@ CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
CVE-2019-13071
RESERVED
-CVE-2019-13070
- RESERVED
+CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...)
+ TODO: check
CVE-2019-13069
RESERVED
CVE-2019-13068 (public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows ...)
@@ -1692,8 +1722,8 @@ CVE-2019-12784
RESERVED
CVE-2019-12783
RESERVED
-CVE-2019-12782
- RESERVED
+CVE-2019-12782 (An authorization bypass vulnerability in pinboard updates in ThoughtSp ...)
+ TODO: check
CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
{DSA-4476-1 DLA-1842-1}
- python-django 1:1.11.22-1 (bug #931316)
@@ -1790,10 +1820,10 @@ CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.
NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2
NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
NOTE: https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
-CVE-2019-12748
- RESERVED
-CVE-2019-12747
- RESERVED
+CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. ...)
+ TODO: check
+CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization ...)
+ TODO: check
CVE-2019-12746
RESERVED
CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site S ...)
@@ -3656,8 +3686,8 @@ CVE-2019-11993
RESERVED
CVE-2019-11992
RESERVED
-CVE-2019-11991
- RESERVED
+CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) ...)
+ TODO: check
CVE-2019-11990
RESERVED
CVE-2019-11989
@@ -3862,10 +3892,10 @@ CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access Control. ...)
{DSA-4446-1 DLA-1790-1}
- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
-CVE-2019-11890
- RESERVED
-CVE-2019-11889
- RESERVED
+CVE-2019-11890 (Sony Bravia Smart TV devices allow remote attackers to cause a denial ...)
+ TODO: check
+CVE-2019-11889 (Sony BRAVIA Smart TV devices allow remote attackers to cause a denial ...)
+ TODO: check
CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with a nil en ...)
- golang-1.12 <not-affected> (Only affects Go on Windows)
- golang-1.11 <not-affected> (Only affects Go on Windows)
@@ -6164,10 +6194,10 @@ CVE-2019-11022
RESERVED
CVE-2019-11021
RESERVED
-CVE-2019-11020
- RESERVED
-CVE-2019-11019
- RESERVED
+CVE-2019-11020 (Lack of authentication in file-viewing components in DDRT Dashcom Live ...)
+ TODO: check
+CVE-2019-11019 (Lack of authentication in case-exporting components in DDRT Dashcom Li ...)
+ TODO: check
CVE-2019-11018 (application\admin\controller\User.php in ThinkAdmin V4.0 does not prev ...)
NOT-FOR-US: ThinkAdmin
CVE-2019-11017 (On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vu ...)
@@ -8362,7 +8392,7 @@ CVE-2019-10144 (rkt through version 1.30.0 does not isolate processes in contain
- rkt <unfixed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
-CVE-2019-10143 (It was discovered freeradius up to and including version 3.0.19 does n ...)
+CVE-2019-10143 (** DISPUTED ** It was discovered freeradius up to and including versio ...)
- freeradius <unfixed> (unimportant; bug #929466)
NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574
@@ -12482,8 +12512,8 @@ CVE-2019-8922
RESERVED
CVE-2019-8921
RESERVED
-CVE-2019-8920
- RESERVED
+CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. ...)
+ TODO: check
CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through 2.2.13 f ...)
NOT-FOR-US: Seafile Android Client
CVE-2019-8918
@@ -16662,9 +16692,9 @@ CVE-2019-7220 (X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter.
NOT-FOR-US: X-Cart
CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa ...)
- zarafa <itp> (bug #658433)
-CVE-2019-7218 (Citrix ShareFile through 19.1 allows a downgrade from two-factor authe ...)
+CVE-2019-7218 (Citrix ShareFile before 19.23 allows a downgrade from two-factor authe ...)
NOT-FOR-US: Citrix ShareFile
-CVE-2019-7217 (Citrix ShareFile through 19.1 allows User Enumeration. It is possible ...)
+CVE-2019-7217 (Citrix ShareFile before 19.12 allows User Enumeration. It is possible ...)
NOT-FOR-US: Citrix ShareFile
CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi ...)
NOT-FOR-US: FileChucker
@@ -21895,7 +21925,7 @@ CVE-2019-5046
CVE-2019-5045
RESERVED
CVE-2019-5044
- RESERVED
+ REJECTED
CVE-2019-5043
RESERVED
CVE-2019-5042
@@ -24117,10 +24147,10 @@ CVE-2019-3952
RESERVED
CVE-2019-3951
RESERVED
-CVE-2019-3950
- RESERVED
-CVE-2019-3949
- RESERVED
+CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded ...)
+ TODO: check
+CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a ...)
+ TODO: check
CVE-2019-3948
RESERVED
CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credentials in ...)
@@ -45889,8 +45919,8 @@ CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow
NOT-FOR-US: Zoho ManageEngine ADManager Plus
CVE-2018-15739
RESERVED
-CVE-2018-15738
- RESERVED
+CVE-2018-15738 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...)
+ TODO: check
CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...)
NOT-FOR-US: STOPzilla
CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...)
@@ -48018,8 +48048,8 @@ CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no esc
NOT-FOR-US: Subrion CMS
CVE-2018-14834
RESERVED
-CVE-2018-14833
- RESERVED
+CVE-2018-14833 (Intuit Lacerte 2017 has Incorrect Access Control. ...)
+ TODO: check
CVE-2018-14832
RESERVED
CVE-2018-14831
@@ -57659,8 +57689,7 @@ CVE-2018-11309 (Blind SQL injection in coupon_code in the MemberMouse plugin 2.2
NOT-FOR-US: MemberMouse plugin for WordPress
CVE-2018-11308
RESERVED
-CVE-2018-11307 [Potential information exfiltration with default typing, serialization gadget from MyBatis]
- RESERVED
+CVE-2018-11307 (An issue was discovered in FasterXML jackson-databind 2.0.0 through 2. ...)
{DSA-4452-1 DLA-1703-1}
- jackson-databind 2.9.8-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/2032
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bafa8ba8bb5ed6f5375f85794a628a474b72329
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bafa8ba8bb5ed6f5375f85794a628a474b72329
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190709/6ef611ed/attachment.html>
More information about the debian-security-tracker-commits
mailing list