[Git][security-tracker-team/security-tracker][master] automatic update

Thu Jul 11 09:10:26 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
689889ca by security tracker role at 2019-07-11T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,51 @@
-CVE-2019-13482
+CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...)
+	TODO: check
+CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...)
+	TODO: check
+CVE-2019-13502
+	RESERVED
+CVE-2019-13501
+	RESERVED
+CVE-2019-13500
+	RESERVED
+CVE-2019-13499
+	RESERVED
+CVE-2019-13498
+	RESERVED
+CVE-2019-13497
+	RESERVED
+CVE-2019-13496
+	RESERVED
+CVE-2019-13495
+	RESERVED
+CVE-2019-13494
+	RESERVED
+CVE-2019-13493
 	RESERVED
-CVE-2019-13481
+CVE-2019-13492
 	RESERVED
+CVE-2019-13491
+	RESERVED
+CVE-2019-13490
+	RESERVED
+CVE-2019-13489 (Trape through 2019-05-08 has SQL injection via the data[2] variable in ...)
+	TODO: check
+CVE-2019-13488 (A cross-site scripting (XSS) vulnerability in static/js/trape.js in Tr ...)
+	TODO: check
+CVE-2019-13487
+	RESERVED
+CVE-2019-13486
+	RESERVED
+CVE-2019-13485
+	RESERVED
+CVE-2019-13484
+	RESERVED
+CVE-2019-13483
+	RESERVED
+CVE-2019-13482 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...)
+	TODO: check
+CVE-2019-13481 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...)
+	TODO: check
 CVE-2019-13480
 	RESERVED
 CVE-2019-13479
@@ -212,7 +256,7 @@ CVE-2019-13383
 CVE-2019-13382
 	RESERVED
 CVE-2019-13381
-	RESERVED
+	REJECTED
 CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from  ...)
 	NOT-FOR-US: KEYNTO Team Password Manager
 CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access  ...)
@@ -1684,10 +1728,10 @@ CVE-2019-12806
 	RESERVED
 CVE-2019-12805
 	RESERVED
-CVE-2019-12804
-	RESERVED
-CVE-2019-12803
-	RESERVED
+CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...)
+	TODO: check
+CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the sp ...)
+	TODO: check
 CVE-2019-12802 (In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ...)
 	- radare2 <unfixed> (bug #930510)
 	[buster] - radare2 <no-dsa> (Minor issue)
@@ -2199,7 +2243,7 @@ CVE-2019-12596
 CVE-2019-12595
 	RESERVED
 CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
-	{DLA-1845-1}
+	{DSA-4478-1 DLA-1845-1}
 	- dosbox <unfixed> (bug #931222)
 	NOTE: Fixed in 0.74-3 upstream.
 	NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594
@@ -16934,7 +16978,7 @@ CVE-2019-7167 (Zcash, before the Sapling network upgrade (2018-10-28), had a cou
 CVE-2019-7166
 	RESERVED
 CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitra ...)
-	{DLA-1845-1}
+	{DSA-4478-1 DLA-1845-1}
 	- dosbox <unfixed> (bug #931222)
 	NOTE: Fixed in 0.74-3 upstream.
 	NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/
@@ -21201,12 +21245,12 @@ CVE-2019-5448
 	RESERVED
 CVE-2019-5447
 	RESERVED
-CVE-2019-5446
-	RESERVED
-CVE-2019-5445
-	RESERVED
-CVE-2019-5444
-	RESERVED
+CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin  ...)
+	TODO: check
+CVE-2019-5445 (DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash  ...)
+	TODO: check
+CVE-2019-5444 (Path traversal vulnerability in version up to v1.1.3 in serve-here.js  ...)
+	TODO: check
 CVE-2019-5443 (A non-privileged user or program can put code and a config file in a k ...)
 	- curl <not-affected> (Windows-specific build issue)
 CVE-2019-5442 (XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results i ...)
@@ -35348,14 +35392,14 @@ CVE-2019-0332
 	RESERVED
 CVE-2019-0331
 	RESERVED
-CVE-2019-0330
-	RESERVED
-CVE-2019-0329
-	RESERVED
-CVE-2019-0328
-	RESERVED
-CVE-2019-0327
-	RESERVED
+CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...)
+	TODO: check
+CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...)
+	TODO: check
+CVE-2019-0328 (ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) ...)
+	TODO: check
+CVE-2019-0327 (SAP NetWeaver for Java Application Server - Web Container, (engineapi, ...)
+	TODO: check
 CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Ent ...)
 	NOT-FOR-US: SAP
 CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary author ...)
@@ -56744,7 +56788,7 @@ CVE-2018-11693 (An issue was discovered in LibSass through 3.5.4. An out-of-boun
 	NOTE: https://github.com/sass/libsass/commit/b3374e3fd1a0c3658644d2bad24e4a0ff2e0dcea (master)
 CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3 ...)
 	NOT-FOR-US: Canon devices
-CVE-2018-11691 (Emerson VE6046 09.0.12 devices have hardcoded admin credentials allowi ...)
+CVE-2018-11691 (Emerson DeltaV Smart Switch Command Center application, available in v ...)
 	NOT-FOR-US: Emerson devices
 CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for  ...)
 	NOT-FOR-US: Balbooa Gridbox extension for Joomla!



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/689889caaf53562da7e6c63500243342e938eeb1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/689889caaf53562da7e6c63500243342e938eeb1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190711/0d1c4d59/attachment.html>
