[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 19 21:10:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc233f43 by security tracker role at 2019-07-19T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-13984 (Directus 7 API before 2.3.0 does not validate uploaded files. Regardle ...)
+ TODO: check
+CVE-2019-13983 (Directus 7 API before 2.2.2 has insufficient anti-automation, as demon ...)
+ TODO: check
+CVE-2019-13982 (interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 d ...)
+ TODO: check
+CVE-2019-13981 (In Directus 7 API through 2.3.0, remote attackers can read image files ...)
+ TODO: check
+CVE-2019-13980 (In Directus 7 API through 2.3.0, uploading of PHP files is blocked onl ...)
+ TODO: check
+CVE-2019-13979 (In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, ...)
+ TODO: check
CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php ...)
NOT-FOR-US: Ovidentia
CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&id ...)
@@ -52,12 +64,12 @@ CVE-2019-13954
RESERVED
CVE-2019-13953
RESERVED
-CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack ...)
+CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...)
- gdnsd <unfixed> (unimportant; bug #932407)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
NOTE: No security impact, data is under administrative control
NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786
-CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack ...)
+CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 ...)
- gdnsd <not-affected> (Vulnerable code not present, introduced in 3.x)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
NOTE: No security impact, data is under administrative control
@@ -667,8 +679,8 @@ CVE-2019-13650
RESERVED
CVE-2019-13649
RESERVED
-CVE-2019-13648
- RESERVED
+CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
+ TODO: check
CVE-2018-20853
RESERVED
CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS ...)
@@ -1985,6 +1997,7 @@ CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mis
CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...)
NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...)
+ {DLA-1855-1}
- exiv2 <unfixed> (low; bug #932467)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
@@ -3409,10 +3422,10 @@ CVE-2019-12948
RESERVED
CVE-2019-12947
RESERVED
-CVE-2019-12946
- RESERVED
+CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx an ...)
+ TODO: check
CVE-2019-12945
- RESERVED
+ REJECTED
CVE-2019-12944
RESERVED
CVE-2019-12943
@@ -3722,10 +3735,10 @@ CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
NOT-FOR-US: Craft CMS
CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a he ...)
NOT-FOR-US: Embedthis GoAhead
-CVE-2019-12821
- RESERVED
-CVE-2019-12820
- RESERVED
+CVE-2019-12821 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
+ TODO: check
+CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
+ TODO: check
CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1. ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -4555,7 +4568,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
-CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 could allow an unauthenticated, re ...)
+CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...)
NOT-FOR-US: BACnet Protocol Stack
CVE-2019-12479
RESERVED
@@ -4647,8 +4660,8 @@ CVE-2019-12455 (** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup i
NOTE: No/negligible security impact
CVE-2019-12454 (** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in ...)
- linux <not-affected> (Vulnerable code not present, introduced in 5.1-rc1)
-CVE-2019-12453
- RESERVED
+CVE-2019-12453 (In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in t ...)
+ TODO: check
CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when the -- ...)
NOT-FOR-US: Containous Traefik
CVE-2019-12451
@@ -4844,7 +4857,7 @@ CVE-2019-12386
RESERVED
CVE-2019-12385
RESERVED
-CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9 might allow attackers to h ...)
+CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to ...)
{DLA-1831-1}
- jackson-databind 2.9.8-3 (bug #930750)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2334
@@ -5380,8 +5393,8 @@ CVE-2019-12195 (TP-Link TL-WR840N v5 00000005 devices allow XSS via the network
NOT-FOR-US: TP-Link
CVE-2019-12194
RESERVED
-CVE-2019-12193
- RESERVED
+CVE-2019-12193 (H3C H3Cloud OS all versions allows SQL injection via the ear/grid_even ...)
+ TODO: check
CVE-2019-12192
RESERVED
CVE-2019-12191
@@ -7042,10 +7055,10 @@ CVE-2019-11556
RESERVED
CVE-2019-11554
RESERVED
-CVE-2019-11553
- RESERVED
-CVE-2019-11552
- RESERVED
+CVE-2019-11553 (Code42 for Enterprise through 6.8.4 has Incorrect Access Control. ...)
+ TODO: check
+CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client version 6.7 ...)
+ TODO: check
CVE-2019-11551
RESERVED
CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before ...)
@@ -11543,26 +11556,26 @@ CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: In
NOT-FOR-US: ONOS
CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. T ...)
NOT-FOR-US: ONOS
-CVE-2019-1010247
- RESERVED
+CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cr ...)
+ TODO: check
CVE-2019-1010246 (MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affecte ...)
TODO: check
-CVE-2019-1010245
- RESERVED
+CVE-2019-1010245 (The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is ...)
+ TODO: check
CVE-2019-1010244
RESERVED
CVE-2019-1010243
RESERVED
CVE-2019-1010242
RESERVED
-CVE-2019-1010241
- RESERVED
+CVE-2019-1010241 (Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-25 ...)
+ TODO: check
CVE-2019-1010240
RESERVED
-CVE-2019-1010239
- RESERVED
-CVE-2019-1010238
- RESERVED
+CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusua ...)
+ TODO: check
+CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...)
+ TODO: check
CVE-2019-1010237
RESERVED
CVE-2019-1010236
@@ -11735,8 +11748,8 @@ CVE-2019-1010153
RESERVED
CVE-2019-1010152
RESERVED
-CVE-2019-1010151
- RESERVED
+CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. ...)
+ TODO: check
CVE-2019-1010150
RESERVED
CVE-2019-1010149
@@ -11753,8 +11766,8 @@ CVE-2019-1010144
RESERVED
CVE-2019-1010143
RESERVED
-CVE-2019-1010142
- RESERVED
+CVE-2019-1010142 (scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite ...)
+ TODO: check
CVE-2019-1010141
RESERVED
CVE-2019-1010140
@@ -11765,8 +11778,8 @@ CVE-2019-1010138
RESERVED
CVE-2019-1010137
RESERVED
-CVE-2019-1010136
- RESERVED
+CVE-2019-1010136 (ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access ...)
+ TODO: check
CVE-2019-1010135
RESERVED
CVE-2019-1010134
@@ -11811,8 +11824,8 @@ CVE-2019-1010115
RESERVED
CVE-2019-1010114
RESERVED
-CVE-2019-1010113
- RESERVED
+CVE-2019-1010113 (Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site ...)
+ TODO: check
CVE-2019-1010112 (OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Fo ...)
NOT-FOR-US: OECMS
CVE-2019-1010111
@@ -11835,10 +11848,10 @@ CVE-2019-1010103
RESERVED
CVE-2019-1010102
RESERVED
-CVE-2019-1010101
- RESERVED
-CVE-2019-1010100
- RESERVED
+CVE-2019-1010101 (Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permiss ...)
+ TODO: check
+CVE-2019-1010100 (Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order ...)
+ TODO: check
CVE-2019-1010099
RESERVED
CVE-2019-1010098
@@ -12641,7 +12654,7 @@ CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenSt
- neutron 2:13.0.2-13 (bug #924508)
[jessie] - neutron <not-affected> (Vulnerable code not present, all supported protocols are handled correctly)
NOTE: https://launchpad.net/bugs/1818385
-CVE-2019-9734 (aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (i ...)
+CVE-2019-9734 (Aquarius CMS through 4.3.5 writes POST and GET parameters (including p ...)
NOT-FOR-US: aquaverde Aquarius CMS
CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
NOT-FOR-US: JFrog Artifactory
@@ -35862,8 +35875,8 @@ CVE-2019-1169
RESERVED
CVE-2019-1168
RESERVED
-CVE-2019-1167
- RESERVED
+CVE-2019-1167 (A security feature bypass vulnerability exists in Windows Defender App ...)
+ TODO: check
CVE-2019-1166
RESERVED
CVE-2019-1165
@@ -43018,8 +43031,8 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "py
- python-virtualenv <unfixed> (unimportant)
NOTE: https://github.com/pypa/virtualenv/issues/1207
NOTE: No real security impact. 3rd party requested CVE rejection
-CVE-2018-17792
- RESERVED
+CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
+ TODO: check
CVE-2018-17791
RESERVED
CVE-2018-17790
@@ -176729,8 +176742,8 @@ CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not pr
NOT-FOR-US: Joomla!
CVE-2015-7883
RESERVED
-CVE-2015-7882
- RESERVED
+CVE-2015-7882 (Improper handling of LDAP authentication in MongoDB Server versions 3. ...)
+ TODO: check
CVE-2015-7881 (The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote a ...)
NOT-FOR-US: Colorbox module for Drupal
CVE-2015-7880 (The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc233f43b841c9ec3cce06b81ef550f324fca179
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc233f43b841c9ec3cce06b81ef550f324fca179
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190719/68f16204/attachment.html>
More information about the debian-security-tracker-commits
mailing list