[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 23 21:10:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a33d4fe by security tracker role at 2019-07-23T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...)
+ TODO: check
+CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory travers ...)
+ TODO: check
CVE-2019-14239
RESERVED
CVE-2019-14238
@@ -2384,8 +2388,8 @@ CVE-2019-13572
RESERVED
CVE-2019-13571
RESERVED
-CVE-2019-13570
- RESERVED
+CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...)
+ TODO: check
CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...)
NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress
CVE-2019-13568
@@ -5989,8 +5993,8 @@ CVE-2019-12164
RESERVED
CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to obtain pot ...)
NOT-FOR-US: GAT-Ship Web Module
-CVE-2019-12162
- RESERVED
+CVE-2019-12162 (Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the do ...)
+ TODO: check
CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.p ...)
NOT-FOR-US: WPO WebPageTest
CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...)
@@ -6949,8 +6953,7 @@ CVE-2019-11732
RESERVED
CVE-2019-11731
RESERVED
-CVE-2019-11730
- RESERVED
+CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTML file ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -6958,8 +6961,7 @@ CVE-2019-11730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730
-CVE-2019-11729
- RESERVED
+CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...)
{DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
@@ -6977,12 +6979,10 @@ CVE-2019-11729
NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue
NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to
NOTE: src:nss is needed as firefox-esr uses the system library.
-CVE-2019-11728
- RESERVED
+CVE-2019-11728 (The HTTP Alternative Services header, Alt-Svc, can be used by a malici ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11728
-CVE-2019-11727
- RESERVED
+CVE-2019-11727 (A vulnerability exists where it possible to force Network Security Ser ...)
- firefox 68.0-1 (unimportant)
- nss 2:3.45-1
[jessie] - nss <ignored> (Issue is specific to TLS 1.3 and support was not really complete in 3.26; code has diverged significantly since and applying the fix would be very disruptive)
@@ -6993,30 +6993,24 @@ CVE-2019-11727
NOTE: src:nss is needed as firefox-esr uses the system library.
CVE-2019-11726
RESERVED
-CVE-2019-11725
- RESERVED
+CVE-2019-11725 (When a user navigates to site marked as unsafe by the Safebrowsing API ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11725
-CVE-2019-11724
- RESERVED
+CVE-2019-11724 (Application permissions give additional remote troubleshooting permiss ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11724
-CVE-2019-11723
- RESERVED
+CVE-2019-11723 (A vulnerability exists during the installation of add-ons where the in ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11723
CVE-2019-11722
RESERVED
-CVE-2019-11721
- RESERVED
+CVE-2019-11721 (The unicode latin 'kra' character can be used to spoof a standard 'k' ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11721
-CVE-2019-11720
- RESERVED
+CVE-2019-11720 (Some unicode characters are incorrectly treated as whitespace during t ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
-CVE-2019-11719
- RESERVED
+CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with leading 0 ...)
{DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
@@ -7033,12 +7027,10 @@ CVE-2019-11719
NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue
NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to
NOTE: src:nss is needed as firefox-esr uses the system library.
-CVE-2019-11718
- RESERVED
+CVE-2019-11718 (Activity Stream can display content from sent from the Snippet Service ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718
-CVE-2019-11717
- RESERVED
+CVE-2019-11717 (A vulnerability exists where the caret ("^") character is improperly e ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -7046,12 +7038,10 @@ CVE-2019-11717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11717
-CVE-2019-11716
- RESERVED
+CVE-2019-11716 (Until explicitly accessed by script, window.globalThis is not enumerab ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716
-CVE-2019-11715
- RESERVED
+CVE-2019-11715 (Due to an error while parsing page content, it is possible for properl ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -7059,12 +7049,10 @@ CVE-2019-11715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11715
-CVE-2019-11714
- RESERVED
+CVE-2019-11714 (Necko can access a child on the wrong thread during UDP connections, r ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714
-CVE-2019-11713
- RESERVED
+CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -7072,8 +7060,7 @@ CVE-2019-11713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11713
-CVE-2019-11712
- RESERVED
+CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that receive a sta ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -7081,8 +7068,7 @@ CVE-2019-11712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11712
-CVE-2019-11711
- RESERVED
+CVE-2019-11711 (When an inner window is reused, it does not consider the use of docume ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -7090,12 +7076,10 @@ CVE-2019-11711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11711
-CVE-2019-11710
- RESERVED
+CVE-2019-11710 (Mozilla developers and community members reported memory safety bugs p ...)
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710
-CVE-2019-11709
- RESERVED
+CVE-2019-11709 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -7103,70 +7087,59 @@ CVE-2019-11709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11709
-CVE-2019-11708 [sandbox escape using Prompt:Open]
- RESERVED
+CVE-2019-11708 (Insufficient vetting of parameters passed with the Prompt:Open IPC mes ...)
{DSA-4474-1 DSA-4471-1 DLA-1836-1}
- firefox 67.0.4-1
- firefox-esr 60.7.2esr-1
- thunderbird 1:60.7.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11708
-CVE-2019-11707
- RESERVED
+CVE-2019-11707 (A type confusion vulnerability can occur when manipulating JavaScript ...)
{DSA-4471-1 DSA-4466-1 DLA-1836-1 DLA-1829-1}
- firefox 67.0.3-1
- firefox-esr 60.7.1esr-1
- thunderbird 1:60.7.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11707
-CVE-2019-11706 [X41-2019-004]
- RESERVED
+CVE-2019-11706 (A flaw in Thunderbird's implementation of iCal causes a type confusion ...)
{DSA-4464-1 DLA-1820-1}
- thunderbird 1:60.7.1-1
NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/4
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11706
-CVE-2019-11705 [X41-2019-003]
- RESERVED
+CVE-2019-11705 (A flaw in Thunderbird's implementation of iCal causes a stack buffer o ...)
{DSA-4464-1 DLA-1820-1}
- thunderbird 1:60.7.1-1
NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/3
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11705
-CVE-2019-11704 [X41-2019-001]
- RESERVED
+CVE-2019-11704 (A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...)
{DSA-4464-1 DLA-1820-1}
- thunderbird 1:60.7.1-1
NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553814
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11704
-CVE-2019-11703 [X41-2019-002]
- RESERVED
+CVE-2019-11703 (A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...)
{DSA-4464-1 DLA-1820-1}
- thunderbird 1:60.7.1-1
NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/2
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11703
-CVE-2019-11702 [IE protocols can be used to open known local files]
- RESERVED
+CVE-2019-11702 (A hyperlink using protocols associated with Internet Explorer, such as ...)
- firefox <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702
-CVE-2019-11701
- RESERVED
+CVE-2019-11701 (The default webcal: protocol handler will load a web site vulnerable t ...)
[experimental] - firefox 67.0-1
- firefox 67.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11701
-CVE-2019-11700
- RESERVED
+CVE-2019-11700 (A hyperlink using the res: protocol can be used to open local files at ...)
- firefox <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11700
-CVE-2019-11699
- RESERVED
+CVE-2019-11699 (A malicious page can briefly cause the wrong name to be highlighted as ...)
[experimental] - firefox 67.0-1
- firefox 67.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
-CVE-2019-11698
- RESERVED
+CVE-2019-11698 (If a crafted hyperlink is dragged and dropped to the bookmark bar or s ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -7175,31 +7148,26 @@ CVE-2019-11698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
-CVE-2019-11697
- RESERVED
+CVE-2019-11697 (If the ALT and "a" keys are pressed when users receive an extension in ...)
[experimental] - firefox 67.0-1
- firefox 67.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11697
-CVE-2019-11696
- RESERVED
+CVE-2019-11696 (Files with the .JNLP extension used for "Java web start" applications ...)
[experimental] - firefox 67.0-1
- firefox 67.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11696
-CVE-2019-11695
- RESERVED
+CVE-2019-11695 (A custom cursor defined by scripting on a site can position itself ove ...)
[experimental] - firefox 67.0-1
- firefox 67.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11695
-CVE-2019-11694
- RESERVED
+CVE-2019-11694 (A vulnerability exists in the Windows sandbox where an uninitialized v ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
-CVE-2019-11693
- RESERVED
+CVE-2019-11693 (The bufferdata function in WebGL is vulnerable to a buffer overflow wi ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -7208,8 +7176,7 @@ CVE-2019-11693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
-CVE-2019-11692
- RESERVED
+CVE-2019-11692 (A use-after-free vulnerability can occur when listeners are removed fr ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -7218,8 +7185,7 @@ CVE-2019-11692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
-CVE-2019-11691
- RESERVED
+CVE-2019-11691 (A use-after-free vulnerability can occur when working with XMLHttpRequ ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -7593,7 +7559,7 @@ CVE-2019-11556
RESERVED
CVE-2019-11554
RESERVED
-CVE-2019-11553 (Code42 for Enterprise through 6.8.4 has Incorrect Access Control. ...)
+CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without web r ...)
NOT-FOR-US: Code42 for Enterprise
CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client version 6.7 ...)
NOT-FOR-US: Code42
@@ -11071,8 +11037,7 @@ CVE-2019-10175 (A flaw was found in the containerized-data-importer in virt-cdi-
NOT-FOR-US: KubeVirt
CVE-2019-10174
RESERVED
-CVE-2019-10173 [Regression from CVE-2013-7285]
- RESERVED
+CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 introduced ...)
- libxstream-java 1.4.11-1
[stretch] - libxstream-java <not-affected> (Regression introduced in 1.4.10)
[jessie] - libxstream-java <not-affected> (Regression introduced in 1.4.10)
@@ -12170,8 +12135,8 @@ CVE-2019-1010223 (aubio 0.4.8 and earlier is affected by: Buffer Overflow. The i
CVE-2019-1010222 (aubio 0.4.8 and earlier is affected by: null pointer. The impact is: c ...)
- aubio 0.4.9-1
NOTE: https://github.com/aubio/aubio/commit/eda95c9c22b4f0b466ae94c4708765eaae6e709e (0.4.9)
-CVE-2019-1010221
- RESERVED
+CVE-2019-1010221 (LineageOS 16.0 and earlier is affected by: Incorrect Access Control. T ...)
+ TODO: check
CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...)
TODO: check
CVE-2019-1010219
@@ -12194,28 +12159,28 @@ CVE-2019-1010211
RESERVED
CVE-2019-1010210
RESERVED
-CVE-2019-1010209
- RESERVED
-CVE-2019-1010208
- RESERVED
-CVE-2019-1010207
- RESERVED
-CVE-2019-1010206
- RESERVED
-CVE-2019-1010205
- RESERVED
-CVE-2019-1010204
- RESERVED
+CVE-2019-1010209 (GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE ...)
+ TODO: check
+CVE-2019-1010208 (IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracryp ...)
+ TODO: check
+CVE-2019-1010207 (Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scrip ...)
+ TODO: check
+CVE-2019-1010206 (OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL ...)
+ TODO: check
+CVE-2019-1010205 (LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247f ...)
+ TODO: check
+CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...)
+ TODO: check
CVE-2019-1010203
RESERVED
-CVE-2019-1010202
- RESERVED
-CVE-2019-1010201
- RESERVED
-CVE-2019-1010200
- RESERVED
-CVE-2019-1010199
- RESERVED
+CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is ...)
+ TODO: check
+CVE-2019-1010201 (Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive ...)
+ TODO: check
+CVE-2019-1010200 (Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b ...)
+ TODO: check
+CVE-2019-1010199 (ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site ...)
+ TODO: check
CVE-2019-1010198
RESERVED
CVE-2019-1010197
@@ -12266,16 +12231,16 @@ CVE-2019-1010175
RESERVED
CVE-2019-1010174
RESERVED
-CVE-2019-1010173
- RESERVED
+CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
+ TODO: check
CVE-2019-1010172
RESERVED
-CVE-2019-1010171
- RESERVED
-CVE-2019-1010170
- RESERVED
-CVE-2019-1010169
- RESERVED
+CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impac ...)
+ TODO: check
+CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: den ...)
+ TODO: check
+CVE-2019-1010169 (Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: ...)
+ TODO: check
CVE-2019-1010168
RESERVED
CVE-2019-1010167
@@ -12288,8 +12253,8 @@ CVE-2019-1010164
RESERVED
CVE-2019-1010163
RESERVED
-CVE-2019-1010162
- RESERVED
+CVE-2019-1010162 (jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. ...)
+ TODO: check
CVE-2019-1010161
RESERVED
CVE-2019-1010160
@@ -12300,24 +12265,24 @@ CVE-2019-1010158
RESERVED
CVE-2019-1010157
RESERVED
-CVE-2019-1010156
- RESERVED
-CVE-2019-1010155
- RESERVED
+CVE-2019-1010156 (D-Link DSL-2750U Firmware 1.11 is affected by: Authentication Bypass. ...)
+ TODO: check
+CVE-2019-1010155 (D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impac ...)
+ TODO: check
CVE-2019-1010154
RESERVED
-CVE-2019-1010153
- RESERVED
-CVE-2019-1010152
- RESERVED
+CVE-2019-1010153 (zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sq ...)
+ TODO: check
+CVE-2019-1010152 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...)
+ TODO: check
CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. ...)
NOT-FOR-US: zzcms
-CVE-2019-1010150
- RESERVED
-CVE-2019-1010149
- RESERVED
-CVE-2019-1010148
- RESERVED
+CVE-2019-1010150 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...)
+ TODO: check
+CVE-2019-1010149 (zzcms version 8.3 and earlier is affected by: File Delete to Code Exec ...)
+ TODO: check
+CVE-2019-1010148 (zzcms version 8.3 and earlier is affected by: SQL Injection. The impac ...)
+ TODO: check
CVE-2019-1010147
RESERVED
CVE-2019-1010146
@@ -12357,8 +12322,8 @@ CVE-2019-1010131
RESERVED
CVE-2019-1010130
RESERVED
-CVE-2019-1010129
- RESERVED
+CVE-2019-1010129 (VCFTools vcfools prior to version 0.1.15 is affected by: Heap Use-Afte ...)
+ TODO: check
CVE-2019-1010128
RESERVED
CVE-2019-1010127
@@ -12367,10 +12332,10 @@ CVE-2019-1010126
RESERVED
CVE-2019-1010125
RESERVED
-CVE-2019-1010124
- RESERVED
-CVE-2019-1010123
- RESERVED
+CVE-2019-1010124 (WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: ...)
+ TODO: check
+CVE-2019-1010123 (MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Up ...)
+ TODO: check
CVE-2019-1010122
RESERVED
CVE-2019-1010121
@@ -12854,13 +12819,11 @@ CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run
NOT-FOR-US: JetBrains IntelliJ IDEA
CVE-2019-9822
RESERVED
-CVE-2019-9821
- RESERVED
+CVE-2019-9821 (A use-after-free vulnerability can occur in AssertWorkerThread due to ...)
[experimental] - firefox 67.0-1
- firefox 67.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
-CVE-2019-9820
- RESERVED
+CVE-2019-9820 (A use-after-free vulnerability can occur in the chrome event handler w ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -12869,8 +12832,7 @@ CVE-2019-9820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
-CVE-2019-9819
- RESERVED
+CVE-2019-9819 (A vulnerability where a JavaScript compartment mismatch can occur whil ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -12879,16 +12841,14 @@ CVE-2019-9819
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
-CVE-2019-9818
- RESERVED
+CVE-2019-9818 (A race condition is present in the crash generation server used to gen ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
-CVE-2019-9817
- RESERVED
+CVE-2019-9817 (Images from a different domain can be read using a canvas object in so ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -12897,8 +12857,7 @@ CVE-2019-9817
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
-CVE-2019-9816
- RESERVED
+CVE-2019-9816 (A possible vulnerability exists where type confusion can occur when ma ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -12907,16 +12866,14 @@ CVE-2019-9816
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
-CVE-2019-9815
- RESERVED
+CVE-2019-9815 (If hyperthreading is not disabled, a timing attack vulnerability exist ...)
- firefox <not-affected> (MacOS-specific)
- firefox-esr <not-affected> (MacOS-specific)
- thunderbird <not-affected> (MacOS-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815
-CVE-2019-9814
- RESERVED
+CVE-2019-9814 (Mozilla developers and community members reported memory safety bugs p ...)
[experimental] - firefox 67.0-1
- firefox 67.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814
@@ -12928,8 +12885,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
CVE-2019-9812
RESERVED
-CVE-2019-9811
- RESERVED
+CVE-2019-9811 (As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ...)
{DSA-4482-1 DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
@@ -12974,8 +12930,7 @@ CVE-2019-9801 (Firefox will accept any registered Program ID as an external prot
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9801
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9801
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
-CVE-2019-9800
- RESERVED
+CVE-2019-9800 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox 67.0-2
@@ -41092,22 +41047,22 @@ CVE-2018-18678
RESERVED
CVE-2018-18677
RESERVED
-CVE-2018-18676
- RESERVED
-CVE-2018-18675
- RESERVED
+CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+ TODO: check
+CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+ TODO: check
CVE-2018-18674
RESERVED
-CVE-2018-18673
- RESERVED
-CVE-2018-18672
- RESERVED
-CVE-2018-18671
- RESERVED
-CVE-2018-18670
- RESERVED
-CVE-2018-18669
- RESERVED
+CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+ TODO: check
+CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+ TODO: check
+CVE-2018-18671 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+ TODO: check
+CVE-2018-18670 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+ TODO: check
+CVE-2018-18669 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
+ TODO: check
CVE-2018-18668
RESERVED
CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a33d4fe483bc74ce06115bd5561fc44a5119ee7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a33d4fe483bc74ce06115bd5561fc44a5119ee7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190723/430397e2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list