[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jul 26 21:10:27 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7cbf95d by security tracker role at 2019-07-26T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
+	TODO: check
+CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...)
+	TODO: check
+CVE-2019-1020019
+	RESERVED
+CVE-2019-1020018
+	RESERVED
+CVE-2019-1020017
+	RESERVED
+CVE-2019-1020016
+	RESERVED
+CVE-2019-1020015
+	RESERVED
+CVE-2019-1020014
+	RESERVED
+CVE-2019-1020013
+	RESERVED
+CVE-2019-1020012
+	RESERVED
+CVE-2019-1020011
+	RESERVED
+CVE-2019-1020010
+	RESERVED
+CVE-2019-1020009
+	RESERVED
+CVE-2019-1020008
+	RESERVED
+CVE-2019-1020007
+	RESERVED
+CVE-2019-1020006
+	RESERVED
+CVE-2019-1020005
+	RESERVED
+CVE-2019-1020004
+	RESERVED
+CVE-2019-1020003
+	RESERVED
+CVE-2019-1020002
+	RESERVED
+CVE-2019-1020001
+	RESERVED
+CVE-2018-20857 (Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as  ...)
+	TODO: check
 CVE-2019-14282 (The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org ...)
 	TODO: check
 CVE-2019-14281 (The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, inclu ...)
@@ -121,8 +165,8 @@ CVE-2019-14230 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plug
 	NOT-FOR-US: Viral Quiz Maker
 CVE-2019-14229
 	RESERVED
-CVE-2019-14228
-	RESERVED
+CVE-2019-14228 (Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based  ...)
+	TODO: check
 CVE-2019-14227
 	RESERVED
 CVE-2019-14226
@@ -597,8 +641,8 @@ CVE-2019-13992
 	RESERVED
 CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attackers t ...)
 	NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3
-CVE-2019-13990
-	RESERVED
+CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...)
+	TODO: check
 CVE-2019-13989 (dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() func ...)
 	- dpic <itp> (bug #597334)
 CVE-2019-13988
@@ -672,10 +716,10 @@ CVE-2019-13957
 	RESERVED
 CVE-2019-13956 (Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Discuz!ML
-CVE-2019-13955
-	RESERVED
-CVE-2019-13954
-	RESERVED
+CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...)
+	TODO: check
+CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...)
+	TODO: check
 CVE-2019-13953
 	RESERVED
 CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and  ...)
@@ -1335,8 +1379,7 @@ CVE-2019-13640 (In qBittorrent before 4.1.7, the function Application::runExtern
 	NOTE: https://github.com/qbittorrent/qBittorrent/issues/10925
 CVE-2019-13639
 	RESERVED
-CVE-2019-13638 [shell command injection]
-	RESERVED
+CVE-2019-13638 (GNU patch through 2.7.6 is vulnerable to OS shell command injection th ...)
 	{DLA-1864-1}
 	- patch 2.7.6-5
 	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
@@ -2518,8 +2561,7 @@ CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote cod
 	NOT-FOR-US: Zoom
 CVE-2019-13566
 	RESERVED
-CVE-2019-13565 [openldap: ACL protections get lost if same identity uses different SSF levels]
-	RESERVED
+CVE-2019-13565 (An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL ...)
 	- openldap 2.4.48+dfsg-1 (low; bug #932998)
 	[buster] - openldap <no-dsa> (Minor issue)
 	[stretch] - openldap <no-dsa> (Minor issue)
@@ -2923,18 +2965,18 @@ CVE-2019-13389
 	RESERVED
 CVE-2019-13388
 	RESERVED
-CVE-2019-13387
-	RESERVED
-CVE-2019-13386
-	RESERVED
-CVE-2019-13385
-	RESERVED
+CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...)
+	TODO: check
+CVE-2019-13386 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden  ...)
+	TODO: check
+CVE-2019-13385 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and  ...)
+	TODO: check
 CVE-2019-13384
 	RESERVED
 CVE-2019-13383 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login ...)
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
-CVE-2019-13382
-	RESERVED
+CVE-2019-13382 (UploaderService in SnagIT 2019.1.2 allows elevation of privilege by pl ...)
+	TODO: check
 CVE-2019-13381
 	REJECTED
 CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from  ...)
@@ -3795,8 +3837,7 @@ CVE-2019-13059
 	RESERVED
 CVE-2019-13058
 	RESERVED
-CVE-2019-13057 [openldap: rootdn of any db can assert any identity]
-	RESERVED
+CVE-2019-13057 (An issue was discovered in the server in OpenLDAP before 2.4.48. When  ...)
 	- openldap 2.4.48+dfsg-1 (low; bug #932997)
 	[buster] - openldap <no-dsa> (Minor issue)
 	[stretch] - openldap <no-dsa> (Minor issue)
@@ -3879,7 +3920,7 @@ CVE-2019-13026
 	RESERVED
 CVE-2019-13025
 	RESERVED
-CVE-2019-13024 (Centreon V19.04 allows the attacker to execute arbitrary system comman ...)
+CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...)
 	NOT-FOR-US: Centreon
 CVE-2019-13023
 	RESERVED
@@ -14069,8 +14110,8 @@ CVE-2019-9494 (The implementations of SAE in hostapd and wpa_supplicant are vuln
 	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
 CVE-2019-9493
 	RESERVED
-CVE-2019-9492
-	RESERVED
+CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...)
+	TODO: check
 CVE-2019-9491
 	RESERVED
 CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
@@ -22789,8 +22830,8 @@ CVE-2019-6004
 	RESERVED
 CVE-2019-6003
 	RESERVED
-CVE-2019-6002
-	RESERVED
+CVE-2019-6002 (Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 a ...)
+	TODO: check
 CVE-2019-6001
 	RESERVED
 CVE-2019-6000
@@ -35221,17 +35262,17 @@ CVE-2018-19804
 	RESERVED
 CVE-2018-19803
 	RESERVED
-CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3). ...)
+CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. ...)
 	- aubio 0.4.9-1 (bug #930186)
 	[buster] - aubio <no-dsa> (Minor issue)
 	[stretch] - aubio <no-dsa> (Minor issue)
 	[jessie] - aubio <no-dsa> (Minor issue)
-CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6). ...)
+CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_fil ...)
 	- aubio 0.4.9-1 (bug #930186)
 	[buster] - aubio <no-dsa> (Minor issue)
 	[stretch] - aubio <no-dsa> (Minor issue)
 	[jessie] - aubio <no-dsa> (Minor issue)
-CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3). ...)
+CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. ...)
 	- aubio 0.4.9-1 (bug #930186)
 	[buster] - aubio <no-dsa> (Minor issue)
 	[stretch] - aubio <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7cbf95d4f40e818611c1301b2bc7c342ff64709

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7cbf95d4f40e818611c1301b2bc7c342ff64709
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190726/9ee738e6/attachment.html>

More information about the debian-security-tracker-commits mailing list