[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 30 21:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b54f61da by security tracker role at 2019-07-30T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-14445
+ RESERVED
+CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...)
+ TODO: check
+CVE-2019-14443 (An issue was discovered in Libav 12.3. Division by zero in range_decod ...)
+ TODO: check
+CVE-2019-14442 (In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file ...)
+ TODO: check
+CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation allows remo ...)
+ TODO: check
+CVE-2019-14440
+ RESERVED
+CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+ TODO: check
+CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...)
+ TODO: check
+CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ...)
+ TODO: check
CVE-2019-14438
RESERVED
CVE-2019-14437
@@ -46,112 +64,112 @@ CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) bef
NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
NOT-FOR-US: Veritas Resiliency Platform (VRP)
-CVE-2019-14414
- RESERVED
-CVE-2019-14413
- RESERVED
-CVE-2019-14412
- RESERVED
-CVE-2019-14411
- RESERVED
-CVE-2019-14410
- RESERVED
-CVE-2019-14409
- RESERVED
-CVE-2019-14408
- RESERVED
-CVE-2019-14407
- RESERVED
-CVE-2019-14406
- RESERVED
-CVE-2019-14405
- RESERVED
-CVE-2019-14404
- RESERVED
-CVE-2019-14403
- RESERVED
-CVE-2019-14402
- RESERVED
-CVE-2019-14401
- RESERVED
-CVE-2019-14400
- RESERVED
-CVE-2019-14399
- RESERVED
-CVE-2019-14398
- RESERVED
-CVE-2019-14397
- RESERVED
-CVE-2019-14396
- RESERVED
-CVE-2019-14395
- RESERVED
-CVE-2019-14394
- RESERVED
-CVE-2019-14393
- RESERVED
-CVE-2019-14392
- RESERVED
-CVE-2019-14391
- RESERVED
-CVE-2019-14390
- RESERVED
-CVE-2019-14389
- RESERVED
-CVE-2019-14388
- RESERVED
-CVE-2019-14387
- RESERVED
-CVE-2019-14386
- RESERVED
+CVE-2019-14414 (In cPanel before 78.0.2, a Userdata cache temporary file can conflict ...)
+ TODO: check
+CVE-2019-14413 (cPanel before 78.0.2 allows certain file-write operations as shared us ...)
+ TODO: check
+CVE-2019-14412 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...)
+ TODO: check
+CVE-2019-14411 (cPanel before 78.0.2 does not properly restrict demo accounts from wri ...)
+ TODO: check
+CVE-2019-14410 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...)
+ TODO: check
+CVE-2019-14409 (cPanel before 78.0.2 allows arbitrary file-read operations via Passeng ...)
+ TODO: check
+CVE-2019-14408 (cPanel before 78.0.2 allows a demo account to link with an OpenID prov ...)
+ TODO: check
+CVE-2019-14407 (cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-41 ...)
+ TODO: check
+CVE-2019-14406 (cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing ( ...)
+ TODO: check
+CVE-2019-14405 (cPanel before 78.0.18 allows demo accounts to execute code via securit ...)
+ TODO: check
+CVE-2019-14404 (cPanel before 78.0.18 allows certain file-read operations in the conte ...)
+ TODO: check
+CVE-2019-14403 (cPanel before 78.0.18 offers an open mail relay because of incorrect d ...)
+ TODO: check
+CVE-2019-14402 (cPanel before 78.0.18 unsafely determines terminal capabilities by usi ...)
+ TODO: check
+CVE-2019-14401 (cPanel before 78.0.18 allows code execution via an addforward API1 cal ...)
+ TODO: check
+CVE-2019-14400 (cPanel before 78.0.18 allows local users to escalate to root access be ...)
+ TODO: check
+CVE-2019-14399 (The SSL certificate-storage feature in cPanel before 78.0.18 allows un ...)
+ TODO: check
+CVE-2019-14398 (cPanel before 80.0.5 allows demo accounts to execute arbitrary code vi ...)
+ TODO: check
+CVE-2019-14397 (cPanel before 80.0.5 allows demo accounts to modify arbitrary files vi ...)
+ TODO: check
+CVE-2019-14396 (API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertio ...)
+ TODO: check
+CVE-2019-14395 (cPanel before 80.0.5 uses world-readable permissions for the Queueproc ...)
+ TODO: check
+CVE-2019-14394 (cPanel before 80.0.5 allows unsafe file operations in the context of t ...)
+ TODO: check
+CVE-2019-14393 (cPanel before 80.0.5 allows local code execution in the context of a d ...)
+ TODO: check
+CVE-2019-14392 (cPanel before 80.0.22 allows remote code execution by a demo account b ...)
+ TODO: check
+CVE-2019-14391 (cPanel before 82.0.2 does not properly enforce Reseller package creati ...)
+ TODO: check
+CVE-2019-14390 (cPanel before 82.0.2 has stored XSS in the WHM Modify Account interfac ...)
+ TODO: check
+CVE-2019-14389 (cPanel before 82.0.2 allows local users to discover the MySQL root pas ...)
+ TODO: check
+CVE-2019-14388 (cPanel before 82.0.2 allows unauthenticated file creation because Exim ...)
+ TODO: check
+CVE-2019-14387 (cPanel before 82.0.2 has Self XSS in the cPanel and webmail master tem ...)
+ TODO: check
+CVE-2019-14386 (cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interfac ...)
+ TODO: check
CVE-2019-14385
RESERVED
CVE-2019-14384
RESERVED
-CVE-2019-14383
- RESERVED
-CVE-2019-14382
- RESERVED
-CVE-2019-14381
- RESERVED
-CVE-2019-14380
- RESERVED
+CVE-2019-14383 (J2B in libopenmpt before 0.4.2 allows an assertion failure during file ...)
+ TODO: check
+CVE-2019-14382 (DSM in libopenmpt before 0.4.2 allows an assertion failure during file ...)
+ TODO: check
+CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereferen ...)
+ TODO: check
+CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...)
+ TODO: check
CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...)
- jackson-databind <unfixed> (bug #933393)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2387
NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...)
TODO: check
-CVE-2018-20870
- RESERVED
-CVE-2018-20869
- RESERVED
-CVE-2018-20868
- RESERVED
-CVE-2018-20867
- RESERVED
-CVE-2018-20866
- RESERVED
-CVE-2018-20865
- RESERVED
-CVE-2018-20864
- RESERVED
-CVE-2018-20863
- RESERVED
-CVE-2018-20862
- RESERVED
-CVE-2018-20861
- RESERVED
-CVE-2018-20860
- RESERVED
-CVE-2018-20859
- RESERVED
+CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...)
+ TODO: check
+CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...)
+ TODO: check
+CVE-2018-20868 (cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interf ...)
+ TODO: check
+CVE-2018-20867 (cPanel before 76.0.8 has an open redirect when resetting connections ( ...)
+ TODO: check
+CVE-2018-20866 (cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feat ...)
+ TODO: check
+CVE-2018-20865 (cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destina ...)
+ TODO: check
+CVE-2018-20864 (cPanel before 76.0.8 allows a persistent Virtual FTP accounts after re ...)
+ TODO: check
+CVE-2018-20863 (cPanel before 76.0.8 allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-20862 (cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SE ...)
+ TODO: check
+CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed custom ...)
+ TODO: check
+CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED files. ...)
+ TODO: check
+CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a Chemical ...)
+ TODO: check
CVE-2018-20858
RESERVED
-CVE-2017-18381
- RESERVED
-CVE-2017-18380
- RESERVED
+CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes a Mongo ...)
+ TODO: check
+CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger password-re ...)
+ TODO: check
CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...)
NOT-FOR-US: Open edX
CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...)
@@ -263,8 +281,8 @@ CVE-2019-14329 (An issue was discovered in EspoCRM before 5.6.6. There is stored
NOT-FOR-US: EspoCRM
CVE-2019-14328 (The Simple Membership plugin before 3.8.5 for WordPress has CSRF affec ...)
NOT-FOR-US: Simple Membership plugin for WordPress
-CVE-2019-14327
- RESERVED
+CVE-2019-14327 (A CSRF vulnerability in Settings form in the Custom Simple Rss plugin ...)
+ TODO: check
CVE-2019-14326
RESERVED
CVE-2019-14325
@@ -281,8 +299,8 @@ CVE-2019-14320
RESERVED
CVE-2019-14319
RESERVED
-CVE-2019-14318
- RESERVED
+CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA sig ...)
+ TODO: check
CVE-2019-14317
RESERVED
CVE-2019-14316
@@ -291,8 +309,8 @@ CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunH
NOT-FOR-US: SunHater KCFinder
CVE-2019-14314
RESERVED
-CVE-2019-14313
- RESERVED
+CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...)
+ TODO: check
CVE-2019-14312
RESERVED
CVE-2019-14311
@@ -530,8 +548,8 @@ CVE-2019-14244
RESERVED
CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...)
NOT-FOR-US: mastercactapus proxyprotocol
-CVE-2019-14242
- RESERVED
+CVE-2019-14242 (An issue was discovered in Bitdefender products for Windows (Bitdefend ...)
+ TODO: check
CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...)
- haproxy <not-affected> (Vulnerable code not present)
NOTE: https://github.com/haproxy/haproxy/issues/181
@@ -1785,8 +1803,8 @@ CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishand
{DSA-4489-1 DLA-1856-1}
- patch 2.7.6-5 (bug #932401)
NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
-CVE-2019-13635
- RESERVED
+CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFas ...)
+ TODO: check
CVE-2019-13634
RESERVED
CVE-2019-13633
@@ -7459,8 +7477,8 @@ CVE-2019-11777
RESERVED
CVE-2019-11776
RESERVED
-CVE-2019-11775
- RESERVED
+CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...)
+ TODO: check
CVE-2019-11774
RESERVED
CVE-2019-11773
@@ -9093,8 +9111,8 @@ CVE-2019-11204 (The web interface component of TIBCO Software Inc.'s TIBCO Spotf
NOT-FOR-US: TIBCO
CVE-2019-11203 (The workspace client, openspace client, app development client, and RE ...)
NOT-FOR-US: TIBCO
-CVE-2019-11202
- RESERVED
+CVE-2019-11202 (An issue was discovered that affects the following versions of Rancher ...)
+ TODO: check
CVE-2019-11201 (Dolibarr ERP/CRM 9.0.1 provides a module named website that provides f ...)
- dolibarr <removed>
CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs u ...)
@@ -11817,13 +11835,11 @@ CVE-2019-10143 (** DISPUTED ** It was discovered freeradius up to and including
NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574
NOTE: This is not a security issue per se
-CVE-2019-10142 [drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl]
- RESERVED
+CVE-2019-10142 (A flaw was found in the Linux kernel's freescale hypervisor manager im ...)
- linux <unfixed> (unimportant)
NOTE: Fixed by: https://git.kernel.org/linus/6a024330650e24556b8a18cc654ad00cfecf6c6c
NOTE: CONFIG_FSL_HV_MANAGER not enabled in kernel builds in Debian.
-CVE-2019-10141
- RESERVED
+CVE-2019-10141 (A vulnerability was found in openstack-ironic-inspector all versions e ...)
- ironic-inspector 8.0.0-3 (bug #929332)
[stretch] - ironic-inspector <no-dsa> (Minor issue)
NOTE: https://review.opendev.org/#/c/660234/
@@ -11832,8 +11848,7 @@ CVE-2019-10140
RESERVED
CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ans ...)
NOT-FOR-US: cockpit-ovirt
-CVE-2019-10138
- RESERVED
+CVE-2019-10138 (A flaw was discovered in the python-novajoin plugin, all versions up t ...)
NOT-FOR-US: python-novajoin plugin for OpenStack
CVE-2019-10137 (A path traversal flaw was found in spacewalk-proxy, all versions throu ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
@@ -11858,16 +11873,14 @@ CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick b
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ccc28ee4c777d915f95919ac3bcf8adf93037a7
-CVE-2019-10130 [Selectivity estimators bypass row security policies]
- RESERVED
+CVE-2019-10130 (A vulnerability was found in PostgreSQL versions 11.x up to excluding ...)
{DSA-4439-1}
- postgresql-11 11.3-1
- postgresql-9.6 <removed>
- postgresql-9.4 <removed>
[jessie] - postgresql-9.4 <not-affected> (Row security was introduced in 9.5)
NOTE: https://www.postgresql.org/about/news/1939/
-CVE-2019-10129 [Memory disclosure in partition routing]
- RESERVED
+CVE-2019-10129 (A vulnerability was found in postgresql versions 11.x prior to 11.3. U ...)
- postgresql-11 11.3-1
NOTE: https://www.postgresql.org/about/news/1939/
CVE-2019-10128
@@ -26679,8 +26692,8 @@ CVE-2019-4458
RESERVED
CVE-2019-4457
RESERVED
-CVE-2019-4456
- RESERVED
+CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 ...)
+ TODO: check
CVE-2019-4455
RESERVED
CVE-2019-4454
@@ -27021,8 +27034,8 @@ CVE-2019-4287
RESERVED
CVE-2019-4286
RESERVED
-CVE-2019-4285
- RESERVED
+CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a ...)
+ TODO: check
CVE-2019-4284
RESERVED
CVE-2019-4283
@@ -27467,8 +27480,8 @@ CVE-2019-4064
RESERVED
CVE-2019-4063 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition c ...)
NOT-FOR-US: IBM
-CVE-2019-4062
- RESERVED
+CVE-2019-4062 (IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable ...)
+ TODO: check
CVE-2019-4061 (IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the r ...)
NOT-FOR-US: IBM
CVE-2019-4060
@@ -27976,7 +27989,7 @@ CVE-2019-3861 (An out of bounds read flaw was discovered in libssh2 before 1.8.1
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
CVE-2019-3860 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
- {DSA-4431-1 DLA-1730-1}
+ {DSA-4431-1 DLA-1730-4 DLA-1730-1}
- libssh2 1.8.0-2.1 (bug #924965)
NOTE: https://libssh2.org/CVE-2019-3860.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
@@ -36097,8 +36110,7 @@ CVE-2019-1554
RESERVED
CVE-2019-1553
RESERVED
-CVE-2019-1552 [Windows builds with insecure path defaults]
- RESERVED
+CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can find a ...)
- openssl <not-affected> (Windows-specific)
- openssl1.0 <not-affected> (Windows-specific)
NOTE: https://www.openssl.org/news/secadv/20190730.txt
@@ -39697,9 +39709,9 @@ CVE-2018-19314
RESERVED
CVE-2018-19313
RESERVED
-CVE-2018-19312 (Centreon 3.4.x allows SQL Injection via the searchVM parameter to the ...)
+CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) all ...)
NOT-FOR-US: Centreon
-CVE-2018-19311 (Centreon 3.4.x allows XSS via the Service field to the main.php?p=2020 ...)
+CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service ...)
NOT-FOR-US: Centreon
CVE-2018-19310
RESERVED
@@ -39763,9 +39775,9 @@ CVE-2018-19283
RESERVED
CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...)
NOT-FOR-US: Rockwell Automation
-CVE-2018-19281 (Centreon 3.4.x allows SNMP trap SQL Injection. ...)
+CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) all ...)
NOT-FOR-US: Centreon
-CVE-2018-19280 (Centreon 3.4.x has XSS via the resource name or macro expression of a ...)
+CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource na ...)
NOT-FOR-US: Centreon
CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plain ...)
NOT-FOR-US: PRIMX ZoneCentral
@@ -39968,7 +39980,7 @@ CVE-2018-19273
RESERVED
CVE-2018-19272
RESERVED
-CVE-2018-19271 (Centreon 3.4.x allows SQL Injection via the main.php searchH parameter ...)
+CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) all ...)
NOT-FOR-US: Centreon
CVE-2018-19270
REJECTED
@@ -46421,8 +46433,7 @@ CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35ce73d1c8e19a37e2737717ea1c984dc1
-CVE-2018-16871
- RESERVED
+CVE-2018-16871 (A flaw was found in the Linux kernel's NFS implementation, all version ...)
- linux 4.18.20-1
[stretch] - linux 4.9.144-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -178552,7 +178563,7 @@ CVE-2015-7676 (Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, whe
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
-CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1. ...)
+CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in C ...)
NOT-FOR-US: Centreon
CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...)
{DSA-3154-1 DLA-149-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b54f61da471d30298a4e41bb85c8f0f0d877b755
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b54f61da471d30298a4e41bb85c8f0f0d877b755
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190730/25e418d7/attachment.html>
More information about the debian-security-tracker-commits
mailing list