[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jun 10 21:10:53 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee55640a by security tracker role at 2019-06-10T20:10:38Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer over-read in th ...)
+	TODO: check
+CVE-2019-12789
+	RESERVED
+CVE-2019-12788 (An issue was discovered in Photodex ProShow Producer v9.0.3797 (an app ...)
+	TODO: check
+CVE-2019-12787 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...)
+	TODO: check
+CVE-2019-12786 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...)
+	TODO: check
+CVE-2019-12785
+	RESERVED
+CVE-2019-12784
+	RESERVED
+CVE-2019-12783
+	RESERVED
+CVE-2019-12782
+	RESERVED
+CVE-2019-12781
+	RESERVED
+CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo ...)
+	TODO: check
 CVE-2019-XXXX [security issues fixed in vlc 3.0.7]
 	- vlc 3.0.7-1 (bug #930276)
 	NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
@@ -898,8 +920,8 @@ CVE-2019-12389
 	RESERVED
 CVE-2019-12388
 	RESERVED
-CVE-2019-12387
-	RESERVED
+CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...)
+	TODO: check
 CVE-2019-12386
 	RESERVED
 CVE-2019-12385
@@ -2095,8 +2117,8 @@ CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory t
 	TODO: check
 CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...)
 	NOT-FOR-US: XiongMai Besder IP20H1 cameras
-CVE-2019-11877
-	RESERVED
+CVE-2019-11877 (XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRou ...)
+	TODO: check
 CVE-2019-11876 (In PrestaShop 1.7.5.2, the shop_country parameter in the install/index ...)
 	NOT-FOR-US: PrestaShop
 CVE-2019-11875 (In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0. ...)
@@ -3003,8 +3025,8 @@ CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in no
 	NOT-FOR-US: nopCommerce
 CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] ...)
 	NOT-FOR-US: SEMCMS
-CVE-2019-11517
-	RESERVED
+CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...)
+	TODO: check
 CVE-2019-11516
 	RESERVED
 CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...)
@@ -4281,8 +4303,8 @@ CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross
 	- ruby-omniauth <unfixed>
 	NOTE: https://github.com/omniauth/omniauth/pull/809
 	NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/11
-CVE-2019-11027
-	RESERVED
+CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...)
+	TODO: check
 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
 	- poppler <unfixed> (low; bug #926721)
 	[buster] - poppler <ignored> (Minor issue)
@@ -7782,12 +7804,12 @@ CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vuln
 	NOT-FOR-US: MailSherlock
 CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
 	NOT-FOR-US: MailSherlock
-CVE-2019-9881
-	RESERVED
-CVE-2019-9880
-	RESERVED
-CVE-2019-9879
-	RESERVED
+CVE-2019-9881 (The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress ...)
+	TODO: check
+CVE-2019-9880 (An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. B ...)
+	TODO: check
+CVE-2019-9879 (The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to re ...)
+	TODO: check
 CVE-2019-9878 (There is an invalid memory access in the function GfxIndexedColorSpace ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 CVE-2019-9877 (There is an invalid memory access vulnerability in the function TextPa ...)
@@ -17087,8 +17109,8 @@ CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /
 	NOT-FOR-US: Frog CMS
 CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read t ...)
 	NOT-FOR-US: Kentico
-CVE-2019-6241
-	RESERVED
+CVE-2019-6241 (In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined wi ...)
+	TODO: check
 CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
 	- gitlab 11.5.7+dfsg-1 (bug #919822)
 	NOTE: https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
@@ -19501,8 +19523,8 @@ CVE-2019-5245
 	RESERVED
 CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
 	NOT-FOR-US: Huawei
-CVE-2019-5243
-	RESERVED
+CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. An att ...)
+	TODO: check
 CVE-2019-5242 (There is a code execution vulnerability in Huawei PCManager versions e ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei PCManager vers ...)
@@ -24457,16 +24479,16 @@ CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel
 	[buster] - faad2 <no-dsa> (Minor issue)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/28
-CVE-2018-20356
-	RESERVED
-CVE-2018-20355
-	RESERVED
-CVE-2018-20354
-	RESERVED
-CVE-2018-20353
-	RESERVED
-CVE-2018-20352
-	RESERVED
+CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free vulnerability in th ...)
+	TODO: check
+CVE-2018-20355 (An invalid write of 8 bytes due to a use-after-free vulnerability in t ...)
+	TODO: check
+CVE-2018-20354 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...)
+	TODO: check
+CVE-2018-20353 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...)
+	TODO: check
+CVE-2018-20352 (Use-after-free vulnerability in the mg_cgi_ev_handler function in mong ...)
+	TODO: check
 CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on macOS all ...)
 	NOT-FOR-US: Evernote
 CVE-2018-20350
@@ -34276,7 +34298,7 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM eve
 CVE-2019-0210
 	RESERVED
 CVE-2019-0209
-	RESERVED
+	REJECTED
 CVE-2019-0208
 	REJECTED
 CVE-2019-0207



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee55640ac0361eaa5c2dac65328e983afedb1c66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee55640ac0361eaa5c2dac65328e983afedb1c66
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190610/0651681d/attachment.html>

More information about the debian-security-tracker-commits mailing list