[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 20 21:10:35 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
722dd91b by security tracker role at 2019-06-20T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2019-12921
+ RESERVED
+CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
+ TODO: check
+CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
+ TODO: check
+CVE-2019-12918
+ RESERVED
+CVE-2019-12917
+ RESERVED
+CVE-2019-12916
+ RESERVED
+CVE-2019-12915
+ RESERVED
+CVE-2019-12914
+ RESERVED
+CVE-2019-12913
+ RESERVED
+CVE-2019-12912
+ RESERVED
+CVE-2019-12911
+ RESERVED
+CVE-2019-12910
+ RESERVED
+CVE-2019-12909
+ RESERVED
+CVE-2019-12908
+ RESERVED
+CVE-2019-12907
+ RESERVED
+CVE-2019-12906
+ RESERVED
+CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman& ...)
+ TODO: check
CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
- libgcrypt20 <unfixed>
- libgcrypt11 <removed>
@@ -409,10 +443,10 @@ CVE-2019-12747
RESERVED
CVE-2019-12746
RESERVED
-CVE-2019-12745
- RESERVED
-CVE-2019-12744
- RESERVED
+CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site S ...)
+ TODO: check
+CVE-2019-12744 (SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of ...)
+ TODO: check
CVE-2019-12743
RESERVED
CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change the passw ...)
@@ -1062,7 +1096,7 @@ CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside t
- firejail 0.9.58.2-2 (bug #929732)
NOTE: https://github.com/netblue30/firejail/issues/2718
NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
-CVE-2019-12456 (An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in ...)
+CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ...)
- linux <unfixed>
CVE-2019-12455 (An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/c ...)
- linux <unfixed> (unimportant)
@@ -1274,7 +1308,7 @@ CVE-2019-12383 (Tor Browser before 8.0.1 has an information exposure vulnerabili
CVE-2019-12382 (** DISPUTED ** An issue was discovered in drm_load_edid_firmware in dr ...)
- linux <unfixed> (unimportant)
NOTE: Issue with no security impact, see kernel-sec, invalid issue
-CVE-2019-12381 (An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in ...)
+CVE-2019-12381 (** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip ...)
- linux <unfixed> (unimportant)
NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux kernel throu ...)
@@ -2851,7 +2885,7 @@ CVE-2019-11708 [sandbox escape using Prompt:Open]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708
CVE-2019-11707
RESERVED
- {DSA-4466-1}
+ {DSA-4466-1 DLA-1829-1}
- firefox 67.0.3-1
- firefox-esr 60.7.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
@@ -12040,10 +12074,10 @@ CVE-2019-8461
RESERVED
CVE-2019-8460
RESERVED
-CVE-2019-8459
- RESERVED
-CVE-2019-8458
- RESERVED
+CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN blade, ...)
+ TODO: check
+CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with Anti-Malware bl ...)
+ TODO: check
CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...)
- sqlite3 3.27.2-3 (bug #929775)
NOTE: https://www.sqlite.org/src/info/90acdbfce9c08858
@@ -15763,14 +15797,14 @@ CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom cla
NOT-FOR-US: Bento4
CVE-2019-6965 (An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/ ...)
NOT-FOR-US: i-doit
-CVE-2019-6964
- RESERVED
-CVE-2019-6963
- RESERVED
-CVE-2019-6962
- RESERVED
-CVE-2019-6961
- RESERVED
+CVE-2019-6964 (A heap-based buffer over-read in Service_SetParamStringValue in cosa_x ...)
+ TODO: check
+CVE-2019-6963 (A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-2018 ...)
+ TODO: check
+CVE-2019-6962 (A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 ...)
+ TODO: check
+CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK RDKB-2 ...)
+ TODO: check
CVE-2019-6960
RESERVED
- gitlab 11.5.10+dfsg-1 (bug #921059)
@@ -42258,8 +42292,8 @@ CVE-2017-1000600 (WordPress version <4.9 contains a CWE-20 Input Validation v
NOTE: Wordpress before 4.9 is vulnerable on its own. After 4.9 you need to have
NOTE: vulnerable module installed on the site as well. Due to an incomplete fix
NOTE: in 4.9 there exists CVE-2018-1000773.
-CVE-2018-16553
- RESERVED
+CVE-2018-16553 (In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remot ...)
+ TODO: check
CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/ ...)
NOT-FOR-US: MicroPyramid Django-CRM
CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/jo ...)
@@ -42334,8 +42368,8 @@ CVE-2018-16517 (asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointe
NOTE: Crash in CLI tool, no security impact
CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. ...)
- python-flask-admin <itp> (bug #765509)
-CVE-2018-16514
- RESERVED
+CVE-2018-16514 (A cross-site scripting (XSS) vulnerability in the View Filters page (v ...)
+ TODO: check
CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
- jhead 1:3.00-8 (bug #907925)
[stretch] - jhead 1:3.00-4+deb9u1
@@ -43036,16 +43070,16 @@ CVE-2018-16253 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the
NOT-FOR-US: axTLS
CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML Exter ...)
NOT-FOR-US: FsPro Labs Event Log Explorer
-CVE-2018-16251
- RESERVED
-CVE-2018-16250
- RESERVED
-CVE-2018-16249
- RESERVED
-CVE-2018-16248
- RESERVED
-CVE-2018-16247
- RESERVED
+CVE-2018-16251 (A "search for user discovery" injection issue exists in Creatiwity wit ...)
+ TODO: check
+CVE-2018-16250 (The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presen ...)
+ TODO: check
+CVE-2018-16249 (In Symphony before 3.3.0, there is XSS in the Title under Post. The ID ...)
+ TODO: check
+CVE-2018-16248 (b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles ...)
+ TODO: check
+CVE-2018-16247 (YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html ti ...)
+ TODO: check
CVE-2018-16246
RESERVED
CVE-2018-16245
@@ -43335,14 +43369,14 @@ CVE-2018-16121
RESERVED
CVE-2018-16120
RESERVED
-CVE-2018-16119
- RESERVED
-CVE-2018-16118
- RESERVED
-CVE-2018-16117
- RESERVED
-CVE-2018-16116
- RESERVED
+CVE-2018-16119 (Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (F ...)
+ TODO: check
+CVE-2018-16118 (A shell escape vulnerability in /webconsole/APIController in the API C ...)
+ TODO: check
+CVE-2018-16117 (A shell escape vulnerability in /webconsole/Controller in Admin Portal ...)
+ TODO: check
+CVE-2018-16116 (SQL injection vulnerability in AccountStatus.jsp in Admin Portal of So ...)
+ TODO: check
CVE-2018-16115 (Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modif ...)
NOT-FOR-US: Lightbend Akka
CVE-2018-16114
@@ -43807,8 +43841,8 @@ CVE-2018-15915
RESERVED
CVE-2018-15914
RESERVED
-CVE-2018-15913
- RESERVED
+CVE-2018-15913 (An issue was discovered in Cloudera Manager 5.x through 5.15.0. One ty ...)
+ TODO: check
CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-system ...)
NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...)
@@ -43872,12 +43906,12 @@ CVE-2018-15894 (A SQL injection was discovered in /coreframe/app/admin/pay/admin
NOT-FOR-US: WUZHI CMS
CVE-2018-15893 (A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in ...)
NOT-FOR-US: WUZHI CMS
-CVE-2018-15892
- RESERVED
-CVE-2018-15891
- RESERVED
-CVE-2018-15890
- RESERVED
+CVE-2018-15892 (FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup ...)
+ TODO: check
+CVE-2018-15891 (An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, ...)
+ TODO: check
+CVE-2018-15890 (An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserializ ...)
+ TODO: check
CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base ...)
- libpodofo <unfixed> (low; bug #916167)
[buster] - libpodofo <no-dsa> (Minor issue)
@@ -43914,10 +43948,10 @@ CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate che
NOT-FOR-US: Joomla!
CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output fi ...)
NOT-FOR-US: Joomla!
-CVE-2018-15879
- RESERVED
-CVE-2018-15878
- RESERVED
+CVE-2018-15879 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vu ...)
+ TODO: check
+CVE-2018-15878 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vu ...)
+ TODO: check
CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an arbitrary fi ...)
NOT-FOR-US: Joomla addon
CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolutio ...)
@@ -77943,8 +77977,8 @@ CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attacker
NOT-FOR-US: Handy Password
CVE-2017-17945
RESERVED
-CVE-2017-17944
- RESERVED
+CVE-2017-17944 (The ASUS Vivobaby application before 1.1.09 for Android has Missing SS ...)
+ TODO: check
CVE-2017-17943
RESERVED
CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in the functi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/722dd91b2d09f9568a4aeed0fa7b49b1cbe37c90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/722dd91b2d09f9568a4aeed0fa7b49b1cbe37c90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190620/167f3477/attachment.html>
More information about the debian-security-tracker-commits
mailing list