[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 28 21:10:27 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e804286 by security tracker role at 2019-06-28T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-13019
+ RESERVED
+CVE-2019-13018
+ RESERVED
+CVE-2019-13017
+ RESERVED
+CVE-2019-13016
+ RESERVED
+CVE-2019-13015
+ RESERVED
+CVE-2019-13014
+ RESERVED
+CVE-2019-13013
+ RESERVED
+CVE-2019-13011
+ RESERVED
+CVE-2019-13010
+ RESERVED
+CVE-2019-13009
+ RESERVED
+CVE-2019-13008
+ RESERVED
+CVE-2019-13007
+ RESERVED
+CVE-2019-13006
+ RESERVED
+CVE-2019-13005
+ RESERVED
+CVE-2019-13004
+ RESERVED
+CVE-2019-13003
+ RESERVED
+CVE-2019-13002
+ RESERVED
+CVE-2019-13001
+ RESERVED
+CVE-2019-13000
+ RESERVED
+CVE-2019-12999
+ RESERVED
+CVE-2019-12998
+ RESERVED
+CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privileges from ...)
+ TODO: check
+CVE-2019-12996
+ RESERVED
+CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
+ TODO: check
+CVE-2019-12994
+ RESERVED
CVE-2019-12993
RESERVED
CVE-2019-12992
@@ -142,6 +192,7 @@ CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection i
CVE-2019-12938 (The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to p ...)
NOT-FOR-US: Roundcube component of Analogic Poste.io
CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML names that ...)
+ {DSA-4472-1}
- expat 2.2.6-2 (bug #931031)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
NOTE: https://github.com/libexpat/libexpat/issues/186
@@ -157,8 +208,8 @@ CVE-2019-12935 (Shopware before 5.5.8 has XSS via the Query String to the backen
NOT-FOR-US: Shopware
CVE-2019-12933 (An XSS issue on the PIX-Link Repeater/Router LV-WR09 with firmware v28 ...)
NOT-FOR-US: PIX-Link Repeater/Router LV-WR09
-CVE-2019-12932
- RESERVED
+CVE-2019-12932 (A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly e ...)
+ TODO: check
CVE-2019-12931
RESERVED
CVE-2019-12930
@@ -1313,7 +1364,7 @@ CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when
NOT-FOR-US: Containous Traefik
CVE-2019-12451
RESERVED
-CVE-2019-13012 [keyfile settings backend: Consider tightening permissions]
+CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 ...)
[experimental] - glib2.0 2.60.0-1
- glib2.0 <unfixed> (bug #931234)
NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1658
@@ -10353,7 +10404,7 @@ CVE-2019-9213 (In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c
[stretch] - linux 4.9.168-1
NOTE: Fixed by: https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
-CVE-2019-9212 (SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrar ...)
+CVE-2019-9212 (** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to e ...)
NOT-FOR-US: SOFA-Hessian
CVE-2019-9211 (There is a reachable assertion abort in the function write_long_string ...)
- pspp <unfixed> (unimportant; bug #923417)
@@ -18146,6 +18197,7 @@ CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with sta
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700442
NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b
CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fi ...)
+ {DLA-1838-1}
- mupdf 1.14.0+ds1-3 (bug #918971)
[stretch] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
@@ -22055,8 +22107,8 @@ CVE-2019-4371
RESERVED
CVE-2019-4370
RESERVED
-CVE-2019-4369
- RESERVED
+CVE-2019-4369 (IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive informa ...)
+ TODO: check
CVE-2019-4368
RESERVED
CVE-2019-4367
@@ -22255,8 +22307,8 @@ CVE-2019-4271
RESERVED
CVE-2019-4270
RESERVED
-CVE-2019-4269
- RESERVED
+CVE-2019-4269 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...)
+ TODO: check
CVE-2019-4268
RESERVED
CVE-2019-4267
@@ -39786,8 +39838,8 @@ CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status
NOT-FOR-US: Multi-Tech FaxFinder
CVE-2018-17561
RESERVED
-CVE-2018-17560
- RESERVED
+CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1. ...)
+ TODO: check
CVE-2018-17559
RESERVED
CVE-2018-17558
@@ -40790,8 +40842,8 @@ CVE-2018-17172 (The web application on Xerox AltaLink B80xx before 100.008.028.0
NOT-FOR-US: Xerox
CVE-2018-17171
RESERVED
-CVE-2018-17170
- RESERVED
+CVE-2018-17170 (Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allo ...)
+ TODO: check
CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
@@ -45165,8 +45217,8 @@ CVE-2018-15557 (An issue was discovered in the Quantenna WiFi Controller on Telu
TODO: check
CVE-2018-15556 (The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 a ...)
TODO: check
-CVE-2018-15555
- RESERVED
+CVE-2018-15555 (On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login ...)
+ TODO: check
CVE-2018-15554
RESERVED
CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allo ...)
@@ -45236,10 +45288,10 @@ CVE-2018-15522
RESERVED
CVE-2018-15521
RESERVED
-CVE-2018-15520
- RESERVED
-CVE-2018-15519
- RESERVED
+CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). ...)
+ TODO: check
+CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). ...)
+ TODO: check
CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...)
{DSA-4374-1 DLA-1786-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
@@ -46532,14 +46584,14 @@ CVE-2018-14921
RESERVED
CVE-2018-14920
RESERVED
-CVE-2018-14919
- RESERVED
-CVE-2018-14918
- RESERVED
+CVE-2018-14919 (LOYTEC LGATE-902 6.3.2 devices allow XSS. ...)
+ TODO: check
+CVE-2018-14918 (LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. ...)
+ TODO: check
CVE-2018-14917
REJECTED
-CVE-2018-14916
- RESERVED
+CVE-2018-14916 (LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. ...)
+ TODO: check
CVE-2018-14915
REJECTED
CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a Buffer Overflo ...)
@@ -46605,12 +46657,12 @@ CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 c
NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin be ...)
NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
-CVE-2018-14887
- RESERVED
-CVE-2018-14886
- RESERVED
-CVE-2018-14885
- RESERVED
+CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing component in ...)
+ TODO: check
+CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and earlier and ...)
+ TODO: check
+CVE-2018-14885 (Incorrect access control in the database manager component in Odoo Com ...)
+ TODO: check
CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...)
- php7.2 7.2.1-1
- php7.1 7.1.13-1
@@ -46673,10 +46725,10 @@ CVE-2018-14870
RESERVED
CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Add ...)
NOT-FOR-US: PHP Template Store Script
-CVE-2018-14868
- RESERVED
-CVE-2018-14867
- RESERVED
+CVE-2018-14868 (Incorrect access control in the Password Encryption module in Odoo Com ...)
+ TODO: check
+CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...)
+ TODO: check
CVE-2018-14866
RESERVED
CVE-2018-14865
@@ -70739,7 +70791,7 @@ CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in admin/partials/wp-s
CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...)
NOT-FOR-US: Routers2
CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xre ...)
- {DSA-4334-1}
+ {DSA-4334-1 DLA-1838-1}
- mupdf 1.13.0+ds1-1 (bug #888487)
[wheezy] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
@@ -72656,7 +72708,7 @@ CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHe
CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ad ...)
NOT-FOR-US: NewsBee CMS
CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and applicati ...)
- {DSA-4334-1}
+ {DSA-4334-1 DLA-1838-1}
- mupdf 1.13.0+ds1-1 (bug #887130)
[wheezy] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
@@ -85061,14 +85113,16 @@ CVE-2017-1002102 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to
CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ...)
- kubernetes 1.7.16+dfsg-1 (bug #892801)
NOTE: https://github.com/kubernetes/kubernetes/issues/60813
-CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lea ...)
+CVE-2017-17457
+ REJECTED
{DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #884735)
[stretch] - libsndfile <no-dsa> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/344
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
-CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lea ...)
+CVE-2017-17456
+ REJECTED
{DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #884735)
[stretch] - libsndfile <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e804286b131becb2ab2a7c02e3699de3f49d947
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e804286b131becb2ab2a7c02e3699de3f49d947
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190628/d083a4bb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list