[Git][security-tracker-team/security-tracker][master] automatic update

Fri Mar 22 08:10:34 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
087a3d00 by security tracker role at 2019-03-22T08:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2019-9939 (The SHAREit application before 4.0.36 for Android allows a remote atta ...)
+	TODO: check
+CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a remote atta ...)
+	TODO: check
+CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single transactio ...)
+	TODO: check
+CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...)
+	TODO: check
+CVE-2019-9935
+	RESERVED
+CVE-2019-9934
+	RESERVED
+CVE-2019-9933
+	RESERVED
+CVE-2019-9932
+	RESERVED
+CVE-2019-9931
+	RESERVED
+CVE-2019-9930
+	RESERVED
+CVE-2019-9929
+	RESERVED
+CVE-2019-9928
+	RESERVED
+CVE-2019-9927 (Caret before 2019-02-22 allows Remote Code Execution. ...)
+	TODO: check
+CVE-2019-9926
+	RESERVED
+CVE-2019-9925 (S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. ...)
+	TODO: check
+CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user from mod ...)
+	TODO: check
+CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...)
+	TODO: check
+CVE-2019-9922
+	RESERVED
+CVE-2019-9921
+	RESERVED
+CVE-2019-9920
+	RESERVED
+CVE-2019-9919
+	RESERVED
+CVE-2019-9918
+	RESERVED
+CVE-2019-9917
+	RESERVED
+CVE-2019-9916
+	RESERVED
+CVE-2019-9915 (GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redir ...)
+	TODO: check
+CVE-2019-9914 (The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php? ...)
+	TODO: check
+CVE-2019-9913 (The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-adm ...)
+	TODO: check
+CVE-2019-9912 (The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the ...)
+	TODO: check
+CVE-2019-9911 (The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 ...)
+	TODO: check
+CVE-2019-9910 (The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?pag ...)
+	TODO: check
+CVE-2019-9909 (The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for ...)
+	TODO: check
+CVE-2019-9908 (The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-gen ...)
+	TODO: check
 CVE-2019-9907
 	RESERVED
 CVE-2019-9906
@@ -1063,6 +1127,7 @@ CVE-2019-9756
 	RESERVED
 CVE-2019-9755 [heap buffer overflow]
 	RESERVED
+	{DSA-4413-1}
 	- ntfs-3g 1:2017.3.23AR.3-3 (bug #925255)
 	NOTE: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/
 CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
@@ -4474,8 +4539,8 @@ CVE-2019-8353
 	RESERVED
 CVE-2019-8352
 	RESERVED
-CVE-2019-8351
-	RESERVED
+CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certif ...)
+	TODO: check
 CVE-2019-8350
 	RESERVED
 CVE-2019-8349
@@ -6304,12 +6369,12 @@ CVE-2019-7541
 	RESERVED
 CVE-2019-7540
 	RESERVED
-CVE-2019-7539
-	RESERVED
+CVE-2019-7539 (A code injection issue was discovered in ipycache through 2016-05-31. ...)
+	TODO: check
 CVE-2019-7538
 	RESERVED
-CVE-2019-7537
-	RESERVED
+CVE-2019-7537 (An issue was discovered in Donfig 0.3.0. There is a vulnerability in t ...)
+	TODO: check
 CVE-2019-7536
 	RESERVED
 CVE-2019-7535 (index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive  ...)
@@ -14724,8 +14789,7 @@ CVE-2019-3873
 	RESERVED
 CVE-2019-3872
 	RESERVED
-CVE-2019-3871 [Insufficient validation in the HTTP remote backend]
-	RESERVED
+CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before 4.0. ...)
 	- pdns <unfixed> (bug #924966)
 	NOTE: https://github.com/PowerDNS/pdns/issues/7573
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
@@ -14772,8 +14836,7 @@ CVE-2019-3859 (An out of bounds read flaw was discovered in libssh2 before 1.8.1
 	NOTE: https://www.libssh2.org/CVE-2019-3859.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3858 [Possible zero-byte allocation leading to an out-of-bounds read]
-	RESERVED
+CVE-2019-3858 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 when ...)
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://libssh2.org/CVE-2019-3858.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
@@ -14790,8 +14853,7 @@ CVE-2019-3856 [Possible integer overflow in keyboard interactive handling allows
 	NOTE: https://www.libssh2.org/CVE-2019-3856.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
 	NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3855 [Possible integer overflow in transport read allows out-of-bounds write]
-	RESERVED
+CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds write wa ...)
 	- libssh2 <unfixed> (bug #924965)
 	NOTE: https://www.libssh2.org/CVE-2019-3855.html
 	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
@@ -19879,14 +19941,14 @@ CVE-2018-20036
 	RESERVED
 CVE-2018-20035
 	RESERVED
-CVE-2018-20034
-	RESERVED
+CVE-2018-20034 (A Denial of Service vulnerability related to adding an item to a list  ...)
+	TODO: check
 CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon compo ...)
 	NOT-FOR-US: FlexNet Publisher
-CVE-2018-20032
-	RESERVED
-CVE-2018-20031
-	RESERVED
+CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in lmgrd ...)
+	TODO: check
+CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion  ...)
+	TODO: check
 CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
 	- libexif 0.6.21-5.1 (bug #918730)
 	[stretch] - libexif <no-dsa> (Minor issue)
@@ -27539,8 +27601,8 @@ CVE-2018-18915 (There is an infinite loop in the Exiv2::Image::printIFDStructure
 	NOTE: https://github.com/Exiv2/exiv2/issues/511
 CVE-2018-18914
 	RESERVED
-CVE-2018-18913
-	RESERVED
+CVE-2018-18913 (Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacki ...)
+	TODO: check
 CVE-2018-18912
 	RESERVED
 CVE-2018-18911
@@ -168309,10 +168371,10 @@ CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway
 	NOT-FOR-US: CODESYS Gateway Server
 CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in FileD ...)
 	NOT-FOR-US: FileDownloadServlet
-CVE-2015-6458
-	RESERVED
-CVE-2015-6457
-	RESERVED
+CVE-2015-6458 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow conditi ...)
+	TODO: check
+CVE-2015-6457 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow conditi ...)
+	TODO: check
 CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1. ...)
 	NOT-FOR-US: PulseNET
 CVE-2015-6455



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/087a3d002114cade6ee540f2669099724881cb09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/087a3d002114cade6ee540f2669099724881cb09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190322/6783e324/attachment-0001.html>
