[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 7 08:10:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54f501af by security tracker role at 2019-11-07T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
+ TODO: check
+CVE-2019-18803
+ RESERVED
+CVE-2019-18802
+ RESERVED
+CVE-2019-18801
+ RESERVED
CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...)
TODO: check
CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...)
@@ -3243,8 +3251,8 @@ CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation
NOT-FOR-US: TypeStack class-validator
CVE-2019-18412
RESERVED
-CVE-2019-18411
- RESERVED
+CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...)
+ TODO: check
CVE-2019-18410
RESERVED
CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...)
@@ -9038,10 +9046,10 @@ CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customer
NOT-FOR-US: Webkul Bagisto
CVE-2019-16402
RESERVED
-CVE-2019-16401
- RESERVED
-CVE-2019-16400
- RESERVED
+CVE-2019-16401 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...)
+ TODO: check
+CVE-2019-16400 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...)
+ TODO: check
CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers from Broke ...)
NOT-FOR-US: Western Digital
CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution ca ...)
@@ -13296,11 +13304,9 @@ CVE-2019-15006
RESERVED
CVE-2019-15005
RESERVED
-CVE-2019-15004
- RESERVED
+CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...)
NOT-FOR-US: Atlassian
-CVE-2019-15003
- RESERVED
+CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...)
NOT-FOR-US: Atlassian
CVE-2019-15002
RESERVED
@@ -17547,8 +17553,8 @@ CVE-2018-20855 (An issue was discovered in the Linux kernel before 4.18.7. In cr
CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20. drivers/phy/m ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
-CVE-2018-20853
- RESERVED
+CVE-2018-20853 (An issue was discovered in the MailPoet Newsletters (aka wysija-newsle ...)
+ TODO: check
CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS ...)
NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
CVE-2016-10762 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV ...)
@@ -21901,8 +21907,7 @@ CVE-2019-12421
RESERVED
CVE-2019-12420
RESERVED
-CVE-2019-12419
- RESERVED
+CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...)
NOT-FOR-US: Apache CFX
CVE-2019-12418
RESERVED
@@ -21928,8 +21933,7 @@ CVE-2019-12408
RESERVED
CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
-CVE-2019-12406
- RESERVED
+CVE-2019-12406 (Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of mes ...)
NOT-FOR-US: Apache CFX
CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...)
NOT-FOR-US: Apache Traffic Control
@@ -42233,8 +42237,8 @@ CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A succ
NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5126
RESERVED
-CVE-2019-5125
- RESERVED
+CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
+ TODO: check
CVE-2019-5124
RESERVED
CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube ...)
@@ -42283,10 +42287,10 @@ CVE-2019-5102
RESERVED
CVE-2019-5101
RESERVED
-CVE-2019-5100
- RESERVED
-CVE-2019-5099
- RESERVED
+CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP header ...)
+ TODO: check
+CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...)
+ TODO: check
CVE-2019-5098
RESERVED
CVE-2019-5097
@@ -42318,8 +42322,8 @@ CVE-2019-5086
RESERVED
CVE-2019-5085
RESERVED
-CVE-2019-5084
- RESERVED
+CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
+ TODO: check
CVE-2019-5083
RESERVED
CVE-2019-5082
@@ -219560,10 +219564,10 @@ CVE-2014-9028 (Heap-based buffer overflow in stream_decoder.c in libFLAC before
NOTE: Upstream patches:
NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
-CVE-2014-9014
- RESERVED
-CVE-2014-9013
- RESERVED
+CVE-2014-9014 (Directory traversal vulnerability in the ajaxinit function in wpmarket ...)
+ TODO: check
+CVE-2014-9013 (The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketp ...)
+ TODO: check
CVE-2014-9012
RESERVED
CVE-2014-9011
@@ -235178,8 +235182,8 @@ CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100
NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3)
-CVE-2014-3180
- RESERVED
+CVE-2014-3180 (** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as ...)
+ TODO: check
CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062 ...)
{DSA-3039-1}
- chromium-browser 37.0.2062.120-1
@@ -287292,8 +287296,8 @@ CVE-2011-2810
REJECTED
CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2011-2808
- RESERVED
+CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...)
+ TODO: check
CVE-2011-2807
RESERVED
CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle ...)
@@ -310997,13 +311001,11 @@ CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-
NOT-FOR-US: module for Drupal
CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, ...)
NOT-FOR-US: module for Drupal
-CVE-2009-5045 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5045 (Dump Servlet information leak in jetty before 6.1.22. ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5046 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54f501afffe4d4c958ec5a892f37a469550bfc2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54f501afffe4d4c958ec5a892f37a469550bfc2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191107/82b635c9/attachment.html>
More information about the debian-security-tracker-commits
mailing list