[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 7 20:10:28 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da464852 by security tracker role at 2019-11-07T20:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-18817
+ RESERVED
+CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...)
+ TODO: check
+CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
+ TODO: check
+CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a ...)
+ TODO: check
+CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...)
+ TODO: check
+CVE-2019-18812 (A memory leak in the sof_dfsentry_write() function in sound/soc/sof/de ...)
+ TODO: check
+CVE-2019-18811 (A memory leak in the sof_set_get_large_ctrl_data() function in sound/s ...)
+ TODO: check
+CVE-2019-18810 (A memory leak in the komeda_wb_connector_add() function in drivers/gpu ...)
+ TODO: check
+CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers/media ...)
+ TODO: check
+CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...)
+ TODO: check
+CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...)
+ TODO: check
+CVE-2019-18806 (A memory leak in the ql_alloc_large_buffers() function in drivers/net/ ...)
+ TODO: check
+CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux ker ...)
+ TODO: check
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
- djvulibre <unfixed>
NOTE: https://sourceforge.net/p/djvu/bugs/309/
@@ -2424,7 +2450,7 @@ CVE-2019-18686
REJECTED
CVE-2019-18685
REJECTED
-CVE-2019-18684 (Sudo through 1.8.29 allows local users to escalate to root if they hav ...)
+CVE-2019-18684 (** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to r ...)
- sudo <unfixed> (unimportant)
NOTE: https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd
NOTE: Issue is bogus and a non-security issue (confirmed by upstream and in progress
@@ -5937,10 +5963,10 @@ CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername param
NOT-FOR-US: HongCMS
CVE-2019-17606 (The Post editor functionality in the hexo-admin plugin versions 2.3.0 ...)
NOT-FOR-US: hexo-admin Node module
-CVE-2019-17605
- RESERVED
-CVE-2019-17604
- RESERVED
+CVE-2019-17605 (A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 ...)
+ TODO: check
+CVE-2019-17604 (An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms e ...)
+ TODO: check
CVE-2019-17603
RESERVED
CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...)
@@ -6079,7 +6105,7 @@ CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Inj
NOT-FOR-US: MetInfo
CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-17551 (Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS ...)
+CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an atta ...)
NOT-FOR-US: Apak Wholesale Floorplanning Finance
CVE-2019-17550
RESERVED
@@ -6187,6 +6213,7 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug
NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)
+ {DLA-1984-1}
- gdal 2.4.2+dfsg-2
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
@@ -7022,8 +7049,8 @@ CVE-2019-17224 (The web interface of the Compal Broadband CH7465LG modem (versio
NOT-FOR-US: Compal Broadband CH7465LG modem
CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 v ...)
- dolibarr <removed>
-CVE-2019-17222
- RESERVED
+CVE-2019-17222 (An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is ...)
+ TODO: check
CVE-2019-17221 (PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ...)
- phantomjs <unfixed>
NOTE: https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/
@@ -7847,20 +7874,20 @@ CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rus
NOT-FOR-US: Rust linea crate
CVE-2019-16879
RESERVED
-CVE-2019-16878
- RESERVED
-CVE-2019-16877
- RESERVED
-CVE-2019-16876
- RESERVED
+CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...)
+ TODO: check
+CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...)
+ TODO: check
+CVE-2019-16876 (Portainer before 1.22.1 allows Directory Traversal. ...)
+ TODO: check
CVE-2019-16875
RESERVED
-CVE-2019-16874
- RESERVED
-CVE-2019-16873
- RESERVED
-CVE-2019-16872
- RESERVED
+CVE-2019-16874 (Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). ...)
+ TODO: check
+CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...)
+ TODO: check
+CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...)
+ TODO: check
CVE-2019-16871
RESERVED
CVE-2019-16870
@@ -22129,8 +22156,8 @@ CVE-2019-12333
RESERVED
CVE-2019-12332
RESERVED
-CVE-2019-12331
- RESERVED
+CVE-2019-12331 (PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner ...)
+ TODO: check
CVE-2019-12330
RESERVED
CVE-2019-12329
@@ -23013,8 +23040,8 @@ CVE-2019-11998
RESERVED
CVE-2019-11997
RESERVED
-CVE-2019-11996
- RESERVED
+CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE Nimbl ...)
+ TODO: check
CVE-2019-11995
RESERVED
CVE-2019-11994
@@ -39151,8 +39178,8 @@ CVE-2019-6342
CVE-2019-6340 (Some field types do not properly sanitize data from non-form sources i ...)
- drupal7 <not-affected> (Drupal 7 core not affected)
NOTE: https://www.drupal.org/sa-core-2019-003
-CVE-2019-6337
- RESERVED
+CVE-2019-6337 (For the printers listed a maliciously crafted print file might cause c ...)
+ TODO: check
CVE-2019-6336
RESERVED
CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...)
@@ -45345,8 +45372,8 @@ CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restri
NOT-FOR-US: EMC
CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...)
NOT-FOR-US: EMC
-CVE-2019-3764
- RESERVED
+CVE-2019-3764 (Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior ...)
+ TODO: check
CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
NOT-FOR-US: RSA
CVE-2019-3762
@@ -281320,15 +281347,13 @@ CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does no
- apache2 2.2.22-1 (low)
CVE-2012-0052 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...)
NOT-FOR-US: JBoss Operations Network
-CVE-2012-0051
- RESERVED
+CVE-2012-0051 (Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attacke ...)
- tahoe-lafs <not-affected> (Only affects 1.9.0, not uploaded to the archive)
CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...)
{DSA-2392-1}
- openssl 1.0.0g-1
NOTE: http://www.openssl.org/news/secadv/20120118.txt
-CVE-2012-0049
- RESERVED
+CVE-2012-0049 (OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) t ...)
{DSA-2524-1}
- openttd 1.1.5-1 (low)
NOTE: http://vcs.openttd.org/svn/changeset/23764
@@ -287304,8 +287329,8 @@ CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-mi
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...)
TODO: check
-CVE-2011-2807
- RESERVED
+CVE-2011-2807 (Incorrect handling of timer information in Timer.cpp in WebKit in Goog ...)
+ TODO: check
CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle ...)
- chromium-browser <not-affected> (It's in Windows-specific code)
CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...)
@@ -288625,8 +288650,8 @@ CVE-2011-2355
RESERVED
CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2011-2353
- RESERVED
+CVE-2011-2353 (Use after free vulnerability in documentloader in WebKit in Google Chr ...)
+ TODO: check
CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
@@ -288671,10 +288696,10 @@ CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-mi
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2011-2337
- RESERVED
-CVE-2011-2336
- RESERVED
+CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in Googl ...)
+ TODO: check
+CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...)
+ TODO: check
CVE-2011-2335
RESERVED
CVE-2011-2334
@@ -302164,8 +302189,7 @@ CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and
CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in ...)
{DSA-2086-1}
- avahi 0.6.26-1
-CVE-2010-2243 [timekeeping oops]
- RESERVED
+CVE-2010-2243 (A vulnerability exists in kernel/time/clocksource.c in the Linux kerne ...)
- linux-2.6 2.6.32-11
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...)
@@ -306445,19 +306469,16 @@ CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware S
CVE-2010-XXXX [argyll unsafe udev rules]
- argyll <not-affected> (issue with redhat-specific changes to the package)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
-CVE-2010-2473 [Blocked user session regeneration]
- RESERVED
+CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly b ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2472 [Locale module cross site scripting]
- RESERVED
+CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2250 [Installation cross site scripting]
- RESERVED
+CVE-2010-2250 (Drupal 6.x before 6.16 uses a user-supplied value in output during sit ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da4648521382ec04c4c370bb5c90251717a65f9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da4648521382ec04c4c370bb5c90251717a65f9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191107/a41c3554/attachment.html>
More information about the debian-security-tracker-commits
mailing list