[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 15 08:10:33 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f44430af by security tracker role at 2019-11-15T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-18988
+ RESERVED
+CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...)
+ TODO: check
+CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...)
+ TODO: check
+CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA token. ...)
+ TODO: check
+CVE-2019-18984
+ RESERVED
+CVE-2019-18983
+ RESERVED
+CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore be ...)
+ TODO: check
+CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scen ...)
+ TODO: check
+CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...)
+ TODO: check
+CVE-2019-18979
+ RESERVED
+CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
+ TODO: check
+CVE-2019-18977
+ RESERVED
+CVE-2019-18976
+ RESERVED
CVE-2019-18975
RESERVED
CVE-2019-18974
@@ -92,8 +118,7 @@ CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web
NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users ...)
NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
-CVE-2019-18928 [unauthenticated HTTP requests no longer inherit authentication from the previous request on the same connection]
- RESERVED
+CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege ...)
- cyrus-imapd 3.0.12-1
NOTE: Fixed in 3.0.12 and 2.5.14 upstream
CVE-2019-18927
@@ -2913,8 +2938,8 @@ CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Fr
NOT-FOR-US: Avast
CVE-2019-18652
RESERVED
-CVE-2019-18651
- RESERVED
+CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias ...)
+ TODO: check
CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...)
NOT-FOR-US: Joomla!
CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
@@ -7099,8 +7124,8 @@ CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to th
NOT-FOR-US: Tomedo Server
CVE-2019-17392
RESERVED
-CVE-2019-17391
- RESERVED
+CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...)
+ TODO: check
CVE-2019-17390
RESERVED
CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles erro ...)
@@ -11228,18 +11253,18 @@ CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-1
NOT-FOR-US: CommScope ARRIS TR4400 devices
CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...)
NOT-FOR-US: CommScope ARRIS TR4400 devices
-CVE-2019-15804
- RESERVED
-CVE-2019-15803
- RESERVED
-CVE-2019-15802
- RESERVED
-CVE-2019-15801
- RESERVED
-CVE-2019-15800
- RESERVED
-CVE-2019-15799
- RESERVED
+CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
+ TODO: check
+CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
+ TODO: check
+CVE-2019-15802 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
+ TODO: check
+CVE-2019-15801 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
+ TODO: check
+CVE-2019-15800 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
+ TODO: check
+CVE-2019-15799 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
+ TODO: check
CVE-2019-15798
RESERVED
CVE-2019-15797
@@ -14167,6 +14192,7 @@ CVE-2019-14870
RESERVED
CVE-2019-14869 [-dSAFER escape in .charkeys]
RESERVED
+ {DSA-4569-1 DLA-1992-1}
- ghostscript <unfixed> (bug #944760)
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701841
@@ -14788,8 +14814,8 @@ CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3
NOT-FOR-US: Wordpress plugin
CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-14678
- RESERVED
+CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability tha ...)
+ TODO: check
CVE-2019-14677
RESERVED
CVE-2019-14676
@@ -23660,8 +23686,8 @@ CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2
NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...)
NOT-FOR-US: libpl_droidsonroids_gif
-CVE-2019-11931
- RESERVED
+CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp by sendin ...)
+ TODO: check
CVE-2019-11930
RESERVED
CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format ...)
@@ -46744,6 +46770,7 @@ CVE-2019-3467
RESERVED
CVE-2019-3466
RESERVED
+ {DSA-4568-1}
- postgresql-common 210
CVE-2019-3465 (Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ...)
{DSA-4560-1 DLA-1983-1}
@@ -57887,8 +57914,8 @@ CVE-2018-19270
REJECTED
CVE-2019-0185 (Insufficient access control in protected memory subsystem for SMM for ...)
TODO: check
-CVE-2019-0184
- RESERVED
+CVE-2019-0184 (Insufficient access control in protected memory subsystem for Intel(R) ...)
+ TODO: check
CVE-2019-0183 (Insufficient password protection in the attestation database for Open ...)
NOT-FOR-US: Open CIT
CVE-2019-0182 (Insufficient password protection in the attestation database for Open ...)
@@ -252907,13 +252934,11 @@ CVE-2013-4110 (Cryptocat has an Unspecified Chat Participant User List Disclosur
NOT-FOR-US: Cryptocat
CVE-2013-4109 (An unspecified cross-site scripting (XSS) vulnerability exists in Cryp ...)
NOT-FOR-US: Cryptocat
-CVE-2013-4108
- RESERVED
+CVE-2013-4108 (Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2. ...)
NOT-FOR-US: Cryptocat
CVE-2013-4107 (Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site ...)
NOT-FOR-US: Cryptocat
-CVE-2013-4106
- RESERVED
+CVE-2013-4106 (A Cross-site scripting (XSS) vulnerability exists in Conversation Over ...)
NOT-FOR-US: Cryptocat
CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information D ...)
NOT-FOR-US: Cryptocat
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44430af9caa5e7abe5a311b1db5925e665f1aa2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44430af9caa5e7abe5a311b1db5925e665f1aa2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191115/ffb4445b/attachment.html>
More information about the debian-security-tracker-commits
mailing list