[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 18 20:10:42 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2dc8499a by security tracker role at 2019-11-18T20:10:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...)
+ TODO: check
+CVE-2019-19112
+ RESERVED
+CVE-2019-19111
+ RESERVED
+CVE-2019-19110
+ RESERVED
+CVE-2019-19109
+ RESERVED
+CVE-2019-19108
+ RESERVED
+CVE-2019-19107
+ RESERVED
+CVE-2019-19106
+ RESERVED
+CVE-2019-19105
+ RESERVED
+CVE-2019-19104
+ RESERVED
+CVE-2019-19103
+ RESERVED
+CVE-2019-19102
+ RESERVED
+CVE-2019-19101
+ RESERVED
+CVE-2019-19100
+ RESERVED
+CVE-2019-19099
+ RESERVED
+CVE-2019-19098
+ RESERVED
+CVE-2019-19097
+ RESERVED
+CVE-2019-19096
+ RESERVED
+CVE-2019-19095
+ RESERVED
+CVE-2019-19094
+ RESERVED
+CVE-2019-19093
+ RESERVED
+CVE-2019-19092
+ RESERVED
+CVE-2019-19091
+ RESERVED
+CVE-2019-19090
+ RESERVED
+CVE-2019-19089
+ RESERVED
+CVE-2019-19088
+ RESERVED
+CVE-2019-19087
+ RESERVED
+CVE-2019-19086
+ RESERVED
+CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus Serve ...)
+ TODO: check
+CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with ...)
+ TODO: check
+CVE-2018-21031 (Plex Media Server 1.18.2.2029-36236cc4c allows remote attackers to byp ...)
+ TODO: check
+CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. ...)
+ TODO: check
+CVE-2011-5330 (Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. ...)
+ TODO: check
CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/gpu/drm ...)
TODO: check
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under drivers/gpu/dr ...)
@@ -458,6 +524,7 @@ CVE-2019-18876
CVE-2019-18875
RESERVED
CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free. This ...)
+ {DLA-1998-1}
- python-psutil <unfixed> (bug #944605)
NOTE: https://github.com/giampaolo/psutil/pull/1616
CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...)
@@ -8059,10 +8126,10 @@ CVE-2019-17060
RESERVED
CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam firewall applia ...)
NOT-FOR-US: Sophos
-CVE-2019-17058
- RESERVED
-CVE-2019-17057
- RESERVED
+CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary file uplo ...)
+ TODO: check
+CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...)
+ TODO: check
CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...)
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
@@ -11215,7 +11282,7 @@ CVE-2019-15905
CVE-2019-15904
RESERVED
CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...)
- {DSA-4571-1 DSA-4549-1 DSA-4530-1 DLA-1987-1 DLA-1912-1}
+ {DSA-4571-1 DSA-4549-1 DSA-4530-1 DLA-1997-1 DLA-1987-1 DLA-1912-1}
- expat 2.2.7-2 (bug #939394)
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -14468,6 +14535,7 @@ CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and An
NOTE: https://github.com/ansible/ansible/pull/63405
CVE-2019-14857
RESERVED
+ {DLA-1996-1}
- libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -15609,8 +15677,8 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c
[stretch] - open-cobol <no-dsa> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
-CVE-2019-14467
- RESERVED
+CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...)
+ TODO: check
CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection.]
RESERVED
{DLA-1905-1}
@@ -22965,8 +23033,8 @@ CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remot
- serendipity <removed>
CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the ...)
NOT-FOR-US: osClass
-CVE-2019-12311
- RESERVED
+CVE-2019-12311 (Sandline Centraleyezer (On Premises) allows Unrestricted File Upload l ...)
+ TODO: check
CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monit ...)
NOT-FOR-US: ExaGrid appliances
CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by ...)
@@ -22995,8 +23063,8 @@ CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submit
[stretch] - buildbot <not-affected> (Vulnerable code introduced later)
[jessie] - buildbot <not-affected> (Vulnerable code got added later)
NOTE: https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication
-CVE-2019-12299
- RESERVED
+CVE-2019-12299 (Sandline Centraleyezer (On Premises) allows Stored XSS using HTML enti ...)
+ TODO: check
CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
NOT-FOR-US: Leanify
CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...)
@@ -23064,8 +23132,8 @@ CVE-2019-12273
RESERVED
CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
NOT-FOR-US: OpenWrt LuCI
-CVE-2019-12271
- RESERVED
+CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...)
+ TODO: check
CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...)
NOT-FOR-US: OpenText Brava!
CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...)
@@ -24323,7 +24391,7 @@ CVE-2019-11765
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765
CVE-2019-11764
RESERVED
- {DSA-4571-1 DSA-4549-1 DLA-1987-1}
+ {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- thunderbird 1:68.2.1-1
@@ -24332,7 +24400,7 @@ CVE-2019-11764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764
CVE-2019-11763
RESERVED
- {DSA-4571-1 DSA-4549-1 DLA-1987-1}
+ {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- thunderbird 1:68.2.1-1
@@ -24341,7 +24409,7 @@ CVE-2019-11763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
CVE-2019-11762
RESERVED
- {DSA-4571-1 DSA-4549-1 DLA-1987-1}
+ {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- thunderbird 1:68.2.1-1
@@ -24350,7 +24418,7 @@ CVE-2019-11762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
CVE-2019-11761
RESERVED
- {DSA-4571-1 DSA-4549-1 DLA-1987-1}
+ {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- thunderbird 1:68.2.1-1
@@ -24359,7 +24427,7 @@ CVE-2019-11761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
CVE-2019-11760
RESERVED
- {DSA-4571-1 DSA-4549-1 DLA-1987-1}
+ {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- thunderbird 1:68.2.1-1
@@ -24368,7 +24436,7 @@ CVE-2019-11760
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760
CVE-2019-11759
RESERVED
- {DSA-4571-1 DSA-4549-1 DLA-1987-1}
+ {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- thunderbird 1:68.2.1-1
@@ -24383,7 +24451,7 @@ CVE-2019-11758
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
CVE-2019-11757
RESERVED
- {DSA-4571-1 DSA-4549-1 DLA-1987-1}
+ {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- thunderbird 1:68.2.1-1
@@ -24393,7 +24461,7 @@ CVE-2019-11757
CVE-2019-11756
RESERVED
CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...)
- {DSA-4571-1}
+ {DSA-4571-1 DLA-1997-1}
[experimental] - thunderbird 1:68.1.1-1~exp1
- thunderbird 1:68.2.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-32/#CVE-2019-11755
@@ -28850,8 +28918,8 @@ CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 intro
[jessie] - libxstream-java <not-affected> (Regression introduced in 1.4.10)
NOTE: http://x-stream.github.io/changes.html#1.4.11
NOTE: Regression introduced and present only in 1.4.10.
-CVE-2019-10172
- RESERVED
+CVE-2019-10172 (A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...)
+ TODO: check
CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base, versions ...)
- 389-ds-base <not-affected> (Incomplete RHEL backport)
CVE-2019-10170
@@ -31167,7 +31235,7 @@ CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12
NOTE: Actual vulnerability description is (https://lgtm.com/security/):
NOTE: "Denial of service due to quadratic call to strstr in srtdec.c"
NOTE: Using strstr is not an actual DoS
-CVE-2019-9719 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...)
+CVE-2019-9719 (** DISPUTED ** A stack-based buffer overflow in the subtitle decoder i ...)
- libav <undetermined>
NOTE: Generic low-certainty warning about snprintf usage without rationale
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...)
@@ -40740,8 +40808,8 @@ CVE-2018-20689
RESERVED
CVE-2018-20688
RESERVED
-CVE-2018-20687
- RESERVED
+CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...)
+ TODO: check
CVE-2018-20686
RESERVED
CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...)
@@ -41937,8 +42005,8 @@ CVE-2019-5690 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2019-5689 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
NOT-FOR-US: NVIDIA GeForce Experience
-CVE-2019-5688
- RESERVED
+CVE-2019-5688 (NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool ...)
+ TODO: check
CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5686 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
@@ -43223,10 +43291,10 @@ CVE-2019-5104
RESERVED
CVE-2019-5103
RESERVED
-CVE-2019-5102
- RESERVED
-CVE-2019-5101
- RESERVED
+CVE-2019-5102 (An exploitable information leak vulnerability exists in the ustream-ss ...)
+ TODO: check
+CVE-2019-5101 (An exploitable information leak vulnerability exists in the ustream-ss ...)
+ TODO: check
CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP header ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...)
@@ -47113,10 +47181,10 @@ CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE produ
NOT-FOR-US: ZTE
CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
NOT-FOR-US: ZTE
-CVE-2019-3424
- RESERVED
-CVE-2019-3423
- RESERVED
+CVE-2019-3424 (authentication issues vulnerability, which exists in V2.1.14 and below ...)
+ TODO: check
+CVE-2019-3423 (permission and access control vulnerability, which exists in V2.1.14 a ...)
+ TODO: check
CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure vulner ...)
NOT-FOR-US: ZTE
CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
@@ -73984,8 +74052,8 @@ CVE-2018-13258 (Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provi
- mediawiki <not-affected> (Affected upstream tarball was never used)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T199029
-CVE-2018-13257
- RESERVED
+CVE-2018-13257 (The bb-auth-provider-cas authentication module within Blackboard Learn ...)
+ TODO: check
CVE-2018-13256 (PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or fir ...)
NOT-FOR-US: PHP Scripts Mall Auditor Website
CVE-2018-13255
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2dc8499a63ed077bf9c2434a384302cc4957ef42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2dc8499a63ed077bf9c2434a384302cc4957ef42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191118/f74b480d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list