[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Oct 1 21:11:23 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26b2e6d9 by security tracker role at 2019-10-01T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,52 @@
-CVE-2019-17056 [nfc: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17074 (An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in t ...)
+	TODO: check
+CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to delete ar ...)
+	TODO: check
+CVE-2019-17072
+	RESERVED
+CVE-2019-17071
+	RESERVED
+CVE-2019-17070
+	RESERVED
+CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...)
+	TODO: check
+CVE-2019-17068 (PuTTY before 0.73 mishandles the "bracketed paste mode" protection mec ...)
+	TODO: check
+CVE-2019-17067 (PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...)
+	TODO: check
+CVE-2019-17066
+	RESERVED
+CVE-2019-17065
+	RESERVED
+CVE-2019-17064 (Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog ...)
+	TODO: check
+CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can ...)
+	TODO: check
+CVE-2019-17062
+	RESERVED
+CVE-2019-17061
+	RESERVED
+CVE-2019-17060
+	RESERVED
+CVE-2019-17059
+	RESERVED
+CVE-2019-17058
+	RESERVED
+CVE-2019-17057
+	RESERVED
+CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
-CVE-2019-17055 [mISDN: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80
-CVE-2019-17054 [appletalk: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
-CVE-2019-17053 [ieee802154: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 netw ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef
-CVE-2019-17052 [ax25: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c
 CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...)
@@ -238,10 +274,10 @@ CVE-2019-16945
 	RESERVED
 CVE-2019-16944
 	RESERVED
-CVE-2019-16943
-	RESERVED
-CVE-2019-16942
-	RESERVED
+CVE-2019-16943 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+	TODO: check
+CVE-2019-16942 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+	TODO: check
 CVE-2019-16941 (NSA Ghidra through 9.0.4, when experimental mode is enabled, allows ar ...)
 	- ghidra <itp> (bug #923851)
 CVE-2019-16940
@@ -1364,8 +1400,8 @@ CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_wait
 	NOT-FOR-US: libIEC61850
 CVE-2019-16509
 	RESERVED
-CVE-2019-16508
-	RESERVED
+CVE-2019-16508 (The Imagination Technologies driver for Chrome OS before R74-11895.B,  ...)
+	TODO: check
 CVE-2019-16507
 	RESERVED
 CVE-2019-16506
@@ -2919,8 +2955,8 @@ CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may all
 	NOTE: Vulnerability exists pre-2.0 versions, but as restrictions on OIDC federation
 	NOTE: were added only in 2.0 the vulnerability has no effect. The vulnerability
 	NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC before)
-CVE-2019-15940
-	RESERVED
+CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...)
+	TODO: check
 CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
 	TODO: check
 CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
@@ -5608,16 +5644,16 @@ CVE-2019-15044
 	RESERVED
 CVE-2019-15043 (In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow u ...)
 	- grafana <removed>
-CVE-2019-15042
-	RESERVED
+CVE-2019-15042 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL  ...)
+	TODO: check
 CVE-2019-15041
 	RESERVED
 CVE-2019-15040
 	RESERVED
-CVE-2019-15039
-	RESERVED
-CVE-2019-15038
-	RESERVED
+CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possi ...)
+	TODO: check
+CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity s ...)
+	TODO: check
 CVE-2019-15037
 	RESERVED
 CVE-2019-15036
@@ -5864,26 +5900,26 @@ CVE-2019-14963
 	RESERVED
 CVE-2019-14962
 	RESERVED
-CVE-2019-14961
-	RESERVED
-CVE-2019-14960
-	RESERVED
+CVE-2019-14961 (JetBrains Upsource before 2019.1.1412 was not properly escaping HTML t ...)
+	TODO: check
+CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider. ...)
+	TODO: check
 CVE-2019-14959
 	RESERVED
 CVE-2019-14958
 	RESERVED
-CVE-2019-14957
-	RESERVED
+CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing individual pr ...)
+	TODO: check
 CVE-2019-14956
 	RESERVED
-CVE-2019-14955
-	RESERVED
-CVE-2019-14954
-	RESERVED
-CVE-2019-14953
-	RESERVED
-CVE-2019-14952
-	RESERVED
+CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was no opti ...)
+	TODO: check
+CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...)
+	TODO: check
+CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible XSS thr ...)
+	TODO: check
+CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in  ...)
+	TODO: check
 CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...)
 	NOT-FOR-US: Telenav Scout GPS Link app
 CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...)
@@ -11565,6 +11601,7 @@ CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_suppli
 	NOTE: "added support for Brainpool Elliptic Curves with SAE"
 	NOTE: Patches: https://w1.fi/security/2019-6/
 CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration Control P ...)
+	{DLA-1942-1}
 	- phpbb3 <removed>
 	NOTE: https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
 	NOTE: fixed in 3.2.8 as 'SECURITY-246'
@@ -17326,8 +17363,8 @@ CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
 	NOT-FOR-US: Pivotal
-CVE-2019-11275
-	RESERVED
+CVE-2019-11275 (Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versi ...)
+	TODO: check
 CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS a ...)
 	NOT-FOR-US: Cloud Foundry UAA
 CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and ve ...)
@@ -19485,20 +19522,15 @@ CVE-2019-10437
 	RESERVED
 CVE-2019-10436
 	RESERVED
-CVE-2019-10435
-	RESERVED
+CVE-2019-10435 (Jenkins SourceGear Vault Plugin transmits configured credentials in pl ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-10434
-	RESERVED
+CVE-2019-10434 (Jenkins LDAP Email Plugin transmits configured credentials in plain te ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-10433
-	RESERVED
+CVE-2019-10433 (Jenkins Dingding[钉钉] Plugin stores credentials unencrypt ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-10432
-	RESERVED
+CVE-2019-10432 (Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the proj ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-10431
-	RESERVED
+CVE-2019-10431 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored  ...)
 	NOT-FOR-US: Jenkins plugin
@@ -20096,8 +20128,7 @@ CVE-2019-10203 [PowerDNS Security Advisory 2019-06: Denial of service via crafte
 	NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update
 	NOTE: needs to be performed.
 	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html
-CVE-2019-10202
-	RESERVED
+CVE-2019-10202 (A series of deserialization vulnerabilities have been discovered in Co ...)
 	NOT-FOR-US: Codehaus
 CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 6.0.1, did no ...)
 	NOT-FOR-US: Keycloak
@@ -27913,8 +27944,8 @@ CVE-2019-7620
 	RESERVED
 CVE-2019-7619
 	RESERVED
-CVE-2019-7618
-	RESERVED
+CVE-2019-7618 (A local file disclosure flaw was found in Elastic Code versions 7.3.0, ...)
+	TODO: check
 CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is run as  ...)
 	NOT-FOR-US: Elastic APM agent for Python
 CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...)
@@ -35643,14 +35674,14 @@ CVE-2019-4499
 	RESERVED
 CVE-2019-4498
 	RESERVED
-CVE-2019-4497
-	RESERVED
+CVE-2019-4497 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
+	TODO: check
 CVE-2019-4496
 	RESERVED
-CVE-2019-4495
-	RESERVED
-CVE-2019-4494
-	RESERVED
+CVE-2019-4495 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
+	TODO: check
+CVE-2019-4494 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
+	TODO: check
 CVE-2019-4493
 	RESERVED
 CVE-2019-4492
@@ -36145,8 +36176,8 @@ CVE-2019-4248
 	RESERVED
 CVE-2019-4247
 	RESERVED
-CVE-2019-4246
-	RESERVED
+CVE-2019-4246 (IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal para ...)
+	TODO: check
 CVE-2019-4245
 	RESERVED
 CVE-2019-4244



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26b2e6d90a4f50d0ac292ba077e0f18b03607d6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26b2e6d90a4f50d0ac292ba077e0f18b03607d6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/21e0a988/attachment.html>


More information about the debian-security-tracker-commits mailing list