[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 1 21:11:23 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26b2e6d9 by security tracker role at 2019-10-01T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,52 @@
-CVE-2019-17056 [nfc: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17074 (An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in t ...)
+ TODO: check
+CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to delete ar ...)
+ TODO: check
+CVE-2019-17072
+ RESERVED
+CVE-2019-17071
+ RESERVED
+CVE-2019-17070
+ RESERVED
+CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...)
+ TODO: check
+CVE-2019-17068 (PuTTY before 0.73 mishandles the "bracketed paste mode" protection mec ...)
+ TODO: check
+CVE-2019-17067 (PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...)
+ TODO: check
+CVE-2019-17066
+ RESERVED
+CVE-2019-17065
+ RESERVED
+CVE-2019-17064 (Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog ...)
+ TODO: check
+CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can ...)
+ TODO: check
+CVE-2019-17062
+ RESERVED
+CVE-2019-17061
+ RESERVED
+CVE-2019-17060
+ RESERVED
+CVE-2019-17059
+ RESERVED
+CVE-2019-17058
+ RESERVED
+CVE-2019-17057
+ RESERVED
+CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
-CVE-2019-17055 [mISDN: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80
-CVE-2019-17054 [appletalk: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
-CVE-2019-17053 [ieee802154: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 netw ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef
-CVE-2019-17052 [ax25: enforce CAP_NET_RAW for raw sockets]
+CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c
CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...)
@@ -238,10 +274,10 @@ CVE-2019-16945
RESERVED
CVE-2019-16944
RESERVED
-CVE-2019-16943
- RESERVED
-CVE-2019-16942
- RESERVED
+CVE-2019-16943 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+ TODO: check
+CVE-2019-16942 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+ TODO: check
CVE-2019-16941 (NSA Ghidra through 9.0.4, when experimental mode is enabled, allows ar ...)
- ghidra <itp> (bug #923851)
CVE-2019-16940
@@ -1364,8 +1400,8 @@ CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_wait
NOT-FOR-US: libIEC61850
CVE-2019-16509
RESERVED
-CVE-2019-16508
- RESERVED
+CVE-2019-16508 (The Imagination Technologies driver for Chrome OS before R74-11895.B, ...)
+ TODO: check
CVE-2019-16507
RESERVED
CVE-2019-16506
@@ -2919,8 +2955,8 @@ CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may all
NOTE: Vulnerability exists pre-2.0 versions, but as restrictions on OIDC federation
NOTE: were added only in 2.0 the vulnerability has no effect. The vulnerability
NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC before)
-CVE-2019-15940
- RESERVED
+CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...)
+ TODO: check
CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
TODO: check
CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in ...)
@@ -5608,16 +5644,16 @@ CVE-2019-15044
RESERVED
CVE-2019-15043 (In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow u ...)
- grafana <removed>
-CVE-2019-15042
- RESERVED
+CVE-2019-15042 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL ...)
+ TODO: check
CVE-2019-15041
RESERVED
CVE-2019-15040
RESERVED
-CVE-2019-15039
- RESERVED
-CVE-2019-15038
- RESERVED
+CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possi ...)
+ TODO: check
+CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity s ...)
+ TODO: check
CVE-2019-15037
RESERVED
CVE-2019-15036
@@ -5864,26 +5900,26 @@ CVE-2019-14963
RESERVED
CVE-2019-14962
RESERVED
-CVE-2019-14961
- RESERVED
-CVE-2019-14960
- RESERVED
+CVE-2019-14961 (JetBrains Upsource before 2019.1.1412 was not properly escaping HTML t ...)
+ TODO: check
+CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider. ...)
+ TODO: check
CVE-2019-14959
RESERVED
CVE-2019-14958
RESERVED
-CVE-2019-14957
- RESERVED
+CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing individual pr ...)
+ TODO: check
CVE-2019-14956
RESERVED
-CVE-2019-14955
- RESERVED
-CVE-2019-14954
- RESERVED
-CVE-2019-14953
- RESERVED
-CVE-2019-14952
- RESERVED
+CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was no opti ...)
+ TODO: check
+CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...)
+ TODO: check
+CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible XSS thr ...)
+ TODO: check
+CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in ...)
+ TODO: check
CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...)
NOT-FOR-US: Telenav Scout GPS Link app
CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...)
@@ -11565,6 +11601,7 @@ CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_suppli
NOTE: "added support for Brainpool Elliptic Curves with SAE"
NOTE: Patches: https://w1.fi/security/2019-6/
CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration Control P ...)
+ {DLA-1942-1}
- phpbb3 <removed>
NOTE: https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
NOTE: fixed in 3.2.8 as 'SECURITY-246'
@@ -17326,8 +17363,8 @@ CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11
NOT-FOR-US: Cloud Foundry
CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
NOT-FOR-US: Pivotal
-CVE-2019-11275
- RESERVED
+CVE-2019-11275 (Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versi ...)
+ TODO: check
CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS a ...)
NOT-FOR-US: Cloud Foundry UAA
CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and ve ...)
@@ -19485,20 +19522,15 @@ CVE-2019-10437
RESERVED
CVE-2019-10436
RESERVED
-CVE-2019-10435
- RESERVED
+CVE-2019-10435 (Jenkins SourceGear Vault Plugin transmits configured credentials in pl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10434
- RESERVED
+CVE-2019-10434 (Jenkins LDAP Email Plugin transmits configured credentials in plain te ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10433
- RESERVED
+CVE-2019-10433 (Jenkins Dingding[钉钉] Plugin stores credentials unencrypt ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10432
- RESERVED
+CVE-2019-10432 (Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the proj ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10431
- RESERVED
+CVE-2019-10431 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored ...)
NOT-FOR-US: Jenkins plugin
@@ -20096,8 +20128,7 @@ CVE-2019-10203 [PowerDNS Security Advisory 2019-06: Denial of service via crafte
NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update
NOTE: needs to be performed.
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html
-CVE-2019-10202
- RESERVED
+CVE-2019-10202 (A series of deserialization vulnerabilities have been discovered in Co ...)
NOT-FOR-US: Codehaus
CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 6.0.1, did no ...)
NOT-FOR-US: Keycloak
@@ -27913,8 +27944,8 @@ CVE-2019-7620
RESERVED
CVE-2019-7619
RESERVED
-CVE-2019-7618
- RESERVED
+CVE-2019-7618 (A local file disclosure flaw was found in Elastic Code versions 7.3.0, ...)
+ TODO: check
CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is run as ...)
NOT-FOR-US: Elastic APM agent for Python
CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...)
@@ -35643,14 +35674,14 @@ CVE-2019-4499
RESERVED
CVE-2019-4498
RESERVED
-CVE-2019-4497
- RESERVED
+CVE-2019-4497 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
+ TODO: check
CVE-2019-4496
RESERVED
-CVE-2019-4495
- RESERVED
-CVE-2019-4494
- RESERVED
+CVE-2019-4495 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
+ TODO: check
+CVE-2019-4494 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
+ TODO: check
CVE-2019-4493
RESERVED
CVE-2019-4492
@@ -36145,8 +36176,8 @@ CVE-2019-4248
RESERVED
CVE-2019-4247
RESERVED
-CVE-2019-4246
- RESERVED
+CVE-2019-4246 (IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal para ...)
+ TODO: check
CVE-2019-4245
RESERVED
CVE-2019-4244
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26b2e6d90a4f50d0ac292ba077e0f18b03607d6e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26b2e6d90a4f50d0ac292ba077e0f18b03607d6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/21e0a988/attachment.html>
More information about the debian-security-tracker-commits
mailing list