[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 4 21:10:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5e603b8 by security tracker role at 2019-10-04T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,102 @@
-CVE-2019-17133 [cfg80211: wext: Reject malformed SSID elements]
+CVE-2019-17179 (XSS in library/custom_template/add_template.php in OpenEMR through 5.0 ...)
+ TODO: check
+CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...)
+ TODO: check
+CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...)
+ TODO: check
+CVE-2019-17176
+ RESERVED
+CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path ...)
+ TODO: check
+CVE-2019-17174
+ RESERVED
+CVE-2019-17173
+ RESERVED
+CVE-2019-17172
+ RESERVED
+CVE-2019-17171
+ RESERVED
+CVE-2019-17170
+ RESERVED
+CVE-2019-17169
+ RESERVED
+CVE-2019-17168
+ RESERVED
+CVE-2019-17167
+ RESERVED
+CVE-2019-17166
+ RESERVED
+CVE-2019-17165
+ RESERVED
+CVE-2019-17164
+ RESERVED
+CVE-2019-17163
+ RESERVED
+CVE-2019-17162
+ RESERVED
+CVE-2019-17161
+ RESERVED
+CVE-2019-17160
+ RESERVED
+CVE-2019-17159
+ RESERVED
+CVE-2019-17158
+ RESERVED
+CVE-2019-17157
+ RESERVED
+CVE-2019-17156
+ RESERVED
+CVE-2019-17155
+ RESERVED
+CVE-2019-17154
+ RESERVED
+CVE-2019-17153
+ RESERVED
+CVE-2019-17152
+ RESERVED
+CVE-2019-17151
+ RESERVED
+CVE-2019-17150
+ RESERVED
+CVE-2019-17149
+ RESERVED
+CVE-2019-17148
+ RESERVED
+CVE-2019-17147
+ RESERVED
+CVE-2019-17146
+ RESERVED
+CVE-2019-17145
+ RESERVED
+CVE-2019-17144
+ RESERVED
+CVE-2019-17143
+ RESERVED
+CVE-2019-17142
+ RESERVED
+CVE-2019-17141
+ RESERVED
+CVE-2019-17140
+ RESERVED
+CVE-2019-17139
+ RESERVED
+CVE-2019-17138
+ RESERVED
+CVE-2019-17137
+ RESERVED
+CVE-2019-17136
+ RESERVED
+CVE-2019-17135
+ RESERVED
+CVE-2019-17134
+ RESERVED
+CVE-2019-17132 (vBulletin through 5.5.4 mishandles custom avatars. ...)
+ TODO: check
+CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...)
+ TODO: check
+CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the /core/vb/v ...)
+ TODO: check
+CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...)
- linux <unfixed>
NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2
CVE-2019-17129
@@ -569,8 +667,8 @@ CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass applicati
NOTE: https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804
NOTE: https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285
NOTE: https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d
-CVE-2019-16891
- RESERVED
+CVE-2019-16891 (Liferay Portal CE 6.2.5 allows remote command execution because of des ...)
+ TODO: check
CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content ...)
NOT-FOR-US: Halo
CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause ...)
@@ -11944,18 +12042,18 @@ CVE-2019-13322
RESERVED
CVE-2019-13321
RESERVED
-CVE-2019-13320
- RESERVED
-CVE-2019-13319
- RESERVED
-CVE-2019-13318
- RESERVED
-CVE-2019-13317
- RESERVED
-CVE-2019-13316
- RESERVED
-CVE-2019-13315
- RESERVED
+CVE-2019-13320 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-13319 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-13318 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-13317 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+ TODO: check
+CVE-2019-13316 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+ TODO: check
+CVE-2019-13315 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+ TODO: check
CVE-2019-13314 (virt-bootstrap 1.1.0 allows local users to discover a root password by ...)
- virt-bootstrap <itp> (bug #871621)
CVE-2019-13313 (libosinfo 1.5.0 allows local users to discover credentials by listing ...)
@@ -15803,7 +15901,7 @@ CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandle
- serendipity <removed>
CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it ...)
NOT-FOR-US: WordPress plugin yuzo-related-post
-CVE-2019-11868 (See.sys through 4.25 in the SoftEther VPN Server allows a user to spec ...)
+CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or ...)
NOT-FOR-US: SoftEther VPN Server
CVE-2019-11867
RESERVED
@@ -30367,12 +30465,12 @@ CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exis
- zoneminder 1.32.3-2 (bug #920375)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
NOTE: https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
-CVE-2019-6776
- RESERVED
-CVE-2019-6775
- RESERVED
-CVE-2019-6774
- RESERVED
+CVE-2019-6776 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6775 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-6774 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2019-6773 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Foxit Reader
CVE-2019-6772 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -32307,8 +32405,8 @@ CVE-2019-6017
RESERVED
CVE-2019-6016
RESERVED
-CVE-2019-6015
- RESERVED
+CVE-2019-6015 (FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firm ...)
+ TODO: check
CVE-2019-6014
RESERVED
CVE-2019-6013
@@ -35756,8 +35854,8 @@ CVE-2019-4566 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user cred
NOT-FOR-US: IBM
CVE-2019-4565 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that ...)
NOT-FOR-US: IBM
-CVE-2019-4564
- RESERVED
+CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnera ...)
+ TODO: check
CVE-2019-4563
RESERVED
CVE-2019-4562
@@ -35856,8 +35954,8 @@ CVE-2019-4516
RESERVED
CVE-2019-4515 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cros ...)
NOT-FOR-US: IBM
-CVE-2019-4514
- RESERVED
+CVE-2019-4514 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses ...)
+ TODO: check
CVE-2019-4513 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vul ...)
NOT-FOR-US: IBM
CVE-2019-4512
@@ -36430,8 +36528,8 @@ CVE-2019-4229
RESERVED
CVE-2019-4228
RESERVED
-CVE-2019-4227
- RESERVED
+CVE-2019-4227 (IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9 ...)
+ TODO: check
CVE-2019-4226
RESERVED
CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially ...)
@@ -69343,8 +69441,7 @@ CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master expo
CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database s ...)
- couchdb <removed>
NOTE: http://www.openwall.com/lists/oss-security/2018/08/08/2
-CVE-2018-11768
- RESERVED
+CVE-2018-11768 (In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1 ...)
- hadoop <itp> (bug #793644)
CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS b ...)
- hadoop <itp> (bug #793644)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5e603b8602945033fce89d8e87ddc5834c7af12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5e603b8602945033fce89d8e87ddc5834c7af12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191004/db9c9787/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list