Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b4dee0fe by security tracker role at 2019-10-08T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigge ...)
+ TODO: check
+CVE-2019-17358
+ RESERVED
+CVE-2019-17357
+ RESERVED
+CVE-2019-17356
+ RESERVED
+CVE-2019-17355
+ RESERVED
+CVE-2019-17354
+ RESERVED
+CVE-2019-17353
+ RESERVED
+CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...)
+ TODO: check
CVE-2019-17339
RESERVED
CVE-2019-17338
@@ -134,8 +150,8 @@ CVE-2019-17273
RESERVED
CVE-2019-17272
RESERVED
-CVE-2019-17271
- RESERVED
+CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...)
+ TODO: check
CVE-2019-17270
RESERVED
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...)
@@ -166,50 +182,50 @@ CVE-2019-17263 (In libyal libfwsi before 20191006, libfwsi_extension_block_copy_
[stretch] - libfwsi <no-dsa> (Minor issue)
NOTE: https://github.com/libyal/libfwsi/issues/13
NOTE: https://github.com/libyal/libfwsi/commit/54afa5c71d6c795a555dbcb1e160fea393b98fb3
-CVE-2019-17262
- RESERVED
-CVE-2019-17261
- RESERVED
-CVE-2019-17260
- RESERVED
-CVE-2019-17259
- RESERVED
-CVE-2019-17258
- RESERVED
-CVE-2019-17257
- RESERVED
-CVE-2019-17256
- RESERVED
-CVE-2019-17255
- RESERVED
-CVE-2019-17254
- RESERVED
-CVE-2019-17253
- RESERVED
-CVE-2019-17252
- RESERVED
-CVE-2019-17251
- RESERVED
-CVE-2019-17250
- RESERVED
-CVE-2019-17249
- RESERVED
-CVE-2019-17248
- RESERVED
-CVE-2019-17247
- RESERVED
-CVE-2019-17246
- RESERVED
-CVE-2019-17245
- RESERVED
-CVE-2019-17244
- RESERVED
-CVE-2019-17243
- RESERVED
-CVE-2019-17242
- RESERVED
-CVE-2019-17241
- RESERVED
+CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
+ TODO: check
+CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
+ TODO: check
+CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data M ...)
+ TODO: check
+CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_ne ...)
+ TODO: check
+CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
+ TODO: check
+CVE-2019-17257 (IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starti ...)
+ TODO: check
+CVE-2019-17256 (IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0 ...)
+ TODO: check
+CVE-2019-17255 (IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0 ...)
+ TODO: check
+CVE-2019-17254 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
+ TODO: check
+CVE-2019-17253 (IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x00000 ...)
+ TODO: check
+CVE-2019-17252 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_Ba ...)
+ TODO: check
+CVE-2019-17251 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlug ...)
+ TODO: check
+CVE-2019-17250 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17249 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17248 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17247 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
+ TODO: check
+CVE-2019-17246 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17245 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17244 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...)
+ TODO: check
+CVE-2019-17243 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...)
+ TODO: check
+CVE-2019-17242 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
+ TODO: check
+CVE-2019-17241 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
+ TODO: check
CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...)
NOT-FOR-US: Bludit
CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...)
@@ -318,10 +334,10 @@ CVE-2019-17189
RESERVED
CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...)
NOT-FOR-US: Fecshop FecMall
-CVE-2019-17187
- RESERVED
-CVE-2019-17186
- RESERVED
+CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_ ...)
+ TODO: check
+CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201 ...)
+ TODO: check
CVE-2019-17185
RESERVED
CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C ...)
@@ -424,8 +440,7 @@ CVE-2019-17136
RESERVED
CVE-2019-17135
RESERVED
-CVE-2019-17134 [agent doesn't check for client certificate]
- RESERVED
+CVE-2019-17134 (Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 ...)
- octavia 4.0.0-6 (bug #941897)
[buster] - octavia <no-dsa> (Minor issue in regular setups, can be fixed via point release)
CVE-2019-17132 (vBulletin through 5.5.4 mishandles custom avatars. ...)
@@ -482,28 +497,28 @@ CVE-2019-17110 (A security issue was discovered in kube-state-metrics 1.7.x befo
NOT-FOR-US: kube-state-metrics
CVE-2019-17109
RESERVED
-CVE-2019-17108
- RESERVED
-CVE-2019-17107
- RESERVED
-CVE-2019-17106
- RESERVED
-CVE-2019-17105
- RESERVED
-CVE-2019-17104
- RESERVED
-CVE-2018-21025
- RESERVED
-CVE-2018-21024
- RESERVED
-CVE-2018-21023
- RESERVED
-CVE-2018-21022
- RESERVED
-CVE-2018-21021
- RESERVED
-CVE-2018-21020
- RESERVED
+CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web before 2 ...)
+ TODO: check
+CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated ...)
+ TODO: check
+CVE-2019-17106 (In Centreon Web through 2.8.29, disclosure of external components' pas ...)
+ TODO: check
+CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27 is pred ...)
+ TODO: check
+CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration within the Ap ...)
+ TODO: check
+CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to ...)
+ TODO: check
+CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows attackers to up ...)
+ TODO: check
+CVE-2018-21023 (getStats.php in Centreon Web before 2.8.28 allows authenticated attack ...)
+ TODO: check
+CVE-2018-21022 (makeXML_ListServices.php in Centreon Web before 2.8.28 allows attacker ...)
+ TODO: check
+CVE-2018-21021 (img_gantt.php in Centreon Web before 2.8.27 allows attackers to perfor ...)
+ TODO: check
+CVE-2018-21020 (In very rare cases, a PHP type juggling vulnerability in centreonAuth. ...)
+ TODO: check
CVE-2019-17103
RESERVED
CVE-2019-17102
@@ -899,8 +914,8 @@ CVE-2019-16931 (A stored XSS vulnerability in the Visualizer plugin 3.3.0 for Wo
NOT-FOR-US: Visualizer plugin for WordPress
CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a ...)
NOT-FOR-US: Zcash
-CVE-2019-16929
- RESERVED
+CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has Incorrect Access Control because Iden ...)
+ TODO: check
CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-16926 (Flower 0.9.3 has XSS via a crafted worker name. ...)
@@ -2173,10 +2188,10 @@ CVE-2019-16419
RESERVED
CVE-2019-16418
RESERVED
-CVE-2019-16417
- RESERVED
-CVE-2019-16416
- RESERVED
+CVE-2019-16417 (HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense rep ...)
+ TODO: check
+CVE-2019-16416 (HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. ...)
+ TODO: check
CVE-2019-16415
RESERVED
CVE-2019-16414 (A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malici ...)
@@ -3599,6 +3614,7 @@ CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An out
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90
CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...)
+ {DLA-1950-1}
- openjpeg2 2.3.1-1 (bug #939553)
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
@@ -6910,10 +6926,9 @@ CVE-2019-14848
RESERVED
CVE-2019-14847
RESERVED
-CVE-2019-14846
- RESERVED
-CVE-2019-14845
- RESERVED
+CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ...)
+ TODO: check
+CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. ...)
NOT-FOR-US: OpenShift
CVE-2019-14844 (A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including ...)
- krb5 <not-affected> (Vulnerable code not present; problematic commit not backported; not present in any MIT krb5 release)
@@ -7476,10 +7491,10 @@ CVE-2019-14659
REJECTED
CVE-2019-14658
RESERVED
-CVE-2019-14657
- RESERVED
-CVE-2019-14656
- RESERVED
+CVE-2019-14657 (Yealink phones through 2019-08-04 have an issue with OpenVPN file uplo ...)
+ TODO: check
+CVE-2019-14656 (Yealink phones through 2019-08-04 do not properly check user roles in ...)
+ TODO: check
CVE-2019-14655
REJECTED
CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...)
@@ -12373,8 +12388,8 @@ CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote attacker can obtain the p
NOT-FOR-US: WESEEK GROWI
CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic authentication can b ...)
NOT-FOR-US: WESEEK GROWI
-CVE-2019-13336
- RESERVED
+CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attack ...)
+ TODO: check
CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...)
NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-13334
@@ -18852,8 +18867,8 @@ CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41
NOT-FOR-US: Omron
CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions manufactured befor ...)
NOT-FOR-US: Rockwell Automation PanelView
-CVE-2019-10969
- RESERVED
+CVE-2019-10969 (Moxa EDR 810, all versions 5.1 and prior, allows an authenticated atta ...)
+ TODO: check
CVE-2019-10968 (Philips Holter 2010 Plus, all versions. A vulnerability has been ident ...)
NOT-FOR-US: Philips Holter 2010 Plus
CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based ...)
@@ -18864,8 +18879,8 @@ CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-b
NOT-FOR-US: Emerson
CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, ...)
NOT-FOR-US: Medtronic
-CVE-2019-10963
- RESERVED
+CVE-2019-10963 (Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated at ...)
+ TODO: check
CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1. ...)
NOT-FOR-US: BD Alaris Gateway
CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
@@ -19386,10 +19401,10 @@ CVE-2019-10759
RESERVED
CVE-2019-10758
RESERVED
-CVE-2019-10757
- RESERVED
-CVE-2019-10756
- RESERVED
+CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...)
+ TODO: check
+CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard versions ...)
+ TODO: check
CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found to make ...)
NOT-FOR-US: SAML2Utils.java
CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...)
@@ -20746,8 +20761,7 @@ CVE-2019-10216 [-dSAFER escape via .buildfont1]
NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
-CVE-2019-10215
- RESERVED
+CVE-2019-10215 (Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-sit ...)
NOT-FOR-US: Bootstrap-3-Typeahead
CVE-2019-10214
RESERVED
@@ -23637,12 +23651,15 @@ CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV gu
[jessie] - xen <not-affected> (Introduced by ignored fix for CVE-2018-3646)
NOTE: https://xenbits.xen.org/xsa/advisory-290.html
CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
+ {DLA-1949-1}
- xen 4.11.1+92-g6c33308a8d-1 (bug #929994)
NOTE: https://xenbits.xen.org/xsa/advisory-288.html
CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
+ {DLA-1949-1}
- xen 4.11.1+92-g6c33308a8d-1 (bug #930001)
NOTE: https://xenbits.xen.org/xsa/advisory-287.html
CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
+ {DLA-1949-1}
- xen 4.11.1+92-g6c33308a8d-1 (bug #929998)
NOTE: https://xenbits.xen.org/xsa/advisory-285.html
CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 guest OS us ...)
@@ -49420,7 +49437,7 @@ CVE-2018-19368
CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint (/api/users/admin/ch ...)
NOT-FOR-US: Portainer
CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- {DSA-4369-1}
+ {DSA-4369-1 DLA-1949-1}
- xen 4.11.1-1
NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest ...)
@@ -49439,11 +49456,11 @@ CVE-2018-19963 (An issue was discovered in Xen 4.11 allowing HVM guest OS users
[jessie] - xen <not-affected> (Only affects 4.11)
NOTE: https://xenbits.xen.org/xsa/advisory-276.txt
CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...)
- {DSA-4369-1}
+ {DSA-4369-1 DLA-1949-1}
- xen 4.11.1-1
NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...)
- {DSA-4369-1}
+ {DSA-4369-1 DLA-1949-1}
- xen 4.11.1-1
NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19366
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4dee0fe5da1ba0b6d7bdbeb966f0dc4d5f73d3e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4dee0fe5da1ba0b6d7bdbeb966f0dc4d5f73d3e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191008/9e2fb2fd/attachment.html>