[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 10 09:10:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6626a5f3 by security tracker role at 2019-10-10T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2019-17428
+ RESERVED
+CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists ...)
+ TODO: check
+CVE-2019-17426 (Automattic Mongoose through 5.7.4 allows attackers to bypass access co ...)
+ TODO: check
+CVE-2019-17425
+ RESERVED
+CVE-2019-17424
+ RESERVED
+CVE-2019-17423
+ RESERVED
+CVE-2019-17422
+ RESERVED
+CVE-2019-17421
+ RESERVED
+CVE-2019-17420 (In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other prod ...)
+ TODO: check
+CVE-2019-17419 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
+ TODO: check
+CVE-2019-17418 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
+ TODO: check
+CVE-2019-17417 (PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p= ...)
+ TODO: check
+CVE-2019-17416
+ RESERVED
+CVE-2019-17415 (A Structured Exception Handler (SEH) based buffer overflow in File Sha ...)
+ TODO: check
+CVE-2019-17414 (tinylcy Vino through 2017-12-15 allows remote attackers to cause a den ...)
+ TODO: check
+CVE-2019-17413
+ RESERVED
+CVE-2019-17412
+ RESERVED
+CVE-2019-17411
+ RESERVED
+CVE-2019-17410
+ RESERVED
+CVE-2019-17409
+ RESERVED
+CVE-2019-17408
+ RESERVED
+CVE-2019-17407
+ RESERVED
CVE-2019-XXXX [Remote code execution vulnerability]
- libnbd <unfixed>
NOTE: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html
@@ -86,15 +130,16 @@ CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the member/member_login.php fr
NOT-FOR-US: S-CMS
CVE-2019-17367
RESERVED
-CVE-2019-17366
- RESERVED
-CVE-2019-17365
- RESERVED
+CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 54.13 h ...)
+ TODO: check
+CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...)
+ TODO: check
CVE-2019-17364
RESERVED
CVE-2019-17363
RESERVED
CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in ...)
+ {DLA-1951-1}
- libtomcrypt <unfixed>
NOTE: https://github.com/libtom/libtomcrypt/issues/507
NOTE: https://github.com/libtom/libtomcrypt/pull/508
@@ -600,14 +645,14 @@ CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Inst
NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
NOTE: Fixed in upstream versions 0.3.19 and 0.4.9.
-CVE-2019-17112
- RESERVED
+CVE-2019-17112 (An issue was discovered in Zoho ManageEngine DataSecurity Plus before ...)
+ TODO: check
CVE-2019-17111
RESERVED
CVE-2019-17110 (A security issue was discovered in kube-state-metrics 1.7.x before 1.7 ...)
NOT-FOR-US: kube-state-metrics
-CVE-2019-17109
- RESERVED
+CVE-2019-17109 (Koji through 1.18.0 allows remote Directory Traversal, with resultant ...)
+ TODO: check
CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web before 2 ...)
NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated ...)
@@ -769,11 +814,13 @@ CVE-2019-17044
CVE-2019-17043
RESERVED
CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
+ {DLA-1952-1}
- rsyslog <unfixed> (bug #942065)
[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not enabled by default)
[stretch] - rsyslog <no-dsa> (Minor issue, pmcisconames module not enabled by default)
NOTE: https://github.com/rsyslog/rsyslog/pull/3883
CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
+ {DLA-1952-1}
- rsyslog <unfixed> (bug #942067)
[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not enabled by default)
[stretch] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not enabled by default)
@@ -4322,8 +4369,8 @@ CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server
NOTE: https://github.com/irssi/irssi/commit/5a4e7ab659aba2855895c9f43e9a7a131f4e89b3
CVE-2019-15716 (WTF before 0.19.0 does not set the permissions of config.yml, which mi ...)
NOT-FOR-US: wtfutil
-CVE-2019-15715
- RESERVED
+CVE-2019-15715 (MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command I ...)
+ TODO: check
CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ ...)
NOT-FOR-US: Entropic
CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...)
@@ -6525,26 +6572,26 @@ CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the
NOT-FOR-US: simple-fields plugin for WordPress
CVE-2019-15024
RESERVED
-CVE-2019-15023
- RESERVED
-CVE-2019-15022
- RESERVED
-CVE-2019-15021
- RESERVED
-CVE-2019-15020
- RESERVED
-CVE-2019-15019
- RESERVED
-CVE-2019-15018
- RESERVED
-CVE-2019-15017
- RESERVED
-CVE-2019-15016
- RESERVED
-CVE-2019-15015
- RESERVED
-CVE-2019-15014
- RESERVED
+CVE-2019-15023 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
+ TODO: check
+CVE-2019-15022 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
+ TODO: check
+CVE-2019-15021 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
+ TODO: check
+CVE-2019-15020 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
+ TODO: check
+CVE-2019-15019 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
+ TODO: check
+CVE-2019-15018 (A security vulnerability exists in the Zingbox Inspector versions 1.28 ...)
+ TODO: check
+CVE-2019-15017 (The SSH service is enabled on the Zingbox Inspector versions 1.294 and ...)
+ TODO: check
+CVE-2019-15016 (An SQL injection vulnerability exists in the management interface of Z ...)
+ TODO: check
+CVE-2019-15015 (In the Zingbox Inspector, versions 1.294 and earlier, hardcoded creden ...)
+ TODO: check
+CVE-2019-15014 (A command injection vulnerability exists in the Zingbox Inspector vers ...)
+ TODO: check
CVE-2019-15013
RESERVED
CVE-2019-15012
@@ -23896,8 +23943,8 @@ CVE-2019-9537
RESERVED
CVE-2019-9536
RESERVED
-CVE-2019-9535
- RESERVED
+CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
+ TODO: check
CVE-2019-9534
RESERVED
CVE-2019-9533
@@ -33897,10 +33944,10 @@ CVE-2019-5702
RESERVED
CVE-2019-5701
RESERVED
-CVE-2019-5700
- RESERVED
-CVE-2019-5699
- RESERVED
+CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...)
+ TODO: check
+CVE-2019-5699 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader c ...)
+ TODO: check
CVE-2019-5698
RESERVED
CVE-2019-5697
@@ -35345,8 +35392,8 @@ CVE-2019-5055 (An exploitable denial-of-service vulnerability exists in the Host
NOT-FOR-US: Netgear
CVE-2019-5054 (An exploitable denial-of-service vulnerability exists in the session h ...)
NOT-FOR-US: Netgear
-CVE-2019-5053
- RESERVED
+CVE-2019-5053 (An exploitable use-after-free vulnerability exists in the Length parsi ...)
+ TODO: check
CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...)
{DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
@@ -35367,18 +35414,18 @@ CVE-2019-5051 (An exploitable heap-based buffer overflow vulnerability exists wh
[stretch] - sdl-image1.2 1.2.12-5+deb9u2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820
NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
-CVE-2019-5050
- RESERVED
+CVE-2019-5050 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
+ TODO: check
CVE-2019-5049
RESERVED
-CVE-2019-5048
- RESERVED
-CVE-2019-5047
- RESERVED
-CVE-2019-5046
- RESERVED
-CVE-2019-5045
- RESERVED
+CVE-2019-5048 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
+ TODO: check
+CVE-2019-5047 (An exploitable Use After Free vulnerability exists in the CharProcs pa ...)
+ TODO: check
+CVE-2019-5046 (A specifically crafted jpeg2000 file embedded in a PDF file can lead t ...)
+ TODO: check
+CVE-2019-5045 (A specifically crafted jpeg2000 file embedded in a PDF file can lead t ...)
+ TODO: check
CVE-2019-5044
REJECTED
CVE-2019-5043
@@ -38262,8 +38309,8 @@ CVE-2019-3767
RESERVED
CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...)
NOT-FOR-US: EMC
-CVE-2019-3765
- RESERVED
+CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...)
+ TODO: check
CVE-2019-3764
RESERVED
CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
@@ -45269,8 +45316,8 @@ CVE-2018-19919 (Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php da
NOT-FOR-US: Pixelimity
CVE-2018-19918 (CuppaCMS has XSS via an SVG document uploaded to the administrator/#/c ...)
NOT-FOR-US: CuppaCMS
-CVE-2019-1584
- RESERVED
+CVE-2019-1584 (A security vulnerability exists in Zingbox Inspector version 1.293 and ...)
+ TODO: check
CVE-2019-1583 (Escalation of privilege vulnerability in the Palo Alto Networks Twistl ...)
NOT-FOR-US: Palo Alto Networks
CVE-2019-1582 (Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and ea ...)
@@ -52880,87 +52927,63 @@ CVE-2019-0077
RESERVED
CVE-2019-0076
RESERVED
-CVE-2019-0075
- RESERVED
+CVE-2019-0075 (A vulnerability in the srxpfe process on Protocol Independent Multicas ...)
NOT-FOR-US: Juniper
-CVE-2019-0074
- RESERVED
+CVE-2019-0074 (A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9 ...)
NOT-FOR-US: Juniper
-CVE-2019-0073
- RESERVED
+CVE-2019-0073 (The PKI keys exported using the command "run request security pki key- ...)
NOT-FOR-US: Juniper
-CVE-2019-0072
- RESERVED
+CVE-2019-0072 (An Unprotected Storage of Credentials vulnerability in the identity an ...)
NOT-FOR-US: Juniper
-CVE-2019-0071
- RESERVED
+CVE-2019-0071 (Veriexec is a kernel-based file integrity subsystem in Junos OS that e ...)
NOT-FOR-US: Juniper
-CVE-2019-0070
- RESERVED
+CVE-2019-0070 (An Improper Input Validation weakness allows a malicious local attacke ...)
NOT-FOR-US: Juniper
-CVE-2019-0069
- RESERVED
+CVE-2019-0069 (On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 ...)
NOT-FOR-US: Juniper
-CVE-2019-0068
- RESERVED
-CVE-2019-0067
- RESERVED
+CVE-2019-0068 (The SRX flowd process, responsible for packet forwarding, may crash an ...)
+ TODO: check
+CVE-2019-0067 (Receipt of a specific link-local IPv6 packet destined to the RE may ca ...)
NOT-FOR-US: Juniper
-CVE-2019-0066
- RESERVED
+CVE-2019-0066 (An unexpected status return value weakness in the Next-Generation Mult ...)
NOT-FOR-US: Juniper
-CVE-2019-0065
- RESERVED
+CVE-2019-0065 (On MX Series, when the SIP ALG is enabled, receipt of a certain malfor ...)
NOT-FOR-US: Juniper
-CVE-2019-0064
- RESERVED
+CVE-2019-0064 (On SRX5000 Series devices, if 'set security zones security-zone <zo ...)
NOT-FOR-US: Juniper
-CVE-2019-0063
- RESERVED
+CVE-2019-0063 (When an MX Series Broadband Remote Access Server (BRAS) is configured ...)
NOT-FOR-US: Juniper
-CVE-2019-0062
- RESERVED
+CVE-2019-0062 (A session fixation vulnerability in J-Web on Junos OS may allow an att ...)
NOT-FOR-US: Juniper
-CVE-2019-0061
- RESERVED
+CVE-2019-0061 (The management daemon (MGD) is responsible for all configuration and m ...)
NOT-FOR-US: Juniper
-CVE-2019-0060
- RESERVED
+CVE-2019-0060 (The flowd process, responsible for forwarding traffic in SRX Series se ...)
NOT-FOR-US: Juniper
-CVE-2019-0059
- RESERVED
+CVE-2019-0059 (A memory leak vulnerability in the of Juniper Networks Junos OS allows ...)
NOT-FOR-US: Juniper
-CVE-2019-0058
- RESERVED
+CVE-2019-0058 (A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS ...)
NOT-FOR-US: Juniper
-CVE-2019-0057
- RESERVED
+CVE-2019-0057 (An improper authorization weakness in Juniper Networks Junos OS allows ...)
NOT-FOR-US: Juniper
-CVE-2019-0056
- RESERVED
+CVE-2019-0056 (This issue only affects devices with three (3) or more MPC10's install ...)
NOT-FOR-US: Juniper
-CVE-2019-0055
- RESERVED
+CVE-2019-0055 (A vulnerability in the SIP ALG packet processing service of Juniper Ne ...)
NOT-FOR-US: Juniper
-CVE-2019-0054
- RESERVED
+CVE-2019-0054 (An Improper Certificate Validation weakness in the SRX Series Applicat ...)
NOT-FOR-US: Juniper
CVE-2019-0053 (Insufficient validation of environment variables in the telnet client ...)
NOT-FOR-US: Juniper
CVE-2019-0052 (The srxpfe process may crash on SRX Series services gateways when the ...)
NOT-FOR-US: Juniper
-CVE-2019-0051
- RESERVED
+CVE-2019-0051 (SSL-Proxy feature on SRX devices fails to handle a hardware resource l ...)
NOT-FOR-US: Juniper
-CVE-2019-0050
- RESERVED
+CVE-2019-0050 (Under certain heavy traffic conditions srxpfe process can crash and re ...)
NOT-FOR-US: Juniper
CVE-2019-0049 (On Junos devices with the BGP graceful restart helper mode enabled or ...)
NOT-FOR-US: Juniper
CVE-2019-0048 (On EX4300 Series switches with TCAM optimization enabled, incoming mul ...)
NOT-FOR-US: Juniper
-CVE-2019-0047
- RESERVED
+CVE-2019-0047 (A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-We ...)
NOT-FOR-US: Juniper
CVE-2019-0046 (A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of J ...)
NOT-FOR-US: Juniper
@@ -59189,7 +59212,7 @@ CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Inco
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
NOTE: Partially fixed in 9.22~dfsg-3, see #907703
-CVE-2018-16585 (** DISPUTED ** ...)
+CVE-2018-16585 (** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9 ...)
{DSA-4288-1 DLA-1504-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1 (bug #908305)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6626a5f3067ec1a1016662b38a00a382b17fba0c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6626a5f3067ec1a1016662b38a00a382b17fba0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191010/8d750244/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list