[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 11 09:10:25 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbdfd8c3 by security tracker role at 2019-10-11T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft ...)
+ TODO: check
+CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This field is ...)
+ TODO: check
+CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI b ...)
+ TODO: check
+CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
+ TODO: check
+CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_ ...)
+ TODO: check
+CVE-2019-17492
+ RESERVED
+CVE-2019-17491 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[descrip ...)
+ TODO: check
+CVE-2019-17490 (app\modules\polygon\controllers\ProblemController in Jiangnan Online J ...)
+ TODO: check
+CVE-2019-17489 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] ...)
+ TODO: check
+CVE-2019-17488 (b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent ...)
+ TODO: check
CVE-2019-17487
RESERVED
CVE-2019-17486
@@ -265,8 +285,8 @@ CVE-2019-17388
RESERVED
CVE-2019-17387
RESERVED
-CVE-2019-17386
- RESERVED
+CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimat ...)
+ TODO: check
CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...)
NOT-FOR-US: animate-it plugin for WordPress
CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
@@ -6136,6 +6156,7 @@ CVE-2019-15168
CVE-2019-15167
RESERVED
CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 l ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
@@ -6621,8 +6642,8 @@ CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication creden
NOTE: https://github.com/gradle/gradle/issues/10278
NOTE: https://github.com/gradle/gradle/pull/10176
NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
-CVE-2019-15051
- RESERVED
+CVE-2019-15051 (An issue was discovered in Softing uaGate (SI, MB, 840D) firmware thro ...)
+ TODO: check
CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
NOT-FOR-US: Bento4
CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
@@ -17725,10 +17746,10 @@ CVE-2019-11530
RESERVED
CVE-2019-11529
RESERVED
-CVE-2019-11528
- RESERVED
-CVE-2019-11527
- RESERVED
+CVE-2019-11528 (An issue was discovered in Softing uaGate SI 1.60.01. A system default ...)
+ TODO: check
+CVE-2019-11527 (An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is ...)
+ TODO: check
CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A maintenance sc ...)
NOT-FOR-US: Softing uaGate
CVE-2019-11525
@@ -19071,6 +19092,7 @@ CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross
NOTE: https://github.com/omniauth/omniauth/pull/809
NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/11
CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...)
+ {DLA-1956-1}
- ruby-openid <undetermined> (bug #930388)
NOTE: https://github.com/openid/ruby-openid/issues/122
NOTE: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211
@@ -24125,18 +24147,18 @@ CVE-2019-9536
RESERVED
CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
TODO: check
-CVE-2019-9534
- RESERVED
-CVE-2019-9533
- RESERVED
-CVE-2019-9532
- RESERVED
-CVE-2019-9531
- RESERVED
-CVE-2019-9530
- RESERVED
-CVE-2019-9529
- RESERVED
+CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not validate its ...)
+ TODO: check
+CVE-2019-9533 (The root password of the Cobham EXPLORER 710 is the same for all versi ...)
+ TODO: check
+CVE-2019-9532 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
+ TODO: check
+CVE-2019-9531 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
+ TODO: check
+CVE-2019-9530 (The web root directory of the Cobham EXPLORER 710, firmware version 1. ...)
+ TODO: check
+CVE-2019-9529 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
+ TODO: check
CVE-2019-9528
RESERVED
CVE-2019-9527
@@ -57916,9 +57938,11 @@ CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote a
CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search b ...)
NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778
CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print- ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. ...)
@@ -58364,6 +58388,7 @@ CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buf
NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 (asked upstream for info)
NOTE: rpcapd not built in Debian.
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory Travers ...)
@@ -58507,15 +58532,19 @@ CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFir
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows r ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office 400 ...)
@@ -61768,15 +61797,19 @@ CVE-2018-14883 (An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a buffer ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key content]
@@ -63090,33 +63123,43 @@ CVE-2018-14472 (An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file
CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0 ...)
- libredwg <itp> (bug #595191)
CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print- ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
@@ -74936,11 +74979,13 @@ CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWA
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
NOT-FOR-US: D-Link
CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2 ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: "Fixed" by disabling SMB printing
CVE-2018-10104
RESERVED
CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2 ...)
+ {DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: "Fixed" by disabling SMB printing
CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbdfd8c3aa46578bb6b19ebae9c24060aace14f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbdfd8c3aa46578bb6b19ebae9c24060aace14f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191011/c1fd7743/attachment.html>
More information about the debian-security-tracker-commits
mailing list