[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 14 21:10:27 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3745fdb9 by security tracker role at 2019-10-14T20:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2019-17589
+ RESERVED
+CVE-2019-17588
+ RESERVED
+CVE-2019-17587
+ RESERVED
+CVE-2019-17586
+ RESERVED
+CVE-2019-17585
+ RESERVED
+CVE-2019-17584
+ RESERVED
+CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...)
+ TODO: check
+CVE-2019-17582
+ RESERVED
+CVE-2019-17581
+ RESERVED
+CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...)
+ TODO: check
+CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on account/p ...)
+ TODO: check
+CVE-2019-17578
+ RESERVED
+CVE-2019-17577
+ RESERVED
+CVE-2019-17576
+ RESERVED
+CVE-2019-17575 (A file-rename filter bypass exists in admin/media/rename.php in WBCE C ...)
+ TODO: check
+CVE-2019-17574 (An issue was discovered in the Popup Maker plugin before 1.8.13 for Wo ...)
+ TODO: check
+CVE-2019-17573
+ RESERVED
+CVE-2019-17572
+ RESERVED
+CVE-2019-17571
+ RESERVED
+CVE-2019-17570
+ RESERVED
+CVE-2019-17569
+ RESERVED
+CVE-2019-17568
+ RESERVED
+CVE-2019-17567
+ RESERVED
+CVE-2019-17566
+ RESERVED
+CVE-2019-17565
+ RESERVED
+CVE-2019-17564
+ RESERVED
+CVE-2019-17563
+ RESERVED
+CVE-2019-17562
+ RESERVED
+CVE-2019-17561
+ RESERVED
+CVE-2019-17560
+ RESERVED
+CVE-2019-17559
+ RESERVED
+CVE-2019-17558
+ RESERVED
+CVE-2019-17557
+ RESERVED
+CVE-2019-17556
+ RESERVED
+CVE-2019-17555
+ RESERVED
+CVE-2019-17554
+ RESERVED
+CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...)
+ TODO: check
+CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...)
+ TODO: check
+CVE-2019-17551
+ RESERVED
+CVE-2019-17550
+ RESERVED
+CVE-2019-17549
+ RESERVED
+CVE-2019-17548
+ RESERVED
+CVE-2015-9536
+ RESERVED
+CVE-2015-9535
+ RESERVED
+CVE-2015-9534
+ RESERVED
+CVE-2015-9533
+ RESERVED
+CVE-2015-9532
+ RESERVED
+CVE-2015-9531
+ RESERVED
+CVE-2015-9530
+ RESERVED
+CVE-2015-9529
+ RESERVED
+CVE-2015-9528
+ RESERVED
+CVE-2015-9527
+ RESERVED
+CVE-2015-9526
+ RESERVED
+CVE-2015-9525
+ RESERVED
+CVE-2015-9524
+ RESERVED
+CVE-2015-9523
+ RESERVED
+CVE-2015-9522
+ RESERVED
+CVE-2015-9521
+ RESERVED
+CVE-2015-9520
+ RESERVED
+CVE-2015-9519
+ RESERVED
+CVE-2015-9518
+ RESERVED
+CVE-2015-9517
+ RESERVED
+CVE-2015-9516
+ RESERVED
+CVE-2015-9515
+ RESERVED
+CVE-2015-9514
+ RESERVED
+CVE-2015-9513
+ RESERVED
+CVE-2015-9512
+ RESERVED
+CVE-2015-9511
+ RESERVED
+CVE-2015-9510
+ RESERVED
+CVE-2015-9509
+ RESERVED
+CVE-2015-9508
+ RESERVED
+CVE-2015-9507
+ RESERVED
+CVE-2015-9506
+ RESERVED
+CVE-2015-9505
+ RESERVED
+CVE-2015-9504
+ RESERVED
+CVE-2015-9503
+ RESERVED
+CVE-2015-9502
+ RESERVED
+CVE-2015-9501
+ RESERVED
+CVE-2015-9500
+ RESERVED
+CVE-2015-9499
+ RESERVED
+CVE-2015-9498
+ RESERVED
+CVE-2015-9497
+ RESERVED
+CVE-2015-9496
+ RESERVED
+CVE-2015-9495
+ RESERVED
+CVE-2015-9494
+ RESERVED
+CVE-2015-9493
+ RESERVED
CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a ...)
TODO: check
CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...)
@@ -91,8 +263,8 @@ CVE-2019-17513
RESERVED
CVE-2019-17512
RESERVED
-CVE-2019-17511
- RESERVED
+CVE-2019-17511 (There are some web interfaces without authentication requirements on D ...)
+ TODO: check
CVE-2019-17510 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...)
NOT-FOR-US: D-Link
CVE-2019-17509 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...)
@@ -401,8 +573,8 @@ CVE-2019-17410
RESERVED
CVE-2019-17409
RESERVED
-CVE-2019-17408
- RESERVED
+CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows re ...)
+ TODO: check
CVE-2019-17407
RESERVED
CVE-2019-XXXX [Remote code execution vulnerability]
@@ -696,7 +868,7 @@ CVE-2019-17264 (** DISPUTED ** In libyal liblnk before 20191006, liblnk_location
[stretch] - liblnk <no-dsa> (Minor issue)
NOTE: https://github.com/libyal/liblnk/issues/38
NOTE: https://github.com/libyal/liblnk/commit/c4d04de2c76f62129677c90a616d049be9c52482
-CVE-2019-17263 (In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_b ...)
+CVE-2019-17263 (** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_bl ...)
- liblnk <unfixed> (low)
[buster] - liblnk <no-dsa> (Minor issue)
[stretch] - liblnk <no-dsa> (Minor issue)
@@ -1178,10 +1350,10 @@ CVE-2019-17046 (Ilch 2.1.22 allows remote code execution because php is listed u
NOT-FOR-US: Ilch CMS
CVE-2019-17045 (Ilch 2.1.22 allows stored XSS via the title, text, or email id to the ...)
NOT-FOR-US: Ilch CMS
-CVE-2019-17044
- RESERVED
-CVE-2019-17043
- RESERVED
+CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
+ TODO: check
+CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
+ TODO: check
CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
{DLA-1952-1}
- rsyslog <unfixed> (bug #942065)
@@ -2528,8 +2700,8 @@ CVE-2019-16521
RESERVED
CVE-2019-16520
RESERVED
-CVE-2019-16519
- RESERVED
+CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to exe ...)
+ TODO: check
CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...)
NOT-FOR-US: Swell Kit Mod devices
CVE-2019-16517
@@ -2962,8 +3134,8 @@ CVE-2019-16346 (ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in
NOT-FOR-US: ngiflib
CVE-2019-16345
RESERVED
-CVE-2019-16344
- RESERVED
+CVE-2019-16344 (A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR ...)
+ TODO: check
CVE-2019-16343
RESERVED
CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. ...)
@@ -3112,16 +3284,16 @@ CVE-2019-16284
RESERVED
CVE-2019-16283
RESERVED
-CVE-2019-16282
- RESERVED
+CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...)
+ TODO: check
CVE-2019-16281
RESERVED
CVE-2019-16280
RESERVED
-CVE-2019-16279
- RESERVED
-CVE-2019-16278
- RESERVED
+CVE-2019-16279 (Directory Traversal in the function SSL_accept in nostromo nhttpd thro ...)
+ TODO: check
+CVE-2019-16278 (Directory Traversal in the function http_verify in nostromo nhttpd thr ...)
+ TODO: check
CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...)
NOT-FOR-US: PicoC
CVE-2017-18634 (The newspaper theme before 6.7.2 for WordPress has script injection vi ...)
@@ -7433,8 +7605,7 @@ CVE-2019-14859 [DER encoding is not being verified in signatures]
NOTE: https://github.com/warner/python-ecdsa/pull/115
NOTE: https://github.com/warner/python-ecdsa/pull/124
NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
-CVE-2019-14858 [sub parameters marked as no_log are not masked in certain failure scenarios]
- RESERVED
+CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible ...)
- ansible <unfixed> (bug #942332)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
@@ -7515,8 +7686,7 @@ CVE-2019-14840
RESERVED
CVE-2019-14839
RESERVED
-CVE-2019-14838
- RESERVED
+CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...)
- wildfly <itp> (bug #752018)
CVE-2019-14837
RESERVED
@@ -7833,8 +8003,8 @@ CVE-2019-14739
RESERVED
CVE-2019-14738
RESERVED
-CVE-2019-14737
- RESERVED
+CVE-2019-14737 (Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. ...)
+ TODO: check
CVE-2019-14736
RESERVED
CVE-2019-14735
@@ -9657,6 +9827,7 @@ CVE-2019-14288 (An issue was discovered in Xpdf 4.01.01. There is an Integer ove
NOTE: Issue correspond to CVE-2017-9776 for src:poppler
CVE-2019-14287 [Potential bypass of Runas user restrictions]
RESERVED
+ {DSA-4543-1}
- sudo <unfixed> (bug #942322)
NOTE: https://www.sudo.ws/alerts/minus_1_uid.html
NOTE: Patch: https://www.sudo.ws/repos/sudo/rev/83db8dba09e7
@@ -9879,12 +10050,12 @@ CVE-2019-14229
RESERVED
CVE-2019-14228 (Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based ...)
NOT-FOR-US: Xavier PHP Management Panel
-CVE-2019-14227
- RESERVED
-CVE-2019-14226
- RESERVED
-CVE-2019-14225
- RESERVED
+CVE-2019-14227 (OX App Suite 7.10.1 and 7.10.2 allows XSS. ...)
+ TODO: check
+CVE-2019-14226 (OX App Suite through 7.10.2 has Insecure Permissions. ...)
+ TODO: check
+CVE-2019-14225 (OX App Suite 7.10.1 and 7.10.2 allows SSRF. ...)
+ TODO: check
CVE-2019-14224 (An issue was discovered in Alfresco Community Edition 5.2 201707. By l ...)
NOT-FOR-US: Alfresco
CVE-2019-14223 (An issue was discovered in Alfresco Community Edition versions below 5 ...)
@@ -14120,8 +14291,8 @@ CVE-2019-12943 (TTLock devices do not properly restrict password-reset attempts,
NOT-FOR-US: TTLock devices
CVE-2019-12942 (TTLock devices do not properly block guest access in certain situation ...)
NOT-FOR-US: TTLock devices
-CVE-2019-12941
- RESERVED
+CVE-2019-12941 (AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacke ...)
+ TODO: check
CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (me ...)
NOT-FOR-US: LiveZilla
CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in serv ...)
@@ -23743,8 +23914,8 @@ CVE-2019-9747 (In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Mu
CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused by the ...)
NOT-FOR-US: libwebm
NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
-CVE-2019-9745
- RESERVED
+CVE-2019-9745 (CloudCTI HIP Integrator Recognition Configuration Tool allows privileg ...)
+ TODO: check
CVE-2019-9744 (An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN ...)
NOT-FOR-US: PHOENIX
CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211- ...)
@@ -36847,8 +37018,8 @@ CVE-2019-4574
RESERVED
CVE-2019-4573
RESERVED
-CVE-2019-4572
- RESERVED
+CVE-2019-4572 (IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations ...)
+ TODO: check
CVE-2019-4571 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
NOT-FOR-US: IBM
CVE-2019-4570
@@ -38741,8 +38912,8 @@ CVE-2019-3769
RESERVED
CVE-2019-3768
RESERVED
-CVE-2019-3767
- RESERVED
+CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...)
+ TODO: check
CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...)
NOT-FOR-US: EMC
CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...)
@@ -111219,8 +111390,8 @@ CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal)
NOT-FOR-US: Wordpress plugin
CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access arbi ...)
- restlet <itp> (bug #596472)
-CVE-2017-14948
- RESERVED
+CVE-2017-14948 (Certain D-Link products are affected by: Buffer Overflow. This affects ...)
+ TODO: check
CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitra ...)
NOT-FOR-US: GSView (different from gv)
CVE-2017-14946 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3745fdb916dd936c670dcf39b9320c7c0f1cc745
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3745fdb916dd936c670dcf39b9320c7c0f1cc745
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191014/59482c4e/attachment.html>
More information about the debian-security-tracker-commits
mailing list