[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 21 21:10:41 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97c2f3eb by security tracker role at 2019-10-21T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
+ TODO: check
+CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
+ TODO: check
+CVE-2019-18223
+ RESERVED
+CVE-2019-18222
+ RESERVED
+CVE-2019-18221
+ RESERVED
+CVE-2019-18220
+ RESERVED
+CVE-2019-18219
+ RESERVED
CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
- file <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
@@ -32,8 +46,8 @@ CVE-2019-18205
RESERVED
CVE-2019-18204
RESERVED
-CVE-2019-18203
- RESERVED
+CVE-2019-18203 (On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabili ...)
+ TODO: check
CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and PFC200 de ...)
NOT-FOR-US: WAGO Series PFC100 and PFC200 devices
CVE-2019-18201
@@ -3406,7 +3420,7 @@ CVE-2019-17181
RESERVED
CVE-2019-17180 (Valve Steam Client before 2019-09-12 allows placing or appending parti ...)
NOT-FOR-US: Steam on Windows
-CVE-2019-17179 (XSS in library/custom_template/add_template.php in OpenEMR through 5.0 ...)
+CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5 ...)
NOT-FOR-US: OpenEMR
CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...)
TODO: check
@@ -3644,7 +3658,7 @@ CVE-2019-17072 (The new-contact-form-widget (aka Contact Form Widget - Contact Q
NOT-FOR-US: new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin for WordPress
CVE-2019-17071 (The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XS ...)
NOT-FOR-US: client-dash (aka Client Dash) plugin for WordPress
-CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for ...)
+CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1. ...)
NOT-FOR-US: liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin for WordPress
CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...)
- putty 0.73-1 (unimportant)
@@ -3834,34 +3848,34 @@ CVE-2019-16994 (In the Linux kernel before 5.0, a memory leak exists in sit_init
NOTE: https://git.kernel.org/linus/07f12b26e21ab359261bf75cfcb424fdc7daeb6d
CVE-2019-16992 (The Keybase app 2.13.2 for iOS provides potentially insufficient notic ...)
NOT-FOR-US: Keybase
-CVE-2019-16991
- RESERVED
-CVE-2019-16990
- RESERVED
-CVE-2019-16989
- RESERVED
-CVE-2019-16988
- RESERVED
-CVE-2019-16987
- RESERVED
-CVE-2019-16986
- RESERVED
-CVE-2019-16985
- RESERVED
-CVE-2019-16984
- RESERVED
-CVE-2019-16983
- RESERVED
-CVE-2019-16982
- RESERVED
-CVE-2019-16981
- RESERVED
-CVE-2019-16980
- RESERVED
-CVE-2019-16979
- RESERVED
-CVE-2019-16978
- RESERVED
+CVE-2019-16991 (In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an un ...)
+ TODO: check
+CVE-2019-16990 (In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.ph ...)
+ TODO: check
+CVE-2019-16989 (In FusionPBX up to v4.5.7, the file app\conferences_active\conference_ ...)
+ TODO: check
+CVE-2019-16988 (In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources ...)
+ TODO: check
+CVE-2019-16987 (In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php us ...)
+ TODO: check
+CVE-2019-16986 (In FusionPBX up to v4.5.7, the file resources\download.php uses an uns ...)
+ TODO: check
+CVE-2019-16985 (In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php use ...)
+ TODO: check
+CVE-2019-16984 (In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php ...)
+ TODO: check
+CVE-2019-16983 (In FusionPBX up to v4.5.7, the file resources\paging.php has a paging ...)
+ TODO: check
+CVE-2019-16982 (In FusionPBX up to v4.5.7, the file app\access_controls\access_control ...)
+ TODO: check
+CVE-2019-16981 (In FusionPBX up to v4.5.7, the file app\conference_profiles\conference ...)
+ TODO: check
+CVE-2019-16980 (In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_ ...)
+ TODO: check
+CVE-2019-16979 (In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses ...)
+ TODO: check
+CVE-2019-16978 (In FusionPBX up to v4.5.7, the file app\devices\device_settings.php us ...)
+ TODO: check
CVE-2019-16977
RESERVED
CVE-2019-16976
@@ -3884,12 +3898,12 @@ CVE-2019-16968
RESERVED
CVE-2019-16967
RESERVED
-CVE-2019-16966
- RESERVED
-CVE-2019-16965
- RESERVED
-CVE-2019-16964
- RESERVED
+CVE-2019-16966 (An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x ...)
+ TODO: check
+CVE-2019-16965 (resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command inje ...)
+ TODO: check
+CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX ...)
+ TODO: check
CVE-2019-16963
RESERVED
CVE-2019-16962
@@ -5054,8 +5068,8 @@ CVE-2019-16532 (An HTTP Host header injection vulnerability exists in YzmCMS V5.
NOT-FOR-US: YzmCMS
CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by chan ...)
NOT-FOR-US: LayerBB
-CVE-2019-16530
- RESERVED
+CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3. ...)
+ TODO: check
CVE-2019-16529
RESERVED
NOT-FOR-US: CheckUser extension for MediawWiki
@@ -5668,7 +5682,7 @@ CVE-2019-16281
RESERVED
CVE-2019-16280
RESERVED
-CVE-2019-16279 (Directory Traversal in the function SSL_accept in nostromo nhttpd thro ...)
+CVE-2019-16279 (A memory error in the function SSL_accept in nostromo nhttpd through 1 ...)
- nostromo <itp> (bug #493645)
CVE-2019-16278 (Directory Traversal in the function http_verify in nostromo nhttpd thr ...)
- nostromo <itp> (bug #493645)
@@ -9037,6 +9051,7 @@ CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allo
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1560
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...)
+ {DLA-1968-1}
- imagemagick <unfixed> (bug #941671)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
@@ -9044,6 +9059,7 @@ CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
+ {DLA-1968-1}
- imagemagick <unfixed> (bug #941670)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
@@ -9608,6 +9624,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
NOTE: https://github.com/Exiv2/exiv2/issues/960
NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
+ {DLA-1968-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
@@ -20721,6 +20738,7 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::
NOTE: https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
NOTE: https://github.com/strukturag/libheif/issues/123
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
+ {DLA-1968-1}
- imagemagick <unfixed> (low; bug #927830)
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
@@ -27175,8 +27193,8 @@ CVE-2019-9493
RESERVED
CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...)
NOT-FOR-US: Trend Micro
-CVE-2019-9491
- RESERVED
+CVE-2019-9491 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below ...)
+ TODO: check
CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2019-9489 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
@@ -30124,9 +30142,9 @@ CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager expo
CVE-2019-8371 (OpenEMR v5.0.1-6 allows code execution. ...)
NOT-FOR-US: OpenEMR
CVE-2019-8370
- RESERVED
+ REJECTED
CVE-2019-8369
- RESERVED
+ REJECTED
CVE-2019-8368 (OpenEMR v5.0.1-6 allows XSS. ...)
NOT-FOR-US: OpenEMR
CVE-2019-8367
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97c2f3eb0f5e9a4f9f795abb392cf0a2f4d62ab9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97c2f3eb0f5e9a4f9f795abb392cf0a2f4d62ab9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191021/51a81152/attachment.html>
More information about the debian-security-tracker-commits
mailing list