[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 4 21:10:34 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29527e81 by security tracker role at 2019-09-04T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2019-15924 (An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_ ...)
+ TODO: check
+CVE-2019-15923 (An issue was discovered in the Linux kernel before 5.0.9. There is a N ...)
+ TODO: check
+CVE-2019-15922 (An issue was discovered in the Linux kernel before 5.0.9. There is a N ...)
+ TODO: check
+CVE-2019-15921 (An issue was discovered in the Linux kernel before 5.0.6. There is a m ...)
+ TODO: check
+CVE-2019-15920 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_read i ...)
+ TODO: check
+CVE-2019-15919 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_write ...)
+ TODO: check
+CVE-2019-15918 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_negoti ...)
+ TODO: check
+CVE-2019-15917 (An issue was discovered in the Linux kernel before 5.0.5. There is a u ...)
+ TODO: check
+CVE-2019-15916 (An issue was discovered in the Linux kernel before 5.0.1. There is a m ...)
+ TODO: check
+CVE-2019-15915
+ RESERVED
+CVE-2019-15914
+ RESERVED
+CVE-2019-15913
+ RESERVED
+CVE-2019-15912
+ RESERVED
+CVE-2019-15911
+ RESERVED
+CVE-2019-15910
+ RESERVED
+CVE-2019-15909
+ RESERVED
+CVE-2019-15908
+ RESERVED
+CVE-2019-15907
+ RESERVED
+CVE-2019-15906
+ RESERVED
+CVE-2019-15905
+ RESERVED
+CVE-2019-15904
+ RESERVED
CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...)
- expat <unfixed> (bug #939394)
NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
@@ -129,14 +171,17 @@ CVE-2019-15848
CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before version 10 ...)
TODO: check
CVE-2015-9383 (FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_v ...)
+ {DLA-1909-1}
- freetype 2.6.3-1
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd
NOTE: https://savannah.nongnu.org/bugs/?46346
CVE-2015-9382 (FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/ ...)
+ {DLA-1909-1}
- freetype 2.6.1-0.1
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73
NOTE: https://savannah.nongnu.org/bugs/?45922
CVE-2015-9381 (FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Priv ...)
+ {DLA-1909-1}
- freetype 2.6.1-0.1
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9
NOTE: https://savannah.nongnu.org/bugs/?45955
@@ -215,10 +260,10 @@ CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has
NOT-FOR-US: wp-private-content-plus plugin for WordPress
CVE-2019-15815
RESERVED
-CVE-2019-15814
- RESERVED
-CVE-2019-15813
- RESERVED
+CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow auth ...)
+ TODO: check
+CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in Sentrifugo ...)
+ TODO: check
CVE-2015-9380 (The photo-gallery plugin before 1.2.42 for WordPress has CSRF. ...)
NOT-FOR-US: photo-gallery plugin for WordPress
CVE-2019-15812
@@ -430,8 +475,7 @@ CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation vi
NOT-FOR-US: CloudBerry Backup
CVE-2019-15719
RESERVED
-CVE-2019-15718 [Missing access controls on systemd-resolved's D-Bus interface]
- RESERVED
+CVE-2019-15718 (In systemd 240, bus_open_system_watch_bind_with_description in shared/ ...)
- systemd <unfixed> (bug #939353)
[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
[stretch] - systemd <not-affected> (Vulnerable code introduced later)
@@ -5173,7 +5217,7 @@ CVE-2019-14279
RESERVED
CVE-2019-14278
RESERVED
-CVE-2019-14277 (Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain ...)
+CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5 ...)
NOT-FOR-US: Axway SecureTransport
CVE-2019-14276
RESERVED
@@ -5879,10 +5923,10 @@ CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an ind
NOT-FOR-US: Ovidentia
CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&id ...)
NOT-FOR-US: Ovidentia
-CVE-2019-13976
- RESERVED
-CVE-2019-13975
- RESERVED
+CVE-2019-13976 (eGain Chat 15.0.3 allows unrestricted file upload. ...)
+ TODO: check
+CVE-2019-13975 (eGain Chat 15.0.3 allows HTML Injection. ...)
+ TODO: check
CVE-2019-13974 (LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. ...)
NOT-FOR-US: LayerBB
CVE-2019-13973 (LayerBB 1.1.3 allows admin/general.php arbitrary file upload because t ...)
@@ -7903,16 +7947,16 @@ CVE-2019-13524
RESERVED
CVE-2019-13523
RESERVED
-CVE-2019-13522
- RESERVED
+CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...)
+ TODO: check
CVE-2019-13521
RESERVED
CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...)
TODO: check
CVE-2019-13519
RESERVED
-CVE-2019-13518
- RESERVED
+CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...)
+ TODO: check
CVE-2019-13517
RESERVED
CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...)
@@ -8730,8 +8774,8 @@ CVE-2019-13211
RESERVED
CVE-2019-13210
RESERVED
-CVE-2019-13209
- RESERVED
+CVE-2019-13209 (Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijack ...)
+ TODO: check
CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...)
NOT-FOR-US: Waves MAXX Audio
CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
@@ -10391,10 +10435,10 @@ CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows re
NOT-FOR-US: NETGEAR
CVE-2019-12590
RESERVED
-CVE-2019-12588
- RESERVED
-CVE-2019-12587
- RESERVED
+CVE-2019-12588 (The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2. ...)
+ TODO: check
+CVE-2019-12587 (The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 a ...)
+ TODO: check
CVE-2019-12586
RESERVED
CVE-2019-12585 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...)
@@ -13074,7 +13118,7 @@ CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProje
NOT-FOR-US: OpenProject
CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
- node-tar-fs <itp> (bug #897023)
-CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2. An Arbitra ...)
+CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding ...)
- node-tar 4.4.4+ds1-2
[stretch] - node-tar <ignored> (Nodejs in stretch not covered by security support)
[jessie] - node-tar <no-dsa> (Minor issue)
@@ -14750,8 +14794,8 @@ CVE-2019-10990
RESERVED
CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...)
NOT-FOR-US: WebAccess/SCADA
-CVE-2019-10988
- RESERVED
+CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...)
+ TODO: check
CVE-2019-10987 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds wr ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10986
@@ -15559,8 +15603,8 @@ CVE-2019-10711 (Incorrect access control in the RTSP stream and web portal on al
NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware
CVE-2019-10710 (Insecure permissions in the Web management portal on all IP cameras ba ...)
NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware
-CVE-2019-10709
- RESERVED
+CVE-2019-10709 (AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a ...)
+ TODO: check
CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike i ...)
NOT-FOR-US: S-CMS PHP
CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. ...)
@@ -21838,34 +21882,47 @@ CVE-2019-8691
RESERVED
CVE-2019-8690
RESERVED
+ {DSA-4515-1}
CVE-2019-8689
RESERVED
+ {DSA-4515-1}
CVE-2019-8688
RESERVED
+ {DSA-4515-1}
CVE-2019-8687
RESERVED
+ {DSA-4515-1}
CVE-2019-8686
RESERVED
+ {DSA-4515-1}
CVE-2019-8685
RESERVED
CVE-2019-8684
RESERVED
+ {DSA-4515-1}
CVE-2019-8683
RESERVED
+ {DSA-4515-1}
CVE-2019-8682
RESERVED
CVE-2019-8681
RESERVED
+ {DSA-4515-1}
CVE-2019-8680
RESERVED
+ {DSA-4515-1}
CVE-2019-8679
RESERVED
+ {DSA-4515-1}
CVE-2019-8678
RESERVED
+ {DSA-4515-1}
CVE-2019-8677
RESERVED
+ {DSA-4515-1}
CVE-2019-8676
RESERVED
+ {DSA-4515-1}
CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function]
RESERVED
{DLA-1893-1}
@@ -21877,20 +21934,25 @@ CVE-2019-8674
RESERVED
CVE-2019-8673
RESERVED
+ {DSA-4515-1}
CVE-2019-8672
RESERVED
+ {DSA-4515-1}
CVE-2019-8671
RESERVED
+ {DSA-4515-1}
CVE-2019-8670
RESERVED
CVE-2019-8669
RESERVED
+ {DSA-4515-1}
CVE-2019-8668
RESERVED
CVE-2019-8667
RESERVED
CVE-2019-8666
RESERVED
+ {DSA-4515-1}
CVE-2019-8665
RESERVED
CVE-2019-8664
@@ -21907,6 +21969,7 @@ CVE-2019-8659
RESERVED
CVE-2019-8658
RESERVED
+ {DSA-4515-1}
CVE-2019-8657
RESERVED
CVE-2019-8656
@@ -21925,6 +21988,7 @@ CVE-2019-8650
RESERVED
CVE-2019-8649
RESERVED
+ {DSA-4515-1}
CVE-2019-8648
RESERVED
CVE-2019-8647
@@ -21935,6 +21999,7 @@ CVE-2019-8645
RESERVED
CVE-2019-8644
RESERVED
+ {DSA-4515-1}
CVE-2019-8643
RESERVED
CVE-2019-8642
@@ -26873,18 +26938,18 @@ CVE-2019-6650
RESERVED
CVE-2019-6649
RESERVED
-CVE-2019-6648
- RESERVED
-CVE-2019-6647
- RESERVED
-CVE-2019-6646
- RESERVED
-CVE-2019-6645
- RESERVED
-CVE-2019-6644
- RESERVED
-CVE-2019-6643
- RESERVED
+CVE-2019-6648 (On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Ser ...)
+ TODO: check
+CVE-2019-6647 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1 ...)
+ TODO: check
+CVE-2019-6646 (On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with ...)
+ TODO: check
+CVE-2019-6645 (On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6 ...)
+ TODO: check
+CVE-2019-6644 (Similar to the issue identified in CVE-2018-12120, on versions 14.1.0- ...)
+ TODO: check
+CVE-2019-6643 (On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12 ...)
+ TODO: check
CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl RES ...)
@@ -122651,13 +122716,15 @@ CVE-2017-9412 (The unpack_read_samples function in frontend/get_audio.c in LAME
NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
NOTE: https://sourceforge.net/p/lame/bugs/463/
NOTE: Invalid read in command line tool so no CVE is needed. MITRE contacted by ago at gentoo
-CVE-2017-9411 (The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 ...)
+CVE-2017-9411
+ REJECTED
- lame 3.99.5+repack1-6
[wheezy] - lame 3.99.5+repack1-3+deb7u1
NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
NOTE: https://sourceforge.net/p/lame/bugs/462/
NOTE: Duplicate of CVE-2015-9100
-CVE-2017-9410 (The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 ...)
+CVE-2017-9410
+ REJECTED
- lame 3.99.5+repack1-6
[wheezy] - lame 3.99.5+repack1-3+deb7u1
NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29527e81584c8d92b78c4b36140f42e9032f34e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29527e81584c8d92b78c4b36140f42e9032f34e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190904/ad33f217/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list