[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Sep 5 21:11:00 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2306bc43 by security tracker role at 2019-09-05T20:10:38Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...)
+	TODO: check
+CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)
+	TODO: check
+CVE-2019-15953 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)
+	TODO: check
+CVE-2019-15952 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)
+	TODO: check
+CVE-2019-15951
+	RESERVED
+CVE-2019-15950
+	RESERVED
+CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as root. The ex ...)
+	TODO: check
+CVE-2019-15948
+	RESERVED
+CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted  ...)
+	TODO: check
+CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
+	TODO: check
+CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
+	TODO: check
+CVE-2019-15944
+	RESERVED
+CVE-2019-15943
+	RESERVED
+CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
+	TODO: check
+CVE-2019-15941
+	RESERVED
+CVE-2019-15940
+	RESERVED
+CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
+	TODO: check
+CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
+	TODO: check
+CVE-2019-15937 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
+	TODO: check
 CVE-2019-15936
 	RESERVED
 CVE-2019-15935
@@ -27,8 +65,8 @@ CVE-2019-15926 (An issue was discovered in the Linux kernel before 5.2.3. Out of
 CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An out of bo ...)
 	- linux 5.2.6-1
 	NOTE: https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90
-CVE-2018-21010
-	RESERVED
+CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...)
+	TODO: check
 CVE-2018-21009 (Poppler before 0.76.0 has an integer overflow in Parser::makeStream in ...)
 	- poppler 0.69.0-2
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
@@ -5270,8 +5308,8 @@ CVE-2019-14280 (In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6
 	NOT-FOR-US: Craft CMS
 CVE-2019-14279
 	RESERVED
-CVE-2019-14278
-	RESERVED
+CVE-2019-14278 (In Knowage through 6.1.1, an unauthenticated user can enumerated valid ...)
+	TODO: check
 CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5 ...)
 	NOT-FOR-US: Axway SecureTransport
 CVE-2019-14276
@@ -8397,8 +8435,8 @@ CVE-2019-13363
 	RESERVED
 CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...)
 	NOT-FOR-US: Codedoc
-CVE-2019-13361
-	RESERVED
+CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an ...)
+	TODO: check
 CVE-2019-13360 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote at ...)
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv- ...)
@@ -8426,8 +8464,8 @@ CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (a
 	NOTE: https://github.com/jackaudio/jack2/commit/994e225bbb07a89f56147f7ce7d59beb49f8cfba
 CVE-2019-13350
 	RESERVED
-CVE-2019-13349
-	RESERVED
+CVE-2019-13349 (In Knowage through 6.1.1, an authenticated user that accesses the user ...)
+	TODO: check
 CVE-2019-13348 (In Knowage through 6.1.1, an authenticated user who accesses the datas ...)
 	TODO: check
 CVE-2019-13347
@@ -8871,16 +8909,16 @@ CVE-2019-13193
 	RESERVED
 CVE-2019-13192
 	RESERVED
-CVE-2019-13191
-	RESERVED
-CVE-2019-13190
-	RESERVED
+CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...)
+	TODO: check
+CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...)
+	TODO: check
 CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user_id fi ...)
 	TODO: check
-CVE-2019-13188
-	RESERVED
-CVE-2019-13187
-	RESERVED
+CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass access co ...)
+	TODO: check
+CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1 for Sympho ...)
+	TODO: check
 CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...)
 	NOT-FOR-US: MiniCMS
 CVE-2019-13185
@@ -11456,8 +11494,8 @@ CVE-2019-12225
 	RESERVED
 CVE-2019-12224
 	RESERVED
-CVE-2019-12223
-	RESERVED
+CVE-2019-12223 (An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1. ...)
+	TODO: check
 CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
 	{DLA-1865-1 DLA-1861-1}
 	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
@@ -12596,6 +12634,7 @@ CVE-2019-11753
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753
 CVE-2019-11752
 	RESERVED
+	{DSA-4516-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752
@@ -12641,6 +12680,7 @@ CVE-2019-11747
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
 CVE-2019-11746
 	RESERVED
+	{DSA-4516-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746
@@ -12650,6 +12690,7 @@ CVE-2019-11745
 	RESERVED
 CVE-2019-11744
 	RESERVED
+	{DSA-4516-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744
@@ -12657,6 +12698,7 @@ CVE-2019-11744
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744
 CVE-2019-11743
 	RESERVED
+	{DSA-4516-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743
@@ -12664,6 +12706,7 @@ CVE-2019-11743
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
 CVE-2019-11742
 	RESERVED
+	{DSA-4516-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742
@@ -12675,6 +12718,7 @@ CVE-2019-11741
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
 CVE-2019-11740
 	RESERVED
+	{DSA-4516-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740
@@ -15727,8 +15771,8 @@ CVE-2019-10679
 	RESERVED
 CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as insecure a ...)
 	- domoticz <itp> (bug #899058)
-CVE-2019-10677
-	RESERVED
+CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...)
+	TODO: check
 CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...)
 	NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10675
@@ -18855,6 +18899,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
 CVE-2019-9812
 	RESERVED
+	{DSA-4516-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812
@@ -30972,18 +31017,18 @@ CVE-2019-5072
 	RESERVED
 CVE-2019-5071
 	RESERVED
-CVE-2019-5070
-	RESERVED
-CVE-2019-5069
-	RESERVED
+CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...)
+	TODO: check
+CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
+	TODO: check
 CVE-2019-5068
 	RESERVED
 CVE-2019-5067
 	RESERVED
 CVE-2019-5066
 	RESERVED
-CVE-2019-5065
-	RESERVED
+CVE-2019-5065 (An exploitable information disclosure vulnerability exists in the pack ...)
+	TODO: check
 CVE-2019-5064
 	RESERVED
 CVE-2019-5063
@@ -32564,8 +32609,8 @@ CVE-2019-4323
 	RESERVED
 CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
-CVE-2019-4321
-	RESERVED
+CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Ope ...)
+	TODO: check
 CVE-2019-4320
 	RESERVED
 CVE-2019-4319
@@ -32834,8 +32879,8 @@ CVE-2019-4188
 	RESERVED
 CVE-2019-4187
 	RESERVED
-CVE-2019-4186
-	RESERVED
+CVE-2019-4186 (IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header inj ...)
+	TODO: check
 CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are vulnerable to  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...)
@@ -32908,8 +32953,8 @@ CVE-2019-4151 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than
 	NOT-FOR-US: IBM
 CVE-2019-4150 (IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or  ...)
 	NOT-FOR-US: IBM
-CVE-2019-4149
-	RESERVED
+CVE-2019-4149 (IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM B ...)
+	TODO: check
 CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
 	NOT-FOR-US: IBM
 CVE-2019-4147
@@ -66161,8 +66206,8 @@ CVE-2018-11571 (ClipperCMS 1.3.3 allows Session Fixation. ...)
 	NOT-FOR-US: ClipperCMS
 CVE-2018-11570
 	RESERVED
-CVE-2018-11569
-	RESERVED
+CVE-2018-11569 (Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deseri ...)
+	TODO: check
 CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for W ...)
 	NOT-FOR-US: GamePlan theme for WordPress
 CVE-2018-11567 (** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Ech ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2306bc431bdfc4bded1ef20768b2112086a8da1e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2306bc431bdfc4bded1ef20768b2112086a8da1e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190905/e1c4e252/attachment.html>

More information about the debian-security-tracker-commits mailing list