[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 9 21:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5df8046f by security tracker role at 2019-09-09T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,111 @@
-CVE-2019-16168 [division by zero in the query planner]
- - sqlite3 3.29.0-2
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
- NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html
- NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
- NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
- NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
-CVE-2019-16148
+CVE-2019-16187
RESERVED
-CVE-2019-16147
+CVE-2019-16186
RESERVED
-CVE-2019-16146
+CVE-2019-16185
RESERVED
-CVE-2019-16145
+CVE-2019-16184
+ RESERVED
+CVE-2019-16183
+ RESERVED
+CVE-2019-16182
+ RESERVED
+CVE-2019-16181
+ RESERVED
+CVE-2019-16180
+ RESERVED
+CVE-2019-16179
+ RESERVED
+CVE-2019-16178
+ RESERVED
+CVE-2019-16177
+ RESERVED
+CVE-2019-16176
+ RESERVED
+CVE-2019-16175
+ RESERVED
+CVE-2019-16174
+ RESERVED
+CVE-2019-16173 (LimeSurvey before v3.17.14 allows reflected XSS for escalating privile ...)
+ TODO: check
+CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating privileges ...)
+ TODO: check
+CVE-2019-16171
+ RESERVED
+CVE-2019-16170
+ RESERVED
+CVE-2019-16169
+ RESERVED
+CVE-2019-16167 (sysstat before 12.1.6 has memory corruption due to an Integer Overflow ...)
+ TODO: check
+CVE-2019-16166 (GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...)
+ TODO: check
+CVE-2019-16165 (GNU cflow through 1.6 has a use-after-free in the reference function i ...)
+ TODO: check
+CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_nod ...)
+ TODO: check
+CVE-2019-16163 (Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of ...)
+ TODO: check
+CVE-2019-16162 (Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class bec ...)
+ TODO: check
+CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code ...)
+ TODO: check
+CVE-2019-16160
+ RESERVED
+CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...)
+ TODO: check
+CVE-2019-16158
RESERVED
-CVE-2019-16144
+CVE-2019-16157
RESERVED
-CVE-2019-16143
+CVE-2019-16156
RESERVED
-CVE-2019-16142
+CVE-2019-16155
RESERVED
-CVE-2019-16141
+CVE-2019-16154
RESERVED
-CVE-2019-16140
+CVE-2019-16153
RESERVED
-CVE-2019-16139
+CVE-2019-16152
RESERVED
-CVE-2019-16138
+CVE-2019-16151
RESERVED
-CVE-2019-16137
+CVE-2019-16150
RESERVED
+CVE-2019-16149
+ RESERVED
+CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
+ - sqlite3 3.29.0-2
+ [buster] - sqlite3 <no-dsa> (Minor issue)
+ [stretch] - sqlite3 <no-dsa> (Minor issue)
+ NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html
+ NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
+ NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
+ NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
+CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
+ TODO: check
+CVE-2019-16147
+ RESERVED
+CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
+ TODO: check
+CVE-2019-16145
+ RESERVED
+CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...)
+ TODO: check
+CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...)
+ TODO: check
+CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0 for Rust. ...)
+ TODO: check
+CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1 for Rust. ...)
+ TODO: check
+CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for Rust. Ther ...)
+ TODO: check
+CVE-2019-16139 (An issue was discovered in the compact_arena crate before 0.4.0 for Ru ...)
+ TODO: check
+CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for Rust, aff ...)
+ TODO: check
+CVE-2019-16137 (An issue was discovered in the spin crate before 0.5.2 for Rust, when ...)
+ TODO: check
CVE-2019-16136
RESERVED
CVE-2019-16135
@@ -74,8 +150,8 @@ CVE-2019-16116
RESERVED
CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...)
TODO: check
-CVE-2019-16114
- RESERVED
+CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the applicatio ...)
+ TODO: check
CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...)
TODO: check
CVE-2019-16112
@@ -90,14 +166,14 @@ CVE-2019-16108
RESERVED
CVE-2019-16107
RESERVED
-CVE-2018-21014
- RESERVED
-CVE-2018-21013
- RESERVED
-CVE-2018-21012
- RESERVED
-CVE-2018-21011
- RESERVED
+CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
+ TODO: check
+CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...)
+ TODO: check
+CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. ...)
+ TODO: check
+CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
+ TODO: check
CVE-2019-16106
RESERVED
CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
@@ -593,8 +669,8 @@ CVE-2019-15897
RESERVED
CVE-2019-15896
RESERVED
-CVE-2019-15895
- RESERVED
+CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin through 1.2.2 for Wo ...)
+ TODO: check
CVE-2019-15894
RESERVED
CVE-2019-15893
@@ -1354,8 +1430,8 @@ CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE atta
- webmin <removed>
CVE-2019-15640 (Limesurvey before 3.17.10 does not validate both the MIME type and fil ...)
- limesurvey <itp> (bug #472802)
-CVE-2019-15639
- RESERVED
+CVE-2019-15639 (main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remot ...)
+ TODO: check
CVE-2019-15638
RESERVED
CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious workbo ...)
@@ -3771,7 +3847,7 @@ CVE-2019-14819
CVE-2019-14818
RESERVED
CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.28, in the .pdfex ...)
- {DSA-4518-1}
+ {DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701450
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
@@ -3789,7 +3865,7 @@ CVE-2019-14814
RESERVED
- linux <unfixed>
CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in the sets ...)
- {DSA-4518-1}
+ {DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
@@ -3799,7 +3875,7 @@ CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in th
NOTE: which changed the access to file permissions.
CVE-2019-14812
RESERVED
- {DSA-4518-1}
+ {DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701444
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
@@ -3808,7 +3884,7 @@ CVE-2019-14812
NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_h ...)
- {DSA-4518-1}
+ {DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701445
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
@@ -11394,12 +11470,12 @@ CVE-2019-12466 (Wikimedia MediaWiki through 1.32.1 allows CSRF. ...)
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T25227
-CVE-2019-12465
- RESERVED
-CVE-2019-12464
- RESERVED
-CVE-2019-12463
- RESERVED
+CVE-2019-12465 (An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was i ...)
+ TODO: check
+CVE-2019-12464 (An issue was discovered in LibreNMS 1.50.1. An authenticated user can ...)
+ TODO: check
+CVE-2019-12463 (An issue was discovered in LibreNMS 1.50.1. The scripts that handle gr ...)
+ TODO: check
CVE-2019-12462
RESERVED
CVE-2019-12461 (Web Port 1.19.1 allows XSS via the /log type parameter. ...)
@@ -11587,8 +11663,8 @@ CVE-2019-12407
RESERVED
CVE-2019-12406
RESERVED
-CVE-2019-12405
- RESERVED
+CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...)
+ TODO: check
CVE-2019-12404
RESERVED
CVE-2019-12403
@@ -13764,8 +13840,8 @@ CVE-2019-11607 (doorGets 7.0 has a sensitive information disclosure vulnerabilit
NOT-FOR-US: doorGets
CVE-2019-11606 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
NOT-FOR-US: doorGets
-CVE-2019-11605
- RESERVED
+CVE-2019-11605 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
+ TODO: check
CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...)
NOT-FOR-US: Quest KACE Systems Management Appliance
CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...)
@@ -13945,28 +14021,22 @@ CVE-2019-11551 (In Code42 Enterprise and Crashplan for Small Business through Cl
NOT-FOR-US: Code42 Enterprise and Crashplan for Small Business
CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before ...)
NOT-FOR-US: Citrix
-CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly]
- RESERVED
+CVE-2019-11549 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...)
- gitlab 11.8.9+dfsg-1 (bug #928221)
NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
-CVE-2019-11548 [Unauthorized Comments on Confidential Issues]
- RESERVED
+CVE-2019-11548 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.8.9+dfsg-1 (bug #928221)
NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
-CVE-2019-11547 [Unsanitized Branch Names on New Merge Request Notification Emails]
- RESERVED
+CVE-2019-11547 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.8.9+dfsg-1 (bug #928221)
NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
-CVE-2019-11546 [Merge Request Approval Count Inflation]
- RESERVED
+CVE-2019-11546 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.8.9+dfsg-1 (bug #928221)
NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
-CVE-2019-11545 [Moving an Issue to Private Repo Leaks Project Namespace]
- RESERVED
+CVE-2019-11545 (An issue was discovered in GitLab Community Edition 11.9.x before 11.9 ...)
- gitlab <not-affected> (Vulnerable code introduced in 11.9)
NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
-CVE-2019-11544 [Notification Emails Sent to Restricted Users]
- RESERVED
+CVE-2019-11544 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
- gitlab 11.8.9+dfsg-1 (bug #928221)
NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...)
@@ -16341,20 +16411,20 @@ CVE-2019-10674
RESERVED
CVE-2019-10673 (A CSRF vulnerability in a logged-in user's profile edit form in the Ul ...)
NOT-FOR-US: Ultimate Member plugin for WordPress
-CVE-2019-10671
- RESERVED
-CVE-2019-10670
- RESERVED
-CVE-2019-10669
- RESERVED
-CVE-2019-10668
- RESERVED
-CVE-2019-10667
- RESERVED
-CVE-2019-10666
- RESERVED
-CVE-2019-10665
- RESERVED
+CVE-2019-10671 (An issue was discovered in LibreNMS through 1.47. It does not paramete ...)
+ TODO: check
+CVE-2019-10670 (An issue was discovered in LibreNMS through 1.47. Many of the scripts ...)
+ TODO: check
+CVE-2019-10669 (An issue was discovered in LibreNMS through 1.47. There is a command i ...)
+ TODO: check
+CVE-2019-10668 (An issue was discovered in LibreNMS through 1.47. A number of scripts ...)
+ TODO: check
+CVE-2019-10667 (An issue was discovered in LibreNMS through 1.47. Information disclosu ...)
+ TODO: check
+CVE-2019-10666 (An issue was discovered in LibreNMS through 1.47. Several of the scrip ...)
+ TODO: check
+CVE-2019-10665 (An issue was discovered in LibreNMS through 1.47. The scripts that han ...)
+ TODO: check
CVE-2019-10664 (Domoticz before 4.10578 allows SQL Injection via the idx parameter in ...)
- domoticz <itp> (bug #899058)
CVE-2019-10672 (treeRead in hdf/btree.c in libmysofa before 0.7 does not properly vali ...)
@@ -30784,8 +30854,8 @@ CVE-2019-5485
RESERVED
CVE-2019-5484
RESERVED
-CVE-2019-5483
- RESERVED
+CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to exposing ...)
+ TODO: check
CVE-2019-5482
RESERVED
CVE-2019-5481
@@ -30812,16 +30882,14 @@ CVE-2019-5474 [Override Merge Request Approval Rules]
RESERVED
- gitlab <not-affected> (Only affects Gitlab EE 11.8 and later)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5473 [Email Verification Bypass]
- RESERVED
+CVE-2019-5473 (An authentication issue was discovered in GitLab that allowed a bypass ...)
- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5472 [Denial Of Service Epic Comments]
RESERVED
- gitlab <not-affected> (Only affects Gitlab EE 10.7 and later)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5471 [Persistent XSS via Email]
- RESERVED
+CVE-2019-5471 (An input validation and output encoding issue was discovered in the Gi ...)
- gitlab <not-affected> (Only affects Gitlab EE 8.9 and later)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5470 [Information Disclosure Vulnerability Feedback]
@@ -30839,8 +30907,7 @@ CVE-2019-5468 [User Revokation Bypass with Mattermost Integration]
[experimental] - gitlab 11.11.7+dfsg-1
- gitlab <unfixed> (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5467 [Persistent XSS Wiki Pages]
- RESERVED
+CVE-2019-5467 (An input validation and output encoding issue was discovered in the Gi ...)
[experimental] - gitlab <unfixed>
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
@@ -30859,8 +30926,7 @@ CVE-2019-5464 [SSRF Mitigation Bypass]
[experimental] - gitlab 11.11.7+dfsg-1
- gitlab <unfixed> (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5463 [Build Status Disclosure]
- RESERVED
+CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badge ima ...)
[experimental] - gitlab 11.11.7+dfsg-1
- gitlab <unfixed> (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
@@ -30869,8 +30935,7 @@ CVE-2019-5462 [Trigger Token Impersonation]
[experimental] - gitlab 11.11.7+dfsg-1
- gitlab <unfixed> (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5461 [GitHub Integration SSRF]
- RESERVED
+CVE-2019-5461 (An input validation problem was discovered in the GitHub service integ ...)
[experimental] - gitlab 11.11.7+dfsg-1
- gitlab <unfixed> (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
@@ -58812,7 +58877,7 @@ CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-tim
NOTE: Fixed by: https://git.kernel.org/linus/cef31d9af908243421258f1df35a4a644604efbe
CVE-2018-14597 (CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA ...)
NOT-FOR-US: CA Technologies Identity Governance
-CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allow ...)
+CVE-2018-1002208 (SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...)
- mono 5.18.0.240+dfsg-1
[stretch] - mono <no-dsa> (Minor issue)
[jessie] - mono <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5df8046f5f25ea6d218d8a282bfe7201b03be032
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5df8046f5f25ea6d218d8a282bfe7201b03be032
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190909/6d45c6ac/attachment.html>
More information about the debian-security-tracker-commits
mailing list