[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 10 09:10:34 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c394d5e8 by security tracker role at 2019-09-10T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,89 @@
-CVE-2019-16187
+CVE-2019-16200
RESERVED
-CVE-2019-16186
+CVE-2019-16199
RESERVED
-CVE-2019-16185
+CVE-2019-16198
RESERVED
-CVE-2019-16184
+CVE-2019-16197
RESERVED
-CVE-2019-16183
+CVE-2019-16196
RESERVED
-CVE-2019-16182
+CVE-2019-16195
RESERVED
-CVE-2019-16181
+CVE-2019-16194
RESERVED
-CVE-2019-16180
+CVE-2019-16193
RESERVED
-CVE-2019-16179
+CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
+ TODO: check
+CVE-2019-16191
+ RESERVED
+CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L RE ...)
+ TODO: check
+CVE-2019-16189
+ RESERVED
+CVE-2019-16188
+ RESERVED
+CVE-2017-18611
+ RESERVED
+CVE-2017-18610
+ RESERVED
+CVE-2017-18609
+ RESERVED
+CVE-2017-18608
+ RESERVED
+CVE-2017-18607
+ RESERVED
+CVE-2017-18606
+ RESERVED
+CVE-2017-18605
+ RESERVED
+CVE-2017-18604
+ RESERVED
+CVE-2017-18603
+ RESERVED
+CVE-2017-18602
RESERVED
-CVE-2019-16178
+CVE-2017-18601
RESERVED
-CVE-2019-16177
+CVE-2017-18600
RESERVED
-CVE-2019-16176
+CVE-2017-18599
RESERVED
-CVE-2019-16175
+CVE-2017-18598
RESERVED
-CVE-2019-16174
+CVE-2017-18597
RESERVED
+CVE-2017-18596
+ RESERVED
+CVE-2019-16187 (Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnl ...)
+ TODO: check
+CVE-2019-16186 (In Limesurvey before 3.17.14, admin users can access the plugin manage ...)
+ TODO: check
+CVE-2019-16185 (In Limesurvey before 3.17.14, admin users can view, update, or delete ...)
+ TODO: check
+CVE-2019-16184 (A CSV injection vulnerability was found in Limesurvey before 3.17.14 t ...)
+ TODO: check
+CVE-2019-16183 (In Limesurvey before 3.17.14, admin users can run an integrity check w ...)
+ TODO: check
+CVE-2019-16182 (A reflected cross-site scripting (XSS) vulnerability was found in Lime ...)
+ TODO: check
+CVE-2019-16181 (In Limesurvey before 3.17.14, admin users can mark other users' notifi ...)
+ TODO: check
+CVE-2019-16180 (Limesurvey before 3.17.14 allows remote attackers to bruteforce the lo ...)
+ TODO: check
+CVE-2019-16179 (Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the defaul ...)
+ TODO: check
+CVE-2019-16178 (A stored cross-site scripting (XSS) vulnerability was found in Limesur ...)
+ TODO: check
+CVE-2019-16177 (In Limesurvey before 3.17.14, the entire database is exposed through b ...)
+ TODO: check
+CVE-2019-16176 (A path disclosure vulnerability was found in Limesurvey before 3.17.14 ...)
+ TODO: check
+CVE-2019-16175 (A clickjacking vulnerability was found in Limesurvey before 3.17.14. ...)
+ TODO: check
+CVE-2019-16174 (An XML injection vulnerability was found in Limesurvey before 3.17.14 ...)
+ TODO: check
CVE-2019-16173 (LimeSurvey before v3.17.14 allows reflected XSS for escalating privile ...)
- limesurvey <itp> (bug #472802)
CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating privileges ...)
@@ -92,12 +150,12 @@ CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c ca
NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
TODO: check
-CVE-2019-16147
- RESERVED
+CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)
+ TODO: check
CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
TODO: check
-CVE-2019-16145
- RESERVED
+CVE-2019-16145 (The breadcrumbs contributed module through 0.2.0 for Padrino Framework ...)
+ TODO: check
CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...)
NOT-FOR-US: Rust crate generator
CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...)
@@ -680,7 +738,7 @@ CVE-2019-15897
RESERVED
CVE-2019-15896
RESERVED
-CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin through 1.2.2 for Wo ...)
+CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...)
NOT-FOR-US: "Search Exclude" plugin for WordPress
CVE-2019-15894
RESERVED
@@ -2333,8 +2391,8 @@ CVE-2019-15299
RESERVED
CVE-2019-15298
RESERVED
-CVE-2019-15297
- RESERVED
+CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
+ TODO: check
CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
{DLA-1899-1}
- faad2 2.8.8-3
@@ -5954,6 +6012,7 @@ CVE-2019-14273
CVE-2019-14272
RESERVED
CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...)
+ {DSA-4521-1}
- docker.io 18.09.1+dfsg1-9
NOTE: https://github.com/moby/moby/issues/39449
NOTE: https://github.com/moby/moby/pull/39612 (19.03.x)
@@ -8691,6 +8750,7 @@ CVE-2019-13511 (Rockwell Automation Arena Simulation Software versions 16.00.00
CVE-2019-13510 (Rockwell Automation Arena Simulation Software versions 16.00.00 and ea ...)
NOT-FOR-US: Rockwell Automation Arena Simulation Software
CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06. ...)
+ {DSA-4521-1}
- docker.io 18.09.1+dfsg1-8 (bug #932673)
CVE-2019-13508
RESERVED
@@ -9670,6 +9730,7 @@ CVE-2019-13141
CVE-2019-13140
RESERVED
CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplying or m ...)
+ {DSA-4521-1}
[experimental] - docker.io 18.09.5+dfsg1-1
- docker.io 18.09.1+dfsg1-8 (bug #933002)
NOTE: https://github.com/moby/moby/pull/38944
@@ -17291,8 +17352,8 @@ CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Noteb
NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp default layou ...)
NOT-FOR-US: MISP
-CVE-2019-10253
- RESERVED
+CVE-2019-10253 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ ...)
+ TODO: check
CVE-2019-10252
RESERVED
CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for Android uses H ...)
@@ -20462,6 +20523,7 @@ CVE-2019-9520
CVE-2019-9519
RESERVED
CVE-2019-9518 (Some HTTP/2 implementations are vulnerable to a flood of empty frames, ...)
+ {DSA-4520-1}
- trafficserver 8.0.5+ds-1 (bug #935314)
[stretch] - trafficserver <end-of-life> (see DSA 4520)
NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
@@ -20483,7 +20545,7 @@ CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak, pote
NOTE: https://github.com/nginx/nginx/commit/dbdd9ffea81d9db46fb88b5eba828f2ad080d388 (release-1.16.1)
NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, potent ...)
- {DSA-4508-1}
+ {DSA-4520-1 DSA-4508-1}
- trafficserver 8.0.5+ds-1 (bug #934887)
[stretch] - trafficserver <end-of-life> (see DSA 4520)
- h2o 2.2.5+dfsg2-3 (bug #934886)
@@ -20493,7 +20555,7 @@ CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, p
NOTE: https://github.com/h2o/h2o/issues/2090
NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, potential ...)
- {DSA-4508-1 DSA-4503-1}
+ {DSA-4520-1 DSA-4508-1 DSA-4503-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
@@ -20531,7 +20593,7 @@ CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, pot
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potentially ...)
- {DSA-4508-1 DSA-4503-1}
+ {DSA-4520-1 DSA-4508-1 DSA-4503-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
@@ -26549,8 +26611,7 @@ CVE-2019-7178
RESERVED
CVE-2019-7177
RESERVED
-CVE-2019-7176
- RESERVED
+CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...)
@@ -26958,16 +27019,13 @@ CVE-2019-6999
RESERVED
CVE-2019-6998
RESERVED
-CVE-2019-6997
- RESERVED
+CVE-2019-6997 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6996
- RESERVED
+CVE-2019-6996 (An issue was discovered in GitLab Enterprise Edition 10.x (starting in ...)
- gitlab <not-affected> (Only affects EE)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6995
- RESERVED
+CVE-2019-6995 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6994
@@ -27090,8 +27148,7 @@ CVE-2019-6962 (A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181
NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK RDKB-2 ...)
NOT-FOR-US: RDK (Reference Design Kit)
-CVE-2019-6960
- RESERVED
+CVE-2019-6960 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6959
@@ -27437,58 +27494,46 @@ CVE-2019-6797 (An information disclosure issue was discovered in GitLab Enterpri
CVE-2019-6796 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6795
- RESERVED
+CVE-2019-6795 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6794
- RESERVED
+CVE-2019-6794 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6793
- RESERVED
+CVE-2019-6793 (An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11 ...)
- gitlab <not-affected> (Only affects EE)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6792
- RESERVED
+CVE-2019-6792 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6791
- RESERVED
+CVE-2019-6791 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6790 (An Incorrect Access Control (issue 2 of 3) issue was discovered in Git ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6789
- RESERVED
+CVE-2019-6789 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6788
- RESERVED
+CVE-2019-6788 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6787 (An Incorrect Access Control issue was discovered in GitLab Community a ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6786
- RESERVED
+CVE-2019-6786 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6785
- RESERVED
+CVE-2019-6785 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6784
- RESERVED
+CVE-2019-6784 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6783
- RESERVED
+CVE-2019-6783 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
-CVE-2019-6782
- RESERVED
+CVE-2019-6782 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6781 (An Improper Input Validation issue was discovered in GitLab Community ...)
@@ -48703,7 +48748,7 @@ CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows Unre
NOT-FOR-US: Zoho
CVE-2018-18474
RESERVED
-CVE-2018-18473 (A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N devices ...)
+CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with firmware versio ...)
NOT-FOR-US: PATLITE NBM-D88N
CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...)
NOT-FOR-US: Western Digital WD My Book Live
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c394d5e8ae828ea83131634144e6ff3de74201ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c394d5e8ae828ea83131634144e6ff3de74201ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190910/52413234/attachment.html>
More information about the debian-security-tracker-commits
mailing list