[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 11 21:10:41 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5604dc58 by security tracker role at 2019-09-11T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-16238
+ RESERVED
+CVE-2019-16237 (Dino before 2019-09-10 does not properly check the source of an MAM me ...)
+ TODO: check
+CVE-2019-16236 (Dino before 2019-09-10 does not check roster push authorization in mod ...)
+ TODO: check
+CVE-2019-16235 (Dino before 2019-09-10 does not properly check the source of a carbons ...)
+ TODO: check
+CVE-2019-16234 (drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5. ...)
+ TODO: check
+CVE-2019-16233 (drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not chec ...)
+ TODO: check
+CVE-2019-16232 (drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5. ...)
+ TODO: check
+CVE-2019-16231 (drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check ...)
+ TODO: check
+CVE-2019-16230 (drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 doe ...)
+ TODO: check
+CVE-2019-16229 (drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 ...)
+ TODO: check
+CVE-2019-16228 (An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...)
+ TODO: check
+CVE-2019-16227 (An issue was discovered in py_lmdb 0.97. For certain values of mn_flag ...)
+ TODO: check
+CVE-2019-16226 (An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...)
+ TODO: check
+CVE-2019-16225 (An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...)
+ TODO: check
+CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...)
+ TODO: check
+CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...)
+ TODO: check
+CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...)
+ TODO: check
+CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard. ...)
+ TODO: check
+CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...)
+ TODO: check
+CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...)
+ TODO: check
+CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...)
+ TODO: check
+CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...)
+ TODO: check
+CVE-2019-16216
+ RESERVED
+CVE-2019-16215
+ RESERVED
CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression for i ...)
NOT-FOR-US: Libra
CVE-2019-16213
@@ -40,8 +88,8 @@ CVE-2019-16195
RESERVED
CVE-2019-16194
RESERVED
-CVE-2019-16193
- RESERVED
+CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...)
+ TODO: check
CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
NOT-FOR-US: DocCMS
CVE-2019-16191
@@ -296,8 +344,8 @@ CVE-2019-16100 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote atta
NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16099 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON dat ...)
NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
-CVE-2019-16098
- RESERVED
+CVE-2019-16098 (The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys ...)
+ TODO: check
CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users ...)
NOT-FOR-US: Harbor
CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
@@ -620,11 +668,13 @@ CVE-2019-15948
CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted ...)
- bitcoin <unfixed> (bug #939608)
CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
+ {DLA-1916-1}
- opensc <unfixed> (bug #939669)
[buster] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
+ {DLA-1916-1}
- opensc <unfixed> (bug #939668)
[buster] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
@@ -3433,14 +3483,14 @@ CVE-2019-15000
RESERVED
CVE-2019-14999 (The Uninstall REST endpoint in Atlassian Universal Plugin Manager befo ...)
NOT-FOR-US: Atlassian
-CVE-2019-14998
- RESERVED
-CVE-2019-14997
- RESERVED
-CVE-2019-14996
- RESERVED
-CVE-2019-14995
- RESERVED
+CVE-2019-14998 (The Webwork action Cross-Site Request Forgery (CSRF) protection implem ...)
+ TODO: check
+CVE-2019-14997 (The AccessLogFilter class in Jira before version 8.4.0 allows remote a ...)
+ TODO: check
+CVE-2019-14996 (The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and ...)
+ TODO: check
+CVE-2019-14995 (The /rest/api/1.0/render resource in Jira before version 8.4.0 allows ...)
+ TODO: check
CVE-2019-14994
RESERVED
CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...)
@@ -3585,8 +3635,8 @@ CVE-2019-14938
RESERVED
CVE-2019-14937 (REDCap before 9.3.0 allows time-based SQL injection in the edit calend ...)
NOT-FOR-US: REDCap
-CVE-2019-14936
- RESERVED
+CVE-2019-14936 (Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Informat ...)
+ TODO: check
CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...)
NOT-FOR-US: 3CX Phone 15 on Windows
CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...)
@@ -4224,10 +4274,10 @@ CVE-2019-14727 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14726 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
-CVE-2019-14725
- RESERVED
-CVE-2019-14724
- RESERVED
+CVE-2019-14725 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14724 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
CVE-2019-14723 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14722 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
@@ -8879,8 +8929,8 @@ CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument in
NOT-FOR-US: MobaXterm
CVE-2019-13474
RESERVED
-CVE-2019-13473
- RESERVED
+CVE-2019-13473 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...)
+ TODO: check
CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the ...)
NOT-FOR-US: PHPWind
CVE-2019-13471
@@ -10198,7 +10248,7 @@ CVE-2019-12998
RESERVED
CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privileges from ...)
NOT-FOR-US: Loopchain
-CVE-2019-12996 (In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable ...)
+CVE-2019-12996 (In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTY ...)
NOT-FOR-US: Mendix
CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
NOT-FOR-US: Istio
@@ -13306,8 +13356,8 @@ CVE-2019-11779
RESERVED
CVE-2019-11778
RESERVED
-CVE-2019-11777
- RESERVED
+CVE-2019-11777 (In the Eclipse Paho Java client library version 1.2.0, when connecting ...)
+ TODO: check
CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflecte ...)
NOT-FOR-US: Eclipse BIRT
CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...)
@@ -20758,8 +20808,8 @@ CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual App
NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2019-9489 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
NOT-FOR-US: Trend Micro
-CVE-2019-9488
- RESERVED
+CVE-2019-9488 (Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Prote ...)
+ TODO: check
CVE-2018-20799 (In pfSense 2.4.4_1, blocking of source IP addresses on the basis of fa ...)
NOT-FOR-US: pfSense
CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes block dur ...)
@@ -23482,12 +23532,12 @@ CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 a
NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up ...)
NOT-FOR-US: Check Point ZoneAlarm
-CVE-2019-8451
- RESERVED
-CVE-2019-8450
- RESERVED
-CVE-2019-8449
- RESERVED
+CVE-2019-8451 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...)
+ TODO: check
+CVE-2019-8450 (Various templates of the Optimization plugin in Jira before version 7. ...)
+ TODO: check
+CVE-2019-8449 (The /rest/api/latest/groupuserpicker resource in Jira before version 8 ...)
+ TODO: check
CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...)
NOT-FOR-US: Atlassian Jira
CVE-2019-8447 (The ServiceExecutor resource in Jira before version 8.3.2 allows remot ...)
@@ -35108,10 +35158,10 @@ CVE-2019-3646
RESERVED
CVE-2019-3645
RESERVED
-CVE-2019-3644
- RESERVED
-CVE-2019-3643
- RESERVED
+CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
+ TODO: check
+CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
+ TODO: check
CVE-2019-3642
RESERVED
CVE-2019-3641
@@ -54326,51 +54376,61 @@ CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmar
NOTE: https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9
NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1364
CVE-2018-16427 (Various out of bounds reads when handling responses in OpenSC before 0 ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744fa
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16426 (Endless recursion when handling responses from an IAS-ECC card in iase ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16425 (A double free when handling responses from an HSM Card in sc_pkcs15emu ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16424 (A double free when handling responses in read_file in tools/egk-tool.c ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16423 (A double free when handling responses from a smartcard in sc_file_set_ ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-db0cd89ff279ad8c7b3bb780cdf2770a
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16422 (A single byte buffer overflow when handling responses from an esteid C ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16421 (Several buffer overflows when handling responses from a CAC Card in ca ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-848b13147a344ba2c6361d91ca77feb1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16420 (Several buffer overflows when handling responses from an ePass 2003 Ca ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16419 (Several buffer overflows when handling responses from a Cryptoflex car ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16418 (A buffer overflow when handling string concatenation in util_acl_to_st ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-628c8445c4e7ae92bbc4be08ba11a4c3
@@ -54454,16 +54514,19 @@ CVE-2018-16395 (An issue was discovered in the OpenSSL library in Ruby before 2.
CVE-2018-16394
RESERVED
CVE-2018-16393 (Several buffer overflows when handling responses from a Gemsafe V1 Sma ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16392 (Several buffer overflows when handling responses from a TCOS Card in t ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b2a356323a9ff2024d041cf2d7e89dd3
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16391 (Several buffer overflows when handling responses from a Muscle Card in ...)
+ {DLA-1916-1}
- opensc 0.19.0~rc1-1 (low; bug #909444)
[stretch] - opensc 0.16.0-3+deb9u1
NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5604dc5882871b08e94a25ed9a3861590c619a1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5604dc5882871b08e94a25ed9a3861590c619a1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190911/d8461eb3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list