[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 13 21:10:43 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
362cb8ba by security tracker role at 2019-09-13T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2019-16296
+ RESERVED
+CVE-2019-16295
+ RESERVED
+CVE-2019-16294
+ RESERVED
+CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...)
+ TODO: check
+CVE-2019-16292
+ RESERVED
+CVE-2019-16291
+ RESERVED
+CVE-2019-16290
+ RESERVED
+CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...)
+ TODO: check
+CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
+ TODO: check
+CVE-2019-16287
+ RESERVED
+CVE-2019-16286
+ RESERVED
+CVE-2019-16285
+ RESERVED
+CVE-2019-16284
+ RESERVED
+CVE-2019-16283
+ RESERVED
+CVE-2019-16282
+ RESERVED
+CVE-2019-16281
+ RESERVED
+CVE-2019-16280
+ RESERVED
+CVE-2019-16279
+ RESERVED
+CVE-2019-16278
+ RESERVED
+CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...)
+ TODO: check
+CVE-2017-18634
+ RESERVED
+CVE-2016-10973
+ RESERVED
+CVE-2016-10972
+ RESERVED
+CVE-2016-10971
+ RESERVED
+CVE-2016-10970
+ RESERVED
+CVE-2016-10969
+ RESERVED
+CVE-2016-10968
+ RESERVED
+CVE-2016-10967
+ RESERVED
+CVE-2016-10966
+ RESERVED
+CVE-2016-10965
+ RESERVED
+CVE-2016-10964
+ RESERVED
+CVE-2016-10963
+ RESERVED
+CVE-2016-10962
+ RESERVED
+CVE-2016-10961
+ RESERVED
+CVE-2016-10960
+ RESERVED
+CVE-2016-10959
+ RESERVED
+CVE-2016-10958
+ RESERVED
+CVE-2016-10957
+ RESERVED
+CVE-2016-10956
+ RESERVED
+CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...)
+ TODO: check
CVE-2019-XXXX [wireshark wnpa-sec-2019-21]
- wireshark 3.0.4-1 (low)
[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
@@ -79,50 +159,50 @@ CVE-2017-18617
RESERVED
CVE-2017-18616
RESERVED
-CVE-2017-18615
- RESERVED
-CVE-2017-18614
- RESERVED
-CVE-2017-18613
- RESERVED
-CVE-2017-18612
- RESERVED
-CVE-2016-10955
- RESERVED
-CVE-2016-10954
- RESERVED
-CVE-2016-10953
- RESERVED
-CVE-2016-10952
- RESERVED
-CVE-2016-10951
- RESERVED
-CVE-2016-10950
- RESERVED
-CVE-2016-10949
- RESERVED
-CVE-2016-10948
- RESERVED
-CVE-2016-10947
- RESERVED
-CVE-2016-10946
- RESERVED
-CVE-2016-10945
- RESERVED
-CVE-2016-10944
- RESERVED
-CVE-2016-10943
- RESERVED
-CVE-2016-10942
- RESERVED
-CVE-2016-10941
- RESERVED
-CVE-2016-10940
- RESERVED
-CVE-2016-10939
- RESERVED
-CVE-2016-10938
- RESERVED
+CVE-2017-18615 (The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18614 (The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via ...)
+ TODO: check
+CVE-2017-18613 (The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin ...)
+ TODO: check
+CVE-2017-18612 (The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/f ...)
+ TODO: check
+CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...)
+ TODO: check
+CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...)
+ TODO: check
+CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...)
+ TODO: check
+CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...)
+ TODO: check
+CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...)
+ TODO: check
+CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...)
+ TODO: check
+CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...)
+ TODO: check
+CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...)
+ TODO: check
+CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...)
+ TODO: check
+CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...)
+ TODO: check
+CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...)
+ TODO: check
+CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id ...)
+ TODO: check
+CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
+ TODO: check
+CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
+ TODO: check
+CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...)
+ TODO: check
+CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...)
+ TODO: check
+CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
+ TODO: check
CVE-2019-16255
RESERVED
CVE-2019-16254
@@ -2682,7 +2762,7 @@ CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28495
CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
- {DLA-1899-1}
+ {DSA-4522-1 DLA-1899-1}
- faad2 2.8.8-3
NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...)
@@ -3554,12 +3634,10 @@ CVE-2019-15033
RESERVED
CVE-2019-15032
RESERVED
-CVE-2019-15031 [powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts]
- RESERVED
+CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a8318c13e79badb92bc6640704a64cc022a6eb97
-CVE-2019-15030 [powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction]
- RESERVED
+CVE-2019-15030 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system command ...)
@@ -5005,6 +5083,7 @@ CVE-2019-14515
CVE-2019-14514
RESERVED
CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...)
+ {DLA-1921-1}
- dnsmasq 2.76-1
NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76
TODO: Find the relevant isolated changes in the 2.76 release to address the issue.
@@ -7113,18 +7192,18 @@ CVE-2019-13925
RESERVED
CVE-2019-13924
RESERVED
-CVE-2019-13923
- RESERVED
-CVE-2019-13922
- RESERVED
+CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...)
+ TODO: check
+CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
CVE-2019-13921
RESERVED
-CVE-2019-13920
- RESERVED
-CVE-2019-13919
- RESERVED
-CVE-2019-13918
- RESERVED
+CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2019-13918 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...)
{DSA-4488-1}
- exim4 4.92-10
@@ -8967,8 +9046,8 @@ CVE-2019-13550
RESERVED
CVE-2019-13549
RESERVED
-CVE-2019-13548
- RESERVED
+CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
+ TODO: check
CVE-2019-13547
RESERVED
CVE-2019-13546
@@ -8999,8 +9078,8 @@ CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version
NOT-FOR-US: Philips
CVE-2019-13533
RESERVED
-CVE-2019-13532
- RESERVED
+CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
+ TODO: check
CVE-2019-13531
RESERVED
CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
@@ -9409,10 +9488,10 @@ CVE-2019-13366
RESERVED
CVE-2019-13365
RESERVED
-CVE-2019-13364
- RESERVED
-CVE-2019-13363
- RESERVED
+CVE-2019-13364 (admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat& ...)
+ TODO: check
+CVE-2019-13363 (admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nb ...)
+ TODO: check
CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...)
NOT-FOR-US: Codedoc
CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an ...)
@@ -10683,8 +10762,8 @@ CVE-2019-12924 (MailEnable Enterprise Premium 10.23 was vulnerable to XML Extern
NOT-FOR-US: MailEnable Enterprise Premium
CVE-2019-12923 (In MailEnable Enterprise Premium 10.23, the potential cross-site reque ...)
NOT-FOR-US: MailEnable Enterprise Premium
-CVE-2019-12922
- RESERVED
+CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in th ...)
+ TODO: check
CVE-2019-12921
RESERVED
CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
@@ -11674,10 +11753,10 @@ CVE-2017-18376 (An improper authorization check in the User API in TheHive befor
NOT-FOR-US: User API in TheHive Project
CVE-2019-12518
RESERVED
-CVE-2019-12517
- RESERVED
-CVE-2019-12516
- RESERVED
+CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 fo ...)
+ TODO: check
+CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injectio ...)
+ TODO: check
CVE-2019-12515 (There is an out-of-bounds read vulnerability in the function FlateStre ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
NOTE: https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar
@@ -14098,8 +14177,8 @@ CVE-2019-11662
RESERVED
CVE-2019-11661
RESERVED
-CVE-2019-11660
- RESERVED
+CVE-2019-11660 (Privileges manipulation in Micro Focus Data Protector, versions 10.00, ...)
+ TODO: check
CVE-2019-11659
RESERVED
CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...)
@@ -16005,8 +16084,8 @@ CVE-2019-10939
RESERVED
CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communication ...)
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices
-CVE-2019-10937
- RESERVED
+CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
+ TODO: check
CVE-2019-10936
RESERVED
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
@@ -31220,10 +31299,10 @@ CVE-2019-5487
RESERVED
CVE-2019-5486
RESERVED
-CVE-2019-5485
- RESERVED
-CVE-2019-5484
- RESERVED
+CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...)
+ TODO: check
+CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file ...)
+ TODO: check
CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to exposing ...)
TODO: check
CVE-2019-5482 [TFTP small blocksize heap buffer overflow]
@@ -31647,10 +31726,10 @@ CVE-2019-5317
RESERVED
CVE-2019-5316
RESERVED
-CVE-2019-5315
- RESERVED
-CVE-2019-5314
- RESERVED
+CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
+ TODO: check
+CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...)
+ TODO: check
CVE-2019-5313
RESERVED
CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...)
@@ -35369,8 +35448,8 @@ CVE-2019-3648
RESERVED
CVE-2019-3647
RESERVED
-CVE-2019-3646
- RESERVED
+CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
+ TODO: check
CVE-2019-3645
RESERVED
CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
@@ -36799,12 +36878,13 @@ CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL
NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
- {DLA-1791-1}
+ {DSA-4522-1 DLA-1791-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/26
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_assembl ...)
+ {DSA-4522-1}
- faad2 2.8.8-2 (low)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -36819,12 +36899,14 @@ CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_
NOTE: https://github.com/knik0/faad2/issues/32
NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...)
+ {DSA-4522-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 2.7-8+deb8u2
NOTE: https://github.com/knik0/faad2/issues/29
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_predict ...)
+ {DSA-4522-1}
- faad2 2.8.8-2 (low)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -36832,6 +36914,7 @@ CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_p
NOTE: https://github.com/knik0/faad2/issues/31
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel of li ...)
+ {DSA-4522-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 2.7-8+deb8u2
@@ -37425,14 +37508,14 @@ CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of lib
NOTE: https://github.com/knik0/faad2/issues/24
NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
- {DLA-1791-1}
+ {DSA-4522-1 DLA-1791-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/23
NOTE: same underlying issue as CVE-2018-20362, same fix:
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...)
- {DLA-1791-1}
+ {DSA-4522-1 DLA-1791-1}
- faad2 2.8.8-2
NOTE: https://github.com/knik0/faad2/issues/20
NOTE: very similar to CVE-2018-20194, same fix:
@@ -37443,13 +37526,14 @@ CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of
NOTE: https://github.com/knik0/faad2/issues/19
NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...)
+ {DSA-4522-1}
- faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 2.7-8+deb8u2
NOTE: https://github.com/knik0/faad2/issues/25
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14
CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the c ...)
- {DLA-1791-1}
+ {DSA-4522-1 DLA-1791-1}
- faad2 2.8.8-2
NOTE: https://github.com/knik0/faad2/issues/21
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
@@ -46002,6 +46086,7 @@ CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in
CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct ...)
NOT-FOR-US: Remedy AR System Server in BMC Remedy
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+ {DSA-4522-1}
- faad2 2.8.8-2 (low; bug #914641)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 2.7-8+deb8u2
@@ -46009,13 +46094,14 @@ CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FA
NOTE: https://github.com/knik0/faad2/issues/26
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+ {DSA-4522-1}
- faad2 2.8.8-2 (bug #914641)
[jessie] - faad2 2.7-8+deb8u2
NOTE: https://sourceforge.net/p/faac/bugs/240/
NOTE: https://github.com/knik0/faad2/issues/18
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
CVE-2018-19502 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
- {DLA-1899-1}
+ {DSA-4522-1 DLA-1899-1}
- faad2 2.8.8-3 (bug #914641)
NOTE: https://sourceforge.net/p/faac/bugs/240/
NOTE: https://github.com/knik0/faad2/issues/22
@@ -79756,8 +79842,8 @@ CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave b
NOT-FOR-US: Aruba
CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...)
NOT-FOR-US: Aruba
-CVE-2018-7081
- RESERVED
+CVE-2018-7081 (A remote code execution vulnerability is present in network-listening ...)
+ TODO: check
CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
NOT-FOR-US: Aruba
CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ad ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/362cb8bab38cda1480389ba222f9cf13d457aac2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/362cb8bab38cda1480389ba222f9cf13d457aac2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190913/80e0ea89/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list