[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 19 21:10:33 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ca0da59 by security tracker role at 2019-09-19T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,217 @@
+CVE-2019-16525 (An XSS issue was discovered in the checklist plugin before 1.1.9 for W ...)
+ TODO: check
+CVE-2019-16524
+ RESERVED
+CVE-2019-16523
+ RESERVED
+CVE-2019-16522
+ RESERVED
+CVE-2019-16521
+ RESERVED
+CVE-2019-16520
+ RESERVED
+CVE-2019-16519
+ RESERVED
+CVE-2019-16518
+ RESERVED
+CVE-2019-16517
+ RESERVED
+CVE-2019-16516
+ RESERVED
+CVE-2019-16515
+ RESERVED
+CVE-2019-16514
+ RESERVED
+CVE-2019-16513
+ RESERVED
+CVE-2019-16512
+ RESERVED
+CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. ...)
+ TODO: check
+CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady ...)
+ TODO: check
+CVE-2019-16509
+ RESERVED
+CVE-2019-16508
+ RESERVED
+CVE-2019-16507
+ RESERVED
+CVE-2019-16506
+ RESERVED
+CVE-2019-16505
+ RESERVED
+CVE-2019-16504
+ RESERVED
+CVE-2019-16503
+ RESERVED
+CVE-2019-16502
+ RESERVED
+CVE-2019-16501
+ RESERVED
+CVE-2019-16500
+ RESERVED
+CVE-2019-16499
+ RESERVED
+CVE-2019-16498
+ RESERVED
+CVE-2019-16497
+ RESERVED
+CVE-2019-16496
+ RESERVED
+CVE-2019-16495
+ RESERVED
+CVE-2019-16494
+ RESERVED
+CVE-2019-16493
+ RESERVED
+CVE-2019-16492
+ RESERVED
+CVE-2019-16491
+ RESERVED
+CVE-2019-16490
+ RESERVED
+CVE-2019-16489
+ RESERVED
+CVE-2019-16488
+ RESERVED
+CVE-2019-16487
+ RESERVED
+CVE-2019-16486
+ RESERVED
+CVE-2019-16485
+ RESERVED
+CVE-2019-16484
+ RESERVED
+CVE-2019-16483
+ RESERVED
+CVE-2019-16482
+ RESERVED
+CVE-2019-16481
+ RESERVED
+CVE-2019-16480
+ RESERVED
+CVE-2019-16479
+ RESERVED
+CVE-2019-16478
+ RESERVED
+CVE-2019-16477
+ RESERVED
+CVE-2019-16476
+ RESERVED
+CVE-2019-16475
+ RESERVED
+CVE-2019-16474
+ RESERVED
+CVE-2019-16473
+ RESERVED
+CVE-2019-16472
+ RESERVED
+CVE-2019-16471
+ RESERVED
+CVE-2019-16470
+ RESERVED
+CVE-2019-16469
+ RESERVED
+CVE-2019-16468
+ RESERVED
+CVE-2019-16467
+ RESERVED
+CVE-2019-16466
+ RESERVED
+CVE-2019-16465
+ RESERVED
+CVE-2019-16464
+ RESERVED
+CVE-2019-16463
+ RESERVED
+CVE-2019-16462
+ RESERVED
+CVE-2019-16461
+ RESERVED
+CVE-2019-16460
+ RESERVED
+CVE-2019-16459
+ RESERVED
+CVE-2019-16458
+ RESERVED
+CVE-2019-16457
+ RESERVED
+CVE-2019-16456
+ RESERVED
+CVE-2019-16455
+ RESERVED
+CVE-2019-16454
+ RESERVED
+CVE-2019-16453
+ RESERVED
+CVE-2019-16452
+ RESERVED
+CVE-2019-16451
+ RESERVED
+CVE-2019-16450
+ RESERVED
+CVE-2019-16449
+ RESERVED
+CVE-2019-16448
+ RESERVED
+CVE-2019-16447
+ RESERVED
+CVE-2019-16446
+ RESERVED
+CVE-2019-16445
+ RESERVED
+CVE-2019-16444
+ RESERVED
+CVE-2019-16443
+ RESERVED
+CVE-2019-16442
+ RESERVED
+CVE-2019-16441
+ RESERVED
+CVE-2019-16440
+ RESERVED
+CVE-2019-16439
+ RESERVED
+CVE-2019-16438
+ RESERVED
+CVE-2019-16437
+ RESERVED
+CVE-2019-16436
+ RESERVED
+CVE-2019-16435
+ RESERVED
+CVE-2019-16434
+ RESERVED
+CVE-2019-16433
+ RESERVED
+CVE-2019-16432
+ RESERVED
+CVE-2019-16431
+ RESERVED
+CVE-2019-16430
+ RESERVED
+CVE-2019-16429
+ RESERVED
+CVE-2019-16428
+ RESERVED
+CVE-2019-16427
+ RESERVED
+CVE-2019-16426
+ RESERVED
+CVE-2019-16425
+ RESERVED
+CVE-2019-16424
+ RESERVED
+CVE-2019-16423
+ RESERVED
+CVE-2019-16422
+ RESERVED
+CVE-2019-16421
+ RESERVED
+CVE-2019-16420
+ RESERVED
+CVE-2019-16419
+ RESERVED
CVE-2019-16418
RESERVED
CVE-2019-16417
@@ -13,8 +227,8 @@ CVE-2019-16413 (An issue was discovered in the Linux kernel before 5.0.4. The 9p
[stretch] - linux 4.9.168-1
[jessie] - linux 3.16.70-1
NOTE: https://git.kernel.org/linus/5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f
-CVE-2019-16412
- RESERVED
+CVE-2019-16412 (In goform/setSysTools on Tenda N301 wireless routers, attackers can tr ...)
+ TODO: check
CVE-2019-16411
RESERVED
CVE-2019-16410
@@ -41,8 +255,8 @@ CVE-2019-16400
RESERVED
CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers from Broke ...)
NOT-FOR-US: Western Digital
-CVE-2019-16398
- RESERVED
+CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution ca ...)
+ TODO: check
CVE-2019-16397
RESERVED
CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() f ...)
@@ -555,6 +769,7 @@ CVE-2019-16240
CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...)
TODO: check
CVE-2019-16378 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a si ...)
+ {DSA-4526-1}
- opendmarc 1.3.2-7 (bug #940081)
NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/48
CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect ...)
@@ -1301,8 +1516,8 @@ CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1
NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
NOT-FOR-US: Counter-Strike: Global Offensive
-CVE-2019-15943
- RESERVED
+CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allow ...)
+ TODO: check
CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
- ffmpeg <not-affected> (Only affects 4.2)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
@@ -3978,10 +4193,10 @@ CVE-2019-15035
RESERVED
CVE-2019-15034
RESERVED
-CVE-2019-15033
- RESERVED
-CVE-2019-15032
- RESERVED
+CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...)
+ TODO: check
+CVE-2019-15032 (Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...)
+ TODO: check
CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4115,10 +4330,10 @@ CVE-2019-15003
RESERVED
CVE-2019-15002
RESERVED
-CVE-2019-15001
- RESERVED
-CVE-2019-15000
- RESERVED
+CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data Cente from ...)
+ TODO: check
+CVE-2019-15000 (The commit diff rest endpoint in Bitbucket Server and Data Center befo ...)
+ TODO: check
CVE-2019-14999 (The Uninstall REST endpoint in Atlassian Universal Plugin Manager befo ...)
NOT-FOR-US: Atlassian
CVE-2019-14998 (The Webwork action Cross-Site Request Forgery (CSRF) protection implem ...)
@@ -4129,8 +4344,8 @@ CVE-2019-14996 (The FilterPickerPopup.jspa resource in Jira before version 7.13.
NOT-FOR-US: Atlassian Jira
CVE-2019-14995 (The /rest/api/1.0/render resource in Jira before version 8.4.0 allows ...)
NOT-FOR-US: Atlassian Jira
-CVE-2019-14994
- RESERVED
+CVE-2019-14994 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...)
+ TODO: check
CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...)
NOT-FOR-US: Istio
CVE-2019-14992
@@ -4632,8 +4847,7 @@ CVE-2019-14822 [missing authorization flaw]
- ibus 1.5.21-1 (bug #940267)
NOTE: https://www.openwall.com/lists/oss-security/2019/09/13/1
NOTE: Fixed by: https://github.com/ibus/ibus/commit/3d442dbf936d197aa11ca0a71663c2bc61696151
-CVE-2019-14821
- RESERVED
+CVE-2019-14821 (An out-of-bounds access issue was found in the Linux kernel, all versi ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
CVE-2019-14820
@@ -14024,8 +14238,7 @@ CVE-2019-11781
RESERVED
CVE-2019-11780
RESERVED
-CVE-2019-11779 [Excess hierarchy characters on subscribe causes crash]
- RESERVED
+CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
- mosquitto 1.6.6-1 (bug #940654)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1 ...)
@@ -30326,8 +30539,8 @@ CVE-2019-6012
RESERVED
CVE-2019-6011
RESERVED
-CVE-2019-6010
- RESERVED
+CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to the vers ...)
+ TODO: check
CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows rem ...)
NOT-FOR-US: SHIRASAGI
CVE-2019-6008
@@ -35778,8 +35991,8 @@ CVE-2019-3691
RESERVED
CVE-2019-3690
RESERVED
-CVE-2019-3689
- RESERVED
+CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...)
+ TODO: check
CVE-2019-3688
RESERVED
CVE-2019-3687
@@ -60138,11 +60351,11 @@ CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJ
NOTE: https://github.com/mozilla/mozjpeg/issues/299
CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
NOT-FOR-US: Tenda D152 ADSL routers
-CVE-2018-14496 (Vivotek FD8136 devices allow remote memory corruption and remote code ...)
+CVE-2018-14496 (** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption a ...)
NOT-FOR-US: Vivotek FD8136 devices
-CVE-2018-14495 (Vivotek FD8136 devices allow Remote Command Injection, aka "another co ...)
+CVE-2018-14495 (** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, ...)
NOT-FOR-US: Vivotek FD8136 devices
-CVE-2018-14494 (Vivotek FD8136 devices allow Remote Command Injection, related to Busy ...)
+CVE-2018-14494 (** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, ...)
NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Au ...)
NOT-FOR-US: Open-Audit Community
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ca0da59cbba51897eb2e5804cfab568743dc38b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ca0da59cbba51897eb2e5804cfab568743dc38b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190919/42f979e3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list