[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 23 21:10:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f3e744b7 by security tracker role at 2019-09-23T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,51 @@
+CVE-2019-16727
+ RESERVED
+CVE-2019-16726
+ RESERVED
+CVE-2019-16725
+ RESERVED
+CVE-2019-16724
+ RESERVED
+CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authorization c ...)
+ TODO: check
+CVE-2019-16722 (ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against ...)
+ TODO: check
+CVE-2019-16721 (NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as de ...)
+ TODO: check
+CVE-2019-16720 (ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins ...)
+ TODO: check
+CVE-2019-16719 (WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with r ...)
+ TODO: check
+CVE-2019-16718 (In radare2 before 3.9.0, a command injection vulnerability exists in b ...)
+ TODO: check
+CVE-2019-16717
+ RESERVED
+CVE-2019-16716
+ RESERVED
+CVE-2019-16715
+ RESERVED
+CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...)
+ TODO: check
+CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...)
+ TODO: check
+CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...)
+ TODO: check
+CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...)
+ TODO: check
+CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...)
+ TODO: check
+CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...)
+ TODO: check
+CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...)
+ TODO: check
+CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account via ad ...)
+ TODO: check
+CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
+ TODO: check
CVE-2019-XXXX [local root exploit in regard to the default environment variable handling of Python]
- pam-python 1.0.7-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
-CVE-2019-16714 [net/rds: Fix info leak in rds6_inc_info_copy()]
+CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736
CVE-2019-16705 (Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in th ...)
@@ -34,7 +78,7 @@ CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields
CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...)
NOT-FOR-US: phpIPAM
CVE-2019-16691
- RESERVED
+ REJECTED
CVE-2019-16690
RESERVED
CVE-2019-16689
@@ -473,8 +517,8 @@ CVE-2019-16520
RESERVED
CVE-2019-16519
RESERVED
-CVE-2019-16518
- RESERVED
+CVE-2019-16518 (An issue was discovered on e9:c8:82:d7:31:5a devices that use the Vand ...)
+ TODO: check
CVE-2019-16517
RESERVED
CVE-2019-16516
@@ -800,8 +844,8 @@ CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress
NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...)
NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
-CVE-2019-16377
- RESERVED
+CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Co ...)
+ TODO: check
CVE-2019-16376
RESERVED
CVE-2019-16375
@@ -2906,8 +2950,8 @@ CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious
NOT-FOR-US: Tableau
CVE-2019-15636
RESERVED
-CVE-2019-15635
- RESERVED
+CVE-2019-15635 (An issue was discovered in Grafana 5.4.0. Passwords for data sources u ...)
+ TODO: check
CVE-2019-15634
RESERVED
CVE-2019-15633
@@ -11457,8 +11501,8 @@ CVE-2019-13065
RESERVED
CVE-2019-13064
RESERVED
-CVE-2019-13063
- RESERVED
+CVE-2019-13063 (Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to ...)
+ TODO: check
CVE-2019-13062
RESERVED
CVE-2019-13061
@@ -13201,15 +13245,13 @@ CVE-2019-12409
RESERVED
CVE-2019-12408
RESERVED
-CVE-2019-12407
- RESERVED
+CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
CVE-2019-12406
RESERVED
CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...)
NOT-FOR-US: Apache Traffic Control
-CVE-2019-12404
- RESERVED
+CVE-2019-12404 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
CVE-2019-12403
RESERVED
@@ -16328,8 +16370,8 @@ CVE-2019-11279
RESERVED
CVE-2019-11278
RESERVED
-CVE-2019-11277
- RESERVED
+CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...)
+ TODO: check
CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
TODO: check
CVE-2019-11275
@@ -17086,8 +17128,8 @@ CVE-2019-10998 (An issue was discovered on Phoenix Contact AXC F 2152 (No.240426
NOT-FOR-US: Phoenix Contact
CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
NOT-FOR-US: Phoenix Contact
-CVE-2019-10996
- RESERVED
+CVE-2019-10996 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+ TODO: check
CVE-2019-10995
RESERVED
CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...)
@@ -17098,8 +17140,8 @@ CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and pri
NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
CVE-2019-10991 (In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buf ...)
NOT-FOR-US: WebAccess/SCADA
-CVE-2019-10990
- RESERVED
+CVE-2019-10990 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+ TODO: check
CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...)
@@ -17110,8 +17152,8 @@ CVE-2019-10986
RESERVED
CVE-2019-10985 (In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnera ...)
NOT-FOR-US: WebAccess/SCADA
-CVE-2019-10984
- RESERVED
+CVE-2019-10984 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+ TODO: check
CVE-2019-10983 (In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vul ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
@@ -17122,8 +17164,8 @@ CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCAD
NOT-FOR-US: LAquis SCADA
CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
NOT-FOR-US: SICK MSC800
-CVE-2019-10978
- RESERVED
+CVE-2019-10978 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+ TODO: check
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
NOT-FOR-US: Mitsubishi
CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...)
@@ -19510,11 +19552,9 @@ CVE-2019-10092 [Limited cross-site scripting in mod_proxy]
NOTE: https://svn.apache.org/r1864191
CVE-2019-10091
RESERVED
-CVE-2019-10090
- RESERVED
+CVE-2019-10090 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
-CVE-2019-10089
- RESERVED
+CVE-2019-10089 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...)
- tika 1.22-1 (bug #933744)
@@ -19522,8 +19562,7 @@ CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apac
[jessie] - tika <not-affected> (Vulnerable feature introduced in 1.7)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
-CVE-2019-10087
- RESERVED
+CVE-2019-10087 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...)
{DLA-1896-1}
@@ -37184,8 +37223,8 @@ CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impa
NOT-FOR-US: ZTE
CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
NOT-FOR-US: ZTE
-CVE-2019-3416
- RESERVED
+CVE-2019-3416 (All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impa ...)
+ TODO: check
CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
NOT-FOR-US: ZTE
CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3e744b7187b66522e71194950322da6eb53472c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3e744b7187b66522e71194950322da6eb53472c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190923/ec75a0cf/attachment.html>
More information about the debian-security-tracker-commits
mailing list