[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Sep 23 21:10:37 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3e744b7 by security tracker role at 2019-09-23T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,51 @@
+CVE-2019-16727
+	RESERVED
+CVE-2019-16726
+	RESERVED
+CVE-2019-16725
+	RESERVED
+CVE-2019-16724
+	RESERVED
+CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authorization c ...)
+	TODO: check
+CVE-2019-16722 (ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against  ...)
+	TODO: check
+CVE-2019-16721 (NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as de ...)
+	TODO: check
+CVE-2019-16720 (ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins ...)
+	TODO: check
+CVE-2019-16719 (WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with r ...)
+	TODO: check
+CVE-2019-16718 (In radare2 before 3.9.0, a command injection vulnerability exists in b ...)
+	TODO: check
+CVE-2019-16717
+	RESERVED
+CVE-2019-16716
+	RESERVED
+CVE-2019-16715
+	RESERVED
+CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...)
+	TODO: check
+CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...)
+	TODO: check
+CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...)
+	TODO: check
+CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...)
+	TODO: check
+CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...)
+	TODO: check
+CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...)
+	TODO: check
+CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...)
+	TODO: check
+CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account via ad ...)
+	TODO: check
+CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
+	TODO: check
 CVE-2019-XXXX [local root exploit in regard to the default environment variable handling of Python]
 	- pam-python 1.0.7-1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
-CVE-2019-16714 [net/rds: Fix info leak in rds6_inc_info_copy()]
+CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736
 CVE-2019-16705 (Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in th ...)
@@ -34,7 +78,7 @@ CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields
 CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...)
 	NOT-FOR-US: phpIPAM
 CVE-2019-16691
-	RESERVED
+	REJECTED
 CVE-2019-16690
 	RESERVED
 CVE-2019-16689
@@ -473,8 +517,8 @@ CVE-2019-16520
 	RESERVED
 CVE-2019-16519
 	RESERVED
-CVE-2019-16518
-	RESERVED
+CVE-2019-16518 (An issue was discovered on e9:c8:82:d7:31:5a devices that use the Vand ...)
+	TODO: check
 CVE-2019-16517
 	RESERVED
 CVE-2019-16516
@@ -800,8 +844,8 @@ CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress
 	NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
 CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...)
 	NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
-CVE-2019-16377
-	RESERVED
+CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Co ...)
+	TODO: check
 CVE-2019-16376
 	RESERVED
 CVE-2019-16375
@@ -2906,8 +2950,8 @@ CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious
 	NOT-FOR-US: Tableau
 CVE-2019-15636
 	RESERVED
-CVE-2019-15635
-	RESERVED
+CVE-2019-15635 (An issue was discovered in Grafana 5.4.0. Passwords for data sources u ...)
+	TODO: check
 CVE-2019-15634
 	RESERVED
 CVE-2019-15633
@@ -11457,8 +11501,8 @@ CVE-2019-13065
 	RESERVED
 CVE-2019-13064
 	RESERVED
-CVE-2019-13063
-	RESERVED
+CVE-2019-13063 (Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to ...)
+	TODO: check
 CVE-2019-13062
 	RESERVED
 CVE-2019-13061
@@ -13201,15 +13245,13 @@ CVE-2019-12409
 	RESERVED
 CVE-2019-12408
 	RESERVED
-CVE-2019-12407
-	RESERVED
+CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
 	- jspwiki <removed>
 CVE-2019-12406
 	RESERVED
 CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...)
 	NOT-FOR-US: Apache Traffic Control
-CVE-2019-12404
-	RESERVED
+CVE-2019-12404 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
 	- jspwiki <removed>
 CVE-2019-12403
 	RESERVED
@@ -16328,8 +16370,8 @@ CVE-2019-11279
 	RESERVED
 CVE-2019-11278
 	RESERVED
-CVE-2019-11277
-	RESERVED
+CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...)
+	TODO: check
 CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
 	TODO: check
 CVE-2019-11275
@@ -17086,8 +17128,8 @@ CVE-2019-10998 (An issue was discovered on Phoenix Contact AXC F 2152 (No.240426
 	NOT-FOR-US: Phoenix Contact
 CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
 	NOT-FOR-US: Phoenix Contact
-CVE-2019-10996
-	RESERVED
+CVE-2019-10996 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+	TODO: check
 CVE-2019-10995
 	RESERVED
 CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...)
@@ -17098,8 +17140,8 @@ CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and pri
 	NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
 CVE-2019-10991 (In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buf ...)
 	NOT-FOR-US: WebAccess/SCADA
-CVE-2019-10990
-	RESERVED
+CVE-2019-10990 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+	TODO: check
 CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...)
 	NOT-FOR-US: WebAccess/SCADA
 CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...)
@@ -17110,8 +17152,8 @@ CVE-2019-10986
 	RESERVED
 CVE-2019-10985 (In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnera ...)
 	NOT-FOR-US: WebAccess/SCADA
-CVE-2019-10984
-	RESERVED
+CVE-2019-10984 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+	TODO: check
 CVE-2019-10983 (In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vul ...)
 	NOT-FOR-US: WebAccess/SCADA
 CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
@@ -17122,8 +17164,8 @@ CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCAD
 	NOT-FOR-US: LAquis SCADA
 CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
 	NOT-FOR-US: SICK MSC800
-CVE-2019-10978
-	RESERVED
+CVE-2019-10978 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
+	TODO: check
 CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...)
@@ -19510,11 +19552,9 @@ CVE-2019-10092 [Limited cross-site scripting in mod_proxy]
 	NOTE: https://svn.apache.org/r1864191
 CVE-2019-10091
 	RESERVED
-CVE-2019-10090
-	RESERVED
+CVE-2019-10090 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
 	- jspwiki <removed>
-CVE-2019-10089
-	RESERVED
+CVE-2019-10089 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
 	- jspwiki <removed>
 CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...)
 	- tika 1.22-1 (bug #933744)
@@ -19522,8 +19562,7 @@ CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apac
 	[jessie] - tika <not-affected> (Vulnerable feature introduced in 1.7)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
 	NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
-CVE-2019-10087
-	RESERVED
+CVE-2019-10087 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
 	- jspwiki <removed>
 CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...)
 	{DLA-1896-1}
@@ -37184,8 +37223,8 @@ CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impa
 	NOT-FOR-US: ZTE
 CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
 	NOT-FOR-US: ZTE
-CVE-2019-3416
-	RESERVED
+CVE-2019-3416 (All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impa ...)
+	TODO: check
 CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3e744b7187b66522e71194950322da6eb53472c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3e744b7187b66522e71194950322da6eb53472c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190923/ec75a0cf/attachment.html>


More information about the debian-security-tracker-commits mailing list