[Git][security-tracker-team/security-tracker][master] automatic update

Tue Sep 24 21:10:51 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad93a7ff by security tracker role at 2019-09-24T20:10:37Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2019-16757
+	RESERVED
+CVE-2019-16756
+	RESERVED
+CVE-2019-16755
+	RESERVED
+CVE-2019-16754 (RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implem ...)
+	TODO: check
+CVE-2019-16753
+	RESERVED
+CVE-2019-16752
+	RESERVED
+CVE-2019-16751 (An issue was discovered in Devise Token Auth through 1.1.2. The omniau ...)
+	TODO: check
+CVE-2019-16750
+	RESERVED
+CVE-2019-16749
+	RESERVED
+CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...)
+	TODO: check
+CVE-2019-16747
+	RESERVED
 CVE-2019-16745
 	RESERVED
 CVE-2019-16744
@@ -839,8 +861,8 @@ CVE-2019-16385
 	RESERVED
 CVE-2019-16384
 	RESERVED
-CVE-2019-16383
-	RESERVED
+CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...)
+	TODO: check
 CVE-2019-16382
 	RESERVED
 CVE-2019-16381
@@ -2243,6 +2265,7 @@ CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parse
 	NOTE: https://github.com/libexpat/libexpat/issues/317
 	NOTE: https://github.com/libexpat/libexpat/pull/318
 CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm kernel ...)
+	{DSA-4531-1}
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Bug never introduced)
 	NOTE: https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
@@ -4471,11 +4494,11 @@ CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via BB
 CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permission ...)
 	NOT-FOR-US: cnlh nps
 CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...)
-	{DLA-1930-1}
+	{DSA-4531-1 DLA-1930-1}
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18
 CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel throug ...)
-	{DLA-1930-1}
+	{DSA-4531-1 DLA-1930-1}
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
 CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS  ...)
@@ -5406,7 +5429,7 @@ CVE-2019-14837
 CVE-2019-14836
 	RESERVED
 CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...)
-	{DLA-1930-1}
+	{DSA-4531-1 DLA-1930-1}
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/09/17/1
 	NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
@@ -5449,7 +5472,7 @@ CVE-2019-14822 [missing authorization flaw]
 	NOTE: https://launchpad.net/bugs/1844853
 	NOTE: https://github.com/ibus/ibus/issues/2137
 CVE-2019-14821 (An out-of-bounds access issue was found in the Linux kernel, all versi ...)
-	{DLA-1930-1}
+	{DSA-4531-1 DLA-1930-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
 CVE-2019-14820
@@ -5661,8 +5684,8 @@ CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection
 	NOT-FOR-US: Open-School
 CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows X ...)
 	NOT-FOR-US: Backpack\CRUD Backpack
-CVE-2019-14753
-	RESERVED
+CVE-2019-14753 (SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buff ...)
+	TODO: check
 CVE-2019-14752
 	RESERVED
 CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...)
@@ -7687,10 +7710,10 @@ CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of serv
 	NOTE: https://github.com/haproxy/haproxy/issues/181
 CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory travers ...)
 	NOT-FOR-US: WCMS
-CVE-2019-14239
-	RESERVED
-CVE-2019-14238
-	RESERVED
+CVE-2019-14239 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...)
+	TODO: check
+CVE-2019-14238 (On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Prote ...)
+	TODO: check
 CVE-2019-14237 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...)
 	NOT-FOR-US: NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices
 CVE-2019-14236 (On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and ...)
@@ -9040,6 +9063,7 @@ CVE-2019-13628
 	RESERVED
 CVE-2019-13627 [ECDSA timing attack]
 	RESERVED
+	{DLA-1931-1}
 	- libgcrypt20 1.8.5-1 (bug #938938)
 	- libgcrypt11 <removed>
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b9577f7c89b4327edc09f2231bc8b31521102c79 (master)
@@ -10720,12 +10744,12 @@ CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a c
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows  ...)
 	NOT-FOR-US: OpenCats
-CVE-2019-13357
-	RESERVED
-CVE-2019-13356
-	RESERVED
-CVE-2019-13355
-	RESERVED
+CVE-2019-13357 (In Total Defense Anti-virus 9.0.0.773, resource acquisition from the u ...)
+	TODO: check
+CVE-2019-13356 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...)
+	TODO: check
+CVE-2019-13355 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...)
+	TODO: check
 CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org ...)
 	NOT-FOR-US: strong_password gem
 CVE-2019-13353
@@ -34577,8 +34601,8 @@ CVE-2019-4568
 	RESERVED
 CVE-2019-4567
 	RESERVED
-CVE-2019-4566
-	RESERVED
+CVE-2019-4566 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentia ...)
+	TODO: check
 CVE-2019-4565 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that ...)
 	NOT-FOR-US: IBM
 CVE-2019-4564
@@ -34679,8 +34703,8 @@ CVE-2019-4517
 	RESERVED
 CVE-2019-4516
 	RESERVED
-CVE-2019-4515
-	RESERVED
+CVE-2019-4515 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cros ...)
+	TODO: check
 CVE-2019-4514
 	RESERVED
 CVE-2019-4513 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vul ...)
@@ -36541,8 +36565,8 @@ CVE-2019-3728
 	RESERVED
 CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs ...)
 	NOT-FOR-US: Dell EMC RecoverPoint
-CVE-2019-3726
-	RESERVED
+CVE-2019-3726 (An Uncontrolled Search Path Vulnerability is applicable to the followi ...)
+	TODO: check
 CVE-2019-3725 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security An ...)
 	NOT-FOR-US: RSA Netwitness Platform
 CVE-2019-3724 (RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an ...)
@@ -75373,8 +75397,8 @@ CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.1
 	NOT-FOR-US: MiniCMS
 CVE-2018-9091 (A critical vulnerability in the KEMP LoadMaster Operating System (LMOS ...)
 	NOT-FOR-US: KEMP LoadMaster Operating System
-CVE-2018-9090
-	RESERVED
+CVE-2018-9090 (CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Gr ...)
+	TODO: check
 CVE-2018-9089
 	RESERVED
 CVE-2018-9088



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad93a7ffc7487c918a1ca7b4fce6fc1dbef3c806

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad93a7ffc7487c918a1ca7b4fce6fc1dbef3c806
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190924/425ea35f/attachment.html>
