[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 25 21:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8bc0812 by security tracker role at 2019-09-25T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2019-16888
+ RESERVED
+CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent ...)
+ TODO: check
+CVE-2019-16886
+ RESERVED
+CVE-2019-16885
+ RESERVED
+CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...)
+ TODO: check
+CVE-2019-16883
+ RESERVED
+CVE-2019-16882 (An issue was discovered in the string-interner crate before 0.7.1 for ...)
+ TODO: check
+CVE-2019-16881 (An issue was discovered in the portaudio-rs crate through 0.3.1 for Ru ...)
+ TODO: check
+CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rust. The ...)
+ TODO: check
+CVE-2019-16879
+ RESERVED
+CVE-2019-16878
+ RESERVED
+CVE-2019-16877
+ RESERVED
+CVE-2019-16876
+ RESERVED
+CVE-2019-16875
+ RESERVED
+CVE-2019-16874
+ RESERVED
+CVE-2019-16873
+ RESERVED
+CVE-2019-16872
+ RESERVED
+CVE-2019-16871
+ RESERVED
+CVE-2019-16870
+ RESERVED
+CVE-2019-16869
+ RESERVED
+CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerability v ...)
+ TODO: check
+CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...)
+ TODO: check
+CVE-2019-16866
+ RESERVED
+CVE-2015-9449
+ RESERVED
+CVE-2015-9448
+ RESERVED
+CVE-2015-9447
+ RESERVED
+CVE-2015-9446
+ RESERVED
+CVE-2015-9445
+ RESERVED
+CVE-2015-9444
+ RESERVED
+CVE-2015-9443
+ RESERVED
+CVE-2015-9442
+ RESERVED
+CVE-2015-9441
+ RESERVED
+CVE-2015-9440
+ RESERVED
+CVE-2015-9439
+ RESERVED
+CVE-2015-9438
+ RESERVED
+CVE-2015-9437
+ RESERVED
+CVE-2015-9436
+ RESERVED
+CVE-2015-9435
+ RESERVED
+CVE-2015-9434
+ RESERVED
+CVE-2015-9433
+ RESERVED
+CVE-2015-9432
+ RESERVED
+CVE-2015-9431
+ RESERVED
+CVE-2015-9430
+ RESERVED
+CVE-2015-9429
+ RESERVED
+CVE-2015-9428
+ RESERVED
+CVE-2015-9427
+ RESERVED
+CVE-2015-9426
+ RESERVED
+CVE-2015-9425
+ RESERVED
+CVE-2015-9424
+ RESERVED
+CVE-2015-9423
+ RESERVED
+CVE-2015-9422
+ RESERVED
+CVE-2015-9421
+ RESERVED
+CVE-2015-9420
+ RESERVED
+CVE-2015-9419
+ RESERVED
+CVE-2015-9418
+ RESERVED
+CVE-2015-9417
+ RESERVED
+CVE-2015-9416
+ RESERVED
+CVE-2015-9415
+ RESERVED
+CVE-2015-9414
+ RESERVED
+CVE-2015-9413
+ RESERVED
+CVE-2015-9412
+ RESERVED
+CVE-2015-9411
+ RESERVED
+CVE-2015-9410
+ RESERVED
+CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
+ TODO: check
CVE-2019-16865
RESERVED
CVE-2019-16864
@@ -346,8 +474,8 @@ CVE-2019-16703 (admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. ...)
NOT-FOR-US: PHPMyWind
CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary c ...)
NOT-FOR-US: Integard Pro
-CVE-2019-16701
- RESERVED
+CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...)
+ TODO: check
CVE-2019-16700
RESERVED
CVE-2019-16699
@@ -1727,8 +1855,8 @@ CVE-2019-16196
RESERVED
CVE-2019-16195
RESERVED
-CVE-2019-16194
- RESERVED
+CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks ...)
+ TODO: check
CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
@@ -1739,8 +1867,8 @@ CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-8
NOT-FOR-US: D-Link
CVE-2019-16189
RESERVED
-CVE-2019-16188
- RESERVED
+CVE-2019-16188 (HCL AppScan Source before 9.03.13 is susceptible to XML External Entit ...)
+ TODO: check
CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
NOT-FOR-US: magic-fields plugin for WordPress
CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
@@ -4926,12 +5054,12 @@ CVE-2019-15071
RESERVED
CVE-2019-15070
RESERVED
-CVE-2019-15069
- RESERVED
-CVE-2019-15068
- RESERVED
-CVE-2019-15067
- RESERVED
+CVE-2019-15069 (An unsafe authentication interface was discovered in Smart Battery A4, ...)
+ TODO: check
+CVE-2019-15068 (A broken access control vulnerability in Smart Battery A4, a multifunc ...)
+ TODO: check
+CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart Battery A2- ...)
+ TODO: check
CVE-2019-15066
RESERVED
CVE-2019-15065
@@ -9290,8 +9418,7 @@ CVE-2019-13629
RESERVED
CVE-2019-13628
RESERVED
-CVE-2019-13627 [ECDSA timing attack]
- RESERVED
+CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the libgcryp ...)
{DLA-1931-1}
- libgcrypt20 1.8.5-1 (bug #938938)
- libgcrypt11 <removed>
@@ -13995,8 +14122,8 @@ CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qg
NOTE: Disputed upstream as not beeing exploitable.
CVE-2019-12246
RESERVED
-CVE-2019-12245
- RESERVED
+CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected ...)
+ TODO: check
CVE-2019-12244
RESERVED
CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...)
@@ -14151,12 +14278,12 @@ CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-r
NOT-FOR-US: njs
CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...)
NOT-FOR-US: njs
-CVE-2019-12205
- RESERVED
-CVE-2019-12204
- RESERVED
-CVE-2019-12203
- RESERVED
+CVE-2019-12205 (SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. ...)
+ TODO: check
+CVE-2019-12204 (In SilverStripe through 4.3.3, a missing warning about leaving install ...)
+ TODO: check
+CVE-2019-12203 (SilverStripe through 4.3.3 allows session fixation in the "change pass ...)
+ TODO: check
CVE-2019-12202
RESERVED
CVE-2019-12201
@@ -18865,66 +18992,66 @@ CVE-2019-10432
RESERVED
CVE-2019-10431
RESERVED
-CVE-2019-10430
- RESERVED
-CVE-2019-10429
- RESERVED
-CVE-2019-10428
- RESERVED
-CVE-2019-10427
- RESERVED
-CVE-2019-10426
- RESERVED
-CVE-2019-10425
- RESERVED
-CVE-2019-10424
- RESERVED
-CVE-2019-10423
- RESERVED
-CVE-2019-10422
- RESERVED
-CVE-2019-10421
- RESERVED
-CVE-2019-10420
- RESERVED
-CVE-2019-10419
- RESERVED
-CVE-2019-10418
- RESERVED
-CVE-2019-10417
- RESERVED
-CVE-2019-10416
- RESERVED
-CVE-2019-10415
- RESERVED
-CVE-2019-10414
- RESERVED
-CVE-2019-10413
- RESERVED
-CVE-2019-10412
- RESERVED
-CVE-2019-10411
- RESERVED
-CVE-2019-10410
- RESERVED
-CVE-2019-10409
- RESERVED
-CVE-2019-10408
- RESERVED
-CVE-2019-10407
- RESERVED
-CVE-2019-10406
- RESERVED
-CVE-2019-10405
- RESERVED
-CVE-2019-10404
- RESERVED
-CVE-2019-10403
- RESERVED
-CVE-2019-10402
- RESERVED
-CVE-2019-10401
- RESERVED
+CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored ...)
+ TODO: check
+CVE-2019-10429 (Jenkins GitLab Logo Plugin stores credentials unencrypted in its globa ...)
+ TODO: check
+CVE-2019-10428 (Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted co ...)
+ TODO: check
+CVE-2019-10427 (Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configu ...)
+ TODO: check
+CVE-2019-10426 (Jenkins Gem Publisher Plugin stores credentials unencrypted in its glo ...)
+ TODO: check
+CVE-2019-10425 (Jenkins Google Calendar Plugin stores credentials unencrypted in job c ...)
+ TODO: check
+CVE-2019-10424 (Jenkins elOyente Plugin stores credentials unencrypted in its global c ...)
+ TODO: check
+CVE-2019-10423 (Jenkins CodeScan Plugin stores credentials unencrypted in its global c ...)
+ TODO: check
+CVE-2019-10422 (Jenkins Call Remote Job Plugin stores credentials unencrypted in job c ...)
+ TODO: check
+CVE-2019-10421 (Jenkins Azure Event Grid Build Notifier Plugin stores credentials unen ...)
+ TODO: check
+CVE-2019-10420 (Jenkins Assembla Plugin stores credentials unencrypted in its global c ...)
+ TODO: check
+CVE-2019-10419 (Jenkins vFabric Application Director Plugin stores credentials unencry ...)
+ TODO: check
+CVE-2019-10418 (Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a c ...)
+ TODO: check
+CVE-2019-10417 (Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a c ...)
+ TODO: check
+CVE-2019-10416 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...)
+ TODO: check
+CVE-2019-10415 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...)
+ TODO: check
+CVE-2019-10414 (Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unenc ...)
+ TODO: check
+CVE-2019-10413 (Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials ...)
+ TODO: check
+CVE-2019-10412 (Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured cre ...)
+ TODO: check
+CVE-2019-10411 (Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configu ...)
+ TODO: check
+CVE-2019-10410 (Jenkins Log Parser Plugin 2.0 and earlier did not escape an error mess ...)
+ TODO: check
+CVE-2019-10409 (A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 ...)
+ TODO: check
+CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project Inherita ...)
+ TODO: check
+CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list ...)
+ TODO: check
+CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...)
+ TODO: check
+CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value o ...)
+ TODO: check
+CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...)
+ TODO: check
+CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...)
+ TODO: check
+CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox ...)
+ TODO: check
+CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...)
+ TODO: check
CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...)
@@ -19840,8 +19967,7 @@ CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products
NOT-FOR-US: Snipe-IT
CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...)
NOT-FOR-US: Apache Spark
-CVE-2019-10098 [mod_rewrite configurations vulnerable to open redirect]
- RESERVED
+CVE-2019-10098 (In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ...)
{DSA-4509-1 DLA-1900-1}
- apache2 2.4.41-1
NOTE: Affects upstream versions 2.4.0 to 2.4.39
@@ -29724,18 +29850,18 @@ CVE-2019-6658
RESERVED
CVE-2019-6657
RESERVED
-CVE-2019-6656
- RESERVED
-CVE-2019-6655
- RESERVED
-CVE-2019-6654
- RESERVED
-CVE-2019-6653
- RESERVED
-CVE-2019-6652
- RESERVED
-CVE-2019-6651
- RESERVED
+CVE-2019-6656 (BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs t ...)
+ TODO: check
+CVE-2019-6655 (On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5. ...)
+ TODO: check
+CVE-2019-6654 (On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11 ...)
+ TODO: check
+CVE-2019-6653 (There is a Stored Cross Site Scripting vulnerability in the undisclose ...)
+ TODO: check
+CVE-2019-6652 (In BIG-IQ 6.0.0-6.1.0, services for stats do not require authenticatio ...)
+ TODO: check
+CVE-2019-6651 (In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...)
+ TODO: check
CVE-2019-6650 (F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1. ...)
TODO: check
CVE-2019-6649 (F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...)
@@ -44525,6 +44651,7 @@ CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on vul
CVE-2019-1564
RESERVED
CVE-2019-1563 (In situations where an attacker receives automated notification of the ...)
+ {DLA-1932-1}
- openssl 1.1.1d-1
- openssl1.0 <removed>
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 (OpenSSL_1_1_1d)
@@ -44578,6 +44705,7 @@ CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG
CVE-2019-1548
RESERVED
CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and this ...)
+ {DLA-1932-1}
- openssl 1.1.1d-1
- openssl1.0 <removed>
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 (OpenSSL_1_0_2t)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8bc081221154bf6cd10a0e386fa7151e15b4ec5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8bc081221154bf6cd10a0e386fa7151e15b4ec5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/111568cf/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list