[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 30 21:10:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e38551a3 by security tracker role at 2019-09-30T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,124 @@
-CVE-2019-16995 [net: hsr: fix memory leak in hsr_dev_finalize()]
+CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...)
+ TODO: check
+CVE-2019-17050 (An issue was discovered in the Voyager package through 1.2.7 for Larav ...)
+ TODO: check
+CVE-2019-17049 (NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in t ...)
+ TODO: check
+CVE-2019-17048
+ RESERVED
+CVE-2019-17047
+ RESERVED
+CVE-2019-17046 (Ilch 2.1.22 allows remote code execution because php is listed under " ...)
+ TODO: check
+CVE-2019-17045 (Ilch 2.1.22 allows stored XSS via the title, text, or email id to the ...)
+ TODO: check
+CVE-2019-17044
+ RESERVED
+CVE-2019-17043
+ RESERVED
+CVE-2019-17042
+ RESERVED
+CVE-2019-17041
+ RESERVED
+CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...)
+ TODO: check
+CVE-2019-17039
+ RESERVED
+CVE-2019-17038
+ RESERVED
+CVE-2019-17037
+ RESERVED
+CVE-2019-17036
+ RESERVED
+CVE-2019-17035
+ RESERVED
+CVE-2019-17034
+ RESERVED
+CVE-2019-17033
+ RESERVED
+CVE-2019-17032
+ RESERVED
+CVE-2019-17031
+ RESERVED
+CVE-2019-17030
+ RESERVED
+CVE-2019-17029
+ RESERVED
+CVE-2019-17028
+ RESERVED
+CVE-2019-17027
+ RESERVED
+CVE-2019-17026
+ RESERVED
+CVE-2019-17025
+ RESERVED
+CVE-2019-17024
+ RESERVED
+CVE-2019-17023
+ RESERVED
+CVE-2019-17022
+ RESERVED
+CVE-2019-17021
+ RESERVED
+CVE-2019-17020
+ RESERVED
+CVE-2019-17019
+ RESERVED
+CVE-2019-17018
+ RESERVED
+CVE-2019-17017
+ RESERVED
+CVE-2019-17016
+ RESERVED
+CVE-2019-17015
+ RESERVED
+CVE-2019-17014
+ RESERVED
+CVE-2019-17013
+ RESERVED
+CVE-2019-17012
+ RESERVED
+CVE-2019-17011
+ RESERVED
+CVE-2019-17010
+ RESERVED
+CVE-2019-17009
+ RESERVED
+CVE-2019-17008
+ RESERVED
+CVE-2019-17007
+ RESERVED
+CVE-2019-17006
+ RESERVED
+CVE-2019-17005
+ RESERVED
+CVE-2019-17004
+ RESERVED
+CVE-2019-17003
+ RESERVED
+CVE-2019-17002
+ RESERVED
+CVE-2019-17001
+ RESERVED
+CVE-2019-17000
+ RESERVED
+CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...)
+ TODO: check
+CVE-2019-16998
+ RESERVED
+CVE-2019-16997 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/lan ...)
+ TODO: check
+CVE-2019-16996 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/pro ...)
+ TODO: check
+CVE-2019-16993 (In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper v ...)
+ TODO: check
+CVE-2017-18636 (CDG through 2017-01-01 allows downloadDocument.jsp?command=download&am ...)
+ TODO: check
+CVE-2019-16995 (In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_final ...)
- linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE: https://git.kernel.org/linus/6caabe7f197d3466d238f70915d65301f1716626
-CVE-2019-16994 [net: sit: fix memory leak in sit_init_net()]
+CVE-2019-16994 (In the Linux kernel before 5.0, a memory leak exists in sit_init_net() ...)
- linux 4.19.28-1
[stretch] - linux 4.9.168-1
NOTE: https://git.kernel.org/linus/07f12b26e21ab359261bf75cfcb424fdc7daeb6d
@@ -142,8 +258,8 @@ CVE-2019-16934
RESERVED
CVE-2019-16933
RESERVED
-CVE-2019-16932
- RESERVED
+CVE-2019-16932 (A blind SSRF vulnerability exists in the Visualizer plugin before 3.3. ...)
+ TODO: check
CVE-2019-16931
RESERVED
CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a ...)
@@ -182,7 +298,7 @@ CVE-2019-16918
CVE-2019-16917
RESERVED
CVE-2019-16916
- RESERVED
+ REJECTED
CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/p ...)
NOT-FOR-US: pfSense
CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...)
@@ -634,12 +750,12 @@ CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of mem
NOTE: https://github.com/wolfSSL/wolfssl/issues/2459
CVE-2019-16747
RESERVED
-CVE-2019-16745
- RESERVED
-CVE-2019-16744
- RESERVED
-CVE-2019-16743
- RESERVED
+CVE-2019-16745 (eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. ...)
+ TODO: check
+CVE-2019-16744 (eBrigade before 5.0 has evenements.php cid SQL Injection. ...)
+ TODO: check
+CVE-2019-16743 (eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. ...)
+ TODO: check
CVE-2019-16742
RESERVED
CVE-2019-16741
@@ -782,10 +898,10 @@ CVE-2019-16686 (Dolibarr 9.0.5 has stored XSS in a User Note section to note.php
- dolibarr <removed>
CVE-2019-16685 (Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Descripti ...)
- dolibarr <removed>
-CVE-2019-16684
- RESERVED
-CVE-2019-16683
- RESERVED
+CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. When any ...)
+ TODO: check
+CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...)
+ TODO: check
CVE-2019-16682
RESERVED
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...)
@@ -803,8 +919,8 @@ CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultan
NOT-FOR-US: YzmCMS
CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-16676
- RESERVED
+CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in file_method? ...)
+ TODO: check
CVE-2019-16675
RESERVED
CVE-2019-16674
@@ -1417,8 +1533,8 @@ CVE-2019-16416
RESERVED
CVE-2019-16415
RESERVED
-CVE-2019-16414
- RESERVED
+CVE-2019-16414 (A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malici ...)
+ TODO: check
CVE-2019-16413 (An issue was discovered in the Linux kernel before 5.0.4. The 9p files ...)
- linux 4.19.37-1
[stretch] - linux 4.9.168-1
@@ -1682,6 +1798,7 @@ CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS)
CVE-2019-16332 (In the api-bearer-auth plugin before 20190907 for WordPress, the serve ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-12412 [Remotely exploitable null pointer dereference bug]
+ RESERVED
- libapreq2 2.13-6 (bug #939937)
NOTE: http://svn.apache.org/r1866760
CVE-2019-16331
@@ -1840,8 +1957,7 @@ CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dis
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-21.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a
-CVE-2019-16276
- RESERVED
+CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smugglin ...)
{DSA-4534-1}
- golang-1.13 1.13.1-1
- golang-1.12 1.12.10-1 (bug #941173)
@@ -3146,8 +3262,8 @@ CVE-2019-15812
RESERVED
CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...)
NOT-FOR-US: DomainMOD
-CVE-2019-15810
- RESERVED
+CVE-2019-15810 (Insufficient sanitization during device search in Netdisco 2.042010 al ...)
+ TODO: check
CVE-2019-15809
RESERVED
CVE-2019-15808
@@ -5678,7 +5794,8 @@ CVE-2019-14979 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPa
NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for WordPress
CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...)
NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress
-CVE-2019-14977 (** DISPUTED ** card/pay/.../amount in the WooCommerce Instamojo Paymen ...)
+CVE-2019-14977
+ REJECTED
NOT-FOR-US: WooCommerce Instamojo Payment Gateway plugin for WordPress
CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
NOT-FOR-US: idreamsoft iCMS
@@ -6366,8 +6483,8 @@ CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel al
NOT-FOR-US: Backpack\CRUD Backpack
CVE-2019-14753 (SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buff ...)
NOT-FOR-US: SICK FX0-GPNT00000 and FX0-GENT00000 devices
-CVE-2019-14752
- RESERVED
+CVE-2019-14752 (SuiteCRM 7.10.x and 7.11.x has XSS. ...)
+ TODO: check
CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...)
- nltk 3.4.5-1 (low; bug #935201)
[buster] - nltk <no-dsa> (Minor issue)
@@ -11180,10 +11297,10 @@ CVE-2019-13469
RESERVED
CVE-2019-13468
RESERVED
-CVE-2019-13467
- RESERVED
-CVE-2019-13466
- RESERVED
+CVE-2019-13467 (Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk ...)
+ TODO: check
+CVE-2019-13466 (Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard ...)
+ TODO: check
CVE-2019-13465
RESERVED
CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...)
@@ -19119,12 +19236,12 @@ CVE-2019-10542
RESERVED
CVE-2019-10541
RESERVED
-CVE-2019-10540
- RESERVED
-CVE-2019-10539
- RESERVED
-CVE-2019-10538
- RESERVED
+CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of count val ...)
+ TODO: check
+CVE-2019-10539 (Possible buffer overflow issue due to lack of length check when parsin ...)
+ TODO: check
+CVE-2019-10538 (Lack of check of address range received from firmware response allows ...)
+ TODO: check
CVE-2019-10537
RESERVED
CVE-2019-10536
@@ -19179,16 +19296,16 @@ CVE-2019-10512
RESERVED
CVE-2019-10511
RESERVED
-CVE-2019-10510
- RESERVED
-CVE-2019-10509
- RESERVED
-CVE-2019-10508
- RESERVED
-CVE-2019-10507
- RESERVED
-CVE-2019-10506
- RESERVED
+CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference when in ...)
+ TODO: check
+CVE-2019-10509 (Device record of the pairing device used after free during ACL disconn ...)
+ TODO: check
+CVE-2019-10508 (Lack of input validation for data received from user space can lead to ...)
+ TODO: check
+CVE-2019-10507 (Lack of check of extscan change results received from firmware can lea ...)
+ TODO: check
+CVE-2019-10506 (While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor comm ...)
+ TODO: check
CVE-2019-10505
RESERVED
CVE-2019-10504
@@ -19197,16 +19314,16 @@ CVE-2019-10503
RESERVED
CVE-2019-10502
RESERVED
-CVE-2019-10501
- RESERVED
+CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
+ TODO: check
CVE-2019-10500
RESERVED
-CVE-2019-10499
- RESERVED
-CVE-2019-10498
- RESERVED
-CVE-2019-10497
- RESERVED
+CVE-2019-10499 (Improper validation of read and write index of tx and rx fifo`s before ...)
+ TODO: check
+CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 io_vec reques ...)
+ TODO: check
+CVE-2019-10497 (Use after free issue occurs If another instance of open for voice_svc ...)
+ TODO: check
CVE-2019-10496
RESERVED
CVE-2019-10495
@@ -19215,14 +19332,14 @@ CVE-2019-10494
RESERVED
CVE-2019-10493
RESERVED
-CVE-2019-10492
- RESERVED
+CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...)
+ TODO: check
CVE-2019-10491
RESERVED
CVE-2019-10490
RESERVED
-CVE-2019-10489
- RESERVED
+CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...)
+ TODO: check
CVE-2019-10488
RESERVED
CVE-2019-10487
@@ -35622,8 +35739,8 @@ CVE-2019-4425 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2
NOT-FOR-US: IBM
CVE-2019-4424 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
NOT-FOR-US: IBM
-CVE-2019-4423
- RESERVED
+CVE-2019-4423 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote ...)
+ TODO: check
CVE-2019-4422
RESERVED
CVE-2019-4421
@@ -35858,10 +35975,10 @@ CVE-2019-4307
RESERVED
CVE-2019-4306
RESERVED
-CVE-2019-4305
- RESERVED
-CVE-2019-4304
- RESERVED
+CVE-2019-4305 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
+ TODO: check
+CVE-2019-4304 (IBM WebSphere Application Server - Liberty could allow a remote attack ...)
+ TODO: check
CVE-2019-4303 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
CVE-2019-4302
@@ -35908,8 +36025,8 @@ CVE-2019-4282
RESERVED
CVE-2019-4281
RESERVED
-CVE-2019-4280
- RESERVED
+CVE-2019-4280 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive i ...)
+ TODO: check
CVE-2019-4279 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
NOT-FOR-US: IBM
CVE-2019-4278
@@ -36238,26 +36355,26 @@ CVE-2019-4117 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site req
NOT-FOR-US: IBM
CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensit ...)
NOT-FOR-US: IBM
-CVE-2019-4115
- RESERVED
+CVE-2019-4115 (IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site ...)
+ TODO: check
CVE-2019-4114
RESERVED
CVE-2019-4113
RESERVED
-CVE-2019-4112
- RESERVED
+CVE-2019-4112 (IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be s ...)
+ TODO: check
CVE-2019-4111
RESERVED
CVE-2019-4110
RESERVED
-CVE-2019-4109
- RESERVED
+CVE-2019-4109 (IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote att ...)
+ TODO: check
CVE-2019-4108
RESERVED
CVE-2019-4107
RESERVED
-CVE-2019-4106
- RESERVED
+CVE-2019-4106 (IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-s ...)
+ TODO: check
CVE-2019-4105
RESERVED
CVE-2019-4104
@@ -42336,8 +42453,8 @@ CVE-2019-2343 (Out of bound read and information disclosure in firmware due to i
NOT-FOR-US: Snapdragon
CVE-2019-2342
RESERVED
-CVE-2019-2341
- RESERVED
+CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is larger ...)
+ TODO: check
CVE-2019-2340
RESERVED
CVE-2019-2339
@@ -42352,8 +42469,8 @@ CVE-2019-2335
RESERVED
CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with wrong ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2333
- RESERVED
+CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...)
+ TODO: check
CVE-2019-2332
RESERVED
CVE-2019-2331
@@ -42430,8 +42547,8 @@ CVE-2019-2296
RESERVED
CVE-2019-2295
RESERVED
-CVE-2019-2294
- RESERVED
+CVE-2019-2294 (Usage of hard-coded magic number for calculating heap guard bytes can ...)
+ TODO: check
CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length ...)
NOT-FOR-US: Snapdragon
CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...)
@@ -42450,8 +42567,8 @@ CVE-2019-2286
RESERVED
CVE-2019-2285
RESERVED
-CVE-2019-2284
- RESERVED
+CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...)
+ TODO: check
CVE-2019-2283
RESERVED
CVE-2019-2282
@@ -42514,8 +42631,8 @@ CVE-2019-2254 (Position determination accuracy may be degraded due to wrongly de
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a corrupted ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2252
- RESERVED
+CVE-2019-2252 (Classic buffer overflow vulnerability while playing the specific video ...)
+ TODO: check
CVE-2019-2251
RESERVED
CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e38551a30850d6288f6050c572846485ed7a6042
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e38551a30850d6288f6050c572846485ed7a6042
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190930/d5a8923a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list