Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f34e9ce7 by security tracker role at 2019-07-04T08:10:29Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,65 @@ +CVE-2019-13225 + RESERVED +CVE-2019-13224 + RESERVED +CVE-2019-13223 + RESERVED +CVE-2019-13222 + RESERVED +CVE-2019-13221 + RESERVED +CVE-2019-13220 + RESERVED +CVE-2019-13219 + RESERVED +CVE-2019-13218 + RESERVED +CVE-2019-13217 + RESERVED +CVE-2019-13216 + RESERVED +CVE-2019-13215 + RESERVED +CVE-2019-13214 + RESERVED +CVE-2019-13213 + RESERVED +CVE-2019-13212 + RESERVED +CVE-2019-13211 + RESERVED +CVE-2019-13210 + RESERVED +CVE-2019-13209 + RESERVED +CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...) + TODO: check +CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...) + TODO: check +CVE-2019-13206 + RESERVED +CVE-2019-13205 + RESERVED +CVE-2019-13204 + RESERVED +CVE-2019-13203 + RESERVED +CVE-2019-13202 + RESERVED +CVE-2019-13201 + RESERVED +CVE-2019-13200 + RESERVED +CVE-2019-13199 + RESERVED +CVE-2019-13198 + RESERVED +CVE-2019-13197 + RESERVED +CVE-2019-13196 + RESERVED +CVE-2019-13195 + RESERVED CVE-2019-13194 RESERVED CVE-2019-13193 @@ -28,12 +90,12 @@ CVE-2019-13181 RESERVED CVE-2019-13180 RESERVED -CVE-2019-13179 (Calamares through 3.2.4 copies a LUKS encryption keyfile from /crypto_ ...) +CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...) - calamares <unfixed> (bug #931392) - calamares-settings-debian 10.0.23-1 (bug #931373) NOTE: https://github.com/calamares/calamares/issues/1191 NOTE: https://github.com/calamares/calamares/commit/003096698627a527b589c0c929dda4d58f23fd93 -CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares through 3.2.4 has a race ...) +CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ...) - calamares <unfixed> (bug #931391) NOTE: https://github.com/calamares/calamares/issues/1190 CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...) @@ -308,8 +370,8 @@ CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerabil NOTE: https://hackerone.com/reports/588239 NOTE: https://trac.torproject.org/projects/tor/ticket/30657 NOTE: This affects Firefox, but it's not a security issue in Firefox by itself -CVE-2019-13074 - RESERVED +CVE-2019-13074 (A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 c ...) + TODO: check CVE-2019-13073 RESERVED CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the ...) @@ -876,8 +938,8 @@ CVE-2019-12854 RESERVED CVE-2019-12853 RESERVED -CVE-2019-12852 - RESERVED +CVE-2019-12852 (An SSRF attack was possible on a JetBrains YouTrack server. The issue ...) + TODO: check CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...) @@ -888,18 +950,18 @@ CVE-2019-12848 RESERVED CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...) NOT-FOR-US: JetBrains Hub -CVE-2019-12846 - RESERVED -CVE-2019-12845 - RESERVED -CVE-2019-12844 - RESERVED -CVE-2019-12843 - RESERVED -CVE-2019-12842 - RESERVED -CVE-2019-12841 - RESERVED +CVE-2019-12846 (A user without the required permissions could gain access to some JetB ...) + TODO: check +CVE-2019-12845 (The generated Kotlin DSL settings allowed usage of an unencrypted conn ...) + TODO: check +CVE-2019-12844 (A possible stored JavaScript injection was detected on one of the JetB ...) + TODO: check +CVE-2019-12843 (A possible stored JavaScript injection requiring a deliberate server a ...) + TODO: check +CVE-2019-12842 (A reflected XSS on a user page was detected on one of the JetBrains Te ...) + TODO: check +CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected in Jet ...) + TODO: check CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates" ...) - webmin <removed> CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...) @@ -7851,12 +7913,12 @@ CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layo NOT-FOR-US: CMS Made Simple CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...) NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate -CVE-2019-10103 - RESERVED -CVE-2019-10102 - RESERVED -CVE-2019-10101 - RESERVED +CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...) + TODO: check +CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...) + TODO: check +CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...) + TODO: check CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...) NOT-FOR-US: JetBrains YouTrack Confluence plugin CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...) @@ -9234,8 +9296,8 @@ CVE-2019-9829 (Maccms 10 allows remote attackers to execute arbitrary PHP code b NOT-FOR-US: Maccms CVE-2019-9828 RESERVED -CVE-2019-9827 - RESERVED +CVE-2019-9827 (Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote att ...) + TODO: check CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows Denial of S ...) {DLA-1775-1} - phpbb3 <removed> @@ -100042,8 +100104,8 @@ CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont t - libxfont1 <removed> (unimportant) NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 NOTE: libxfont1 is only used by xfonts-utils, no security impact -CVE-2017-13719 - RESERVED +CVE-2017-13719 (The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 ...) + TODO: check CVE-2017-13718 (The HTTP API supported by Starry Station (aka Starry Router) allows br ...) NOT-FOR-US: Starry Station CVE-2017-13717 (Starry Station (aka Starry Router) sets the Access-Control-Allow-Origi ...) @@ -116522,16 +116584,16 @@ CVE-2017-8232 RESERVED CVE-2017-8231 RESERVED -CVE-2017-8230 - RESERVED -CVE-2017-8229 - RESERVED -CVE-2017-8228 - RESERVED -CVE-2017-8227 - RESERVED -CVE-2017-8226 - RESERVED +CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...) + TODO: check +CVE-2017-8229 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenti ...) + TODO: check +CVE-2017-8228 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots w ...) + TODO: check +CVE-2017-8227 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout poli ...) + TODO: check +CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default creden ...) + TODO: check CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...) - dpkg 1.18.24 (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2017/04/20/2 @@ -184722,8 +184784,8 @@ CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname mat - ansible 1.9.2+dfsg-1 (low) [jessie] - ansible <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4 -CVE-2015-3907 - RESERVED +CVE-2015-3907 (CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE ...) + TODO: check CVE-2015-3906 (The logcat_dump_text function in wiretap/logcat.c in the Android Logca ...) {DSA-3277-1} - wireshark 1.12.5+g5819e5b-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34e9ce7c64b5c704e88785fcc41e99cf75d74bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34e9ce7c64b5c704e88785fcc41e99cf75d74bb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits