[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 04 Jul 2019 01:10:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f34e9ce7 by security tracker role at 2019-07-04T08:10:29Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2019-13225
+       RESERVED
+CVE-2019-13224
+       RESERVED
+CVE-2019-13223
+       RESERVED
+CVE-2019-13222
+       RESERVED
+CVE-2019-13221
+       RESERVED
+CVE-2019-13220
+       RESERVED
+CVE-2019-13219
+       RESERVED
+CVE-2019-13218
+       RESERVED
+CVE-2019-13217
+       RESERVED
+CVE-2019-13216
+       RESERVED
+CVE-2019-13215
+       RESERVED
+CVE-2019-13214
+       RESERVED
+CVE-2019-13213
+       RESERVED
+CVE-2019-13212
+       RESERVED
+CVE-2019-13211
+       RESERVED
+CVE-2019-13210
+       RESERVED
+CVE-2019-13209
+       RESERVED
+CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation 
because th ...)
+       TODO: check
+CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer 
Overflo ...)
+       TODO: check
+CVE-2019-13206
+       RESERVED
+CVE-2019-13205
+       RESERVED
+CVE-2019-13204
+       RESERVED
+CVE-2019-13203
+       RESERVED
+CVE-2019-13202
+       RESERVED
+CVE-2019-13201
+       RESERVED
+CVE-2019-13200
+       RESERVED
+CVE-2019-13199
+       RESERVED
+CVE-2019-13198
+       RESERVED
+CVE-2019-13197
+       RESERVED
+CVE-2019-13196
+       RESERVED
+CVE-2019-13195
+       RESERVED
 CVE-2019-13194
        RESERVED
 CVE-2019-13193
@@ -28,12 +90,12 @@ CVE-2019-13181
        RESERVED
 CVE-2019-13180
        RESERVED
-CVE-2019-13179 (Calamares through 3.2.4 copies a LUKS encryption keyfile from 
/crypto_ ...)
+CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption 
keyfile ...)
        - calamares <unfixed> (bug #931392)
        - calamares-settings-debian 10.0.23-1 (bug #931373)
        NOTE: https://github.com/calamares/calamares/issues/1191
        NOTE: 
https://github.com/calamares/calamares/commit/003096698627a527b589c0c929dda4d58f23fd93
-CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares through 3.2.4 has 
a race  ...)
+CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 
through 3.2. ...)
        - calamares <unfixed> (bug #931391)
        NOTE: https://github.com/calamares/calamares/issues/1190
 CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST 
Registrat ...)
@@ -308,8 +370,8 @@ CVE-2019-13075 (Tor Browser through 8.5.3 has an 
information exposure vulnerabil
        NOTE: https://hackerone.com/reports/588239
        NOTE: https://trac.torproject.org/projects/tor/ticket/30657
        NOTE: This affects Firefox, but it's not a security issue in Firefox by 
itself
-CVE-2019-13074
-       RESERVED
+CVE-2019-13074 (A vulnerability in the FTP daemon on MikroTik routers through 
6.44.3 c ...)
+       TODO: check
 CVE-2019-13073
        RESERVED
 CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO 
to the  ...)
@@ -876,8 +938,8 @@ CVE-2019-12854
        RESERVED
 CVE-2019-12853
        RESERVED
-CVE-2019-12852
-       RESERVED
+CVE-2019-12852 (An SSRF attack was possible on a JetBrains YouTrack server. 
The issue  ...)
+       TODO: check
 CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin 
endpoints of Jet ...)
        NOT-FOR-US: JetBrains YouTrack
 CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The 
issue was fi ...)
@@ -888,18 +950,18 @@ CVE-2019-12848
        RESERVED
 CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit 
events  ...)
        NOT-FOR-US: JetBrains Hub
-CVE-2019-12846
-       RESERVED
-CVE-2019-12845
-       RESERVED
-CVE-2019-12844
-       RESERVED
-CVE-2019-12843
-       RESERVED
-CVE-2019-12842
-       RESERVED
-CVE-2019-12841
-       RESERVED
+CVE-2019-12846 (A user without the required permissions could gain access to 
some JetB ...)
+       TODO: check
+CVE-2019-12845 (The generated Kotlin DSL settings allowed usage of an 
unencrypted conn ...)
+       TODO: check
+CVE-2019-12844 (A possible stored JavaScript injection was detected on one of 
the JetB ...)
+       TODO: check
+CVE-2019-12843 (A possible stored JavaScript injection requiring a deliberate 
server a ...)
+       TODO: check
+CVE-2019-12842 (A reflected XSS on a user page was detected on one of the 
JetBrains Te ...)
+       TODO: check
+CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was 
detected in Jet ...)
+       TODO: check
 CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package 
Updates"  ...)
        - webmin <removed>
 CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation 
error with ...)
@@ -7851,12 +7913,12 @@ CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS 
vulnerability via the Layo
        NOT-FOR-US: CMS Made Simple
 CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an 
Application S ...)
        NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
-CVE-2019-10103
-       RESERVED
-CVE-2019-10102
-       RESERVED
-CVE-2019-10101
-       RESERVED
+CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS 
Client/J ...)
+       TODO: check
+CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE 
template) versi ...)
+       TODO: check
+CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving 
artifacts using ...)
+       TODO: check
 CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 
1.8.1.3, it wa ...)
        NOT-FOR-US: JetBrains YouTrack Confluence plugin
 CVE-2019-1000031 (A disk space or quota exhaustion issue exists in 
article2pdf_getfile.p ...)
@@ -9234,8 +9296,8 @@ CVE-2019-9829 (Maccms 10 allows remote attackers to 
execute arbitrary PHP code b
        NOT-FOR-US: Maccms
 CVE-2019-9828
        RESERVED
-CVE-2019-9827
-       RESERVED
+CVE-2019-9827 (Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a 
remote att ...)
+       TODO: check
 CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows 
Denial of S ...)
        {DLA-1775-1}
        - phpbb3 <removed>
@@ -100042,8 +100104,8 @@ CVE-2017-13720 (In the PatternMatch function in 
fontfile/fontdir.c in libXfont t
        - libxfont1 <removed> (unimportant)
        NOTE: Fixed by: 
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
        NOTE: libxfont1 is only used by xfonts-utils, no security impact
-CVE-2017-13719
-       RESERVED
+CVE-2017-13719 (The Amcrest IPM-721S 
Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322  ...)
+       TODO: check
 CVE-2017-13718 (The HTTP API supported by Starry Station (aka Starry Router) 
allows br ...)
        NOT-FOR-US: Starry Station
 CVE-2017-13717 (Starry Station (aka Starry Router) sets the 
Access-Control-Allow-Origi ...)
@@ -116522,16 +116584,16 @@ CVE-2017-8232
        RESERVED
 CVE-2017-8231
        RESERVED
-CVE-2017-8230
-       RESERVED
-CVE-2017-8229
-       RESERVED
-CVE-2017-8228
-       RESERVED
-CVE-2017-8227
-       RESERVED
-CVE-2017-8226
-       RESERVED
+CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the 
users on th ...)
+       TODO: check
+CVE-2017-8229 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an 
unauthenti ...)
+       TODO: check
+CVE-2017-8228 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle 
reboots w ...)
+       TODO: check
+CVE-2017-8227 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a 
timeout poli ...)
+       TODO: check
+CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default 
creden ...)
+       TODO: check
 CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a 
non-GNU pat ...)
        - dpkg 1.18.24 (unimportant)
        NOTE: http://www.openwall.com/lists/oss-security/2017/04/20/2
@@ -184722,8 +184784,8 @@ CVE-2015-3908 (Ansible before 1.9.2 does not verify 
that the server hostname mat
        - ansible 1.9.2+dfsg-1 (low)
        [jessie] - ansible <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
-CVE-2015-3907
-       RESERVED
+CVE-2015-3907 (CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 
allows XXE  ...)
+       TODO: check
 CVE-2015-3906 (The logcat_dump_text function in wiretap/logcat.c in the 
Android Logca ...)
        {DSA-3277-1}
        - wireshark 1.12.5+g5819e5b-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34e9ce7c64b5c704e88785fcc41e99cf75d74bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f34e9ce7c64b5c704e88785fcc41e99cf75d74bb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to