Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b54f61da by security tracker role at 2019-07-30T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,21 @@ +CVE-2019-14445 + RESERVED +CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...) + TODO: check +CVE-2019-14443 (An issue was discovered in Libav 12.3. Division by zero in range_decod ...) + TODO: check +CVE-2019-14442 (In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file ...) + TODO: check +CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation allows remo ...) + TODO: check +CVE-2019-14440 + RESERVED +CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) + TODO: check +CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...) + TODO: check +CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ...) + TODO: check CVE-2019-14438 RESERVED CVE-2019-14437 @@ -46,112 +64,112 @@ CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) bef NOT-FOR-US: Veritas Resiliency Platform (VRP) CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...) NOT-FOR-US: Veritas Resiliency Platform (VRP) -CVE-2019-14414 - RESERVED -CVE-2019-14413 - RESERVED -CVE-2019-14412 - RESERVED -CVE-2019-14411 - RESERVED -CVE-2019-14410 - RESERVED -CVE-2019-14409 - RESERVED -CVE-2019-14408 - RESERVED -CVE-2019-14407 - RESERVED -CVE-2019-14406 - RESERVED -CVE-2019-14405 - RESERVED -CVE-2019-14404 - RESERVED -CVE-2019-14403 - RESERVED -CVE-2019-14402 - RESERVED -CVE-2019-14401 - RESERVED -CVE-2019-14400 - RESERVED -CVE-2019-14399 - RESERVED -CVE-2019-14398 - RESERVED -CVE-2019-14397 - RESERVED -CVE-2019-14396 - RESERVED -CVE-2019-14395 - RESERVED -CVE-2019-14394 - RESERVED -CVE-2019-14393 - RESERVED -CVE-2019-14392 - RESERVED -CVE-2019-14391 - RESERVED -CVE-2019-14390 - RESERVED -CVE-2019-14389 - RESERVED -CVE-2019-14388 - RESERVED -CVE-2019-14387 - RESERVED -CVE-2019-14386 - RESERVED +CVE-2019-14414 (In cPanel before 78.0.2, a Userdata cache temporary file can conflict ...) + TODO: check +CVE-2019-14413 (cPanel before 78.0.2 allows certain file-write operations as shared us ...) + TODO: check +CVE-2019-14412 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...) + TODO: check +CVE-2019-14411 (cPanel before 78.0.2 does not properly restrict demo accounts from wri ...) + TODO: check +CVE-2019-14410 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...) + TODO: check +CVE-2019-14409 (cPanel before 78.0.2 allows arbitrary file-read operations via Passeng ...) + TODO: check +CVE-2019-14408 (cPanel before 78.0.2 allows a demo account to link with an OpenID prov ...) + TODO: check +CVE-2019-14407 (cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-41 ...) + TODO: check +CVE-2019-14406 (cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing ( ...) + TODO: check +CVE-2019-14405 (cPanel before 78.0.18 allows demo accounts to execute code via securit ...) + TODO: check +CVE-2019-14404 (cPanel before 78.0.18 allows certain file-read operations in the conte ...) + TODO: check +CVE-2019-14403 (cPanel before 78.0.18 offers an open mail relay because of incorrect d ...) + TODO: check +CVE-2019-14402 (cPanel before 78.0.18 unsafely determines terminal capabilities by usi ...) + TODO: check +CVE-2019-14401 (cPanel before 78.0.18 allows code execution via an addforward API1 cal ...) + TODO: check +CVE-2019-14400 (cPanel before 78.0.18 allows local users to escalate to root access be ...) + TODO: check +CVE-2019-14399 (The SSL certificate-storage feature in cPanel before 78.0.18 allows un ...) + TODO: check +CVE-2019-14398 (cPanel before 80.0.5 allows demo accounts to execute arbitrary code vi ...) + TODO: check +CVE-2019-14397 (cPanel before 80.0.5 allows demo accounts to modify arbitrary files vi ...) + TODO: check +CVE-2019-14396 (API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertio ...) + TODO: check +CVE-2019-14395 (cPanel before 80.0.5 uses world-readable permissions for the Queueproc ...) + TODO: check +CVE-2019-14394 (cPanel before 80.0.5 allows unsafe file operations in the context of t ...) + TODO: check +CVE-2019-14393 (cPanel before 80.0.5 allows local code execution in the context of a d ...) + TODO: check +CVE-2019-14392 (cPanel before 80.0.22 allows remote code execution by a demo account b ...) + TODO: check +CVE-2019-14391 (cPanel before 82.0.2 does not properly enforce Reseller package creati ...) + TODO: check +CVE-2019-14390 (cPanel before 82.0.2 has stored XSS in the WHM Modify Account interfac ...) + TODO: check +CVE-2019-14389 (cPanel before 82.0.2 allows local users to discover the MySQL root pas ...) + TODO: check +CVE-2019-14388 (cPanel before 82.0.2 allows unauthenticated file creation because Exim ...) + TODO: check +CVE-2019-14387 (cPanel before 82.0.2 has Self XSS in the cPanel and webmail master tem ...) + TODO: check +CVE-2019-14386 (cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interfac ...) + TODO: check CVE-2019-14385 RESERVED CVE-2019-14384 RESERVED -CVE-2019-14383 - RESERVED -CVE-2019-14382 - RESERVED -CVE-2019-14381 - RESERVED -CVE-2019-14380 - RESERVED +CVE-2019-14383 (J2B in libopenmpt before 0.4.2 allows an assertion failure during file ...) + TODO: check +CVE-2019-14382 (DSM in libopenmpt before 0.4.2 allows an assertion failure during file ...) + TODO: check +CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereferen ...) + TODO: check +CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...) + TODO: check CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...) - jackson-databind <unfixed> (bug #933393) NOTE: https://github.com/FasterXML/jackson-databind/issues/2387 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...) TODO: check -CVE-2018-20870 - RESERVED -CVE-2018-20869 - RESERVED -CVE-2018-20868 - RESERVED -CVE-2018-20867 - RESERVED -CVE-2018-20866 - RESERVED -CVE-2018-20865 - RESERVED -CVE-2018-20864 - RESERVED -CVE-2018-20863 - RESERVED -CVE-2018-20862 - RESERVED -CVE-2018-20861 - RESERVED -CVE-2018-20860 - RESERVED -CVE-2018-20859 - RESERVED +CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...) + TODO: check +CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...) + TODO: check +CVE-2018-20868 (cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interf ...) + TODO: check +CVE-2018-20867 (cPanel before 76.0.8 has an open redirect when resetting connections ( ...) + TODO: check +CVE-2018-20866 (cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feat ...) + TODO: check +CVE-2018-20865 (cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destina ...) + TODO: check +CVE-2018-20864 (cPanel before 76.0.8 allows a persistent Virtual FTP accounts after re ...) + TODO: check +CVE-2018-20863 (cPanel before 76.0.8 allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2018-20862 (cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SE ...) + TODO: check +CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed custom ...) + TODO: check +CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED files. ...) + TODO: check +CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a Chemical ...) + TODO: check CVE-2018-20858 RESERVED -CVE-2017-18381 - RESERVED -CVE-2017-18380 - RESERVED +CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes a Mongo ...) + TODO: check +CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger password-re ...) + TODO: check CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...) NOT-FOR-US: Open edX CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...) @@ -263,8 +281,8 @@ CVE-2019-14329 (An issue was discovered in EspoCRM before 5.6.6. There is stored NOT-FOR-US: EspoCRM CVE-2019-14328 (The Simple Membership plugin before 3.8.5 for WordPress has CSRF affec ...) NOT-FOR-US: Simple Membership plugin for WordPress -CVE-2019-14327 - RESERVED +CVE-2019-14327 (A CSRF vulnerability in Settings form in the Custom Simple Rss plugin ...) + TODO: check CVE-2019-14326 RESERVED CVE-2019-14325 @@ -281,8 +299,8 @@ CVE-2019-14320 RESERVED CVE-2019-14319 RESERVED -CVE-2019-14318 - RESERVED +CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA sig ...) + TODO: check CVE-2019-14317 RESERVED CVE-2019-14316 @@ -291,8 +309,8 @@ CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunH NOT-FOR-US: SunHater KCFinder CVE-2019-14314 RESERVED -CVE-2019-14313 - RESERVED +CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...) + TODO: check CVE-2019-14312 RESERVED CVE-2019-14311 @@ -530,8 +548,8 @@ CVE-2019-14244 RESERVED CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...) NOT-FOR-US: mastercactapus proxyprotocol -CVE-2019-14242 - RESERVED +CVE-2019-14242 (An issue was discovered in Bitdefender products for Windows (Bitdefend ...) + TODO: check CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...) - haproxy <not-affected> (Vulnerable code not present) NOTE: https://github.com/haproxy/haproxy/issues/181 @@ -1785,8 +1803,8 @@ CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishand {DSA-4489-1 DLA-1856-1} - patch 2.7.6-5 (bug #932401) NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a -CVE-2019-13635 - RESERVED +CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFas ...) + TODO: check CVE-2019-13634 RESERVED CVE-2019-13633 @@ -7459,8 +7477,8 @@ CVE-2019-11777 RESERVED CVE-2019-11776 RESERVED -CVE-2019-11775 - RESERVED +CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...) + TODO: check CVE-2019-11774 RESERVED CVE-2019-11773 @@ -9093,8 +9111,8 @@ CVE-2019-11204 (The web interface component of TIBCO Software Inc.'s TIBCO Spotf NOT-FOR-US: TIBCO CVE-2019-11203 (The workspace client, openspace client, app development client, and RE ...) NOT-FOR-US: TIBCO -CVE-2019-11202 - RESERVED +CVE-2019-11202 (An issue was discovered that affects the following versions of Rancher ...) + TODO: check CVE-2019-11201 (Dolibarr ERP/CRM 9.0.1 provides a module named website that provides f ...) - dolibarr <removed> CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs u ...) @@ -11817,13 +11835,11 @@ CVE-2019-10143 (** DISPUTED ** It was discovered freeradius up to and including NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574 NOTE: This is not a security issue per se -CVE-2019-10142 [drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl] - RESERVED +CVE-2019-10142 (A flaw was found in the Linux kernel's freescale hypervisor manager im ...) - linux <unfixed> (unimportant) NOTE: Fixed by: https://git.kernel.org/linus/6a024330650e24556b8a18cc654ad00cfecf6c6c NOTE: CONFIG_FSL_HV_MANAGER not enabled in kernel builds in Debian. -CVE-2019-10141 - RESERVED +CVE-2019-10141 (A vulnerability was found in openstack-ironic-inspector all versions e ...) - ironic-inspector 8.0.0-3 (bug #929332) [stretch] - ironic-inspector <no-dsa> (Minor issue) NOTE: https://review.opendev.org/#/c/660234/ @@ -11832,8 +11848,7 @@ CVE-2019-10140 RESERVED CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ans ...) NOT-FOR-US: cockpit-ovirt -CVE-2019-10138 - RESERVED +CVE-2019-10138 (A flaw was discovered in the python-novajoin plugin, all versions up t ...) NOT-FOR-US: python-novajoin plugin for OpenStack CVE-2019-10137 (A path traversal flaw was found in spacewalk-proxy, all versions throu ...) NOT-FOR-US: Red Hat Satellite / Spacewalk @@ -11858,16 +11873,14 @@ CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762 NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ccc28ee4c777d915f95919ac3bcf8adf93037a7 -CVE-2019-10130 [Selectivity estimators bypass row security policies] - RESERVED +CVE-2019-10130 (A vulnerability was found in PostgreSQL versions 11.x up to excluding ...) {DSA-4439-1} - postgresql-11 11.3-1 - postgresql-9.6 <removed> - postgresql-9.4 <removed> [jessie] - postgresql-9.4 <not-affected> (Row security was introduced in 9.5) NOTE: https://www.postgresql.org/about/news/1939/ -CVE-2019-10129 [Memory disclosure in partition routing] - RESERVED +CVE-2019-10129 (A vulnerability was found in postgresql versions 11.x prior to 11.3. U ...) - postgresql-11 11.3-1 NOTE: https://www.postgresql.org/about/news/1939/ CVE-2019-10128 @@ -26679,8 +26692,8 @@ CVE-2019-4458 RESERVED CVE-2019-4457 RESERVED -CVE-2019-4456 - RESERVED +CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 ...) + TODO: check CVE-2019-4455 RESERVED CVE-2019-4454 @@ -27021,8 +27034,8 @@ CVE-2019-4287 RESERVED CVE-2019-4286 RESERVED -CVE-2019-4285 - RESERVED +CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a ...) + TODO: check CVE-2019-4284 RESERVED CVE-2019-4283 @@ -27467,8 +27480,8 @@ CVE-2019-4064 RESERVED CVE-2019-4063 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition c ...) NOT-FOR-US: IBM -CVE-2019-4062 - RESERVED +CVE-2019-4062 (IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable ...) + TODO: check CVE-2019-4061 (IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the r ...) NOT-FOR-US: IBM CVE-2019-4060 @@ -27976,7 +27989,7 @@ CVE-2019-3861 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch NOTE: https://github.com/libssh2/libssh2/pull/316 CVE-2019-3860 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...) - {DSA-4431-1 DLA-1730-1} + {DSA-4431-1 DLA-1730-4 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://libssh2.org/CVE-2019-3860.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch @@ -36097,8 +36110,7 @@ CVE-2019-1554 RESERVED CVE-2019-1553 RESERVED -CVE-2019-1552 [Windows builds with insecure path defaults] - RESERVED +CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can find a ...) - openssl <not-affected> (Windows-specific) - openssl1.0 <not-affected> (Windows-specific) NOTE: https://www.openssl.org/news/secadv/20190730.txt @@ -39697,9 +39709,9 @@ CVE-2018-19314 RESERVED CVE-2018-19313 RESERVED -CVE-2018-19312 (Centreon 3.4.x allows SQL Injection via the searchVM parameter to the ...) +CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) all ...) NOT-FOR-US: Centreon -CVE-2018-19311 (Centreon 3.4.x allows XSS via the Service field to the main.php?p=2020 ...) +CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service ...) NOT-FOR-US: Centreon CVE-2018-19310 RESERVED @@ -39763,9 +39775,9 @@ CVE-2018-19283 RESERVED CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...) NOT-FOR-US: Rockwell Automation -CVE-2018-19281 (Centreon 3.4.x allows SNMP trap SQL Injection. ...) +CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) all ...) NOT-FOR-US: Centreon -CVE-2018-19280 (Centreon 3.4.x has XSS via the resource name or macro expression of a ...) +CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource na ...) NOT-FOR-US: Centreon CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plain ...) NOT-FOR-US: PRIMX ZoneCentral @@ -39968,7 +39980,7 @@ CVE-2018-19273 RESERVED CVE-2018-19272 RESERVED -CVE-2018-19271 (Centreon 3.4.x allows SQL Injection via the main.php searchH parameter ...) +CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) all ...) NOT-FOR-US: Centreon CVE-2018-19270 REJECTED @@ -46421,8 +46433,7 @@ CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35ce73d1c8e19a37e2737717ea1c984dc1 -CVE-2018-16871 - RESERVED +CVE-2018-16871 (A flaw was found in the Linux kernel's NFS implementation, all version ...) - linux 4.18.20-1 [stretch] - linux 4.9.144-1 [jessie] - linux <not-affected> (Vulnerable code not present) @@ -178552,7 +178563,7 @@ CVE-2015-7676 (Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, whe NOT-FOR-US: MOVEit File Transfer web- and mobile application CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and ...) NOT-FOR-US: MOVEit File Transfer web- and mobile application -CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1. ...) +CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in C ...) NOT-FOR-US: Centreon CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...) {DSA-3154-1 DLA-149-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b54f61da471d30298a4e41bb85c8f0f0d877b755 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b54f61da471d30298a4e41bb85c8f0f0d877b755 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits