Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bd765a08 by Salvatore Bonaccorso at 2019-07-30T20:50:38Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -74,63 +74,63 @@ CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) bef CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...) NOT-FOR-US: Veritas Resiliency Platform (VRP) CVE-2019-14414 (In cPanel before 78.0.2, a Userdata cache temporary file can conflict ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14413 (cPanel before 78.0.2 allows certain file-write operations as shared us ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14412 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14411 (cPanel before 78.0.2 does not properly restrict demo accounts from wri ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14410 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14409 (cPanel before 78.0.2 allows arbitrary file-read operations via Passeng ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14408 (cPanel before 78.0.2 allows a demo account to link with an OpenID prov ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14407 (cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-41 ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14406 (cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing ( ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14405 (cPanel before 78.0.18 allows demo accounts to execute code via securit ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14404 (cPanel before 78.0.18 allows certain file-read operations in the conte ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14403 (cPanel before 78.0.18 offers an open mail relay because of incorrect d ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14402 (cPanel before 78.0.18 unsafely determines terminal capabilities by usi ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14401 (cPanel before 78.0.18 allows code execution via an addforward API1 cal ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14400 (cPanel before 78.0.18 allows local users to escalate to root access be ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14399 (The SSL certificate-storage feature in cPanel before 78.0.18 allows un ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14398 (cPanel before 80.0.5 allows demo accounts to execute arbitrary code vi ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14397 (cPanel before 80.0.5 allows demo accounts to modify arbitrary files vi ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14396 (API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertio ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14395 (cPanel before 80.0.5 uses world-readable permissions for the Queueproc ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14394 (cPanel before 80.0.5 allows unsafe file operations in the context of t ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14393 (cPanel before 80.0.5 allows local code execution in the context of a d ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14392 (cPanel before 80.0.22 allows remote code execution by a demo account b ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14391 (cPanel before 82.0.2 does not properly enforce Reseller package creati ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14390 (cPanel before 82.0.2 has stored XSS in the WHM Modify Account interfac ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14389 (cPanel before 82.0.2 allows local users to discover the MySQL root pas ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14388 (cPanel before 82.0.2 allows unauthenticated file creation because Exim ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14387 (cPanel before 82.0.2 has Self XSS in the cPanel and webmail master tem ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14386 (cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interfac ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14385 RESERVED CVE-2019-14384 @@ -150,35 +150,35 @@ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9 CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...) TODO: check CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20868 (cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interf ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20867 (cPanel before 76.0.8 has an open redirect when resetting connections ( ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20866 (cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feat ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20865 (cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destina ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20864 (cPanel before 76.0.8 allows a persistent Virtual FTP accounts after re ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20863 (cPanel before 76.0.8 allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20862 (cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SE ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed custom ...) TODO: check CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED files. ...) TODO: check CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a Chemical ...) - TODO: check + NOT-FOR-US: Open edX CVE-2018-20858 RESERVED CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes a Mongo ...) - TODO: check + NOT-FOR-US: Open edX CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger password-re ...) - TODO: check + NOT-FOR-US: Open edX CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...) NOT-FOR-US: Open edX CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...) @@ -555,7 +555,7 @@ CVE-2019-14244 CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...) NOT-FOR-US: mastercactapus proxyprotocol CVE-2019-14242 (An issue was discovered in Bitdefender products for Windows (Bitdefend ...) - TODO: check + NOT-FOR-US: Bitdefender products for Windows CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...) - haproxy <not-affected> (Vulnerable code not present) NOTE: https://github.com/haproxy/haproxy/issues/181 @@ -1810,7 +1810,7 @@ CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishand - patch 2.7.6-5 (bug #932401) NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFas ...) - TODO: check + NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2019-13634 RESERVED CVE-2019-13633 @@ -27744,7 +27744,7 @@ CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hard CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a ...) NOT-FOR-US: Arlo Basestation firmware CVE-2019-3948 (The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does ...) - TODO: check + NOT-FOR-US: Amcrest IP2M-841B IP camera firmware CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credentials in ...) NOT-FOR-US: Fuji Electric V-Server CVE-2019-3946 (Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of serv ...) @@ -37118,33 +37118,33 @@ CVE-2019-1132 (An elevation of privilege vulnerability exists in Windows when th CVE-2019-1131 RESERVED CVE-2019-1130 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1129 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1128 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1127 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1126 (A security feature bypass vulnerability exists in Active Directory Fed ...) TODO: check CVE-2019-1125 RESERVED CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1123 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1122 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1121 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1120 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1119 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1118 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1117 (A remote code execution vulnerability exists in the way that DirectWri ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1116 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1115 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd765a081b4bc0991568021c339ea1a5cadffe85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd765a081b4bc0991568021c339ea1a5cadffe85 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits