Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3d1b4868 by security tracker role at 2019-08-03T08:10:12Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,41 @@ +CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary code on ...) + TODO: check +CVE-2019-14550 + RESERVED +CVE-2019-14549 + RESERVED +CVE-2019-14548 + RESERVED +CVE-2019-14547 + RESERVED +CVE-2019-14546 + RESERVED +CVE-2019-14545 + RESERVED +CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for route ...) + TODO: check +CVE-2019-14543 + RESERVED +CVE-2019-14542 + RESERVED +CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id ...) + TODO: check +CVE-2019-14540 + RESERVED +CVE-2019-14539 + RESERVED +CVE-2019-14538 + RESERVED +CVE-2019-14537 + RESERVED +CVE-2019-14536 + RESERVED +CVE-2017-18483 + RESERVED +CVE-2016-10862 + RESERVED +CVE-2016-10861 + RESERVED CVE-2019-14535 RESERVED CVE-2019-14534 @@ -5392,7 +5430,7 @@ CVE-2019-12950 RESERVED CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...) NOT-FOR-US: pfSense -CVE-2019-12948 (An RCE (Remote Code Execution) vulnerability exists in the UCS softwar ...) +CVE-2019-12948 (A vulnerability in the web-based management interface of VVX, Trio, So ...) TODO: check CVE-2019-12947 RESERVED @@ -19105,68 +19143,68 @@ CVE-2019-7953 (Adobe Experience Manager version 6.4 and ealier have a Cross-Site NOT-FOR-US: Adobe CVE-2019-7952 RESERVED -CVE-2019-7951 - RESERVED -CVE-2019-7950 - RESERVED +CVE-2019-7951 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...) + TODO: check +CVE-2019-7950 (An access control bypass vulnerability exists in Magento 2.1 prior to ...) + TODO: check CVE-2019-7949 RESERVED CVE-2019-7948 RESERVED -CVE-2019-7947 - RESERVED +CVE-2019-7947 (A cross-site request forgery vulnerability exists in the GiftCardAccou ...) + TODO: check CVE-2019-7946 RESERVED -CVE-2019-7945 - RESERVED -CVE-2019-7944 - RESERVED +CVE-2019-7945 (A stored cross-cite scripting vulnerability exists in Magento Open Sou ...) + TODO: check +CVE-2019-7944 (A stored cross-site scripting vulnerability exists in the product comm ...) + TODO: check CVE-2019-7943 RESERVED -CVE-2019-7942 - RESERVED +CVE-2019-7942 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check CVE-2019-7941 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe -CVE-2019-7940 - RESERVED -CVE-2019-7939 - RESERVED -CVE-2019-7938 - RESERVED -CVE-2019-7937 - RESERVED -CVE-2019-7936 - RESERVED -CVE-2019-7935 - RESERVED -CVE-2019-7934 - RESERVED +CVE-2019-7940 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7939 (A reflected cross-site scripting vulnerability exists on the customer ...) + TODO: check +CVE-2019-7938 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7937 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7936 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7935 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7934 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check CVE-2019-7933 RESERVED -CVE-2019-7932 - RESERVED +CVE-2019-7932 (A remote code execution vulnerability exists in Magento Open Source pr ...) + TODO: check CVE-2019-7931 RESERVED -CVE-2019-7930 - RESERVED -CVE-2019-7929 - RESERVED -CVE-2019-7928 - RESERVED -CVE-2019-7927 - RESERVED -CVE-2019-7926 - RESERVED -CVE-2019-7925 - RESERVED +CVE-2019-7930 (A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18 ...) + TODO: check +CVE-2019-7929 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...) + TODO: check +CVE-2019-7928 (A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to ...) + TODO: check +CVE-2019-7927 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7926 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7925 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...) + TODO: check CVE-2019-7924 RESERVED -CVE-2019-7923 - RESERVED +CVE-2019-7923 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) + TODO: check CVE-2019-7922 RESERVED -CVE-2019-7921 - RESERVED +CVE-2019-7921 (A stored cross-site scripting vulnerability exists in the product cata ...) + TODO: check CVE-2019-7920 RESERVED CVE-2019-7919 @@ -19177,140 +19215,140 @@ CVE-2019-7917 RESERVED CVE-2019-7916 RESERVED -CVE-2019-7915 - RESERVED +CVE-2019-7915 (A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.1 ...) + TODO: check CVE-2019-7914 RESERVED -CVE-2019-7913 - RESERVED -CVE-2019-7912 - RESERVED -CVE-2019-7911 - RESERVED +CVE-2019-7913 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) + TODO: check +CVE-2019-7912 (A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Mag ...) + TODO: check +CVE-2019-7911 (A server-side request forgery (SSRF) vulnerability exists in Magento O ...) + TODO: check CVE-2019-7910 RESERVED -CVE-2019-7909 - RESERVED -CVE-2019-7908 - RESERVED +CVE-2019-7909 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7908 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check CVE-2019-7907 RESERVED CVE-2019-7906 RESERVED CVE-2019-7905 RESERVED -CVE-2019-7904 - RESERVED -CVE-2019-7903 - RESERVED +CVE-2019-7904 (Insufficient enforcement of user access controls in Magento 2.1 prior ...) + TODO: check +CVE-2019-7903 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check CVE-2019-7902 RESERVED CVE-2019-7901 RESERVED CVE-2019-7900 RESERVED -CVE-2019-7899 - RESERVED -CVE-2019-7898 - RESERVED -CVE-2019-7897 - RESERVED -CVE-2019-7896 - RESERVED -CVE-2019-7895 - RESERVED +CVE-2019-7899 (Names of disabled downloadable products could be disclosed due to inad ...) + TODO: check +CVE-2019-7898 (Samples of disabled downloadable products are accessible in Magento Op ...) + TODO: check +CVE-2019-7897 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7896 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check +CVE-2019-7895 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check CVE-2019-7894 RESERVED CVE-2019-7893 RESERVED -CVE-2019-7892 - RESERVED +CVE-2019-7892 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check CVE-2019-7891 RESERVED -CVE-2019-7890 - RESERVED -CVE-2019-7889 - RESERVED -CVE-2019-7888 - RESERVED -CVE-2019-7887 - RESERVED -CVE-2019-7886 - RESERVED -CVE-2019-7885 - RESERVED +CVE-2019-7890 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) + TODO: check +CVE-2019-7889 (An injection vulnerability exists in Magento Open Source prior to 1.9. ...) + TODO: check +CVE-2019-7888 (An information disclosure vulnerability exists in Magento 2.1 prior to ...) + TODO: check +CVE-2019-7887 (A reflected cross-site scripting vulnerability exists in the admin pan ...) + TODO: check +CVE-2019-7886 (A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 ...) + TODO: check +CVE-2019-7885 (Insufficient input validation in the config builder of the Elastic sea ...) + TODO: check CVE-2019-7884 RESERVED CVE-2019-7883 RESERVED -CVE-2019-7882 - RESERVED -CVE-2019-7881 - RESERVED -CVE-2019-7880 - RESERVED +CVE-2019-7882 (A stored cross-site scripting vulnerability exists in the WYSIWYG edit ...) + TODO: check +CVE-2019-7881 (A cross-site scripting mitigation bypass exists in Magento 2.1 prior t ...) + TODO: check +CVE-2019-7880 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check CVE-2019-7879 RESERVED CVE-2019-7878 RESERVED -CVE-2019-7877 - RESERVED -CVE-2019-7876 - RESERVED -CVE-2019-7875 - RESERVED -CVE-2019-7874 - RESERVED -CVE-2019-7873 - RESERVED -CVE-2019-7872 - RESERVED -CVE-2019-7871 - RESERVED +CVE-2019-7877 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7876 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) + TODO: check +CVE-2019-7875 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7874 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...) + TODO: check +CVE-2019-7873 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...) + TODO: check +CVE-2019-7872 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...) + TODO: check +CVE-2019-7871 (A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 p ...) + TODO: check CVE-2019-7870 RESERVED -CVE-2019-7869 - RESERVED -CVE-2019-7868 - RESERVED -CVE-2019-7867 - RESERVED -CVE-2019-7866 - RESERVED -CVE-2019-7865 - RESERVED -CVE-2019-7864 - RESERVED -CVE-2019-7863 - RESERVED -CVE-2019-7862 - RESERVED -CVE-2019-7861 - RESERVED -CVE-2019-7860 - RESERVED -CVE-2019-7859 - RESERVED -CVE-2019-7858 - RESERVED -CVE-2019-7857 - RESERVED +CVE-2019-7869 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7868 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7867 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7866 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7865 (A cross-site request forgery (CSRF) vulnerability exists in the checko ...) + TODO: check +CVE-2019-7864 (An insecure direct object reference (IDOR) vulnerability exists in the ...) + TODO: check +CVE-2019-7863 (A stored cross-site scripting vulnerability exists in the admin panel ...) + TODO: check +CVE-2019-7862 (A reflected cross-site scripting vulnerability exists in the Product w ...) + TODO: check +CVE-2019-7861 (Insufficient server-side validation of user input could allow an attac ...) + TODO: check +CVE-2019-7860 (A cryptographically weak pseudo-rando number generator is used in mult ...) + TODO: check +CVE-2019-7859 (A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 p ...) + TODO: check +CVE-2019-7858 (A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior ...) + TODO: check +CVE-2019-7857 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...) + TODO: check CVE-2019-7856 RESERVED -CVE-2019-7855 - RESERVED -CVE-2019-7854 - RESERVED -CVE-2019-7853 - RESERVED -CVE-2019-7852 - RESERVED -CVE-2019-7851 - RESERVED +CVE-2019-7855 (A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior ...) + TODO: check +CVE-2019-7854 (An insecure direct object reference (IDOR) vulnerability in Magento 2. ...) + TODO: check +CVE-2019-7853 (A stored cross-site scripting vulnerability exists in Magento 2.1 prio ...) + TODO: check +CVE-2019-7852 (A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, ...) + TODO: check +CVE-2019-7851 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...) + TODO: check CVE-2019-7850 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe -CVE-2019-7849 - RESERVED +CVE-2019-7849 (A defense-in-depth check was added to mitigate inadequate session vali ...) + TODO: check CVE-2019-7848 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2019-7847 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) @@ -21199,8 +21237,8 @@ CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL In - sqlalchemy 1.2.18+ds1-2 (bug #922669) NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481 NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414 -CVE-2019-7163 - RESERVED +CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...) + TODO: check CVE-2019-7162 RESERVED CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...) @@ -21684,10 +21722,10 @@ CVE-2019-6971 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. An att NOT-FOR-US: TP-Link CVE-2019-6970 (Moodle 3.5.x before 3.5.4 allows SSRF. ...) - moodle <removed> -CVE-2019-6969 - RESERVED -CVE-2019-6968 - RESERVED +CVE-2019-6969 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to an ...) + TODO: check +CVE-2019-6968 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS ...) + TODO: check CVE-2019-6967 (AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. ...) NOT-FOR-US: AirTies devices CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d1b4868a98d952200c74c6a79237ade25a89370 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d1b4868a98d952200c74c6a79237ade25a89370 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits