Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 080b0db1 by security tracker role at 2019-08-07T20:10:26Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,41 @@ +CVE-2019-14753 + RESERVED +CVE-2019-14752 + RESERVED +CVE-2019-14751 + RESERVED +CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) + TODO: check +CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) + TODO: check +CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) + TODO: check +CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...) + TODO: check +CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by ...) + TODO: check +CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...) + TODO: check +CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...) + TODO: check +CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...) + TODO: check +CVE-2019-14742 + RESERVED +CVE-2019-14741 + RESERVED +CVE-2019-14740 + RESERVED +CVE-2019-14739 + RESERVED +CVE-2019-14738 + RESERVED +CVE-2019-14737 + RESERVED +CVE-2019-14736 + RESERVED +CVE-2019-14735 + RESERVED CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...) - adplug <unfixed> NOTE: https://github.com/adplug/adplug/issues/90 @@ -163,16 +201,16 @@ CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openou - brandy <unfixed> (unimportant; bug #933996) NOTE: https://sourceforge.net/p/brandy/bugs/7/ NOTE: Negligible security impact -CVE-2018-20961 [USB: gadget: f_midi: fixing a possible double-free in f_midi] +CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability in the ...) - linux 4.16.5-1 [stretch] - linux 4.9.107-1 NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f CVE-2018-20960 RESERVED -CVE-2018-20959 - RESERVED -CVE-2018-20958 - RESERVED +CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...) + TODO: check +CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...) + TODO: check CVE-2018-20957 RESERVED CVE-2018-20956 @@ -447,16 +485,16 @@ CVE-2019-14539 RESERVED CVE-2019-14538 RESERVED -CVE-2019-14537 - RESERVED +CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerability in t ...) + TODO: check CVE-2019-14536 RESERVED -CVE-2017-18483 - RESERVED +CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a ...) + TODO: check CVE-2016-10862 RESERVED -CVE-2016-10861 - RESERVED +CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...) + TODO: check CVE-2019-14535 RESERVED CVE-2019-14534 @@ -486,7 +524,7 @@ CVE-2019-14527 RESERVED CVE-2019-14526 RESERVED -CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0 through 2019. ...) +CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019. ...) NOT-FOR-US: Octopus Deploy CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...) - schism <unfixed> (bug #933808) @@ -608,8 +646,8 @@ CVE-2019-14476 RESERVED CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 -CVE-2019-14474 - RESERVED +CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...) + TODO: check CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...) @@ -1138,36 +1176,36 @@ CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_templa NOT-FOR-US: cPanel CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...) NOT-FOR-US: cPanel -CVE-2016-10812 - RESERVED -CVE-2016-10811 - RESERVED -CVE-2016-10810 - RESERVED -CVE-2016-10809 - RESERVED -CVE-2016-10808 - RESERVED -CVE-2016-10807 - RESERVED -CVE-2016-10806 - RESERVED -CVE-2016-10805 - RESERVED -CVE-2016-10804 - RESERVED -CVE-2016-10803 - RESERVED -CVE-2016-10802 - RESERVED -CVE-2016-10801 - RESERVED -CVE-2016-10800 - RESERVED -CVE-2016-10799 - RESERVED -CVE-2016-10798 - RESERVED +CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs ( ...) + TODO: check +CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC- ...) + TODO: check +CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY ...) + TODO: check +CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to ...) + TODO: check +CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop expos ...) + TODO: check +CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service outcomes via ...) + TODO: check +CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing ...) + TODO: check +CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute arbitrary cod ...) + TODO: check +CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows arbitrar ...) + TODO: check +CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC records (CP ...) + TODO: check +CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of other use ...) + TODO: check +CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared users (S ...) + TODO: check +CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site Templates and Bo ...) + TODO: check +CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory during a PHP ...) + TODO: check +CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to nobody) via re ...) + TODO: check CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...) NOT-FOR-US: cPanel CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...) @@ -1294,8 +1332,8 @@ CVE-2019-14433 [Nova Server Resource Faults Leak External Exception Details] - nova <unfixed> (bug #934114) NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html NOTE: https://launchpad.net/bugs/1837877 -CVE-2019-14432 - RESERVED +CVE-2019-14432 (Incorrect authentication of application WebSocket connections in Loom ...) + TODO: check CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...) - matrixssl <removed> CVE-2019-14430 @@ -6295,7 +6333,7 @@ CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated NOTE: Versions affected: 0.098 - 1.7.3 NOTE: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 CVE-2019-12815 (An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...) - {DSA-4491-1} + {DSA-4491-1 DLA-1873-1} - proftpd-dfsg 1.3.6-6 (low; bug #932453) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4372 NOTE: https://github.com/proftpd/proftpd/pull/816 @@ -9309,8 +9347,8 @@ CVE-2019-11655 RESERVED CVE-2019-11654 RESERVED -CVE-2019-11653 - RESERVED +CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) + TODO: check CVE-2019-11652 RESERVED CVE-2019-11651 @@ -12551,52 +12589,52 @@ CVE-2019-10391 RESERVED CVE-2019-10390 RESERVED -CVE-2019-10389 - RESERVED -CVE-2019-10388 - RESERVED -CVE-2019-10387 - RESERVED -CVE-2019-10386 - RESERVED -CVE-2019-10385 - RESERVED +CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise Appstore Pub ...) + TODO: check +CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution Enterpr ...) + TODO: check +CVE-2019-10387 (A missing permission check in Jenkins XL TestView Plugin 1.2.0 and ear ...) + TODO: check +CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestView Plug ...) + TODO: check +CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...) + TODO: check CVE-2019-10384 RESERVED CVE-2019-10383 RESERVED -CVE-2019-10382 - RESERVED -CVE-2019-10381 - RESERVED -CVE-2019-10380 - RESERVED -CVE-2019-10379 - RESERVED -CVE-2019-10378 - RESERVED -CVE-2019-10377 - RESERVED -CVE-2019-10376 - RESERVED -CVE-2019-10375 - RESERVED -CVE-2019-10374 - RESERVED -CVE-2019-10373 - RESERVED -CVE-2019-10372 - RESERVED -CVE-2019-10371 - RESERVED -CVE-2019-10370 - RESERVED -CVE-2019-10369 - RESERVED -CVE-2019-10368 - RESERVED -CVE-2019-10367 - RESERVED +CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...) + TODO: check +CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...) + TODO: check +CVE-2019-10380 (Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies ...) + TODO: check +CVE-2019-10379 (Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier sto ...) + TODO: check +CVE-2019-10378 (Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypte ...) + TODO: check +CVE-2019-10377 (A missing permission check in Jenkins Avatar Plugin 1.2 and earlier al ...) + TODO: check +CVE-2019-10376 (A reflected cross-site scripting vulnerability in Jenkins Wall Display ...) + TODO: check +CVE-2019-10375 (An arbitrary file read vulnerability in Jenkins File System SCM Plugin ...) + TODO: check +CVE-2019-10374 (A stored cross-site scripting vulnerability in Jenkins PegDown Formatt ...) + TODO: check +CVE-2019-10373 (A stored cross-site scripting vulnerability in Jenkins Build Pipeline ...) + TODO: check +CVE-2019-10372 (An open redirect vulnerability in Jenkins Gitlab Authentication Plugin ...) + TODO: check +CVE-2019-10371 (A session fixation vulnerability in Jenkins Gitlab Authentication Plug ...) + TODO: check +CVE-2019-10370 (Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally co ...) + TODO: check +CVE-2019-10369 (A missing permission check in Jenkins JClouds Plugin 2.14 and earlier ...) + TODO: check +CVE-2019-10368 (A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2 ...) + TODO: check +CVE-2019-10367 (Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as C ...) + TODO: check CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...) @@ -13386,8 +13424,8 @@ CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer NOTE: https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...) NOT-FOR-US: Snipe-IT -CVE-2019-10099 - RESERVED +CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...) + TODO: check CVE-2019-10098 RESERVED CVE-2019-10097 @@ -26003,8 +26041,8 @@ CVE-2019-5478 RESERVED CVE-2019-5477 RESERVED -CVE-2019-5476 - RESERVED +CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...) + TODO: check CVE-2019-5475 RESERVED CVE-2019-5474 [Override Merge Request Approval Rules] @@ -54602,8 +54640,8 @@ CVE-2018-14385 RESERVED CVE-2018-14384 RESERVED -CVE-2018-14383 - RESERVED +CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows ...) + TODO: check CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...) NOT-FOR-US: InstantCMS CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulner ...) @@ -159359,8 +159397,8 @@ CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to caus NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library) CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualizat ...) NOT-FOR-US: ovirt-engine -CVE-2016-5431 - RESERVED +CVE-2016-5431 (TThe PHP JOSE Library by Gree Inc. version <= 2.2.0 is vulnerable t ...) + TODO: check CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php ...) NOT-FOR-US: jose-php CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for HMAC c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/080b0db1ee025e022098820941c5da5dcdcdaa89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/080b0db1ee025e022098820941c5da5dcdcdaa89 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits