Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
080b0db1 by security tracker role at 2019-08-07T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-14753
+ RESERVED
+CVE-2019-14752
+ RESERVED
+CVE-2019-14751
+ RESERVED
+CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x
before 1. ...)
+ TODO: check
+CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x
before 1. ...)
+ TODO: check
+CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x
before 1. ...)
+ TODO: check
+CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the
design/my-survey-de ...)
+ TODO: check
+CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval
injection by ...)
+ TODO: check
+CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability
exists in b ...)
+ TODO: check
+CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop
files and c ...)
+ TODO: check
+CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through
2019-08-07, H ...)
+ TODO: check
+CVE-2019-14742
+ RESERVED
+CVE-2019-14741
+ RESERVED
+CVE-2019-14740
+ RESERVED
+CVE-2019-14739
+ RESERVED
+CVE-2019-14738
+ RESERVED
+CVE-2019-14737
+ RESERVED
+CVE-2019-14736
+ RESERVED
+CVE-2019-14735
+ RESERVED
CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in
CmtkLoader::l ...)
- adplug <unfixed>
NOTE: https://github.com/adplug/adplug/issues/90
@@ -163,16 +201,16 @@ CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer
overflow in fileio_openou
- brandy <unfixed> (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/7/
NOTE: Negligible security impact
-CVE-2018-20961 [USB: gadget: f_midi: fixing a possible double-free in f_midi]
+CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability
in the ...)
- linux 4.16.5-1
[stretch] - linux 4.9.107-1
NOTE: Fixed by:
https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f
CVE-2018-20960
RESERVED
-CVE-2018-20959
- RESERVED
-CVE-2018-20958
- RESERVED
+CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
+ TODO: check
+CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices
before 20 ...)
+ TODO: check
CVE-2018-20957
RESERVED
CVE-2018-20956
@@ -447,16 +485,16 @@ CVE-2019-14539
RESERVED
CVE-2019-14538
RESERVED
-CVE-2019-14537
- RESERVED
+CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling
vulnerability in t ...)
+ TODO: check
CVE-2019-14536
RESERVED
-CVE-2017-18483
- RESERVED
+CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow
XSS via a ...)
+ TODO: check
CVE-2016-10862
RESERVED
-CVE-2016-10861
- RESERVED
+CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause
the settin ...)
+ TODO: check
CVE-2019-14535
RESERVED
CVE-2019-14534
@@ -486,7 +524,7 @@ CVE-2019-14527
RESERVED
CVE-2019-14526
RESERVED
-CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0
through 2019. ...)
+CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6,
and 2019. ...)
NOT-FOR-US: Octopus Deploy
CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722.
There is a ...)
- schism <unfixed> (bug #933808)
@@ -608,8 +646,8 @@ CVE-2019-14476
RESERVED
CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and
prior use s ...)
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
-CVE-2019-14474
- RESERVED
+CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input
Validation in ...)
+ TODO: check
CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for
authentication but la ...)
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default
PATH_INFO. ...)
@@ -1138,36 +1176,36 @@ CVE-2016-10814 (cPanel before 57.9999.54 allows
demo-mode escape via show_templa
NOT-FOR-US: cPanel
CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account
creation u ...)
NOT-FOR-US: cPanel
-CVE-2016-10812
- RESERVED
-CVE-2016-10811
- RESERVED
-CVE-2016-10810
- RESERVED
-CVE-2016-10809
- RESERVED
-CVE-2016-10808
- RESERVED
-CVE-2016-10807
- RESERVED
-CVE-2016-10806
- RESERVED
-CVE-2016-10805
- RESERVED
-CVE-2016-10804
- RESERVED
-CVE-2016-10803
- RESERVED
-CVE-2016-10802
- RESERVED
-CVE-2016-10801
- RESERVED
-CVE-2016-10800
- RESERVED
-CVE-2016-10799
- RESERVED
-CVE-2016-10798
- RESERVED
+CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect
exposed TTYs ( ...)
+ TODO: check
+CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed
TTYs (SEC- ...)
+ TODO: check
+CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter
exposed a TTY ...)
+ TODO: check
+CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a
TTY to ...)
+ TODO: check
+CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and
/scripts/delpop expos ...)
+ TODO: check
+CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service
outcomes via ...)
+ TODO: check
+CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern
Landing ...)
+ TODO: check
+CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute
arbitrary cod ...)
+ TODO: check
+CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows
arbitrar ...)
+ TODO: check
+CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC
records (CP ...)
+ TODO: check
+CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of
other use ...)
+ TODO: check
+CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared
users (S ...)
+ TODO: check
+CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site
Templates and Bo ...)
+ TODO: check
+CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory
during a PHP ...)
+ TODO: check
+CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to
nobody) via re ...)
+ TODO: check
CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL
Certifica ...)
NOT-FOR-US: cPanel
CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for
Apache HTTP S ...)
@@ -1294,8 +1332,8 @@ CVE-2019-14433 [Nova Server Resource Faults Leak External
Exception Details]
- nova <unfixed> (bug #934114)
NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html
NOTE: https://launchpad.net/bugs/1837877
-CVE-2019-14432
- RESERVED
+CVE-2019-14432 (Incorrect authentication of application WebSocket connections
in Loom ...)
+ TODO: check
CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server
mishandles ...)
- matrixssl <removed>
CVE-2019-14430
@@ -6295,7 +6333,7 @@ CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1
allows remote authenticated
NOTE: Versions affected: 0.098 - 1.7.3
NOTE:
https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
CVE-2019-12815 (An arbitrary file copy vulnerability in mod_copy in ProFTPD up
to 1.3. ...)
- {DSA-4491-1}
+ {DSA-4491-1 DLA-1873-1}
- proftpd-dfsg 1.3.6-6 (low; bug #932453)
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4372
NOTE: https://github.com/proftpd/proftpd/pull/816
@@ -9309,8 +9347,8 @@ CVE-2019-11655
RESERVED
CVE-2019-11654
RESERVED
-CVE-2019-11653
- RESERVED
+CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager.
versions ...)
+ TODO: check
CVE-2019-11652
RESERVED
CVE-2019-11651
@@ -12551,52 +12589,52 @@ CVE-2019-10391
RESERVED
CVE-2019-10390
RESERVED
-CVE-2019-10389
- RESERVED
-CVE-2019-10388
- RESERVED
-CVE-2019-10387
- RESERVED
-CVE-2019-10386
- RESERVED
-CVE-2019-10385
- RESERVED
+CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise
Appstore Pub ...)
+ TODO: check
+CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution
Enterpr ...)
+ TODO: check
+CVE-2019-10387 (A missing permission check in Jenkins XL TestView Plugin 1.2.0
and ear ...)
+ TODO: check
+CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL
TestView Plug ...)
+ TODO: check
+CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials
unencrypted ...)
+ TODO: check
CVE-2019-10384
RESERVED
CVE-2019-10383
RESERVED
-CVE-2019-10382
- RESERVED
-CVE-2019-10381
- RESERVED
-CVE-2019-10380
- RESERVED
-CVE-2019-10379
- RESERVED
-CVE-2019-10378
- RESERVED
-CVE-2019-10377
- RESERVED
-CVE-2019-10376
- RESERVED
-CVE-2019-10375
- RESERVED
-CVE-2019-10374
- RESERVED
-CVE-2019-10373
- RESERVED
-CVE-2019-10372
- RESERVED
-CVE-2019-10371
- RESERVED
-CVE-2019-10370
- RESERVED
-CVE-2019-10369
- RESERVED
-CVE-2019-10368
- RESERVED
-CVE-2019-10367
- RESERVED
+CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier
disables SS ...)
+ TODO: check
+CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables
SSL/TLS ...)
+ TODO: check
+CVE-2019-10380 (Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier
specifies ...)
+ TODO: check
+CVE-2019-10379 (Jenkins Google Cloud Messaging Notification Plugin 1.0 and
earlier sto ...)
+ TODO: check
+CVE-2019-10378 (Jenkins TestLink Plugin 3.16 and earlier stores credentials
unencrypte ...)
+ TODO: check
+CVE-2019-10377 (A missing permission check in Jenkins Avatar Plugin 1.2 and
earlier al ...)
+ TODO: check
+CVE-2019-10376 (A reflected cross-site scripting vulnerability in Jenkins Wall
Display ...)
+ TODO: check
+CVE-2019-10375 (An arbitrary file read vulnerability in Jenkins File System
SCM Plugin ...)
+ TODO: check
+CVE-2019-10374 (A stored cross-site scripting vulnerability in Jenkins PegDown
Formatt ...)
+ TODO: check
+CVE-2019-10373 (A stored cross-site scripting vulnerability in Jenkins Build
Pipeline ...)
+ TODO: check
+CVE-2019-10372 (An open redirect vulnerability in Jenkins Gitlab
Authentication Plugin ...)
+ TODO: check
+CVE-2019-10371 (A session fixation vulnerability in Jenkins Gitlab
Authentication Plug ...)
+ TODO: check
+CVE-2019-10370 (Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits
globally co ...)
+ TODO: check
+CVE-2019-10369 (A missing permission check in Jenkins JClouds Plugin 2.14 and
earlier ...)
+ TODO: check
+CVE-2019-10368 (A cross-site request forgery vulnerability in Jenkins JClouds
Plugin 2 ...)
+ TODO: check
+CVE-2019-10367 (Due to an incomplete fix of CVE-2019-10343, Jenkins
Configuration as C ...)
+ TODO: check
CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored
credentials une ...)
NOT-FOR-US: Jenkins Skytap Cloud CI Plugin
CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier
created a te ...)
@@ -13386,8 +13424,8 @@ CVE-2016-10749 (parse_string in cJSON.c in cJSON before
2016-10-02 has a buffer
NOTE:
https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other
products, rich ...)
NOT-FOR-US: Snipe-IT
-CVE-2019-10099
- RESERVED
+CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write
user dat ...)
+ TODO: check
CVE-2019-10098
RESERVED
CVE-2019-10097
@@ -26003,8 +26041,8 @@ CVE-2019-5478
RESERVED
CVE-2019-5477
RESERVED
-CVE-2019-5476
- RESERVED
+CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0
(running o ...)
+ TODO: check
CVE-2019-5475
RESERVED
CVE-2019-5474 [Override Merge Request Approval Rules]
@@ -54602,8 +54640,8 @@ CVE-2018-14385
RESERVED
CVE-2018-14384
RESERVED
-CVE-2018-14383
- RESERVED
+CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira
allows ...)
+ TODO: check
CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
NOT-FOR-US: InstantCMS
CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open
redirect vulner ...)
@@ -159359,8 +159397,8 @@ CVE-2016-5434 (libalpm, as used in pacman 5.0.1,
allows remote attackers to caus
NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise
Virtualizat ...)
NOT-FOR-US: ovirt-engine
-CVE-2016-5431
- RESERVED
+CVE-2016-5431 (TThe PHP JOSE Library by Gree Inc. version <= 2.2.0 is
vulnerable t ...)
+ TODO: check
CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in
JWE.php ...)
NOT-FOR-US: jose-php
CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for
HMAC c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/080b0db1ee025e022098820941c5da5dcdcdaa89
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/080b0db1ee025e022098820941c5da5dcdcdaa89
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
