Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f3630f08 by security tracker role at 2019-08-24T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1200,8 +1200,8 @@ CVE-2019-15094
RESERVED
CVE-2019-15093
RESERVED
-CVE-2019-15092
- RESERVED
+CVE-2019-15092 (The webtoffee "WordPress Users & WooCommerce Customers
Import Expo ...)
+ TODO: check
CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows
index.php?sec=wiki&am ...)
NOT-FOR-US: Artica Integria IMS
CVE-2019-15089
@@ -9843,8 +9843,7 @@ CVE-2019-12402
RESERVED
CVE-2019-12401
RESERVED
-CVE-2019-12400 [Apache Santuario potentially loads XML parsing code from an
untrusted source]
- RESERVED
+CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a
caching mec ...)
- libxml-security-java <unfixed> (bug #935548)
[stretch] - libxml-security-java <not-affected> (Vulnerable code
introduced in 2.0.3)
NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc
@@ -16552,6 +16551,7 @@ CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected
by: Cross Site Scripting (
CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE).
The impact ...)
NOT-FOR-US: Slanger
CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The
impact is: I ...)
+ {DLA-1895-1}
- libmspack 0.10.1-1
NOTE:
https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
NOTE: https://github.com/kyz/libmspack/issues/27
@@ -16697,6 +16697,7 @@ CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and
earlier is affected by: In
CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL
Injection. T ...)
NOT-FOR-US: ONOS
CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is
affected by: Cr ...)
+ {DLA-1894-1}
- libapache2-mod-auth-openidc 2.3.10.2-1
NOTE: Fixed by:
https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b
(v2.3.10.2)
NOTE:
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt
@@ -23836,12 +23837,12 @@ CVE-2019-7366
RESERVED
CVE-2019-7365
RESERVED
-CVE-2019-7364
- RESERVED
-CVE-2019-7363
- RESERVED
-CVE-2019-7362
- RESERVED
+CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and
2020 of ...)
+ TODO: check
+CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions
2011, ...)
+ TODO: check
+CVE-2019-7362 (DLL preloading vulnerability in Autodesk Design Review versions
2011, ...)
+ TODO: check
CVE-2019-7361 (An attacker may convince a victim to open a malicious action
micro (.a ...)
NOT-FOR-US: Autodesk
CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing
functio ...)
@@ -25544,14 +25545,14 @@ CVE-2019-6700
RESERVED
CVE-2019-6699
RESERVED
-CVE-2019-6698
- RESERVED
+CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder
all versi ...)
+ TODO: check
CVE-2019-6697
RESERVED
CVE-2019-6696
RESERVED
-CVE-2019-6695
- RESERVED
+CVE-2019-6695 (Lack of root file system integrity checking in Fortinet
FortiManager V ...)
+ TODO: check
CVE-2019-6694
RESERVED
CVE-2019-6693
@@ -28486,12 +28487,12 @@ CVE-2019-5595 (In FreeBSD before
11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA
- kfreebsd-10 <unfixed> (unimportant)
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc
NOTE: kfreebsd not covered by security support
-CVE-2019-5594
- RESERVED
+CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation
("Cross ...)
+ TODO: check
CVE-2019-5593
RESERVED
-CVE-2019-5592
- RESERVED
+CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE,
GOLDENDOODLE, ...)
+ TODO: check
CVE-2019-5591
RESERVED
CVE-2019-5590
@@ -59766,8 +59767,8 @@ CVE-2018-13369
RESERVED
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for
Windows 6.0.4 ...)
NOT-FOR-US: Fortinet FortiClient
-CVE-2018-13367
- RESERVED
+CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.0 and
below may a ...)
+ TODO: check
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS
6.0.1, 5.6 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS
6.0.1, 5.6.5 ...)
@@ -160114,8 +160115,8 @@ CVE-2016-6156 (Race condition in the
ec_device_ioctl_xcmd function in drivers/pl
NOTE: Introduced by:
https://git.kernel.org/linus/a841178445bb72a3d566b4e6ab9d19e9b002eb47 (v4.2-rc1)
CVE-2016-6155
RESERVED
-CVE-2016-6154
- RESERVED
+CVE-2016-6154 (The authentication applet in Watchguard Fireware 11.11
Operating Syste ...)
+ TODO: check
CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote
authenticated ...)
NOT-FOR-US: eHealth
CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a
denial o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3630f088d29ee82427cc4c77394cbb176b642cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3630f088d29ee82427cc4c77394cbb176b642cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
