Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f3630f08 by security tracker role at 2019-08-24T08:10:13Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1200,8 +1200,8 @@ CVE-2019-15094 RESERVED CVE-2019-15093 RESERVED -CVE-2019-15092 - RESERVED +CVE-2019-15092 (The webtoffee "WordPress Users & WooCommerce Customers Import Expo ...) + TODO: check CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&am ...) NOT-FOR-US: Artica Integria IMS CVE-2019-15089 @@ -9843,8 +9843,7 @@ CVE-2019-12402 RESERVED CVE-2019-12401 RESERVED -CVE-2019-12400 [Apache Santuario potentially loads XML parsing code from an untrusted source] - RESERVED +CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...) - libxml-security-java <unfixed> (bug #935548) [stretch] - libxml-security-java <not-affected> (Vulnerable code introduced in 2.0.3) NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc @@ -16552,6 +16551,7 @@ CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting ( CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact ...) NOT-FOR-US: Slanger CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: I ...) + {DLA-1895-1} - libmspack 0.10.1-1 NOTE: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d NOTE: https://github.com/kyz/libmspack/issues/27 @@ -16697,6 +16697,7 @@ CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: In CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. T ...) NOT-FOR-US: ONOS CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cr ...) + {DLA-1894-1} - libapache2-mod-auth-openidc 2.3.10.2-1 NOTE: Fixed by: https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b (v2.3.10.2) NOTE: https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt @@ -23836,12 +23837,12 @@ CVE-2019-7366 RESERVED CVE-2019-7365 RESERVED -CVE-2019-7364 - RESERVED -CVE-2019-7363 - RESERVED -CVE-2019-7362 - RESERVED +CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...) + TODO: check +CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011, ...) + TODO: check +CVE-2019-7362 (DLL preloading vulnerability in Autodesk Design Review versions 2011, ...) + TODO: check CVE-2019-7361 (An attacker may convince a victim to open a malicious action micro (.a ...) NOT-FOR-US: Autodesk CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing functio ...) @@ -25544,14 +25545,14 @@ CVE-2019-6700 RESERVED CVE-2019-6699 RESERVED -CVE-2019-6698 - RESERVED +CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...) + TODO: check CVE-2019-6697 RESERVED CVE-2019-6696 RESERVED -CVE-2019-6695 - RESERVED +CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...) + TODO: check CVE-2019-6694 RESERVED CVE-2019-6693 @@ -28486,12 +28487,12 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA - kfreebsd-10 <unfixed> (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc NOTE: kfreebsd not covered by security support -CVE-2019-5594 - RESERVED +CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...) + TODO: check CVE-2019-5593 RESERVED -CVE-2019-5592 - RESERVED +CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...) + TODO: check CVE-2019-5591 RESERVED CVE-2019-5590 @@ -59766,8 +59767,8 @@ CVE-2018-13369 RESERVED CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...) NOT-FOR-US: Fortinet FortiClient -CVE-2018-13367 - RESERVED +CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.0 and below may a ...) + TODO: check CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...) NOT-FOR-US: Fortinet FortiOS CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 ...) @@ -160114,8 +160115,8 @@ CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in drivers/pl NOTE: Introduced by: https://git.kernel.org/linus/a841178445bb72a3d566b4e6ab9d19e9b002eb47 (v4.2-rc1) CVE-2016-6155 RESERVED -CVE-2016-6154 - RESERVED +CVE-2016-6154 (The authentication applet in Watchguard Fireware 11.11 Operating Syste ...) + TODO: check CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...) NOT-FOR-US: eHealth CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial o ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3630f088d29ee82427cc4c77394cbb176b642cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3630f088d29ee82427cc4c77394cbb176b642cf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits