[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 05 Sep 2019 13:11:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2306bc43 by security tracker role at 2019-09-05T20:10:38Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low 
privilege user c ...)
+       TODO: check
+CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An 
authenticated user  ...)
+       TODO: check
+CVE-2019-15953 (An issue was discovered in Total.js CMS 12.0.0. An 
authenticated user  ...)
+       TODO: check
+CVE-2019-15952 (An issue was discovered in Total.js CMS 12.0.0. An 
authenticated user  ...)
+       TODO: check
+CVE-2019-15951
+       RESERVED
+CVE-2019-15950
+       RESERVED
+CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as 
root. The ex ...)
+       TODO: check
+CVE-2019-15948
+       RESERVED
+CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data 
unencrypted  ...)
+       TODO: check
+CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an 
ASN.1 Octet ...)
+       TODO: check
+CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an 
ASN.1 Bitst ...)
+       TODO: check
+CVE-2019-15944
+       RESERVED
+CVE-2019-15943
+       RESERVED
+CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on 
uninitia ...)
+       TODO: check
+CVE-2019-15941
+       RESERVED
+CVE-2019-15940
+       RESERVED
+CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a 
divide-by-zero err ...)
+       TODO: check
+CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer 
overflow in  ...)
+       TODO: check
+CVE-2019-15937 (Pengutronix barebox through 2019.08.1 has a remote buffer 
overflow in  ...)
+       TODO: check
 CVE-2019-15936
        RESERVED
 CVE-2019-15935
@@ -27,8 +65,8 @@ CVE-2019-15926 (An issue was discovered in the Linux kernel 
before 5.2.3. Out of
 CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An 
out of bo ...)
        - linux 5.2.6-1
        NOTE: 
https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90
-CVE-2018-21010
-       RESERVED
+CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in 
color_apply_icc_pr ...)
+       TODO: check
 CVE-2018-21009 (Poppler before 0.76.0 has an integer overflow in 
Parser::makeStream in ...)
        - poppler 0.69.0-2
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
@@ -5270,8 +5308,8 @@ CVE-2019-14280 (In some circumstances, Craft 2 before 
2.7.10 and 3 before 3.2.6
        NOT-FOR-US: Craft CMS
 CVE-2019-14279
        RESERVED
-CVE-2019-14278
-       RESERVED
+CVE-2019-14278 (In Knowage through 6.1.1, an unauthenticated user can 
enumerated valid ...)
+       TODO: check
 CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x 
through 5 ...)
        NOT-FOR-US: Axway SecureTransport
 CVE-2019-14276
@@ -8397,8 +8435,8 @@ CVE-2019-13363
        RESERVED
 CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable 
in code ...)
        NOT-FOR-US: Codedoc
-CVE-2019-13361
-       RESERVED
+CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, 
exploitable by an ...)
+       TODO: check
 CVE-2019-13360 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, 
remote at ...)
        NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a 
cwpsrv- ...)
@@ -8426,8 +8464,8 @@ CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 
1.9.1 through 1.9.12 (a
        NOTE: 
https://github.com/jackaudio/jack2/commit/994e225bbb07a89f56147f7ce7d59beb49f8cfba
 CVE-2019-13350
        RESERVED
-CVE-2019-13349
-       RESERVED
+CVE-2019-13349 (In Knowage through 6.1.1, an authenticated user that accesses 
the user ...)
+       TODO: check
 CVE-2019-13348 (In Knowage through 6.1.1, an authenticated user who accesses 
the datas ...)
        TODO: check
 CVE-2019-13347
@@ -8871,16 +8909,16 @@ CVE-2019-13193
        RESERVED
 CVE-2019-13192
        RESERVED
-CVE-2019-13191
-       RESERVED
-CVE-2019-13190
-       RESERVED
+CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows 
attacke ...)
+       TODO: check
+CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate 
a valid ...)
+       TODO: check
 CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or 
user_id fi ...)
        TODO: check
-CVE-2019-13188
-       RESERVED
-CVE-2019-13187
-       RESERVED
+CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass 
access co ...)
+       TODO: check
+CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1 
for Sympho ...)
+       TODO: check
 CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in 
mc-admin/post-edit.php via t ...)
        NOT-FOR-US: MiniCMS
 CVE-2019-13185
@@ -11456,8 +11494,8 @@ CVE-2019-12225
        RESERVED
 CVE-2019-12224
        RESERVED
-CVE-2019-12223
-       RESERVED
+CVE-2019-12223 (An issue was discovered in NVR WebViewer on Hanwah Techwin 
SRN-472s 1. ...)
+       TODO: check
 CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia 
Layer (SDL) ...)
        {DLA-1865-1 DLA-1861-1}
        - libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
@@ -12596,6 +12634,7 @@ CVE-2019-11753
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753
 CVE-2019-11752
        RESERVED
+       {DSA-4516-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752
@@ -12641,6 +12680,7 @@ CVE-2019-11747
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
 CVE-2019-11746
        RESERVED
+       {DSA-4516-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746
@@ -12650,6 +12690,7 @@ CVE-2019-11745
        RESERVED
 CVE-2019-11744
        RESERVED
+       {DSA-4516-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744
@@ -12657,6 +12698,7 @@ CVE-2019-11744
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744
 CVE-2019-11743
        RESERVED
+       {DSA-4516-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743
@@ -12664,6 +12706,7 @@ CVE-2019-11743
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
 CVE-2019-11742
        RESERVED
+       {DSA-4516-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742
@@ -12675,6 +12718,7 @@ CVE-2019-11741
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
 CVE-2019-11740
        RESERVED
+       {DSA-4516-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740
@@ -15727,8 +15771,8 @@ CVE-2019-10679
        RESERVED
 CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as 
insecure a ...)
        - domoticz <itp> (bug #899058)
-CVE-2019-10677
-       RESERVED
+CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web 
interface on DAS ...)
+       TODO: check
 CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon 
enterin ...)
        NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10675
@@ -18855,6 +18899,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ 
mutations may lead to type confus
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
 CVE-2019-9812
        RESERVED
+       {DSA-4516-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812
@@ -30972,18 +31017,18 @@ CVE-2019-5072
        RESERVED
 CVE-2019-5071
        RESERVED
-CVE-2019-5070
-       RESERVED
-CVE-2019-5069
-       RESERVED
+CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the 
unauthenticat ...)
+       TODO: check
+CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS 
v5.2.12. ...)
+       TODO: check
 CVE-2019-5068
        RESERVED
 CVE-2019-5067
        RESERVED
 CVE-2019-5066
        RESERVED
-CVE-2019-5065
-       RESERVED
+CVE-2019-5065 (An exploitable information disclosure vulnerability exists in 
the pack ...)
+       TODO: check
 CVE-2019-5064
        RESERVED
 CVE-2019-5063
@@ -32564,8 +32609,8 @@ CVE-2019-4323
        RESERVED
 CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
        NOT-FOR-US: IBM
-CVE-2019-4321
-       RESERVED
+CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM 
Intelligent Ope ...)
+       TODO: check
 CVE-2019-4320
        RESERVED
 CVE-2019-4319
@@ -32834,8 +32879,8 @@ CVE-2019-4188
        RESERVED
 CVE-2019-4187
        RESERVED
-CVE-2019-4186
-       RESERVED
+CVE-2019-4186 (IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP 
header inj ...)
+       TODO: check
 CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are 
vulnerable to  ...)
        NOT-FOR-US: IBM
 CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to 
cross- ...)
@@ -32908,8 +32953,8 @@ CVE-2019-4151 (IBM Security Access Manager 9.0.1 
through 9.0.6 uses weaker than
        NOT-FOR-US: IBM
 CVE-2019-4150 (IBM Security Access Manager 9.0.1 through 9.0.6 does not 
validate, or  ...)
        NOT-FOR-US: IBM
-CVE-2019-4149
-       RESERVED
+CVE-2019-4149 (IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 
and IBM B ...)
+       TODO: check
 CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 
6.0.0.1 is vu ...)
        NOT-FOR-US: IBM
 CVE-2019-4147
@@ -66161,8 +66206,8 @@ CVE-2018-11571 (ClipperCMS 1.3.3 allows Session 
Fixation. ...)
        NOT-FOR-US: ClipperCMS
 CVE-2018-11570
        RESERVED
-CVE-2018-11569
-       RESERVED
+CVE-2018-11569 (Controller/ListController.php in Eventum 3.5.0 is vulnerable 
to Deseri ...)
+       TODO: check
 CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 
1.5.13.2 for W ...)
        NOT-FOR-US: GamePlan theme for WordPress
 CVE-2018-11567 (** DISPUTED ** Prior to 2018-04-27, the reprompt feature in 
Amazon Ech ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2306bc431bdfc4bded1ef20768b2112086a8da1e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2306bc431bdfc4bded1ef20768b2112086a8da1e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to