Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2306bc43 by security tracker role at 2019-09-05T20:10:38Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,41 @@ +CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...) + TODO: check +CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...) + TODO: check +CVE-2019-15953 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...) + TODO: check +CVE-2019-15952 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...) + TODO: check +CVE-2019-15951 + RESERVED +CVE-2019-15950 + RESERVED +CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as root. The ex ...) + TODO: check +CVE-2019-15948 + RESERVED +CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted ...) + TODO: check +CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...) + TODO: check +CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...) + TODO: check +CVE-2019-15944 + RESERVED +CVE-2019-15943 + RESERVED +CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...) + TODO: check +CVE-2019-15941 + RESERVED +CVE-2019-15940 + RESERVED +CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...) + TODO: check +CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in ...) + TODO: check +CVE-2019-15937 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in ...) + TODO: check CVE-2019-15936 RESERVED CVE-2019-15935 @@ -27,8 +65,8 @@ CVE-2019-15926 (An issue was discovered in the Linux kernel before 5.2.3. Out of CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An out of bo ...) - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90 -CVE-2018-21010 - RESERVED +CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...) + TODO: check CVE-2018-21009 (Poppler before 0.76.0 has an integer overflow in Parser::makeStream in ...) - poppler 0.69.0-2 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a @@ -5270,8 +5308,8 @@ CVE-2019-14280 (In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 NOT-FOR-US: Craft CMS CVE-2019-14279 RESERVED -CVE-2019-14278 - RESERVED +CVE-2019-14278 (In Knowage through 6.1.1, an unauthenticated user can enumerated valid ...) + TODO: check CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5 ...) NOT-FOR-US: Axway SecureTransport CVE-2019-14276 @@ -8397,8 +8435,8 @@ CVE-2019-13363 RESERVED CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...) NOT-FOR-US: Codedoc -CVE-2019-13361 - RESERVED +CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an ...) + TODO: check CVE-2019-13360 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote at ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv- ...) @@ -8426,8 +8464,8 @@ CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (a NOTE: https://github.com/jackaudio/jack2/commit/994e225bbb07a89f56147f7ce7d59beb49f8cfba CVE-2019-13350 RESERVED -CVE-2019-13349 - RESERVED +CVE-2019-13349 (In Knowage through 6.1.1, an authenticated user that accesses the user ...) + TODO: check CVE-2019-13348 (In Knowage through 6.1.1, an authenticated user who accesses the datas ...) TODO: check CVE-2019-13347 @@ -8871,16 +8909,16 @@ CVE-2019-13193 RESERVED CVE-2019-13192 RESERVED -CVE-2019-13191 - RESERVED -CVE-2019-13190 - RESERVED +CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...) + TODO: check +CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...) + TODO: check CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user_id fi ...) TODO: check -CVE-2019-13188 - RESERVED -CVE-2019-13187 - RESERVED +CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass access co ...) + TODO: check +CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1 for Sympho ...) + TODO: check CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...) NOT-FOR-US: MiniCMS CVE-2019-13185 @@ -11456,8 +11494,8 @@ CVE-2019-12225 RESERVED CVE-2019-12224 RESERVED -CVE-2019-12223 - RESERVED +CVE-2019-12223 (An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1. ...) + TODO: check CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) @@ -12596,6 +12634,7 @@ CVE-2019-11753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753 CVE-2019-11752 RESERVED + {DSA-4516-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752 @@ -12641,6 +12680,7 @@ CVE-2019-11747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747 CVE-2019-11746 RESERVED + {DSA-4516-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746 @@ -12650,6 +12690,7 @@ CVE-2019-11745 RESERVED CVE-2019-11744 RESERVED + {DSA-4516-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744 @@ -12657,6 +12698,7 @@ CVE-2019-11744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744 CVE-2019-11743 RESERVED + {DSA-4516-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743 @@ -12664,6 +12706,7 @@ CVE-2019-11743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743 CVE-2019-11742 RESERVED + {DSA-4516-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742 @@ -12675,6 +12718,7 @@ CVE-2019-11741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741 CVE-2019-11740 RESERVED + {DSA-4516-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740 @@ -15727,8 +15771,8 @@ CVE-2019-10679 RESERVED CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as insecure a ...) - domoticz <itp> (bug #899058) -CVE-2019-10677 - RESERVED +CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...) + TODO: check CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...) NOT-FOR-US: Uniqkey Password Manager CVE-2019-10675 @@ -18855,6 +18899,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813 CVE-2019-9812 RESERVED + {DSA-4516-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812 @@ -30972,18 +31017,18 @@ CVE-2019-5072 RESERVED CVE-2019-5071 RESERVED -CVE-2019-5070 - RESERVED -CVE-2019-5069 - RESERVED +CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...) + TODO: check +CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...) + TODO: check CVE-2019-5068 RESERVED CVE-2019-5067 RESERVED CVE-2019-5066 RESERVED -CVE-2019-5065 - RESERVED +CVE-2019-5065 (An exploitable information disclosure vulnerability exists in the pack ...) + TODO: check CVE-2019-5064 RESERVED CVE-2019-5063 @@ -32564,8 +32609,8 @@ CVE-2019-4323 RESERVED CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM -CVE-2019-4321 - RESERVED +CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Ope ...) + TODO: check CVE-2019-4320 RESERVED CVE-2019-4319 @@ -32834,8 +32879,8 @@ CVE-2019-4188 RESERVED CVE-2019-4187 RESERVED -CVE-2019-4186 - RESERVED +CVE-2019-4186 (IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header inj ...) + TODO: check CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are vulnerable to ...) NOT-FOR-US: IBM CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...) @@ -32908,8 +32953,8 @@ CVE-2019-4151 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than NOT-FOR-US: IBM CVE-2019-4150 (IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or ...) NOT-FOR-US: IBM -CVE-2019-4149 - RESERVED +CVE-2019-4149 (IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM B ...) + TODO: check CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...) NOT-FOR-US: IBM CVE-2019-4147 @@ -66161,8 +66206,8 @@ CVE-2018-11571 (ClipperCMS 1.3.3 allows Session Fixation. ...) NOT-FOR-US: ClipperCMS CVE-2018-11570 RESERVED -CVE-2018-11569 - RESERVED +CVE-2018-11569 (Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deseri ...) + TODO: check CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for W ...) NOT-FOR-US: GamePlan theme for WordPress CVE-2018-11567 (** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Ech ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2306bc431bdfc4bded1ef20768b2112086a8da1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2306bc431bdfc4bded1ef20768b2112086a8da1e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits