Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73fcd32a by security tracker role at 2019-09-06T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the
blacklist ...)
+ TODO: check
+CVE-2019-16059 (Sentrifugo 3.2 lacks CSRF protection. This could lead to an
attacker t ...)
+ TODO: check
+CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and
0.3.0 for O ...)
+ TODO: check
+CVE-2019-16057
+ RESERVED
+CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through
3.5.7, 3 ...)
+ TODO: check
+CVE-2019-16055
+ RESERVED
+CVE-2019-16054
+ RESERVED
+CVE-2019-16053
+ RESERVED
+CVE-2019-16052
+ RESERVED
+CVE-2019-16051
+ RESERVED
+CVE-2019-16050
+ RESERVED
+CVE-2019-16049
+ RESERVED
+CVE-2019-16048
+ RESERVED
+CVE-2019-16047
+ RESERVED
+CVE-2019-16046
+ RESERVED
+CVE-2019-16045
+ RESERVED
+CVE-2019-16044
+ RESERVED
+CVE-2019-16043
+ RESERVED
+CVE-2019-16042
+ RESERVED
+CVE-2019-16041
+ RESERVED
+CVE-2019-16040
+ RESERVED
+CVE-2019-16039
+ RESERVED
+CVE-2019-16038
+ RESERVED
+CVE-2019-16037
+ RESERVED
+CVE-2019-16036
+ RESERVED
+CVE-2019-16035
+ RESERVED
+CVE-2019-16034
+ RESERVED
+CVE-2019-16033
+ RESERVED
+CVE-2019-16032
+ RESERVED
+CVE-2019-16031
+ RESERVED
+CVE-2019-16030
+ RESERVED
+CVE-2019-16029
+ RESERVED
+CVE-2019-16028
+ RESERVED
+CVE-2019-16027
+ RESERVED
+CVE-2019-16026
+ RESERVED
+CVE-2019-16025
+ RESERVED
+CVE-2019-16024
+ RESERVED
+CVE-2019-16023
+ RESERVED
+CVE-2019-16022
+ RESERVED
+CVE-2019-16021
+ RESERVED
+CVE-2019-16020
+ RESERVED
+CVE-2019-16019
+ RESERVED
+CVE-2019-16018
+ RESERVED
+CVE-2019-16017
+ RESERVED
+CVE-2019-16016
+ RESERVED
+CVE-2019-16015
+ RESERVED
+CVE-2019-16014
+ RESERVED
+CVE-2019-16013
+ RESERVED
+CVE-2019-16012
+ RESERVED
+CVE-2019-16011
+ RESERVED
+CVE-2019-16010
+ RESERVED
+CVE-2019-16009
+ RESERVED
+CVE-2019-16008
+ RESERVED
+CVE-2019-16007
+ RESERVED
+CVE-2019-16006
+ RESERVED
+CVE-2019-16005
+ RESERVED
+CVE-2019-16004
+ RESERVED
+CVE-2019-16003
+ RESERVED
+CVE-2019-16002
+ RESERVED
+CVE-2019-16001
+ RESERVED
+CVE-2019-16000
+ RESERVED
+CVE-2019-15999
+ RESERVED
+CVE-2019-15998
+ RESERVED
+CVE-2019-15997
+ RESERVED
+CVE-2019-15996
+ RESERVED
+CVE-2019-15995
+ RESERVED
+CVE-2019-15994
+ RESERVED
+CVE-2019-15993
+ RESERVED
+CVE-2019-15992
+ RESERVED
+CVE-2019-15991
+ RESERVED
+CVE-2019-15990
+ RESERVED
+CVE-2019-15989
+ RESERVED
+CVE-2019-15988
+ RESERVED
+CVE-2019-15987
+ RESERVED
+CVE-2019-15986
+ RESERVED
+CVE-2019-15985
+ RESERVED
+CVE-2019-15984
+ RESERVED
+CVE-2019-15983
+ RESERVED
+CVE-2019-15982
+ RESERVED
+CVE-2019-15981
+ RESERVED
+CVE-2019-15980
+ RESERVED
+CVE-2019-15979
+ RESERVED
+CVE-2019-15978
+ RESERVED
+CVE-2019-15977
+ RESERVED
+CVE-2019-15976
+ RESERVED
+CVE-2019-15975
+ RESERVED
+CVE-2019-15974
+ RESERVED
+CVE-2019-15973
+ RESERVED
+CVE-2019-15972
+ RESERVED
+CVE-2019-15971
+ RESERVED
+CVE-2019-15970
+ RESERVED
+CVE-2019-15969
+ RESERVED
+CVE-2019-15968
+ RESERVED
+CVE-2019-15967
+ RESERVED
+CVE-2019-15966
+ RESERVED
+CVE-2019-15965
+ RESERVED
+CVE-2019-15964
+ RESERVED
+CVE-2019-15963
+ RESERVED
+CVE-2019-15962
+ RESERVED
+CVE-2019-15961
+ RESERVED
+CVE-2019-15960
+ RESERVED
+CVE-2019-15959
+ RESERVED
+CVE-2019-15958
+ RESERVED
+CVE-2019-15957
+ RESERVED
+CVE-2019-15956
+ RESERVED
CVE-2019-XXXX [5.2.3 fixes several XSS and other security bugs]
- wordpress 5.2.3+dfsg1-1 (bug #939543)
TODO: needs proper split up after CVE assignment in individual entries
@@ -145,6 +355,7 @@ CVE-2019-15905
CVE-2019-15904
RESERVED
CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the
parser into ...)
+ {DLA-1912-1}
- expat 2.2.7-2 (bug #939394)
NOTE:
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
NOTE: https://github.com/libexpat/libexpat/issues/317
@@ -172,8 +383,7 @@ CVE-2019-15893
RESERVED
CVE-2019-15891
RESERVED
-CVE-2019-15890 [Slirp: use-after-free during packet reassembly]
- RESERVED
+CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in
ip_reas ...)
- slirp4netns <unfixed>
- qemu <unfixed>
- qemu-kvm <removed>
@@ -294,8 +504,8 @@ CVE-2015-9381 (FreeType before 2.6.1 has a heap-based
buffer over-read in T1_Get
- freetype 2.6.1-0.1
NOTE:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9
NOTE: https://savannah.nongnu.org/bugs/?45955
-CVE-2019-15846 [local or remote attacker can execute programs with root
privileges]
- RESERVED
+CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute
arbitrary code a ...)
+ {DSA-4517-1 DLA-1911-1}
- exim4 4.92.1-3
NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
NOTE:
https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
@@ -2329,8 +2539,8 @@ CVE-2019-15104 (An issue was discovered in Zoho
ManageEngine OpManager through 1
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2019-15103
RESERVED
-CVE-2019-15102
- RESERVED
+CVE-2019-15102 (An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0.
TestRunner ...)
+ TODO: check
CVE-2019-15101
RESERVED
CVE-2019-15100
@@ -3273,8 +3483,7 @@ CVE-2019-14815
CVE-2019-14814
RESERVED
- linux <unfixed>
-CVE-2019-14813
- RESERVED
+CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in
the sets ...)
- ghostscript <unfixed>
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
@@ -5484,8 +5693,8 @@ CVE-2019-14225
RESERVED
CVE-2019-14224 (An issue was discovered in Alfresco Community Edition 5.2
201707. By l ...)
TODO: check
-CVE-2019-14223
- RESERVED
+CVE-2019-14223 (An issue was discovered in Alfresco Community Edition versions
below 5 ...)
+ TODO: check
CVE-2019-14222 (An issue was discovered in Alfresco Community Edition versions
6.0 and ...)
TODO: check
CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that
is mishan ...)
@@ -6088,8 +6297,8 @@ CVE-2019-13955 (Mikrotik RouterOS before 6.44.5
(long-term release tree) is vuln
NOT-FOR-US: Mikrotik RouterOS
CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is
vulnerable ...)
NOT-FOR-US: Mikrotik RouterOS
-CVE-2019-13953
- RESERVED
+CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in
the Bluet ...)
+ TODO: check
CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before
2.4.3 and ...)
- gdnsd <unfixed> (unimportant; bug #932407)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
@@ -6694,8 +6903,8 @@ CVE-2019-13658
RESERVED
CVE-2019-13657
RESERVED
-CVE-2019-13656
- RESERVED
+CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA
Technologies C ...)
+ TODO: check
CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: Imgix
CVE-2019-13654
@@ -8071,8 +8280,8 @@ CVE-2019-13519
RESERVED
CVE-2019-13518 (An attacker could use a specially crafted project file to
overflow the ...)
TODO: check
-CVE-2019-13517
- RESERVED
+CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis
Enterprise Serve ...)
+ TODO: check
CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is
vulnerable to ...)
NOT-FOR-US: OSIsoft LLC
CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of
sensitive in ...)
@@ -12250,10 +12459,10 @@ CVE-2019-11928
RESERVED
CVE-2019-11927
RESERVED
-CVE-2019-11926
- RESERVED
-CVE-2019-11925
- RESERVED
+CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers
from JPEG ...)
+ TODO: check
+CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12
block mark ...)
+ TODO: check
CVE-2019-11924 (A peer could send empty handshake fragments containing only
padding wh ...)
TODO: check
CVE-2019-11923
@@ -12657,7 +12866,7 @@ CVE-2019-11753
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753
CVE-2019-11752
RESERVED
- {DSA-4516-1}
+ {DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752
@@ -12703,7 +12912,7 @@ CVE-2019-11747
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
CVE-2019-11746
RESERVED
- {DSA-4516-1}
+ {DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746
@@ -12713,7 +12922,7 @@ CVE-2019-11745
RESERVED
CVE-2019-11744
RESERVED
- {DSA-4516-1}
+ {DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744
@@ -12721,7 +12930,7 @@ CVE-2019-11744
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744
CVE-2019-11743
RESERVED
- {DSA-4516-1}
+ {DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743
@@ -12729,7 +12938,7 @@ CVE-2019-11743
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
CVE-2019-11742
RESERVED
- {DSA-4516-1}
+ {DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742
@@ -12741,7 +12950,7 @@ CVE-2019-11741
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
CVE-2019-11740
RESERVED
- {DSA-4516-1}
+ {DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740
@@ -18721,10 +18930,10 @@ CVE-2019-9858 (Remote code execution was discovered
in Horde Groupware Webmail 5
NOTE:
https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e
CVE-2019-9856
RESERVED
-CVE-2019-9855
- RESERVED
-CVE-2019-9854
- RESERVED
+CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable
turtle ...)
+ TODO: check
+CVE-2019-9854 (LibreOffice has a feature where documents can specify that
pre-install ...)
+ TODO: check
CVE-2019-9853
RESERVED
CVE-2019-9852 (LibreOffice has a feature where documents can specify that
pre-install ...)
@@ -18922,7 +19131,7 @@ CVE-2019-9813 (Incorrect handling of __proto__
mutations may lead to type confus
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
CVE-2019-9812
RESERVED
- {DSA-4516-1}
+ {DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812
@@ -47492,8 +47701,8 @@ CVE-2018-18883 (An issue was discovered in Xen 4.9.x
through 4.11.x, on Intel x8
NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6,
8.7 befo ...)
NOT-FOR-US: Synacor Zimbra Collaboration Suite
-CVE-2018-18630
- RESERVED
+CVE-2018-18630 (A vulnerability was found in McKesson Cardiology product 13.x
and 14.x ...)
+ TODO: check
CVE-2018-18629 (An issue was discovered in the Keybase command-line client
before 2.8. ...)
NOT-FOR-US: Keybase command-line client
CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function
SerializationSes ...)
@@ -81237,8 +81446,8 @@ CVE-2018-6242 (Some NVIDIA Tegra mobile processors
released prior to 2016 contai
NOT-FOR-US: NVIDIA
CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver
in whic ...)
NOT-FOR-US: NVIDIA
-CVE-2018-6240
- RESERVED
+CVE-2018-6240 (NVIDIA Tegra contains a vulnerability in BootRom where a user
with ker ...)
+ TODO: check
CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of
speculative exe ...)
NOT-FOR-US: NVIDIA
CVE-2018-6238
@@ -95064,7 +95273,7 @@ CVE-2017-17546
RESERVED
CVE-2017-17545
RESERVED
-CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS all
versions ...)
+CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS
before 5.6.11 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted
in Fortin ...)
NOT-FOR-US: Fortinet FortiClient
@@ -157152,8 +157361,8 @@ CVE-2016-7400 (Multiple SQL injection vulnerabilities
in Exponent CMS before 2.4
NOT-FOR-US: Exponent CMS
CVE-2016-7399 (scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x
through 2.6. ...)
NOT-FOR-US: Veritas NetBackup Applianc
-CVE-2016-7398
- RESERVED
+CVE-2016-7398 (A type confusion vulnerability in the merge_param() function of
php_ht ...)
+ TODO: check
CVE-2016-7397 (The Frontend component in Sophos UTM with firmware 9.405-5 and
earlier ...)
NOT-FOR-US: Sophos UTM
CVE-2016-7396
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/73fcd32a0430721592c2406e82944b596d13e1c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/73fcd32a0430721592c2406e82944b596d13e1c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
