Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 73fcd32a by security tracker role at 2019-09-06T20:10:23Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,213 @@ +CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...) + TODO: check +CVE-2019-16059 (Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker t ...) + TODO: check +CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for O ...) + TODO: check +CVE-2019-16057 + RESERVED +CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...) + TODO: check +CVE-2019-16055 + RESERVED +CVE-2019-16054 + RESERVED +CVE-2019-16053 + RESERVED +CVE-2019-16052 + RESERVED +CVE-2019-16051 + RESERVED +CVE-2019-16050 + RESERVED +CVE-2019-16049 + RESERVED +CVE-2019-16048 + RESERVED +CVE-2019-16047 + RESERVED +CVE-2019-16046 + RESERVED +CVE-2019-16045 + RESERVED +CVE-2019-16044 + RESERVED +CVE-2019-16043 + RESERVED +CVE-2019-16042 + RESERVED +CVE-2019-16041 + RESERVED +CVE-2019-16040 + RESERVED +CVE-2019-16039 + RESERVED +CVE-2019-16038 + RESERVED +CVE-2019-16037 + RESERVED +CVE-2019-16036 + RESERVED +CVE-2019-16035 + RESERVED +CVE-2019-16034 + RESERVED +CVE-2019-16033 + RESERVED +CVE-2019-16032 + RESERVED +CVE-2019-16031 + RESERVED +CVE-2019-16030 + RESERVED +CVE-2019-16029 + RESERVED +CVE-2019-16028 + RESERVED +CVE-2019-16027 + RESERVED +CVE-2019-16026 + RESERVED +CVE-2019-16025 + RESERVED +CVE-2019-16024 + RESERVED +CVE-2019-16023 + RESERVED +CVE-2019-16022 + RESERVED +CVE-2019-16021 + RESERVED +CVE-2019-16020 + RESERVED +CVE-2019-16019 + RESERVED +CVE-2019-16018 + RESERVED +CVE-2019-16017 + RESERVED +CVE-2019-16016 + RESERVED +CVE-2019-16015 + RESERVED +CVE-2019-16014 + RESERVED +CVE-2019-16013 + RESERVED +CVE-2019-16012 + RESERVED +CVE-2019-16011 + RESERVED +CVE-2019-16010 + RESERVED +CVE-2019-16009 + RESERVED +CVE-2019-16008 + RESERVED +CVE-2019-16007 + RESERVED +CVE-2019-16006 + RESERVED +CVE-2019-16005 + RESERVED +CVE-2019-16004 + RESERVED +CVE-2019-16003 + RESERVED +CVE-2019-16002 + RESERVED +CVE-2019-16001 + RESERVED +CVE-2019-16000 + RESERVED +CVE-2019-15999 + RESERVED +CVE-2019-15998 + RESERVED +CVE-2019-15997 + RESERVED +CVE-2019-15996 + RESERVED +CVE-2019-15995 + RESERVED +CVE-2019-15994 + RESERVED +CVE-2019-15993 + RESERVED +CVE-2019-15992 + RESERVED +CVE-2019-15991 + RESERVED +CVE-2019-15990 + RESERVED +CVE-2019-15989 + RESERVED +CVE-2019-15988 + RESERVED +CVE-2019-15987 + RESERVED +CVE-2019-15986 + RESERVED +CVE-2019-15985 + RESERVED +CVE-2019-15984 + RESERVED +CVE-2019-15983 + RESERVED +CVE-2019-15982 + RESERVED +CVE-2019-15981 + RESERVED +CVE-2019-15980 + RESERVED +CVE-2019-15979 + RESERVED +CVE-2019-15978 + RESERVED +CVE-2019-15977 + RESERVED +CVE-2019-15976 + RESERVED +CVE-2019-15975 + RESERVED +CVE-2019-15974 + RESERVED +CVE-2019-15973 + RESERVED +CVE-2019-15972 + RESERVED +CVE-2019-15971 + RESERVED +CVE-2019-15970 + RESERVED +CVE-2019-15969 + RESERVED +CVE-2019-15968 + RESERVED +CVE-2019-15967 + RESERVED +CVE-2019-15966 + RESERVED +CVE-2019-15965 + RESERVED +CVE-2019-15964 + RESERVED +CVE-2019-15963 + RESERVED +CVE-2019-15962 + RESERVED +CVE-2019-15961 + RESERVED +CVE-2019-15960 + RESERVED +CVE-2019-15959 + RESERVED +CVE-2019-15958 + RESERVED +CVE-2019-15957 + RESERVED +CVE-2019-15956 + RESERVED CVE-2019-XXXX [5.2.3 fixes several XSS and other security bugs] - wordpress 5.2.3+dfsg1-1 (bug #939543) TODO: needs proper split up after CVE assignment in individual entries @@ -145,6 +355,7 @@ CVE-2019-15905 CVE-2019-15904 RESERVED CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...) + {DLA-1912-1} - expat 2.2.7-2 (bug #939394) NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 NOTE: https://github.com/libexpat/libexpat/issues/317 @@ -172,8 +383,7 @@ CVE-2019-15893 RESERVED CVE-2019-15891 RESERVED -CVE-2019-15890 [Slirp: use-after-free during packet reassembly] - RESERVED +CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...) - slirp4netns <unfixed> - qemu <unfixed> - qemu-kvm <removed> @@ -294,8 +504,8 @@ CVE-2015-9381 (FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get - freetype 2.6.1-0.1 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9 NOTE: https://savannah.nongnu.org/bugs/?45955 -CVE-2019-15846 [local or remote attacker can execute programs with root privileges] - RESERVED +CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary code a ...) + {DSA-4517-1 DLA-1911-1} - exim4 4.92.1-3 NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1 NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4 @@ -2329,8 +2539,8 @@ CVE-2019-15104 (An issue was discovered in Zoho ManageEngine OpManager through 1 NOT-FOR-US: Zoho ManageEngine OpManager CVE-2019-15103 RESERVED -CVE-2019-15102 - RESERVED +CVE-2019-15102 (An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner ...) + TODO: check CVE-2019-15101 RESERVED CVE-2019-15100 @@ -3273,8 +3483,7 @@ CVE-2019-14815 CVE-2019-14814 RESERVED - linux <unfixed> -CVE-2019-14813 - RESERVED +CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in the sets ...) - ghostscript <unfixed> NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 @@ -5484,8 +5693,8 @@ CVE-2019-14225 RESERVED CVE-2019-14224 (An issue was discovered in Alfresco Community Edition 5.2 201707. By l ...) TODO: check -CVE-2019-14223 - RESERVED +CVE-2019-14223 (An issue was discovered in Alfresco Community Edition versions below 5 ...) + TODO: check CVE-2019-14222 (An issue was discovered in Alfresco Community Edition versions 6.0 and ...) TODO: check CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...) @@ -6088,8 +6297,8 @@ CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vuln NOT-FOR-US: Mikrotik RouterOS CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...) NOT-FOR-US: Mikrotik RouterOS -CVE-2019-13953 - RESERVED +CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the Bluet ...) + TODO: check CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...) - gdnsd <unfixed> (unimportant; bug #932407) NOTE: https://github.com/gdnsd/gdnsd/issues/185 @@ -6694,8 +6903,8 @@ CVE-2019-13658 RESERVED CVE-2019-13657 RESERVED -CVE-2019-13656 - RESERVED +CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA Technologies C ...) + TODO: check CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of ...) NOT-FOR-US: Imgix CVE-2019-13654 @@ -8071,8 +8280,8 @@ CVE-2019-13519 RESERVED CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...) TODO: check -CVE-2019-13517 - RESERVED +CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...) + TODO: check CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...) NOT-FOR-US: OSIsoft LLC CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive in ...) @@ -12250,10 +12459,10 @@ CVE-2019-11928 RESERVED CVE-2019-11927 RESERVED -CVE-2019-11926 - RESERVED -CVE-2019-11925 - RESERVED +CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG ...) + TODO: check +CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...) + TODO: check CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...) TODO: check CVE-2019-11923 @@ -12657,7 +12866,7 @@ CVE-2019-11753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753 CVE-2019-11752 RESERVED - {DSA-4516-1} + {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752 @@ -12703,7 +12912,7 @@ CVE-2019-11747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747 CVE-2019-11746 RESERVED - {DSA-4516-1} + {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746 @@ -12713,7 +12922,7 @@ CVE-2019-11745 RESERVED CVE-2019-11744 RESERVED - {DSA-4516-1} + {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744 @@ -12721,7 +12930,7 @@ CVE-2019-11744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744 CVE-2019-11743 RESERVED - {DSA-4516-1} + {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743 @@ -12729,7 +12938,7 @@ CVE-2019-11743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743 CVE-2019-11742 RESERVED - {DSA-4516-1} + {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742 @@ -12741,7 +12950,7 @@ CVE-2019-11741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741 CVE-2019-11740 RESERVED - {DSA-4516-1} + {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740 @@ -18721,10 +18930,10 @@ CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5 NOTE: https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e CVE-2019-9856 RESERVED -CVE-2019-9855 - RESERVED -CVE-2019-9854 - RESERVED +CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...) + TODO: check +CVE-2019-9854 (LibreOffice has a feature where documents can specify that pre-install ...) + TODO: check CVE-2019-9853 RESERVED CVE-2019-9852 (LibreOffice has a feature where documents can specify that pre-install ...) @@ -18922,7 +19131,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813 CVE-2019-9812 RESERVED - {DSA-4516-1} + {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812 @@ -47492,8 +47701,8 @@ CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x8 NOTE: https://xenbits.xen.org/xsa/advisory-278.txt CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 befo ...) NOT-FOR-US: Synacor Zimbra Collaboration Suite -CVE-2018-18630 - RESERVED +CVE-2018-18630 (A vulnerability was found in McKesson Cardiology product 13.x and 14.x ...) + TODO: check CVE-2018-18629 (An issue was discovered in the Keybase command-line client before 2.8. ...) NOT-FOR-US: Keybase command-line client CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function SerializationSes ...) @@ -81237,8 +81446,8 @@ CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contai NOT-FOR-US: NVIDIA CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in whic ...) NOT-FOR-US: NVIDIA -CVE-2018-6240 - RESERVED +CVE-2018-6240 (NVIDIA Tegra contains a vulnerability in BootRom where a user with ker ...) + TODO: check CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of speculative exe ...) NOT-FOR-US: NVIDIA CVE-2018-6238 @@ -95064,7 +95273,7 @@ CVE-2017-17546 RESERVED CVE-2017-17545 RESERVED -CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS all versions ...) +CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS before 5.6.11 ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in Fortin ...) NOT-FOR-US: Fortinet FortiClient @@ -157152,8 +157361,8 @@ CVE-2016-7400 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.4 NOT-FOR-US: Exponent CMS CVE-2016-7399 (scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6. ...) NOT-FOR-US: Veritas NetBackup Applianc -CVE-2016-7398 - RESERVED +CVE-2016-7398 (A type confusion vulnerability in the merge_param() function of php_ht ...) + TODO: check CVE-2016-7397 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...) NOT-FOR-US: Sophos UTM CVE-2016-7396 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73fcd32a0430721592c2406e82944b596d13e1c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73fcd32a0430721592c2406e82944b596d13e1c2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits