Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5df8046f by security tracker role at 2019-09-09T20:10:27Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,35 +1,111 @@ -CVE-2019-16168 [division by zero in the query planner] - - sqlite3 3.29.0-2 - [buster] - sqlite3 <no-dsa> (Minor issue) - [stretch] - sqlite3 <no-dsa> (Minor issue) - NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html - NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62 - NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6 - NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0 -CVE-2019-16148 +CVE-2019-16187 RESERVED -CVE-2019-16147 +CVE-2019-16186 RESERVED -CVE-2019-16146 +CVE-2019-16185 RESERVED -CVE-2019-16145 +CVE-2019-16184 + RESERVED +CVE-2019-16183 + RESERVED +CVE-2019-16182 + RESERVED +CVE-2019-16181 + RESERVED +CVE-2019-16180 + RESERVED +CVE-2019-16179 + RESERVED +CVE-2019-16178 + RESERVED +CVE-2019-16177 + RESERVED +CVE-2019-16176 + RESERVED +CVE-2019-16175 + RESERVED +CVE-2019-16174 + RESERVED +CVE-2019-16173 (LimeSurvey before v3.17.14 allows reflected XSS for escalating privile ...) + TODO: check +CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating privileges ...) + TODO: check +CVE-2019-16171 + RESERVED +CVE-2019-16170 + RESERVED +CVE-2019-16169 + RESERVED +CVE-2019-16167 (sysstat before 12.1.6 has memory corruption due to an Integer Overflow ...) + TODO: check +CVE-2019-16166 (GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...) + TODO: check +CVE-2019-16165 (GNU cflow through 1.6 has a use-after-free in the reference function i ...) + TODO: check +CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_nod ...) + TODO: check +CVE-2019-16163 (Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of ...) + TODO: check +CVE-2019-16162 (Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class bec ...) + TODO: check +CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code ...) + TODO: check +CVE-2019-16160 + RESERVED +CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...) + TODO: check +CVE-2019-16158 RESERVED -CVE-2019-16144 +CVE-2019-16157 RESERVED -CVE-2019-16143 +CVE-2019-16156 RESERVED -CVE-2019-16142 +CVE-2019-16155 RESERVED -CVE-2019-16141 +CVE-2019-16154 RESERVED -CVE-2019-16140 +CVE-2019-16153 RESERVED -CVE-2019-16139 +CVE-2019-16152 RESERVED -CVE-2019-16138 +CVE-2019-16151 RESERVED -CVE-2019-16137 +CVE-2019-16150 RESERVED +CVE-2019-16149 + RESERVED +CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...) + - sqlite3 3.29.0-2 + [buster] - sqlite3 <no-dsa> (Minor issue) + [stretch] - sqlite3 <no-dsa> (Minor issue) + NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html + NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62 + NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6 + NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0 +CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...) + TODO: check +CVE-2019-16147 + RESERVED +CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...) + TODO: check +CVE-2019-16145 + RESERVED +CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...) + TODO: check +CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...) + TODO: check +CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0 for Rust. ...) + TODO: check +CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1 for Rust. ...) + TODO: check +CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for Rust. Ther ...) + TODO: check +CVE-2019-16139 (An issue was discovered in the compact_arena crate before 0.4.0 for Ru ...) + TODO: check +CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for Rust, aff ...) + TODO: check +CVE-2019-16137 (An issue was discovered in the spin crate before 0.5.2 for Rust, when ...) + TODO: check CVE-2019-16136 RESERVED CVE-2019-16135 @@ -74,8 +150,8 @@ CVE-2019-16116 RESERVED CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...) TODO: check -CVE-2019-16114 - RESERVED +CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the applicatio ...) + TODO: check CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...) TODO: check CVE-2019-16112 @@ -90,14 +166,14 @@ CVE-2019-16108 RESERVED CVE-2019-16107 RESERVED -CVE-2018-21014 - RESERVED -CVE-2018-21013 - RESERVED -CVE-2018-21012 - RESERVED -CVE-2018-21011 - RESERVED +CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...) + TODO: check +CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...) + TODO: check +CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. ...) + TODO: check +CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...) + TODO: check CVE-2019-16106 RESERVED CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...) @@ -593,8 +669,8 @@ CVE-2019-15897 RESERVED CVE-2019-15896 RESERVED -CVE-2019-15895 - RESERVED +CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin through 1.2.2 for Wo ...) + TODO: check CVE-2019-15894 RESERVED CVE-2019-15893 @@ -1354,8 +1430,8 @@ CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE atta - webmin <removed> CVE-2019-15640 (Limesurvey before 3.17.10 does not validate both the MIME type and fil ...) - limesurvey <itp> (bug #472802) -CVE-2019-15639 - RESERVED +CVE-2019-15639 (main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remot ...) + TODO: check CVE-2019-15638 RESERVED CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious workbo ...) @@ -3771,7 +3847,7 @@ CVE-2019-14819 CVE-2019-14818 RESERVED CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.28, in the .pdfex ...) - {DSA-4518-1} + {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701450 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 @@ -3789,7 +3865,7 @@ CVE-2019-14814 RESERVED - linux <unfixed> CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in the sets ...) - {DSA-4518-1} + {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 @@ -3799,7 +3875,7 @@ CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in th NOTE: which changed the access to file permissions. CVE-2019-14812 RESERVED - {DSA-4518-1} + {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701444 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 @@ -3808,7 +3884,7 @@ CVE-2019-14812 NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_h ...) - {DSA-4518-1} + {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701445 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 @@ -11394,12 +11470,12 @@ CVE-2019-12466 (Wikimedia MediaWiki through 1.32.1 allows CSRF. ...) - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T25227 -CVE-2019-12465 - RESERVED -CVE-2019-12464 - RESERVED -CVE-2019-12463 - RESERVED +CVE-2019-12465 (An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was i ...) + TODO: check +CVE-2019-12464 (An issue was discovered in LibreNMS 1.50.1. An authenticated user can ...) + TODO: check +CVE-2019-12463 (An issue was discovered in LibreNMS 1.50.1. The scripts that handle gr ...) + TODO: check CVE-2019-12462 RESERVED CVE-2019-12461 (Web Port 1.19.1 allows XSS via the /log type parameter. ...) @@ -11587,8 +11663,8 @@ CVE-2019-12407 RESERVED CVE-2019-12406 RESERVED -CVE-2019-12405 - RESERVED +CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...) + TODO: check CVE-2019-12404 RESERVED CVE-2019-12403 @@ -13764,8 +13840,8 @@ CVE-2019-11607 (doorGets 7.0 has a sensitive information disclosure vulnerabilit NOT-FOR-US: doorGets CVE-2019-11606 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets -CVE-2019-11605 - RESERVED +CVE-2019-11605 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) + TODO: check CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...) NOT-FOR-US: Quest KACE Systems Management Appliance CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...) @@ -13945,28 +14021,22 @@ CVE-2019-11551 (In Code42 Enterprise and Crashplan for Small Business through Cl NOT-FOR-US: Code42 Enterprise and Crashplan for Small Business CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix -CVE-2019-11549 [Improper Sanitation of Credentials in Gitaly] - RESERVED +CVE-2019-11549 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ -CVE-2019-11548 [Unauthorized Comments on Confidential Issues] - RESERVED +CVE-2019-11548 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ -CVE-2019-11547 [Unsanitized Branch Names on New Merge Request Notification Emails] - RESERVED +CVE-2019-11547 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ -CVE-2019-11546 [Merge Request Approval Count Inflation] - RESERVED +CVE-2019-11546 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ -CVE-2019-11545 [Moving an Issue to Private Repo Leaks Project Namespace] - RESERVED +CVE-2019-11545 (An issue was discovered in GitLab Community Edition 11.9.x before 11.9 ...) - gitlab <not-affected> (Vulnerable code introduced in 11.9) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ -CVE-2019-11544 [Notification Emails Sent to Restricted Users] - RESERVED +CVE-2019-11544 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...) @@ -16341,20 +16411,20 @@ CVE-2019-10674 RESERVED CVE-2019-10673 (A CSRF vulnerability in a logged-in user's profile edit form in the Ul ...) NOT-FOR-US: Ultimate Member plugin for WordPress -CVE-2019-10671 - RESERVED -CVE-2019-10670 - RESERVED -CVE-2019-10669 - RESERVED -CVE-2019-10668 - RESERVED -CVE-2019-10667 - RESERVED -CVE-2019-10666 - RESERVED -CVE-2019-10665 - RESERVED +CVE-2019-10671 (An issue was discovered in LibreNMS through 1.47. It does not paramete ...) + TODO: check +CVE-2019-10670 (An issue was discovered in LibreNMS through 1.47. Many of the scripts ...) + TODO: check +CVE-2019-10669 (An issue was discovered in LibreNMS through 1.47. There is a command i ...) + TODO: check +CVE-2019-10668 (An issue was discovered in LibreNMS through 1.47. A number of scripts ...) + TODO: check +CVE-2019-10667 (An issue was discovered in LibreNMS through 1.47. Information disclosu ...) + TODO: check +CVE-2019-10666 (An issue was discovered in LibreNMS through 1.47. Several of the scrip ...) + TODO: check +CVE-2019-10665 (An issue was discovered in LibreNMS through 1.47. The scripts that han ...) + TODO: check CVE-2019-10664 (Domoticz before 4.10578 allows SQL Injection via the idx parameter in ...) - domoticz <itp> (bug #899058) CVE-2019-10672 (treeRead in hdf/btree.c in libmysofa before 0.7 does not properly vali ...) @@ -30784,8 +30854,8 @@ CVE-2019-5485 RESERVED CVE-2019-5484 RESERVED -CVE-2019-5483 - RESERVED +CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to exposing ...) + TODO: check CVE-2019-5482 RESERVED CVE-2019-5481 @@ -30812,16 +30882,14 @@ CVE-2019-5474 [Override Merge Request Approval Rules] RESERVED - gitlab <not-affected> (Only affects Gitlab EE 11.8 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5473 [Email Verification Bypass] - RESERVED +CVE-2019-5473 (An authentication issue was discovered in GitLab that allowed a bypass ...) - gitlab <not-affected> (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5472 [Denial Of Service Epic Comments] RESERVED - gitlab <not-affected> (Only affects Gitlab EE 10.7 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5471 [Persistent XSS via Email] - RESERVED +CVE-2019-5471 (An input validation and output encoding issue was discovered in the Gi ...) - gitlab <not-affected> (Only affects Gitlab EE 8.9 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5470 [Information Disclosure Vulnerability Feedback] @@ -30839,8 +30907,7 @@ CVE-2019-5468 [User Revokation Bypass with Mattermost Integration] [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5467 [Persistent XSS Wiki Pages] - RESERVED +CVE-2019-5467 (An input validation and output encoding issue was discovered in the Gi ...) [experimental] - gitlab <unfixed> - gitlab <not-affected> (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -30859,8 +30926,7 @@ CVE-2019-5464 [SSRF Mitigation Bypass] [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5463 [Build Status Disclosure] - RESERVED +CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badge ima ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -30869,8 +30935,7 @@ CVE-2019-5462 [Trigger Token Impersonation] [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5461 [GitHub Integration SSRF] - RESERVED +CVE-2019-5461 (An input validation problem was discovered in the GitHub service integ ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -58812,7 +58877,7 @@ CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-tim NOTE: Fixed by: https://git.kernel.org/linus/cef31d9af908243421258f1df35a4a644604efbe CVE-2018-14597 (CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA ...) NOT-FOR-US: CA Technologies Identity Governance -CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allow ...) +CVE-2018-1002208 (SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...) - mono 5.18.0.240+dfsg-1 [stretch] - mono <no-dsa> (Minor issue) [jessie] - mono <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5df8046f5f25ea6d218d8a282bfe7201b03be032 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5df8046f5f25ea6d218d8a282bfe7201b03be032 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits