Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f44430af by security tracker role at 2019-11-15T08:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,29 @@ +CVE-2019-18988 + RESERVED +CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) + TODO: check +CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...) + TODO: check +CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA token. ...) + TODO: check +CVE-2019-18984 + RESERVED +CVE-2019-18983 + RESERVED +CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore be ...) + TODO: check +CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scen ...) + TODO: check +CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...) + TODO: check +CVE-2019-18979 + RESERVED +CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...) + TODO: check +CVE-2019-18977 + RESERVED +CVE-2019-18976 + RESERVED CVE-2019-18975 RESERVED CVE-2019-18974 @@ -92,8 +118,7 @@ CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users ...) NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware -CVE-2019-18928 [unauthenticated HTTP requests no longer inherit authentication from the previous request on the same connection] - RESERVED +CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege ...) - cyrus-imapd 3.0.12-1 NOTE: Fixed in 3.0.12 and 2.5.14 upstream CVE-2019-18927 @@ -2913,8 +2938,8 @@ CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Fr NOT-FOR-US: Avast CVE-2019-18652 RESERVED -CVE-2019-18651 - RESERVED +CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias ...) + TODO: check CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...) NOT-FOR-US: Joomla! CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...) @@ -7099,8 +7124,8 @@ CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to th NOT-FOR-US: Tomedo Server CVE-2019-17392 RESERVED -CVE-2019-17391 - RESERVED +CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...) + TODO: check CVE-2019-17390 RESERVED CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles erro ...) @@ -11228,18 +11253,18 @@ CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-1 NOT-FOR-US: CommScope ARRIS TR4400 devices CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...) NOT-FOR-US: CommScope ARRIS TR4400 devices -CVE-2019-15804 - RESERVED -CVE-2019-15803 - RESERVED -CVE-2019-15802 - RESERVED -CVE-2019-15801 - RESERVED -CVE-2019-15800 - RESERVED -CVE-2019-15799 - RESERVED +CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) + TODO: check +CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) + TODO: check +CVE-2019-15802 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) + TODO: check +CVE-2019-15801 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) + TODO: check +CVE-2019-15800 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) + TODO: check +CVE-2019-15799 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) + TODO: check CVE-2019-15798 RESERVED CVE-2019-15797 @@ -14167,6 +14192,7 @@ CVE-2019-14870 RESERVED CVE-2019-14869 [-dSAFER escape in .charkeys] RESERVED + {DSA-4569-1 DLA-1992-1} - ghostscript <unfixed> (bug #944760) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701841 @@ -14788,8 +14814,8 @@ CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3 NOT-FOR-US: Wordpress plugin CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...) NOT-FOR-US: Wordpress plugin -CVE-2019-14678 - RESERVED +CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability tha ...) + TODO: check CVE-2019-14677 RESERVED CVE-2019-14676 @@ -23660,8 +23686,8 @@ CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2 NOT-FOR-US: libpl_droidsonroids_gif CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...) NOT-FOR-US: libpl_droidsonroids_gif -CVE-2019-11931 - RESERVED +CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp by sendin ...) + TODO: check CVE-2019-11930 RESERVED CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format ...) @@ -46744,6 +46770,7 @@ CVE-2019-3467 RESERVED CVE-2019-3466 RESERVED + {DSA-4568-1} - postgresql-common 210 CVE-2019-3465 (Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ...) {DSA-4560-1 DLA-1983-1} @@ -57887,8 +57914,8 @@ CVE-2018-19270 REJECTED CVE-2019-0185 (Insufficient access control in protected memory subsystem for SMM for ...) TODO: check -CVE-2019-0184 - RESERVED +CVE-2019-0184 (Insufficient access control in protected memory subsystem for Intel(R) ...) + TODO: check CVE-2019-0183 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0182 (Insufficient password protection in the attestation database for Open ...) @@ -252907,13 +252934,11 @@ CVE-2013-4110 (Cryptocat has an Unspecified Chat Participant User List Disclosur NOT-FOR-US: Cryptocat CVE-2013-4109 (An unspecified cross-site scripting (XSS) vulnerability exists in Cryp ...) NOT-FOR-US: Cryptocat -CVE-2013-4108 - RESERVED +CVE-2013-4108 (Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2. ...) NOT-FOR-US: Cryptocat CVE-2013-4107 (Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site ...) NOT-FOR-US: Cryptocat -CVE-2013-4106 - RESERVED +CVE-2013-4106 (A Cross-site scripting (XSS) vulnerability exists in Conversation Over ...) NOT-FOR-US: Cryptocat CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information D ...) NOT-FOR-US: Cryptocat View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44430af9caa5e7abe5a311b1db5925e665f1aa2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44430af9caa5e7abe5a311b1db5925e665f1aa2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits