[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 15 Nov 2019 00:10:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f44430af by security tracker role at 2019-11-15T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-18988
+       RESERVED
+CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 
1.34 for  ...)
+       TODO: check
+CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) 
valid user ...)
+       TODO: check
+CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA 
token. ...)
+       TODO: check
+CVE-2019-18984
+       RESERVED
+CVE-2019-18983
+       RESERVED
+CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in 
Pimcore be ...)
+       TODO: check
+CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a 
certain scen ...)
+       TODO: check
+CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 
9290022 ...)
+       TODO: check
+CVE-2019-18979
+       RESERVED
+CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS 
Middleware) ge ...)
+       TODO: check
+CVE-2019-18977
+       RESERVED
+CVE-2019-18976
+       RESERVED
 CVE-2019-18975
        RESERVED
 CVE-2019-18974
@@ -92,8 +118,7 @@ CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 
2.31.183 allows web
        NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
 CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows 
web users  ...)
        NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
-CVE-2019-18928 [unauthenticated HTTP requests no longer inherit authentication 
from the previous request on the same connection]
-       RESERVED
+CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows 
privilege  ...)
        - cyrus-imapd 3.0.12-1
        NOTE: Fixed in 3.0.12 and 2.5.14 upstream
 CVE-2019-18927
@@ -2913,8 +2938,8 @@ CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists 
in Avast AntiVirus (Fr
        NOT-FOR-US: Avast
 CVE-2019-18652
        RESERVED
-CVE-2019-18651
-       RESERVED
+CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic 
Infinias  ...)
+       TODO: check
 CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing 
token chec ...)
        NOT-FOR-US: Joomla!
 CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to 
treat serve ...)
@@ -7099,8 +7124,8 @@ CVE-2019-17393 (The Customer's Tomedo Server in Version 
1.7.3 communicates to th
        NOT-FOR-US: Tomedo Server
 CVE-2019-17392
        RESERVED
-CVE-2019-17391
-       RESERVED
+CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 
2016-06-0 ...)
+       TODO: check
 CVE-2019-17390
        RESERVED
 CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute) 
mishandles erro ...)
@@ -11228,18 +11253,18 @@ CVE-2019-15806 (CommScope ARRIS TR4400 devices with 
firmware through A1.00.004-1
        NOT-FOR-US: CommScope ARRIS TR4400 devices
 CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through 
A1.00.004-180301  ...)
        NOT-FOR-US: CommScope ARRIS TR4400 devices
-CVE-2019-15804
-       RESERVED
-CVE-2019-15803
-       RESERVED
-CVE-2019-15802
-       RESERVED
-CVE-2019-15801
-       RESERVED
-CVE-2019-15800
-       RESERVED
-CVE-2019-15799
-       RESERVED
+CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware 
before 2 ...)
+       TODO: check
+CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware 
before 2 ...)
+       TODO: check
+CVE-2019-15802 (An issue was discovered on Zyxel GS1900 devices with firmware 
before 2 ...)
+       TODO: check
+CVE-2019-15801 (An issue was discovered on Zyxel GS1900 devices with firmware 
before 2 ...)
+       TODO: check
+CVE-2019-15800 (An issue was discovered on Zyxel GS1900 devices with firmware 
before 2 ...)
+       TODO: check
+CVE-2019-15799 (An issue was discovered on Zyxel GS1900 devices with firmware 
before 2 ...)
+       TODO: check
 CVE-2019-15798
        RESERVED
 CVE-2019-15797
@@ -14167,6 +14192,7 @@ CVE-2019-14870
        RESERVED
 CVE-2019-14869 [-dSAFER escape in .charkeys]
        RESERVED
+       {DSA-4569-1 DLA-1992-1}
        - ghostscript <unfixed> (bug #944760)
        NOTE: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701841
@@ -14788,8 +14814,8 @@ CVE-2019-14680 (The admin-renamer-extended (aka Admin 
renamer extended) plugin 3
        NOT-FOR-US: Wordpress plugin
 CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite 
plugin 2.2 fo ...)
        NOT-FOR-US: Wordpress plugin
-CVE-2019-14678
-       RESERVED
+CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE) 
vulnerability tha ...)
+       TODO: check
 CVE-2019-14677
        RESERVED
 CVE-2019-14676
@@ -23660,8 +23686,8 @@ CVE-2019-11933 (A heap buffer overflow bug in 
libpl_droidsonroids_gif before 1.2
        NOT-FOR-US: libpl_droidsonroids_gif
 CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in 
decoding.c i ...)
        NOT-FOR-US: libpl_droidsonroids_gif
-CVE-2019-11931
-       RESERVED
+CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp 
by sendin ...)
+       TODO: check
 CVE-2019-11930
        RESERVED
 CVE-2019-11929 (Insufficient boundary checks when formatting numbers in 
number_format  ...)
@@ -46744,6 +46770,7 @@ CVE-2019-3467
        RESERVED
 CVE-2019-3466
        RESERVED
+       {DSA-4568-1}
        - postgresql-common 210
 CVE-2019-3465 (Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used 
for exa ...)
        {DSA-4560-1 DLA-1983-1}
@@ -57887,8 +57914,8 @@ CVE-2018-19270
        REJECTED
 CVE-2019-0185 (Insufficient access control in protected memory subsystem for 
SMM for  ...)
        TODO: check
-CVE-2019-0184
-       RESERVED
+CVE-2019-0184 (Insufficient access control in protected memory subsystem for 
Intel(R) ...)
+       TODO: check
 CVE-2019-0183 (Insufficient password protection in the attestation database 
for Open  ...)
        NOT-FOR-US: Open CIT
 CVE-2019-0182 (Insufficient password protection in the attestation database 
for Open  ...)
@@ -252907,13 +252934,11 @@ CVE-2013-4110 (Cryptocat has an Unspecified Chat 
Participant User List Disclosur
        NOT-FOR-US: Cryptocat
 CVE-2013-4109 (An unspecified cross-site scripting (XSS) vulnerability exists 
in Cryp ...)
        NOT-FOR-US: Cryptocat
-CVE-2013-4108
-       RESERVED
+CVE-2013-4108 (Multiple unspecified vulnerabilities in Cryptocat Project 
Cryptocat 2. ...)
        NOT-FOR-US: Cryptocat
 CVE-2013-4107 (Cryptocat before 2.0.22: cryptocat.js handlePresence() has 
cross site  ...)
        NOT-FOR-US: Cryptocat
-CVE-2013-4106
-       RESERVED
+CVE-2013-4106 (A Cross-site scripting (XSS) vulnerability exists in 
Conversation Over ...)
        NOT-FOR-US: Cryptocat
 CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme 
Information D ...)
        NOT-FOR-US: Cryptocat



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44430af9caa5e7abe5a311b1db5925e665f1aa2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44430af9caa5e7abe5a311b1db5925e665f1aa2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to