Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 864622a3 by security tracker role at 2019-12-04T20:10:28Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,55 @@ +CVE-2019-19576 (class.upload.php in verot.net class.upload before 1.0.3 and 2.x before ...) + TODO: check +CVE-2019-19575 + RESERVED +CVE-2019-19574 + RESERVED +CVE-2019-19573 + RESERVED +CVE-2019-19572 + RESERVED +CVE-2019-19571 + RESERVED +CVE-2019-19570 + RESERVED +CVE-2019-19569 + RESERVED +CVE-2019-19568 + RESERVED +CVE-2019-19567 + RESERVED +CVE-2019-19566 + RESERVED +CVE-2019-19565 + RESERVED +CVE-2019-19564 + RESERVED +CVE-2019-19563 + RESERVED +CVE-2019-19562 + RESERVED +CVE-2019-19561 + RESERVED +CVE-2019-19560 + RESERVED +CVE-2019-19559 + RESERVED +CVE-2019-19558 + RESERVED +CVE-2019-19557 + RESERVED +CVE-2019-19556 + RESERVED +CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...) + TODO: check +CVE-2019-19554 + RESERVED +CVE-2019-19553 + RESERVED +CVE-2019-19552 + RESERVED +CVE-2019-19551 + RESERVED CVE-2020-1974 RESERVED CVE-2020-1973 @@ -308,7 +360,7 @@ CVE-2019-19498 RESERVED CVE-2019-19497 RESERVED -CVE-2019-19496 (Alfresco Enterprise before 5.2.6 allows stored XSS via an uploaded HTM ...) +CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTM ...) NOT-FOR-US: Alfresco CVE-2019-19495 RESERVED @@ -785,7 +837,7 @@ CVE-2019-19393 RESERVED CVE-2019-19392 RESERVED -CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...) +CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...) - luajit <unfixed> (bug #946053; unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/pull/526 NOTE: Negligible security impact. The debug library is unsafe per se and one is @@ -992,8 +1044,8 @@ CVE-2020-1691 RESERVED CVE-2020-1690 RESERVED -CVE-2019-19364 - RESERVED +CVE-2019-19364 (In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Cataly ...) + TODO: check CVE-2019-19363 RESERVED CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...) @@ -1319,6 +1371,7 @@ CVE-2019-19248 CVE-2019-19247 RESERVED CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...) + {DLA-2020-1} - libonig <unfixed> NOTE: https://bugs.php.net/bug.php?id=78559 NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b @@ -1358,10 +1411,10 @@ CVE-2019-19231 RESERVED CVE-2019-19230 RESERVED -CVE-2019-19229 - RESERVED -CVE-2019-19228 - RESERVED +CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.1 ...) + TODO: check +CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attacke ...) + TODO: check CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a ...) - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc @@ -1415,6 +1468,7 @@ CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS du CVE-2019-19205 RESERVED CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...) + {DLA-2020-1} - libonig <unfixed> (low; bug #945313) [buster] - libonig <no-dsa> (Minor issue) [stretch] - libonig <no-dsa> (Minor issue) @@ -1572,8 +1626,8 @@ CVE-2019-19135 RESERVED CVE-2019-19134 RESERVED -CVE-2019-19133 - RESERVED +CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected ...) + TODO: check CVE-2019-19132 RESERVED CVE-2019-19131 @@ -1926,6 +1980,7 @@ CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...) NOT-FOR-US: Pagekit CMS CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...) + {DLA-2020-1} - libonig <unfixed> (bug #944959) NOTE: https://github.com/kkos/oniguruma/issues/164 CVE-2019-19011 (MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueC ...) @@ -2302,8 +2357,8 @@ CVE-2019-18852 (Certain D-Link devices have a hardcoded Alphanetworks user accou NOT-FOR-US: D-Link CVE-2019-18851 RESERVED -CVE-2019-18850 - RESERVED +CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a dis ...) + TODO: check CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...) {DLA-2005-1} - tnef <unfixed> (bug #944851) @@ -5863,10 +5918,10 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 NOTE: Issue only exploitable if CVE-2016-10739 is unfixed in src:glibc. This is NOTE: not the case in all suites, but the issue is minor in general and would NOTE: tend to a no-dsa/ignored tag in those suites. -CVE-2019-18347 - RESERVED -CVE-2019-18346 - RESERVED +CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It does no ...) + TODO: check +CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an authentica ...) + TODO: check CVE-2019-18345 RESERVED CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauthentica ...) @@ -8560,14 +8615,11 @@ CVE-2019-17558 RESERVED CVE-2019-17557 RESERVED -CVE-2019-17556 - RESERVED +CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService clas ...) NOT-FOR-US: Olingo -CVE-2019-17555 - RESERVED +CVE-2019-17555 (The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to ...) NOT-FOR-US: Olingo -CVE-2019-17554 - RESERVED +CVE-2019-17554 (The XML content type entity deserializer in Apache Olingo versions 4.0 ...) NOT-FOR-US: Olingo CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...) NOT-FOR-US: MetInfo @@ -13925,8 +13977,8 @@ CVE-2019-15639 (main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28499 NOTE: Issue was introduced specifically only in versions 13.28.0 and 16.5.0 upstream NOTE: and got fixed in 13.28.1 respectively 16.5.1. -CVE-2019-15638 - RESERVED +CVE-2019-15638 (COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Searc ...) + TODO: check CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious workbo ...) NOT-FOR-US: Tableau CVE-2019-15636 @@ -16242,8 +16294,7 @@ CVE-2019-14911 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module CVE-2019-14910 RESERVED NOT-FOR-US: Keycloak -CVE-2019-14909 - RESERVED +CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federation LD ...) NOT-FOR-US: Keycloak CVE-2019-14908 RESERVED @@ -25813,30 +25864,29 @@ CVE-2019-11942 (A remote code execution vulnerability was identified in HPE Inte NOT-FOR-US: HPE CVE-2019-11941 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE -CVE-2019-11940 - RESERVED +CVE-2019-11940 (In the course of decompressing HPACK inside the HTTP2 protocol, an une ...) + TODO: check CVE-2019-11939 RESERVED CVE-2019-11938 RESERVED -CVE-2019-11937 - RESERVED +CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...) NOT-FOR-US: mcrouter NOTE: https://github.com/facebook/mcrouter/releases -CVE-2019-11936 - RESERVED -CVE-2019-11935 - RESERVED -CVE-2019-11934 - RESERVED +CVE-2019-11936 (Various APC functions accept keys containing null bytes as input, lead ...) + TODO: check +CVE-2019-11935 (Insufficient boundary checks when processing a string in mb_ereg_repla ...) + TODO: check +CVE-2019-11934 (Improper handling of close_notify alerts can result in an out-of-bound ...) + TODO: check CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, a ...) NOT-FOR-US: libpl_droidsonroids_gif CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...) NOT-FOR-US: libpl_droidsonroids_gif CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp by sendin ...) NOT-FOR-US: WhatsApp -CVE-2019-11930 - RESERVED +CVE-2019-11930 (An invalid free in mb_detect_order can cause the application to crash ...) + TODO: check CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format ...) - hhvm <removed> CVE-2019-11928 @@ -25849,8 +25899,7 @@ CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 bloc - hhvm <removed> CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...) NOT-FOR-US: fizz -CVE-2019-11923 - RESERVED +CVE-2019-11923 (In Mcrouter prior to v0.41.0, the deprecated ASCII parser would alloca ...) NOT-FOR-US: mcrouter NOTE: https://github.com/facebook/mcrouter/releases CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...) @@ -39953,16 +40002,16 @@ CVE-2019-7203 RESERVED CVE-2019-7202 RESERVED -CVE-2019-7201 - RESERVED +CVE-2019-7201 (An unquoted service path vulnerability is reported to affect the servi ...) + TODO: check CVE-2019-7200 RESERVED CVE-2019-7199 RESERVED CVE-2019-7198 RESERVED -CVE-2019-7197 - RESERVED +CVE-2019-7197 (A stored cross-site scripting (XSS) vulnerability has been reported to ...) + TODO: check CVE-2019-7196 RESERVED CVE-2019-7195 @@ -112660,12 +112709,12 @@ CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel before [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a -CVE-2018-0730 - RESERVED -CVE-2018-0729 - RESERVED -CVE-2018-0728 - RESERVED +CVE-2018-0730 (This command injection vulnerability in File Station allows attackers ...) + TODO: check +CVE-2018-0729 (This command injection vulnerability in Music Station allows attackers ...) + TODO: check +CVE-2018-0728 (This improper access control vulnerability in Helpdesk allows attacker ...) + TODO: check CVE-2018-0727 RESERVED CVE-2018-0726 @@ -225393,11 +225442,9 @@ CVE-2014-8181 (The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear - linux <not-affected> (Specific to RHEL 7) CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass authentica ...) NOT-FOR-US: Red Hat Satellite -CVE-2014-8179 - RESERVED +CVE-2014-8179 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does ...) - docker.io 1.8.3~ds1-1 -CVE-2014-8178 - RESERVED +CVE-2014-8178 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do no ...) - docker.io 1.8.3~ds1-1 CVE-2014-8177 (The Red Hat gluster-swift package, as used in Red Hat Gluster Storage ...) NOT-FOR-US: gluster-swift View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/864622a37a8ae933a8a90fdc478123e9fab1d926 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/864622a37a8ae933a8a90fdc478123e9fab1d926 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits