[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 29 09:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b389c96a by security tracker role at 2019-08-29T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2019-15788
+ RESERVED
+CVE-2019-15787
+ RESERVED
+CVE-2019-15786
+ RESERVED
+CVE-2019-15785
+ RESERVED
+CVE-2019-15784
+ RESERVED
+CVE-2019-15783
+ RESERVED
+CVE-2019-15782
+ RESERVED
+CVE-2019-15781
+ RESERVED
+CVE-2019-15780
+ RESERVED
+CVE-2019-15779
+ RESERVED
+CVE-2019-15778
+ RESERVED
+CVE-2019-15777
+ RESERVED
+CVE-2019-15776
+ RESERVED
+CVE-2019-15775
+ RESERVED
+CVE-2019-15774
+ RESERVED
+CVE-2019-15773
+ RESERVED
+CVE-2019-15772
+ RESERVED
+CVE-2019-15771
+ RESERVED
+CVE-2019-15770
+ RESERVED
+CVE-2019-15769
+ RESERVED
+CVE-2019-15768
+ RESERVED
+CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...)
+ TODO: check
+CVE-2019-15766
+ RESERVED
+CVE-2019-15765
+ RESERVED
+CVE-2019-15764
+ RESERVED
+CVE-2019-15763
+ RESERVED
+CVE-2019-15762
+ RESERVED
+CVE-2019-15761
+ RESERVED
+CVE-2019-15760
+ RESERVED
+CVE-2019-15759 (An issue was discovered in Binaryen 1.38.32. Two visitors in ir/Expres ...)
+ TODO: check
+CVE-2019-15758 (An issue was discovered in Binaryen 1.38.32. Missing validation rules ...)
+ TODO: check
+CVE-2019-15757 (libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG par ...)
+ TODO: check
+CVE-2019-15756
+ RESERVED
+CVE-2019-15755
+ RESERVED
+CVE-2019-15754
+ RESERVED
+CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC ...)
+ TODO: check
+CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local users to ...)
+ TODO: check
+CVE-2018-21007
+ RESERVED
+CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...)
+ TODO: check
CVE-2019-15751
RESERVED
CVE-2019-15750
@@ -2926,7 +3004,7 @@ CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files
NOTE: https://kde.org/info/security/advisory-20190807-1.txt
NOTE: kconfig: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
NOTE: kdelibs: https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00
-CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...)
+CVE-2019-14743 (In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wo ...)
NOT-FOR-US: Valve Steam Client for Windows
CVE-2019-14742
RESERVED
@@ -3025,8 +3103,8 @@ CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the o
NOT-FOR-US: Open-School
CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...)
NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress
-CVE-2019-14694
- RESERVED
+CVE-2019-14694 (A use-after-free flaw in the sandbox container implemented in cmdguard ...)
+ TODO: check
CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
@@ -7748,14 +7826,14 @@ CVE-2019-13410
RESERVED
CVE-2019-13409
RESERVED
-CVE-2019-13408
- RESERVED
-CVE-2019-13407
- RESERVED
-CVE-2019-13406
- RESERVED
-CVE-2019-13405
- RESERVED
+CVE-2019-13408 (A relative path traversal vulnerability found in Advan VD-1 firmware v ...)
+ TODO: check
+CVE-2019-13407 (A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses ...)
+ TODO: check
+CVE-2019-13406 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
+ TODO: check
+CVE-2019-13405 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
+ TODO: check
CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows ...)
NOT-FOR-US: Disputed issue for Windows installer for Python
CVE-2019-13403 (Temenos CWX version 8.9 has an Broken Access Control vulnerability in ...)
@@ -13503,29 +13581,23 @@ CVE-2019-11252
RESERVED
CVE-2019-11251
RESERVED
-CVE-2019-11250 [Bearer tokens are revealed in logs]
- RESERVED
+CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...)
- kubernetes <unfixed> (bug #934801)
NOTE: https://github.com/kubernetes/kubernetes/issues/81114
-CVE-2019-11249 [Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal]
- RESERVED
+CVE-2019-11249 (The kubectl cp command allows copying files between containers and the ...)
- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
NOTE: https://github.com/kubernetes/kubernetes/issues/80984
-CVE-2019-11248
- RESERVED
+CVE-2019-11248 (The debugging endpoint /debug/pprof is exposed over the unauthenticate ...)
- kubernetes <unfixed> (bug #934182)
NOTE: https://github.com/kubernetes/kubernetes/issues/81023
NOTE: https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8
-CVE-2019-11247 [API server allows access to custom resources via wrong scope]
- RESERVED
+CVE-2019-11247 (The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ...)
- kubernetes <unfixed> (bug #933988)
NOTE: https://github.com/kubernetes/kubernetes/issues/80983
-CVE-2019-11246 [Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`]
- RESERVED
+CVE-2019-11246 (The kubectl cp command allows copying files between containers and the ...)
- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
NOTE: https://github.com/kubernetes/kubernetes/pull/76788
-CVE-2019-11245
- RESERVED
+CVE-2019-11245 (In kubelet v1.13.6 and v1.14.2, containers for pods that do not specif ...)
- kubernetes <not-affected> (Vulnerable code not present)
NOTE: https://discuss.kubernetes.io/t/security-regression-in-kubernetes-kubelet-v1-13-6-and-v1-14-2-only-cve-2019-11245/6584
NOTE: https://github.com/kubernetes/kubernetes/issues/78308
@@ -13970,16 +14042,16 @@ CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated
NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html
NOTE: https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36
NOTE: https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e
-CVE-2019-11064
- RESERVED
-CVE-2019-11063
- RESERVED
+CVE-2019-11064 (A vulnerability of remote credential disclosure was discovered in Adva ...)
+ TODO: check
+CVE-2019-11063 (A broken access control vulnerability in SmartHome app (Android versio ...)
+ TODO: check
CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...)
NOT-FOR-US: SUNNET WMPro for eLearning system
-CVE-2019-11061
- RESERVED
-CVE-2019-11060
- RESERVED
+CVE-2019-11061 (A broken access control vulnerability in HG100 firmware versions up to ...)
+ TODO: check
+CVE-2019-11060 (The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, ...)
+ TODO: check
CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...)
- u-boot 2019.01+dfsg-6 (bug #928800)
[stretch] - u-boot <no-dsa> (Minor issue)
@@ -14882,8 +14954,8 @@ CVE-2019-10726
RESERVED
CVE-2019-10725
RESERVED
-CVE-2019-10724
- RESERVED
+CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system services in wh ...)
+ TODO: check
CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...)
- libpodofo <unfixed> (low; bug #926667)
[buster] - libpodofo <no-dsa> (Minor issue)
@@ -16701,18 +16773,18 @@ CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Nod
NOTE: Nodejs not covered by security support
CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix suffe ...)
NOT-FOR-US: Verix Multi-app Conductor application for Verifone Verix
-CVE-2019-10059
- RESERVED
+CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default on vario ...)
+ TODO: check
CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
TODO: check
-CVE-2019-10057
- RESERVED
-CVE-2019-10056
- RESERVED
-CVE-2019-10055
- RESERVED
-CVE-2019-10054
- RESERVED
+CVE-2019-10057 (Various Lexmark products have CSRF. ...)
+ TODO: check
+CVE-2019-10056 (An issue was discovered in Suricata 4.1.3. The code mishandles the cas ...)
+ TODO: check
+CVE-2019-10055 (An issue was discovered in Suricata 4.1.3. The function ftp_pasv_respo ...)
+ TODO: check
+CVE-2019-10054 (An issue was discovered in Suricata 4.1.3. The function process_reply_ ...)
+ TODO: check
CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the input o ...)
- suricata 1:4.1.4-1
[buster] - suricata <no-dsa> (Minor issue)
@@ -16720,13 +16792,11 @@ CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the i
[jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://redmine.openinfosecfoundation.org/issues/2883
NOTE: https://github.com/OISF/suricata/commit/51790d3824bc381e24aaeef20338dd6b8bd4e453
-CVE-2019-10052
- RESERVED
+CVE-2019-10052 (An issue was discovered in Suricata 4.1.3. If the network packet does ...)
- suricata 1:4.1.4-1
NOTE: https://redmine.openinfosecfoundation.org/issues/2902
NOTE: https://redmine.openinfosecfoundation.org/issues/2947
-CVE-2019-10051
- RESERVED
+CVE-2019-10051 (An issue was discovered in Suricata 4.1.3. If the function filetracker ...)
- suricata 1:4.1.4-1
NOTE: https://github.com/OISF/suricata/pull/3734
NOTE: https://redmine.openinfosecfoundation.org/issues/2896
@@ -17022,14 +17092,14 @@ CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2 o
TODO: check
CVE-2019-9934 (Various Lexmark products have Incorrect Access Control (issue 1 of 2). ...)
TODO: check
-CVE-2019-9933
- RESERVED
-CVE-2019-9932
- RESERVED
-CVE-2019-9931
- RESERVED
-CVE-2019-9930
- RESERVED
+CVE-2019-9933 (Various Lexmark products have a Buffer Overflow (issue 3 of 3). ...)
+ TODO: check
+CVE-2019-9932 (Various Lexmark products have a Buffer Overflow (issue 2 of 3). ...)
+ TODO: check
+CVE-2019-9931 (Various Lexmark printers contain a denial of service vulnerability in ...)
+ TODO: check
+CVE-2019-9930 (Various Lexmark products have an Integer Overflow. ...)
+ TODO: check
CVE-2019-9929 (Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. ...)
- cfengine3 <not-affected> (Issue only affecting CFEngine Enterprise 3.x version)
NOTE: Issue is specific to Enterprise version leaking CFE_ROBOT user secrets on
@@ -29291,8 +29361,8 @@ CVE-2019-5532
RESERVED
CVE-2019-5531
RESERVED
-CVE-2019-5530
- RESERVED
+CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier than 1 ...)
+ TODO: check
CVE-2019-5529
RESERVED
CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service vulnerability i ...)
@@ -107838,10 +107908,10 @@ CVE-2017-14204
RESERVED
CVE-2017-14203
RESERVED
-CVE-2017-14202
- RESERVED
-CVE-2017-14201
- RESERVED
+CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...)
+ TODO: check
CVE-2017-14200
RESERVED
CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b389c96abd36f8702e53d2fb5bf80c2ecb0d2ba7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b389c96abd36f8702e53d2fb5bf80c2ecb0d2ba7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190829/0fccffca/attachment.html>
More information about the debian-security-tracker-commits
mailing list