[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Aug 29 09:10:31 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b389c96a by security tracker role at 2019-08-29T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2019-15788
+	RESERVED
+CVE-2019-15787
+	RESERVED
+CVE-2019-15786
+	RESERVED
+CVE-2019-15785
+	RESERVED
+CVE-2019-15784
+	RESERVED
+CVE-2019-15783
+	RESERVED
+CVE-2019-15782
+	RESERVED
+CVE-2019-15781
+	RESERVED
+CVE-2019-15780
+	RESERVED
+CVE-2019-15779
+	RESERVED
+CVE-2019-15778
+	RESERVED
+CVE-2019-15777
+	RESERVED
+CVE-2019-15776
+	RESERVED
+CVE-2019-15775
+	RESERVED
+CVE-2019-15774
+	RESERVED
+CVE-2019-15773
+	RESERVED
+CVE-2019-15772
+	RESERVED
+CVE-2019-15771
+	RESERVED
+CVE-2019-15770
+	RESERVED
+CVE-2019-15769
+	RESERVED
+CVE-2019-15768
+	RESERVED
+CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...)
+	TODO: check
+CVE-2019-15766
+	RESERVED
+CVE-2019-15765
+	RESERVED
+CVE-2019-15764
+	RESERVED
+CVE-2019-15763
+	RESERVED
+CVE-2019-15762
+	RESERVED
+CVE-2019-15761
+	RESERVED
+CVE-2019-15760
+	RESERVED
+CVE-2019-15759 (An issue was discovered in Binaryen 1.38.32. Two visitors in ir/Expres ...)
+	TODO: check
+CVE-2019-15758 (An issue was discovered in Binaryen 1.38.32. Missing validation rules  ...)
+	TODO: check
+CVE-2019-15757 (libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG par ...)
+	TODO: check
+CVE-2019-15756
+	RESERVED
+CVE-2019-15755
+	RESERVED
+CVE-2019-15754
+	RESERVED
+CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC ...)
+	TODO: check
+CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local users to  ...)
+	TODO: check
+CVE-2018-21007
+	RESERVED
+CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...)
+	TODO: check
 CVE-2019-15751
 	RESERVED
 CVE-2019-15750
@@ -2926,7 +3004,7 @@ CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files
 	NOTE: https://kde.org/info/security/advisory-20190807-1.txt
 	NOTE: kconfig: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
 	NOTE: kdelibs: https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00
-CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...)
+CVE-2019-14743 (In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wo ...)
 	NOT-FOR-US: Valve Steam Client for Windows
 CVE-2019-14742
 	RESERVED
@@ -3025,8 +3103,8 @@ CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the o
 	NOT-FOR-US: Open-School
 CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...)
 	NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress
-CVE-2019-14694
-	RESERVED
+CVE-2019-14694 (A use-after-free flaw in the sandbox container implemented in cmdguard ...)
+	TODO: check
 CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
 	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
@@ -7748,14 +7826,14 @@ CVE-2019-13410
 	RESERVED
 CVE-2019-13409
 	RESERVED
-CVE-2019-13408
-	RESERVED
-CVE-2019-13407
-	RESERVED
-CVE-2019-13406
-	RESERVED
-CVE-2019-13405
-	RESERVED
+CVE-2019-13408 (A relative path traversal vulnerability found in Advan VD-1 firmware v ...)
+	TODO: check
+CVE-2019-13407 (A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses  ...)
+	TODO: check
+CVE-2019-13406 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
+	TODO: check
+CVE-2019-13405 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
+	TODO: check
 CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows  ...)
 	NOT-FOR-US: Disputed issue for Windows installer for Python
 CVE-2019-13403 (Temenos CWX version 8.9 has an Broken Access Control vulnerability in  ...)
@@ -13503,29 +13581,23 @@ CVE-2019-11252
 	RESERVED
 CVE-2019-11251
 	RESERVED
-CVE-2019-11250 [Bearer tokens are revealed in logs]
-	RESERVED
+CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...)
 	- kubernetes <unfixed> (bug #934801)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/81114
-CVE-2019-11249 [Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal]
-	RESERVED
+CVE-2019-11249 (The kubectl cp command allows copying files between containers and the ...)
 	- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/80984
-CVE-2019-11248
-	RESERVED
+CVE-2019-11248 (The debugging endpoint /debug/pprof is exposed over the unauthenticate ...)
 	- kubernetes <unfixed> (bug #934182)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/81023
 	NOTE: https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8
-CVE-2019-11247 [API server allows access to custom resources via wrong scope]
-	RESERVED
+CVE-2019-11247 (The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ...)
 	- kubernetes <unfixed> (bug #933988)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/80983
-CVE-2019-11246 [Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`]
-	RESERVED
+CVE-2019-11246 (The kubectl cp command allows copying files between containers and the ...)
 	- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
 	NOTE: https://github.com/kubernetes/kubernetes/pull/76788
-CVE-2019-11245
-	RESERVED
+CVE-2019-11245 (In kubelet v1.13.6 and v1.14.2, containers for pods that do not specif ...)
 	- kubernetes <not-affected> (Vulnerable code not present)
 	NOTE: https://discuss.kubernetes.io/t/security-regression-in-kubernetes-kubelet-v1-13-6-and-v1-14-2-only-cve-2019-11245/6584
 	NOTE: https://github.com/kubernetes/kubernetes/issues/78308
@@ -13970,16 +14042,16 @@ CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated
 	NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html
 	NOTE: https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36
 	NOTE: https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e
-CVE-2019-11064
-	RESERVED
-CVE-2019-11063
-	RESERVED
+CVE-2019-11064 (A vulnerability of remote credential disclosure was discovered in Adva ...)
+	TODO: check
+CVE-2019-11063 (A broken access control vulnerability in SmartHome app (Android versio ...)
+	TODO: check
 CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...)
 	NOT-FOR-US: SUNNET WMPro for eLearning system
-CVE-2019-11061
-	RESERVED
-CVE-2019-11060
-	RESERVED
+CVE-2019-11061 (A broken access control vulnerability in HG100 firmware versions up to ...)
+	TODO: check
+CVE-2019-11060 (The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12,  ...)
+	TODO: check
 CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...)
 	- u-boot 2019.01+dfsg-6 (bug #928800)
 	[stretch] - u-boot <no-dsa> (Minor issue)
@@ -14882,8 +14954,8 @@ CVE-2019-10726
 	RESERVED
 CVE-2019-10725
 	RESERVED
-CVE-2019-10724
-	RESERVED
+CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system services in wh ...)
+	TODO: check
 CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...)
 	- libpodofo <unfixed> (low; bug #926667)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -16701,18 +16773,18 @@ CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Nod
 	NOTE: Nodejs not covered by security support
 CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix suffe ...)
 	NOT-FOR-US: Verix Multi-app Conductor application for Verifone Verix
-CVE-2019-10059
-	RESERVED
+CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default on vario ...)
+	TODO: check
 CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
 	TODO: check
-CVE-2019-10057
-	RESERVED
-CVE-2019-10056
-	RESERVED
-CVE-2019-10055
-	RESERVED
-CVE-2019-10054
-	RESERVED
+CVE-2019-10057 (Various Lexmark products have CSRF. ...)
+	TODO: check
+CVE-2019-10056 (An issue was discovered in Suricata 4.1.3. The code mishandles the cas ...)
+	TODO: check
+CVE-2019-10055 (An issue was discovered in Suricata 4.1.3. The function ftp_pasv_respo ...)
+	TODO: check
+CVE-2019-10054 (An issue was discovered in Suricata 4.1.3. The function process_reply_ ...)
+	TODO: check
 CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the input o ...)
 	- suricata 1:4.1.4-1
 	[buster] - suricata <no-dsa> (Minor issue)
@@ -16720,13 +16792,11 @@ CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the i
 	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2883
 	NOTE: https://github.com/OISF/suricata/commit/51790d3824bc381e24aaeef20338dd6b8bd4e453
-CVE-2019-10052
-	RESERVED
+CVE-2019-10052 (An issue was discovered in Suricata 4.1.3. If the network packet does  ...)
 	- suricata 1:4.1.4-1
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2902
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2947
-CVE-2019-10051
-	RESERVED
+CVE-2019-10051 (An issue was discovered in Suricata 4.1.3. If the function filetracker ...)
 	- suricata 1:4.1.4-1
 	NOTE: https://github.com/OISF/suricata/pull/3734
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2896
@@ -17022,14 +17092,14 @@ CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2 o
 	TODO: check
 CVE-2019-9934 (Various Lexmark products have Incorrect Access Control (issue 1 of 2). ...)
 	TODO: check
-CVE-2019-9933
-	RESERVED
-CVE-2019-9932
-	RESERVED
-CVE-2019-9931
-	RESERVED
-CVE-2019-9930
-	RESERVED
+CVE-2019-9933 (Various Lexmark products have a Buffer Overflow (issue 3 of 3). ...)
+	TODO: check
+CVE-2019-9932 (Various Lexmark products have a Buffer Overflow (issue 2 of 3). ...)
+	TODO: check
+CVE-2019-9931 (Various Lexmark printers contain a denial of service vulnerability in  ...)
+	TODO: check
+CVE-2019-9930 (Various Lexmark products have an Integer Overflow. ...)
+	TODO: check
 CVE-2019-9929 (Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. ...)
 	- cfengine3 <not-affected> (Issue only affecting CFEngine Enterprise 3.x version)
 	NOTE: Issue is specific to Enterprise version leaking CFE_ROBOT user secrets on
@@ -29291,8 +29361,8 @@ CVE-2019-5532
 	RESERVED
 CVE-2019-5531
 	RESERVED
-CVE-2019-5530
-	RESERVED
+CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier than 1 ...)
+	TODO: check
 CVE-2019-5529
 	RESERVED
 CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service vulnerability i ...)
@@ -107838,10 +107908,10 @@ CVE-2017-14204
 	RESERVED
 CVE-2017-14203
 	RESERVED
-CVE-2017-14202
-	RESERVED
-CVE-2017-14201
-	RESERVED
+CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+	TODO: check
+CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...)
+	TODO: check
 CVE-2017-14200
 	RESERVED
 CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b389c96abd36f8702e53d2fb5bf80c2ecb0d2ba7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b389c96abd36f8702e53d2fb5bf80c2ecb0d2ba7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190829/0fccffca/attachment.html>


More information about the debian-security-tracker-commits mailing list