[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 3 20:10:32 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
75696a56 by security tracker role at 2019-12-03T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2019-19539
+ RESERVED
+CVE-2019-19538
+ RESERVED
+CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...)
+ TODO: check
+CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
+ TODO: check
+CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
+ TODO: check
+CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...)
+ TODO: check
+CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...)
+ TODO: check
+CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...)
+ TODO: check
+CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...)
+ TODO: check
+CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...)
+ TODO: check
+CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...)
+ TODO: check
+CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
+ TODO: check
+CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...)
+ TODO: check
+CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...)
+ TODO: check
+CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...)
+ TODO: check
+CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...)
+ TODO: check
+CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
+ TODO: check
+CVE-2019-19522
+ RESERVED
+CVE-2019-19521
+ RESERVED
+CVE-2019-19520
+ RESERVED
+CVE-2019-19519
+ RESERVED
+CVE-2019-19518
+ RESERVED
CVE-2020-1964
RESERVED
CVE-2020-1963
@@ -200,7 +244,7 @@ CVE-2019-19498
RESERVED
CVE-2019-19497
RESERVED
-CVE-2019-19496 (Alfresco Enterprise 5.2.4 allows stored XSS via an uploaded HTML docum ...)
+CVE-2019-19496 (Alfresco Enterprise before 5.2.6 allows stored XSS via an uploaded HTM ...)
NOT-FOR-US: Alfresco
CVE-2019-19495
RESERVED
@@ -491,14 +535,14 @@ CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 a
[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19461
RESERVED
-CVE-2019-19460
- RESERVED
-CVE-2019-19459
- RESERVED
-CVE-2019-19458
- RESERVED
-CVE-2019-19457
- RESERVED
+CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...)
+ TODO: check
+CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker ...)
+ TODO: check
+CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data E ...)
+ TODO: check
+CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
+ TODO: check
CVE-2019-19456
RESERVED
CVE-2019-19455
@@ -692,8 +736,8 @@ CVE-2019-19385 (A cross-site scripting (XSS) vulnerability in app/dialplans/dial
NOT-FOR-US: FusionPBX
CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php ...)
NOT-FOR-US: FusionPBX
-CVE-2019-19383
- RESERVED
+CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...)
+ TODO: check
CVE-2019-19382
RESERVED
CVE-2019-19381
@@ -31049,7 +31093,7 @@ CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerab
CVE-2019-10076 (A carefully crafted malicious attachment could trigger an XSS vulnerab ...)
- jspwiki <removed>
CVE-2019-10075
- RESERVED
+ REJECTED
CVE-2019-10074 (An RCE is possible by entering Freemarker markup in an Apache OFBiz Fo ...)
NOT-FOR-US: Apache OFBiz
CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" ...)
@@ -39305,10 +39349,10 @@ CVE-2019-7368
RESERVED
CVE-2019-7367
RESERVED
-CVE-2019-7366
- RESERVED
-CVE-2019-7365
- RESERVED
+CVE-2019-7366 (Buffer overflow vulnerability in Autodesk FBX Software Development Kit ...)
+ TODO: check
+CVE-2019-7365 (DLL preloading vulnerability in Autodesk Desktop Application versions ...)
+ TODO: check
CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...)
NOT-FOR-US: Autodesk
CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011, ...)
@@ -46411,14 +46455,14 @@ CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scr
NOT-FOR-US: IBM
CVE-2019-4469
RESERVED
-CVE-2019-4468
- RESERVED
-CVE-2019-4467
- RESERVED
+CVE-2019-4468 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+ TODO: check
+CVE-2019-4467 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+ TODO: check
CVE-2019-4466
RESERVED
-CVE-2019-4465
- RESERVED
+CVE-2019-4465 (IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored loc ...)
+ TODO: check
CVE-2019-4464
RESERVED
CVE-2019-4463
@@ -46895,8 +46939,8 @@ CVE-2019-4228
RESERVED
CVE-2019-4227 (IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9 ...)
NOT-FOR-US: IBM
-CVE-2019-4226
- RESERVED
+CVE-2019-4226 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+ TODO: check
CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially ...)
NOT-FOR-US: IBM
CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQ ...)
@@ -47087,8 +47131,8 @@ CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impro
NOT-FOR-US: IBM
CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...)
NOT-FOR-US: IBM
-CVE-2019-4130
- RESERVED
+CVE-2019-4130 (IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to ...)
+ TODO: check
CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...)
NOT-FOR-US: IBM
CVE-2019-4128
@@ -47151,8 +47195,8 @@ CVE-2019-4100
RESERVED
CVE-2019-4099
RESERVED
-CVE-2019-4098
- RESERVED
+CVE-2019-4098 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
+ TODO: check
CVE-2019-4097
RESERVED
CVE-2019-4096
@@ -47367,8 +47411,8 @@ CVE-2019-3992
RESERVED
CVE-2019-3991
RESERVED
-CVE-2019-3990
- RESERVED
+CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the ...)
+ TODO: check
CVE-2019-3989
RESERVED
CVE-2019-3988
@@ -48315,10 +48359,10 @@ CVE-2019-3668
RESERVED
CVE-2019-3667
RESERVED
-CVE-2019-3666
- RESERVED
-CVE-2019-3665
- RESERVED
+CVE-2019-3666 (API Abuse/Misuse vulnerability in the web interface in McAfee Web Advi ...)
+ TODO: check
+CVE-2019-3665 (Code Injection vulnerability in the web interface in McAfee Web Adviso ...)
+ TODO: check
CVE-2019-3664
RESERVED
CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...)
@@ -253627,8 +253671,7 @@ CVE-2013-4487 (Off-by-one error in the dane_raw_tlsa in the DANE library (libdan
- gnutls28 <not-affected> (libdane is not built; original patch for CVE-2013-4466 not applied)
- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
NOTE: off-by one issue in original fix for CVE-2013-4466
-CVE-2013-4486
- RESERVED
+CVE-2013-4486 (Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging ...)
NOT-FOR-US: Zanata
CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8. ...)
- 389-ds-base 1.3.2.9-1 (bug #730115)
@@ -253877,8 +253920,7 @@ CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from
[wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
[squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
-CVE-2013-4411
- RESERVED
+CVE-2013-4411 (Review Board: URL processing gives unauthorized users access to review ...)
- reviewboard <itp> (bug #653113)
CVE-2013-4410 (ReviewBoard: has an access-control problem in REST API ...)
- reviewboard <itp> (bug #653113)
@@ -254538,8 +254580,7 @@ CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc
NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
- vdsm <itp> (bug #668538)
-CVE-2013-4235 [TOCTOU race conditions by copying and removing directory trees]
- RESERVED
+CVE-2013-4235 (shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...)
- shadow <unfixed> (unimportant; bug #778950)
CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) ...)
{DSA-2751-1}
@@ -259610,8 +259651,7 @@ CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allo
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
CVE-2013-2229
REJECTED
-CVE-2013-2228 [RSA exponent of 1]
- RESERVED
+CVE-2013-2228 (SaltStack RSA Key Generation allows remote users to decrypt communicat ...)
- salt 0.15.1-1
NOTE: https://github.com/saltstack/salt/commit/e8ce66cf688b43aeb3e716e78b1af3a08e9940e3
CVE-2013-2227 (GLPI 0.83.7 has Local File Inclusion in common.tabs.php. ...)
@@ -260039,8 +260079,7 @@ CVE-2013-2108
NOT-FOR-US: WordPress plugin wp-cleanfix
CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update ...)
NOT-FOR-US: WordPress plugin mail-on-update
-CVE-2013-2106 [Authentication credential disclosure]
- RESERVED
+CVE-2013-2106 (webauth before 4.6.1 has authentication credential disclosure ...)
- webauth <not-affected> (vulnerable code only in 4.4.1 up to 4.5.2)
CVE-2013-2105 (The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local ...)
NOT-FOR-US: Show In Browser Ruby Gem
@@ -260052,13 +260091,11 @@ CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone
NOTE: Keystone Folsom fix: https://review.openstack.org/#/c/30743/
NOTE: python-keystoneclient fix: https://review.openstack.org/#/c/30742/
NOTE: Starting with 2013.1-1 code in keystone/middleware/auth_token.py moved to python-keystoneclient
-CVE-2013-2103
- RESERVED
+CVE-2013-2103 (OpenShift cartridge allows remote URL retrieval ...)
NOT-FOR-US: OpenShift
CVE-2013-2102 (The default configuration of Red Hat JBoss Portal before 6.1.0 enables ...)
NOT-FOR-US: GateIn Portal
-CVE-2013-2101
- RESERVED
+CVE-2013-2101 (Katello has multiple XSS issues in various entities ...)
NOT-FOR-US: Katello
CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...)
NOT-FOR-US: Gentoo Portage binary package installer
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75696a56f73d899be599bc85c6b26845a9aa9a82
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75696a56f73d899be599bc85c6b26845a9aa9a82
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191203/5f9a6205/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list