[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 4 08:10:35 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c77997f by security tracker role at 2019-12-04T08:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,44 @@
-CVE-2019-19543 [media: serial_ir: Fix use-after-free in serial_ir_init_module]
+CVE-2020-1974
+ RESERVED
+CVE-2020-1973
+ RESERVED
+CVE-2020-1972
+ RESERVED
+CVE-2020-1971
+ RESERVED
+CVE-2020-1970
+ RESERVED
+CVE-2020-1969
+ RESERVED
+CVE-2020-1968
+ RESERVED
+CVE-2020-1967
+ RESERVED
+CVE-2020-1966
+ RESERVED
+CVE-2020-1965
+ RESERVED
+CVE-2019-19550
+ RESERVED
+CVE-2019-19549
+ RESERVED
+CVE-2019-19548
+ RESERVED
+CVE-2019-19547
+ RESERVED
+CVE-2019-19546
+ RESERVED
+CVE-2019-19545
+ RESERVED
+CVE-2019-19544
+ RESERVED
+CVE-2019-19542
+ RESERVED
+CVE-2019-19541
+ RESERVED
+CVE-2019-19540
+ RESERVED
+CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in serial_ ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb
@@ -764,8 +804,8 @@ CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_vi
NOT-FOR-US: FusionPBX
CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...)
TODO: check
-CVE-2019-19382
- RESERVED
+CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the ...)
+ TODO: check
CVE-2019-19381
RESERVED
CVE-2019-19380
@@ -1926,10 +1966,10 @@ CVE-2019-18995
RESERVED
CVE-2019-18994
RESERVED
-CVE-2019-18993
- RESERVED
-CVE-2019-18992
- RESERVED
+CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to th ...)
+ TODO: check
+CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...)
+ TODO: check
CVE-2019-18991
RESERVED
CVE-2019-18990
@@ -5090,8 +5130,8 @@ CVE-2019-18576
RESERVED
CVE-2019-18575
RESERVED
-CVE-2019-18574
- RESERVED
+CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 contain a ...)
+ TODO: check
CVE-2019-18573
RESERVED
CVE-2019-18572
@@ -10336,8 +10376,8 @@ CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subse
NOT-FOR-US: IrfanView
CVE-2019-16886
RESERVED
-CVE-2019-16885
- RESERVED
+CVE-2019-16885 (In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remo ...)
+ TODO: check
CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...)
- runc 1.0.0~rc9+dfsg1-1 (bug #942026)
- golang-github-opencontainers-selinux <unfixed> (bug #942027)
@@ -21688,8 +21728,7 @@ CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2
CVE-2019-13457
RESERVED
-CVE-2019-13456
- RESERVED
+CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...)
- freeradius 3.0.17+dfsg-1.1
[stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by default)
[jessie] - freeradius <not-affected> (Vulnerable code added later)
@@ -31361,8 +31400,8 @@ CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-002
NOT-FOR-US: DASAN
CVE-2019-9973
RESERVED
-CVE-2019-10013
- RESERVED
+CVE-2019-10013 (The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS t ...)
+ TODO: check
CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote at ...)
NOT-FOR-US: Jenzabar
CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campu ...)
@@ -33145,8 +33184,8 @@ CVE-2019-9691
RESERVED
CVE-2019-9690
RESERVED
-CVE-2019-9689
- RESERVED
+CVE-2019-9689 (process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2 ...)
+ TODO: check
CVE-2019-9688 (sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=ad ...)
NOT-FOR-US: sftnow
CVE-2019-9687 (PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF ...)
@@ -44979,15 +45018,13 @@ CVE-2019-5166
RESERVED
CVE-2019-5165
RESERVED
-CVE-2019-5164 [shadowsocks-libev TALOS-2019-0958]
- RESERVED
+CVE-2019-5164 (An exploitable code execution vulnerability exists in the ss-manager b ...)
- shadowsocks-libev 3.3.3+ds-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2537
NOTE: Mitigation: Using a unix socket with ss-manager via --manager-socket.
NOTE: Exposing ss-manager to pubic is always dangerous.
-CVE-2019-5163
- RESERVED
+CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPRelay ...)
- shadowsocks-libev 3.3.3+ds-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956
NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
@@ -45049,10 +45086,10 @@ CVE-2019-5135
RESERVED
CVE-2019-5134
RESERVED
-CVE-2019-5133
- RESERVED
-CVE-2019-5132
- RESERVED
+CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
+CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
CVE-2019-5131
RESERVED
CVE-2019-5130
@@ -45091,14 +45128,14 @@ CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the authenti
NOT-FOR-US: YouPHPTube
CVE-2019-5113
RESERVED
-CVE-2019-5112
- RESERVED
-CVE-2019-5111
- RESERVED
-CVE-2019-5110
- RESERVED
-CVE-2019-5109
- RESERVED
+CVE-2019-5112 (Exploitable SQL injection vulnerability exists in the authenticated po ...)
+ TODO: check
+CVE-2019-5111 (Exploitable SQL injection vulnerability exists in the authenticated po ...)
+ TODO: check
+CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authenticated p ...)
+ TODO: check
+CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...)
+ TODO: check
CVE-2019-5108
RESERVED
CVE-2019-5107
@@ -45121,10 +45158,10 @@ CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-
NOT-FOR-US: LEADTOOLS
CVE-2019-5098
RESERVED
-CVE-2019-5097
- RESERVED
-CVE-2019-5096
- RESERVED
+CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of multi-pa ...)
+ TODO: check
+CVE-2019-5096 (An exploitable code execution vulnerability exists in the processing o ...)
+ TODO: check
CVE-2019-5095 (An issue summary information disclosure vulnerability exists in Atlass ...)
NOT-FOR-US: Atlassian
CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...)
@@ -45156,8 +45193,8 @@ CVE-2019-5085
RESERVED
CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
NOT-FOR-US: LEADTOOLS
-CVE-2019-5083
- RESERVED
+CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
CVE-2019-5082
RESERVED
CVE-2019-5081
@@ -45170,8 +45207,8 @@ CVE-2019-5078
RESERVED
CVE-2019-5077
RESERVED
-CVE-2019-5076
- RESERVED
+CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
CVE-2019-5075
RESERVED
CVE-2019-5074
@@ -48210,10 +48247,10 @@ CVE-2019-3752
RESERVED
CVE-2019-3751 (Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0 ...)
NOT-FOR-US: EMC
-CVE-2019-3750
- RESERVED
-CVE-2019-3749
- RESERVED
+CVE-2019-3750 (Dell Command Update versions prior to 3.1 contain an Arbitrary File De ...)
+ TODO: check
+CVE-2019-3749 (Dell Command Update versions prior to 3.1 contain an Arbitrary File De ...)
+ TODO: check
CVE-2019-3748
RESERVED
CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 co ...)
@@ -175781,8 +175818,7 @@ CVE-2016-1000022
NOTE: https://nodesecurity.io/advisories/106
NOTE: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc
NOTE: nodejs not covered by security support
-CVE-2016-1000021
- RESERVED
+CVE-2016-1000021 (An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable te ...)
- node-cli <removed> (unimportant)
NOTE: https://nodesecurity.io/advisories/95
NOTE: nodejs not covered by security support
@@ -178254,8 +178290,7 @@ CVE-2016-1000108
[jessie] - yaws 1.98-4+deb8u1
[wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future DSA)
NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
-CVE-2016-1000104
- RESERVED
+CVE-2016-1000104 (A security Bypass vulnerability exists in mod_fcgid through 2016-07-07 ...)
NOTE: libapache2-mod-fcgid does not set HTTP_PROXY based on Proxy: header unless
NOTE: explicitly configured so and mitigations for Apache in CVE-2016-5387 prevent
NOTE: exploitation anyway
@@ -199226,8 +199261,7 @@ CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly creat
- kdelibs <removed>
- arts <removed>
NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c
-CVE-2015-7542 [libgwenhywfar uses outdated bundled CA certificates]
- RESERVED
+CVE-2015-7542 (An issue exists in libgwenhywfar through 4.12.0 due to the usage of ou ...)
{DLA-469-1}
- libgwenhywfar 4.12.0beta-3 (bug #748955; medium)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503
@@ -241475,8 +241509,7 @@ CVE-2013-7329 (The CGI::Application module before 4.50_50 and 4.50_51 for Perl,
[wheezy] - libcgi-application-perl <no-dsa> (Minor issue)
[squeeze] - libcgi-application-perl <no-dsa> (Minor issue)
NOTE: suggested fix https://github.com/markstos/CGI--Application/pull/15
-CVE-2013-7325
- RESERVED
+CVE-2013-7325 (An issue exists in uscan in devscripts before 2.13.19, which could let ...)
{DSA-2836-1}
- devscripts 2.13.9
[squeeze] - devscripts <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c77997f5c4f17b82a5b59c54c56851e4ec07434
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c77997f5c4f17b82a5b59c54c56851e4ec07434
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191204/f12789aa/attachment.html>
More information about the debian-security-tracker-commits
mailing list