[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 6 20:10:31 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
818b46bf by security tracker role at 2019-12-06T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,23 @@
-CVE-2019-19621
+CVE-2019-19629
+ RESERVED
+CVE-2019-19628
+ RESERVED
+CVE-2019-19627 (SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-rela ...)
+ TODO: check
+CVE-2019-19626
+ RESERVED
+CVE-2019-19625 (SROS 2 0.8.1 (which provides the tools that generate and distribute ke ...)
+ TODO: check
+CVE-2019-19624 (An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifica ...)
+ TODO: check
+CVE-2019-19623
+ RESERVED
+CVE-2019-19622
RESERVED
-CVE-2019-19620
+CVE-2019-19621
RESERVED
+CVE-2019-19620 (In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user ca ...)
+ TODO: check
CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mishandle ...)
TODO: check
CVE-2019-19618
@@ -1184,10 +1200,10 @@ CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissect
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=34d2e0d5318d0a7e9889498c721639e5cbf4ce45
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-22.html
-CVE-2019-19552
- RESERVED
-CVE-2019-19551
- RESERVED
+CVE-2019-19552 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...)
+ TODO: check
+CVE-2019-19551 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...)
+ TODO: check
CVE-2020-1974
RESERVED
CVE-2020-1973
@@ -2243,12 +2259,10 @@ CVE-2019-19336
RESERVED
CVE-2019-19335
RESERVED
-CVE-2019-19334
- RESERVED
+CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
- libyang <unfixed> (bug #946217)
NOTE: https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6
-CVE-2019-19333
- RESERVED
+CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
- libyang <unfixed> (bug #946217)
NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
CVE-2019-19332 [KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID]
@@ -6135,10 +6149,10 @@ CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing acce
NOT-FOR-US: Joomla!
CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...)
NOT-FOR-US: SHIFT BitBox02 devices
-CVE-2019-18672
- RESERVED
-CVE-2019-18671
- RESERVED
+CVE-2019-18672 (Insufficient checks in the finite state machine of the ShapeShift Keep ...)
+ TODO: check
+CVE-2019-18671 (Insufficient checks in the USB packet handling of the ShapeShift KeepK ...)
+ TODO: check
CVE-2019-18670
RESERVED
CVE-2019-18669
@@ -6159,7 +6173,7 @@ CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input pa
NOT-FOR-US: YouPHPTube
CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...)
NOT-FOR-US: Fastweb FASTGate
-CVE-2019-18660 (The Linux kernel through 5.3.13 on powerpc allows Information Exposure ...)
+CVE-2019-18660 (The Linux kernel before 5.4.1 on powerpc allows Information Exposure b ...)
- linux <unfixed>
[jessie] - linux <ignored> (powerpc not supported in LTS)
NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1
@@ -6282,6 +6296,7 @@ CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
CVE-2019-18609 (An issue was discovered in amqp_handle_input in amqp_connection.c in r ...)
+ {DLA-2022-1}
- librabbitmq <unfixed> (bug #946005)
NOTE: https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a
CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information modification bec ...)
@@ -11927,13 +11942,13 @@ CVE-2019-16773
RESERVED
CVE-2019-16772
RESERVED
-CVE-2019-16771
- RESERVED
-CVE-2019-16770 (A poorly-behaved client could use keepalive requests to monopolize Pum ...)
+CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
TODO: check
-CVE-2019-16769 (Affected versions of this package are vulnerable to Cross-site Scripti ...)
+CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could use keepal ...)
TODO: check
-CVE-2019-16768 (Exception messages from internal exceptions (like database exception) ...)
+CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is vulnerabl ...)
+ TODO: check
+CVE-2019-16768 (In affected versions of Sylius, exception messages from internal excep ...)
TODO: check
CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the special ca ...)
NOT-FOR-US: ezmaster
@@ -12170,16 +12185,16 @@ CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in file_m
NOTE: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
CVE-2019-16675 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
NOT-FOR-US: PHOENIX CONTACT PC Worx
-CVE-2019-16674
- RESERVED
-CVE-2019-16673
- RESERVED
-CVE-2019-16672
- RESERVED
-CVE-2019-16671
- RESERVED
-CVE-2019-16670
- RESERVED
+CVE-2019-16674 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
+ TODO: check
+CVE-2019-16673 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
+ TODO: check
+CVE-2019-16672 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
+ TODO: check
+CVE-2019-16671 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
+ TODO: check
+CVE-2019-16670 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
+ TODO: check
CVE-2019-16669 (The Reset Password feature in Pagekit 1.0.17 gives a different respons ...)
NOT-FOR-US: Pagekit CMS
CVE-2019-16668
@@ -24998,10 +25013,10 @@ CVE-2019-12737 (UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc
NOT-FOR-US: JetBrains Ktor
CVE-2019-12736 (JetBrains Ktor framework before 1.2.0-rc does not sanitize the usernam ...)
NOT-FOR-US: JetBrains Ktor
-CVE-2019-12734
- RESERVED
-CVE-2019-12733
- RESERVED
+CVE-2019-12734 (SiteVision 4 has Incorrect Access Control. ...)
+ TODO: check
+CVE-2019-12733 (SiteVision 4 allows Remote Code Execution. ...)
+ TODO: check
CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...)
{DSA-4487-1 DSA-4467-1 DLA-1871-1}
- vim 2:8.1.0875-4 (bug #930020)
@@ -28299,8 +28314,8 @@ CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for Word
NOT-FOR-US: WebDorado Contact Form Builder plugi for WordPress
CVE-2019-11556
RESERVED
-CVE-2019-11554
- RESERVED
+CVE-2019-11554 (The Audible application through 2.34.0 for Android has Missing SSL Cer ...)
+ TODO: check
CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without web r ...)
NOT-FOR-US: Code42 for Enterprise
CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client version 6.7 ...)
@@ -45386,8 +45401,7 @@ CVE-2019-5546
RESERVED
CVE-2019-5545
RESERVED
-CVE-2019-5544
- RESERVED
+CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap ove ...)
- openslp-dfsg <removed>
NOTE: https://www.openwall.com/lists/oss-security/2019/12/06/1
CVE-2019-5543
@@ -57426,8 +57440,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can f
- openssl <not-affected> (Windows-specific)
- openssl1.0 <not-affected> (Windows-specific)
NOTE: https://www.openssl.org/news/secadv/20190730.txt
-CVE-2019-1551
- RESERVED
+CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...)
- openssl <unfixed> (low)
[buster] - openssl <postponed> (Wait until next upstream security release)
[stretch] - openssl <postponed> (Wait until next upstream security release)
@@ -93662,8 +93675,8 @@ CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004-13.diff
CVE-2018-7283
RESERVED
-CVE-2018-7282
- RESERVED
+CVE-2018-7282 (The username parameter of the TITool PrintMonitor solution during the ...)
+ TODO: check
CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnera ...)
NOT-FOR-US: CactusVPN for macOS
CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
@@ -279072,8 +279085,7 @@ CVE-2012-2149 (The WPXContentListener::_closeTableRow function in WPXContentList
NOTE: http://permalink.gmane.org/gmane.comp.security.full-disclosure/85789
NOTE: http://sourceforge.net/p/libwpd/code/ci/437bf6702164e30761a10771f95dd1c796f474b7
NOTE: http://sourceforge.net/p/libwpd/code/ci/5969b8f3f73418ebba2a722513a4cb285e7b9c23
-CVE-2012-2148
- RESERVED
+CVE-2012-2148 (An issue exists in the property replacements feature in any descriptor ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-2147 (munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a de ...)
- munin 2.0~rc6-1 (bug #670811)
@@ -279133,8 +279145,7 @@ CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in O
{DSA-2454-2}
- openssl <not-affected> (only affected patch against 0.9.8)
NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2
-CVE-2012-2130
- RESERVED
+CVE-2012-2130 (A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1. ...)
- polarssl 1.1.2-1
[squeeze] - polarssl <not-affected> (Introduced in 0.99-pre4)
CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012- ...)
@@ -279249,8 +279260,7 @@ CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh mechanism
CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to overwrite arbi ...)
{DSA-2453-2 DSA-2453-1}
- gajim 0.15-1.1 (low; bug #668710)
-CVE-2012-2092
- RESERVED
+CVE-2012-2092 (A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 ...)
- cobbler <not-affected> (Ubuntu specific cobbler-ubuntu-import script not present)
CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2. ...)
- simgear 2.10.0-3 (unimportant; bug #669024)
@@ -280421,8 +280431,7 @@ CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Ar
[squeeze] - argyll <no-dsa> (Only standalone binary in squeeze, minor impact)
NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the
NOTE: isolated security fix
-CVE-2012-1615 [sectool dbus priv escalation]
- RESERVED
+CVE-2012-1615 (A Privilege Escalation vulnerability exits in Fedoraproject Sectool du ...)
NOT-FOR-US: sectool
CVE-2012-1614 (Coppermine Photo Gallery before 1.5.20 allows remote attackers to obta ...)
NOT-FOR-US: Coppermine
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/818b46bf9ca59ad78e50ee631d7e2bf5aca58ef9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/818b46bf9ca59ad78e50ee631d7e2bf5aca58ef9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191206/d4da97f8/attachment.html>
More information about the debian-security-tracker-commits
mailing list