[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Dec 12 08:10:33 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80322c59 by security tracker role at 2019-12-12T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,51 @@
-CVE-2019-19726
+CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS. ...)
+	TODO: check
+CVE-2019-19747
+	RESERVED
+CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...)
+	TODO: check
+CVE-2019-19745
+	RESERVED
+CVE-2019-19744
+	RESERVED
+CVE-2019-19743
+	RESERVED
+CVE-2019-19742
+	RESERVED
+CVE-2019-19741
+	RESERVED
+CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Ca ...)
+	TODO: check
+CVE-2019-19739
+	RESERVED
+CVE-2019-19738
+	RESERVED
+CVE-2019-19737
+	RESERVED
+CVE-2019-19736
+	RESERVED
+CVE-2019-19735
+	RESERVED
+CVE-2019-19734
+	RESERVED
+CVE-2019-19733
+	RESERVED
+CVE-2019-19732
+	RESERVED
+CVE-2019-19731
+	RESERVED
+CVE-2019-19730
+	RESERVED
+CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
+	TODO: check
+CVE-2019-19728
+	RESERVED
+CVE-2019-19727
 	RESERVED
+CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion during a l ...)
+	TODO: check
+CVE-2019-19726 (OpenBSD through 6.6 allows local users to escalate to root because a c ...)
+	TODO: check
 CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...)
 	- sysstat <unfixed>
 	NOTE: https://github.com/sysstat/sysstat/issues/242
@@ -3540,8 +3586,8 @@ CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with T
 	NOT-FOR-US: Octopus Deploy
 CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL offlo ...)
 	NOT-FOR-US: Octopus Deploy
-CVE-2019-19374
-	RESERVED
+CVE-2019-19374 (An issue was discovered in core/assets/form/form_question_types/form_q ...)
+	TODO: check
 CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5. ...)
 	NOT-FOR-US: Squiz Matrix CMS
 CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...)
@@ -4607,7 +4653,7 @@ CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61
 	NOT-FOR-US: Xorux
 CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showErrorMessag ...)
 	NOT-FOR-US: KairosDB
-CVE-2019-19039 (__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel thro ...)
+CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Li ...)
 	- linux <unfixed>
 CVE-2019-19038
 	RESERVED
@@ -4788,7 +4834,7 @@ CVE-2019-18962
 	RESERVED
 CVE-2019-18961
 	RESERVED
-CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...)
+CVE-2019-18960 (Firecracker vsock implementation buffer overflow in versions 0.18.0 an ...)
 	NOT-FOR-US: AWS Firecracker
 CVE-2019-18959
 	RESERVED
@@ -8851,8 +8897,8 @@ CVE-2019-18247 (An attacker may use a specially crafted message to force Relion
 	NOT-FOR-US: Relion
 CVE-2019-18246
 	RESERVED
-CVE-2019-18245
-	RESERVED
+CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allow an a ...)
+	TODO: check
 CVE-2019-18244
 	RESERVED
 CVE-2019-18243
@@ -8877,8 +8923,8 @@ CVE-2019-18234
 	RESERVED
 CVE-2019-18233
 	RESERVED
-CVE-2019-18232
-	RESERVED
+CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...)
+	TODO: check
 CVE-2019-18231
 	RESERVED
 CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions,  ...)
@@ -12605,8 +12651,8 @@ CVE-2019-17089
 	RESERVED
 CVE-2019-17088
 	RESERVED
-CVE-2019-17087
-	RESERVED
+CVE-2019-17087 (Unauthorized file download vulnerability in all supported versions of  ...)
+	TODO: check
 CVE-2019-17086
 	RESERVED
 CVE-2019-17085 (XXE attack vulnerability on Micro Focus Operations Agent, affected ver ...)
@@ -32349,10 +32395,10 @@ CVE-2019-10697
 	RESERVED
 CVE-2019-10696
 	RESERVED
-CVE-2019-10695
-	RESERVED
-CVE-2019-10694
-	RESERVED
+CVE-2019-10695 (When using the cd4pe::root_configuration task to configure a Continuou ...)
+	TODO: check
+CVE-2019-10694 (The express install, which is the suggested way to install Puppet Ente ...)
+	TODO: check
 CVE-2019-10693
 	RESERVED
 CVE-2019-10692 (In the wp-google-maps plugin before 7.11.18 for WordPress, includes/cl ...)
@@ -43222,8 +43268,8 @@ CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in th
 	NOT-FOR-US: Avaya
 CVE-2019-7005
 	RESERVED
-CVE-2019-7004
-	RESERVED
+CVE-2019-7004 (A Cross-Site Scripting (XSS) vulnerability in the WebUI component of I ...)
+	TODO: check
 CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...)
 	NOT-FOR-US: Avaya
 CVE-2019-7002
@@ -47876,8 +47922,8 @@ CVE-2019-5156
 	RESERVED
 CVE-2019-5155
 	RESERVED
-CVE-2019-5154
-	RESERVED
+CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
+	TODO: check
 CVE-2019-5153
 	RESERVED
 CVE-2019-5152
@@ -48001,14 +48047,14 @@ CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota f
 	- e2fsprogs 1.45.4-1 (bug #941139)
 	NOTE: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
-CVE-2019-5093
-	RESERVED
-CVE-2019-5092
-	RESERVED
-CVE-2019-5091
-	RESERVED
-CVE-2019-5090
-	RESERVED
+CVE-2019-5093 (An exploitable code execution vulnerability exists in the DICOM networ ...)
+	TODO: check
+CVE-2019-5092 (An exploitable heap out of bounds write vulnerability exists in the UI ...)
+	TODO: check
+CVE-2019-5091 (An exploitable denial-of-service vulnerability exists in the Dicom-pac ...)
+	TODO: check
+CVE-2019-5090 (An exploitable information disclosure vulnerability exists in the DICO ...)
+	TODO: check
 CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investintech  ...)
 	NOT-FOR-US: Investintech
 CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech  ...)
@@ -48021,8 +48067,8 @@ CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flatt
 	- xcftools <unfixed> (bug #945317)
 	NOTE: https://github.com/j-jorge/xcftools/issues/12
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
-CVE-2019-5085
-	RESERVED
+CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...)
+	TODO: check
 CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
 	NOT-FOR-US: LEADTOOLS
 CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -50312,20 +50358,20 @@ CVE-2019-3991
 	RESERVED
 CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the  ...)
 	NOT-FOR-US: Harbor
-CVE-2019-3989
-	RESERVED
-CVE-2019-3988
-	RESERVED
-CVE-2019-3987
-	RESERVED
-CVE-2019-3986
-	RESERVED
-CVE-2019-3985
-	RESERVED
+CVE-2019-3989 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+	TODO: check
+CVE-2019-3988 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+	TODO: check
+CVE-2019-3987 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+	TODO: check
+CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+	TODO: check
+CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+	TODO: check
 CVE-2019-3984
 	RESERVED
-CVE-2019-3983
-	RESERVED
+CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+	TODO: check
 CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
 	NOT-FOR-US: Nessus
 CVE-2019-3981
@@ -61632,28 +61678,28 @@ CVE-2019-0407
 	RESERVED
 CVE-2019-0406
 	RESERVED
-CVE-2019-0405
-	RESERVED
-CVE-2019-0404
-	RESERVED
-CVE-2019-0403
-	RESERVED
-CVE-2019-0402
-	RESERVED
+CVE-2019-0405 (SAP Enable Now, before version 1911, leaks information about the exist ...)
+	TODO: check
+CVE-2019-0404 (SAP Enable Now, before version 1911, leaks information about network c ...)
+	TODO: check
+CVE-2019-0403 (SAP Enable Now, before version 1911, allows an attacker to input comma ...)
+	TODO: check
+CVE-2019-0402 (SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under c ...)
+	TODO: check
 CVE-2019-0401
 	RESERVED
 CVE-2019-0400
 	RESERVED
-CVE-2019-0399
-	RESERVED
-CVE-2019-0398
-	RESERVED
+CVE-2019-0399 (SAP Portfolio and Project Management, before versions S4CORE 102, 103, ...)
+	TODO: check
+CVE-2019-0398 (Due to insufficient CSRF protection, SAP BusinessObjects Business Inte ...)
+	TODO: check
 CVE-2019-0397
 	RESERVED
 CVE-2019-0396 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
 	NOT-FOR-US: SAP
-CVE-2019-0395
-	RESERVED
+CVE-2019-0395 (SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad ...)
+	TODO: check
 CVE-2019-0394
 	RESERVED
 CVE-2019-0393 (An SQL Injection vulnerability in SAP Quality Management (corrected in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80322c59997c6db00c8323c54bff3553c0d8421f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80322c59997c6db00c8323c54bff3553c0d8421f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191212/9ffc3a20/attachment.html>

More information about the debian-security-tracker-commits mailing list