[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 13 08:10:32 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d44fbd10 by security tracker role at 2019-12-13T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-19783
+ RESERVED
+CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long ...)
+ TODO: check
+CVE-2019-19781
+ RESERVED
+CVE-2019-19780
+ RESERVED
+CVE-2019-19779
+ RESERVED
+CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
+ TODO: check
+CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
+ TODO: check
+CVE-2019-19776
+ RESERVED
+CVE-2019-19775
+ RESERVED
+CVE-2019-19774
+ RESERVED
+CVE-2019-19773
+ RESERVED
+CVE-2019-19772
+ RESERVED
+CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...)
+ TODO: check
CVE-2019-XXXX [identified authors can inject content into database]
- spip 3.2.7-1
CVE-2020-3609
@@ -1000,16 +1026,16 @@ CVE-2020-3111
RESERVED
CVE-2020-3110
RESERVED
-CVE-2019-19770 [debugfs_remove use-after-free]
+CVE-2019-19770 (In the Linux kernel 4.19.83, there is a use-after-free (read) in the d ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
-CVE-2019-19769 [perf_trace_lock_acquire use-after-free]
+CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in the pe ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705
-CVE-2019-19768 [__blk_add_trace use-after-free]
+CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
-CVE-2019-19767 [ext4: add more paranoia checking in ext4_expand_extra_isize handling]
+CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as d ...)
- linux 5.3.15-1
NOTE: https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...)
@@ -9747,126 +9773,126 @@ CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauth
NOT-FOR-US: Sourcecodester Online Grading System
CVE-2019-18343
RESERVED
-CVE-2019-18342
- RESERVED
-CVE-2019-18341
- RESERVED
-CVE-2019-18340
- RESERVED
-CVE-2019-18339
- RESERVED
-CVE-2019-18338
- RESERVED
-CVE-2019-18337
- RESERVED
+CVE-2019-18342 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-18341 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-18340 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-18339 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-18338 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-18337 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
CVE-2019-18336
RESERVED
-CVE-2019-18335
- RESERVED
-CVE-2019-18334
- RESERVED
-CVE-2019-18333
- RESERVED
-CVE-2019-18332
- RESERVED
-CVE-2019-18331
- RESERVED
-CVE-2019-18330
- RESERVED
-CVE-2019-18329
- RESERVED
-CVE-2019-18328
- RESERVED
-CVE-2019-18327
- RESERVED
-CVE-2019-18326
- RESERVED
-CVE-2019-18325
- RESERVED
-CVE-2019-18324
- RESERVED
-CVE-2019-18323
- RESERVED
-CVE-2019-18322
- RESERVED
-CVE-2019-18321
- RESERVED
-CVE-2019-18320
- RESERVED
-CVE-2019-18319
- RESERVED
-CVE-2019-18318
- RESERVED
-CVE-2019-18317
- RESERVED
-CVE-2019-18316
- RESERVED
-CVE-2019-18315
- RESERVED
-CVE-2019-18314
- RESERVED
-CVE-2019-18313
- RESERVED
-CVE-2019-18312
- RESERVED
-CVE-2019-18311
- RESERVED
-CVE-2019-18310
- RESERVED
-CVE-2019-18309
- RESERVED
-CVE-2019-18308
- RESERVED
-CVE-2019-18307
- RESERVED
-CVE-2019-18306
- RESERVED
-CVE-2019-18305
- RESERVED
-CVE-2019-18304
- RESERVED
-CVE-2019-18303
- RESERVED
-CVE-2019-18302
- RESERVED
-CVE-2019-18301
- RESERVED
-CVE-2019-18300
- RESERVED
-CVE-2019-18299
- RESERVED
-CVE-2019-18298
- RESERVED
-CVE-2019-18297
- RESERVED
-CVE-2019-18296
- RESERVED
-CVE-2019-18295
- RESERVED
-CVE-2019-18294
- RESERVED
-CVE-2019-18293
- RESERVED
-CVE-2019-18292
- RESERVED
-CVE-2019-18291
- RESERVED
-CVE-2019-18290
- RESERVED
-CVE-2019-18289
- RESERVED
-CVE-2019-18288
- RESERVED
-CVE-2019-18287
- RESERVED
-CVE-2019-18286
- RESERVED
-CVE-2019-18285
- RESERVED
-CVE-2019-18284
- RESERVED
-CVE-2019-18283
- RESERVED
+CVE-2019-18335 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18334 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18333 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18332 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18331 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18330 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18329 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18328 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18327 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18326 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18325 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18324 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18323 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18322 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18321 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18320 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18319 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18318 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18317 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18316 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18315 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18314 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18313 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18312 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18311 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18310 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18309 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18308 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18307 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18306 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18305 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18304 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18303 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18302 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18301 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18300 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18299 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18298 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18297 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18296 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18295 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18294 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18293 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18292 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18291 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18290 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18289 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
+ TODO: check
+CVE-2019-18288 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18287 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18286 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18285 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18284 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
+CVE-2019-18283 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
+ TODO: check
CVE-2019-18282
RESERVED
CVE-2019-18281 (An out-of-bounds memory access in the generateDirectionalRuns() functi ...)
@@ -14597,14 +14623,14 @@ CVE-2019-16779
RESERVED
CVE-2019-16778
RESERVED
-CVE-2019-16777
- RESERVED
-CVE-2019-16776
- RESERVED
-CVE-2019-16775
- RESERVED
-CVE-2019-16774
- RESERVED
+CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...)
+ TODO: check
+CVE-2019-16776 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...)
+ TODO: check
+CVE-2019-16775 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...)
+ TODO: check
+CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injection vul ...)
+ TODO: check
CVE-2019-16773
RESERVED
CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to ...)
@@ -23455,18 +23481,18 @@ CVE-2019-13949 (SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as
NOT-FOR-US: SyGuestBook A5
CVE-2019-13948 (SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData f ...)
NOT-FOR-US: SyGuestBook A5
-CVE-2019-13947
- RESERVED
+CVE-2019-13947 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
CVE-2019-13946
RESERVED
-CVE-2019-13945 (A vulnerability has been identified in S7-1200 CPU (All versions). The ...)
+CVE-2019-13945 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
NOT-FOR-US: Siemens
-CVE-2019-13944
- RESERVED
-CVE-2019-13943
- RESERVED
-CVE-2019-13942
- RESERVED
+CVE-2019-13944 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
+ TODO: check
+CVE-2019-13943 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
+ TODO: check
+CVE-2019-13942 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
+ TODO: check
CVE-2019-13941
RESERVED
CVE-2019-13940
@@ -23485,12 +23511,12 @@ CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: Siemens
CVE-2019-13933
RESERVED
-CVE-2019-13932
- RESERVED
-CVE-2019-13931
- RESERVED
-CVE-2019-13930
- RESERVED
+CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...)
+ TODO: check
+CVE-2019-13931 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...)
+ TODO: check
+CVE-2019-13930 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...)
+ TODO: check
CVE-2019-13929 (A vulnerability has been identified in SIMATIC IT UADM (All versions & ...)
NOT-FOR-US: Siemens
CVE-2019-13928
@@ -28512,8 +28538,7 @@ CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me"
TODO: check details on fix
CVE-2019-12421 (When using an authentication mechanism other than PKI, when the user c ...)
NOT-FOR-US: Apache NiFi
-CVE-2019-12420
- RESERVED
+CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in a way ...)
- spamassassin 3.4.3~rc6-1 (bug #946653)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/2
NOTE: https://markmail.org/message/pyp425yrulfxyhrn
@@ -32695,7 +32720,7 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag
NOT-FOR-US: Joomla!
CVE-2019-10944
RESERVED
-CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET200SP (incl. SIPLUS v ...)
NOT-FOR-US: Siemens
CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...)
NOT-FOR-US: Siemens
@@ -32719,11 +32744,11 @@ CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corpora
NOT-FOR-US: Siemens
CVE-2019-10932
RESERVED
-CVE-2019-10931 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85, ...)
+CVE-2019-10931 (A vulnerability has been identified in All other SIPROTEC 5 device typ ...)
NOT-FOR-US: Siemens
-CVE-2019-10930 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85, ...)
+CVE-2019-10930 (A vulnerability has been identified in All other SIPROTEC 5 device typ ...)
NOT-FOR-US: Siemens
-CVE-2019-10929 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+CVE-2019-10929 (A vulnerability has been identified in SIMATIC CP 1626 (All versions), ...)
NOT-FOR-US: Siemens
CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). An auth ...)
NOT-FOR-US: Siemens
@@ -47210,11 +47235,13 @@ CVE-2019-5845
CVE-2019-5844
RESERVED
CVE-2019-5843 (Out of bounds memory access in JavaScript in Google Chrome prior to 74 ...)
+ {DSA-4500-1}
- chromium 74.0.3729.108-1
CVE-2019-5842 (Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed ...)
{DSA-4500-1}
- chromium 75.0.3770.90-1
CVE-2019-5841 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...)
+ {DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5840 (Incorrect security UI in popup blocker in Google Chrome on iOS prior t ...)
{DSA-4500-1}
@@ -48997,8 +49024,8 @@ CVE-2019-5146
RESERVED
CVE-2019-5145
RESERVED
-CVE-2019-5144
- RESERVED
+CVE-2019-5144 (A freed memory access vulnerability exists in the SVG Marker Element f ...)
+ TODO: check
CVE-2019-5143
RESERVED
CVE-2019-5142
@@ -49174,10 +49201,10 @@ CVE-2019-5064
RESERVED
CVE-2019-5063
RESERVED
-CVE-2019-5062
- RESERVED
-CVE-2019-5061
- RESERVED
+CVE-2019-5062 (An exploitable denial-of-service vulnerability exists in the 802.11w s ...)
+ TODO: check
+CVE-2019-5061 (An exploitable denial-of-service vulnerability exists in the hostapd 2 ...)
+ TODO: check
CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM image re ...)
- libsdl2-image 2.0.5+dfsg1-1
[buster] - libsdl2-image <no-dsa> (Minor issue)
@@ -51489,8 +51516,8 @@ CVE-2019-3953 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 al
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-3952
RESERVED
-CVE-2019-3951
- RESERVED
+CVE-2019-3951 (Advantech WebAccess before 8.4.3 allows unauthenticated remote attacke ...)
+ TODO: check
CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded ...)
NOT-FOR-US: Arlo Basestation firmware
CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a ...)
@@ -83987,8 +84014,7 @@ CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in Je
NOT-FOR-US: Jenkins plugin
CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins Git Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-11805
- RESERVED
+CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be configu ...)
- spamassassin 3.4.3~rc6-1 (bug #946652)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/1
NOTE: https://markmail.org/message/pyp425yrulfxyhrn
@@ -171421,9 +171447,9 @@ CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ex
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
NOTE: Fixed in 7.0.12, 5.6.27
NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
-CVE-2016-8673 (Cross-site request forgery (CSRF) vulnerability in the integrated web ...)
+CVE-2016-8673 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
NOT-FOR-US: Siemens SIMATIC CP
-CVE-2016-8672 (The integrated web server on Siemens SIMATIC CP 343-1 Advanced prior t ...)
+CVE-2016-8672 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
NOT-FOR-US: Siemens SIMATIC CP
CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for context-de ...)
NOT-FOR-US: Generic protocol issue
@@ -260150,9 +260176,9 @@ CVE-2013-3636
RESERVED
CVE-2013-3635
RESERVED
-CVE-2013-3634 (The SNMPv3 functionality on Siemens Scalance X200 IRT switches with fi ...)
+CVE-2013-3634 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens switches
-CVE-2013-3633 (The web interface on Siemens Scalance X200 IRT switches with firmware ...)
+CVE-2013-3633 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2013-3632 (The Cron service in rpc.php in OpenMediaVault allows remote authentica ...)
NOT-FOR-US: OpenMediaVault
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d44fbd1009c4aa8a3e656796612961483a3c6790
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d44fbd1009c4aa8a3e656796612961483a3c6790
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191213/f4c558a6/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list