[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Dec 16 20:10:30 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fbabc59 by security tracker role at 2019-12-16T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-19812
+	RESERVED
+CVE-2019-19811
+	RESERVED
+CVE-2019-19810
+	RESERVED
+CVE-2019-19809
+	RESERVED
 CVE-2019-XXXX [kadm5.acl should set proper rights for users]
 	- debian-edu-config <unfixed> (bug #946797)
 CVE-2019-19808
@@ -60,8 +68,7 @@ CVE-2019-19785 (ATasm 1.06 has a stack-based buffer overflow in the to_comma() f
 	NOT-FOR-US: ATasm
 CVE-2019-19784
 	RESERVED
-CVE-2019-19783
-	RESERVED
+CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0. ...)
 	- cyrus-imapd 3.0.13-1
 	NOTE: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes
 CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long  ...)
@@ -1162,8 +1169,8 @@ CVE-2019-19745
 	RESERVED
 CVE-2019-19744
 	RESERVED
-CVE-2019-19743
-	RESERVED
+CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a root(admi ...)
+	TODO: check
 CVE-2019-19742
 	RESERVED
 CVE-2019-19741
@@ -1186,8 +1193,8 @@ CVE-2019-19733
 	RESERVED
 CVE-2019-19732
 	RESERVED
-CVE-2019-19731
-	RESERVED
+CVE-2019-19731 (Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote  ...)
+	TODO: check
 CVE-2019-19730
 	RESERVED
 CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
@@ -4769,8 +4776,8 @@ CVE-2019-19370
 	RESERVED
 CVE-2019-19369
 	RESERVED
-CVE-2019-19368
-	RESERVED
+CVE-2019-19368 (A Reflected Cross Site Scripting was discovered in the Login page of R ...)
+	TODO: check
 CVE-2019-19367 (A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in ...)
 	NOT-FOR-US: FusionPBX
 CVE-2019-19366 (A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_sear ...)
@@ -5007,8 +5014,7 @@ CVE-2019-19332 [KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID]
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
-CVE-2019-19331
-	RESERVED
+CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service  ...)
 	- knot-resolver <unfixed> (bug #946181)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4
 CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...)
@@ -6318,18 +6324,18 @@ CVE-2019-18833
 	RESERVED
 CVE-2019-18832
 	RESERVED
-CVE-2019-18831
-	RESERVED
-CVE-2019-18830
-	RESERVED
+CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
+	TODO: check
+CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Comm ...)
+	TODO: check
 CVE-2019-18829
 	RESERVED
-CVE-2019-18828
-	RESERVED
-CVE-2019-18827
-	RESERVED
-CVE-2019-18826
-	RESERVED
+CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insuffic ...)
+	TODO: check
+CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before firmware versio ...)
+	TODO: check
+CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper ...)
+	TODO: check
 CVE-2019-18825
 	RESERVED
 CVE-2019-18824
@@ -14014,7 +14020,7 @@ CVE-2019-17013
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
 CVE-2019-17012
 	RESERVED
-	{DSA-4585-1 DSA-4580-1 DLA-2029-1}
+	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
 	- thunderbird 1:68.3.0-1
@@ -14023,7 +14029,7 @@ CVE-2019-17012
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012
 CVE-2019-17011
 	RESERVED
-	{DSA-4585-1 DSA-4580-1 DLA-2029-1}
+	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
 	- thunderbird 1:68.3.0-1
@@ -14032,7 +14038,7 @@ CVE-2019-17011
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011
 CVE-2019-17010
 	RESERVED
-	{DSA-4585-1 DSA-4580-1 DLA-2029-1}
+	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
 	- thunderbird 1:68.3.0-1
@@ -14049,7 +14055,7 @@ CVE-2019-17009
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009
 CVE-2019-17008
 	RESERVED
-	{DSA-4585-1 DSA-4580-1 DLA-2029-1}
+	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
 	- thunderbird 1:68.3.0-1
@@ -14069,7 +14075,7 @@ CVE-2019-17006
 	RESERVED
 CVE-2019-17005
 	RESERVED
-	{DSA-4585-1 DSA-4580-1 DLA-2029-1}
+	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
 	- thunderbird 1:68.3.0-1
@@ -21245,8 +21251,8 @@ CVE-2019-14601
 	RESERVED
 CVE-2019-14600
 	RESERVED
-CVE-2019-14599
-	RESERVED
+CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier  ...)
+	TODO: check
 CVE-2019-14598
 	RESERVED
 CVE-2019-14597
@@ -28653,7 +28659,7 @@ CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me"
 CVE-2019-12421 (When using an authentication mechanism other than PKI, when the user c ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in a way ...)
-	{DSA-4584-1}
+	{DSA-4584-1 DLA-2037-1}
 	- spamassassin 3.4.3~rc6-1 (bug #946653)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/2
 	NOTE: https://markmail.org/message/pyp425yrulfxyhrn
@@ -50422,8 +50428,8 @@ CVE-2019-4562
 	RESERVED
 CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...)
 	NOT-FOR-US: IBM
-CVE-2019-4560
-	RESERVED
+CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulne ...)
+	TODO: check
 CVE-2019-4559
 	RESERVED
 CVE-2019-4558 (A security vulnerability has been identified in all levels of IBM Spec ...)
@@ -50654,8 +50660,8 @@ CVE-2019-4446
 	RESERVED
 CVE-2019-4445
 	RESERVED
-CVE-2019-4444
-	RESERVED
+CVE-2019-4444 (IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user regi ...)
+	TODO: check
 CVE-2019-4443
 	RESERVED
 CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a  ...)
@@ -84156,7 +84162,7 @@ CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in Je
 CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins Git Plug ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be configu ...)
-	{DSA-4584-1}
+	{DSA-4584-1 DLA-2037-1}
 	- spamassassin 3.4.3~rc6-1 (bug #946652)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/1
 	NOTE: https://markmail.org/message/pyp425yrulfxyhrn



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbabc59642fbd50788027194aac02e456469edf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbabc59642fbd50788027194aac02e456469edf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191216/c4a4e09b/attachment.html>

More information about the debian-security-tracker-commits mailing list