[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 17 08:10:33 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44b41964 by security tracker role at 2019-12-17T08:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,42 @@
-CVE-2019-19816
+CVE-2019-19833
+ RESERVED
+CVE-2019-19832
+ RESERVED
+CVE-2019-19831
+ RESERVED
+CVE-2019-19829
+ RESERVED
+CVE-2019-19828
+ RESERVED
+CVE-2019-19827
+ RESERVED
+CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal make ...)
+ TODO: check
+CVE-2019-19825
+ RESERVED
+CVE-2019-19824
+ RESERVED
+CVE-2019-19823
+ RESERVED
+CVE-2019-19822
+ RESERVED
+CVE-2019-19821
+ RESERVED
+CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...)
+ TODO: check
+CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.1 ...)
+ TODO: check
+CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
+ TODO: check
+CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
+ TODO: check
+CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
- linux <unfixed>
-CVE-2019-19815
+CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux <unfixed>
-CVE-2019-19814
+CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux <unfixed>
-CVE-2019-19813
+CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
- linux <unfixed>
CVE-2019-19812
RESERVED
@@ -111,7 +143,8 @@ CVE-2019-19772
RESERVED
CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...)
NOT-FOR-US: lodahs malicious package on npm
-CVE-2019-19830 [identified authors can inject content into database]
+CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...)
+ {DSA-4583-1}
- spip 3.2.7-1
[stretch] - spip <not-affected> (Vulnerable code not present)
[jessie] - spip <not-affected> (Vulnerable code not present)
@@ -9111,8 +9144,8 @@ CVE-2019-18581
RESERVED
CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Jav ...)
NOT-FOR-US: EMC
-CVE-2019-18579
- RESERVED
+CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1. ...)
+ TODO: check
CVE-2019-18578
RESERVED
CVE-2019-18577
@@ -10036,8 +10069,8 @@ CVE-2019-18271
RESERVED
CVE-2019-18270
RESERVED
-CVE-2019-18269
- RESERVED
+CVE-2019-18269 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...)
+ TODO: check
CVE-2019-18268
RESERVED
CVE-2019-18267
@@ -10052,12 +10085,12 @@ CVE-2019-18263
RESERVED
CVE-2019-18262
RESERVED
-CVE-2019-18261
- RESERVED
+CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all version ...)
+ TODO: check
CVE-2019-18260
RESERVED
-CVE-2019-18259
- RESERVED
+CVE-2019-18259 (In Omron PLC CJ series, all versions and Omron PLC CS series, all vers ...)
+ TODO: check
CVE-2019-18258
RESERVED
CVE-2019-18257
@@ -11210,8 +11243,8 @@ CVE-2020-0001
CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an arbitrary user' ...)
- guix <itp> (bug #850644)
NOTE: https://issues.guix.gnu.org/issue/37744
-CVE-2019-18191
- RESERVED
+CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep Security ...)
+ TODO: check
CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerab ...)
NOT-FOR-US: Trend Micro
CVE-2019-18189 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
@@ -14724,10 +14757,10 @@ CVE-2019-16781
RESERVED
CVE-2019-16780
RESERVED
-CVE-2019-16779
- RESERVED
-CVE-2019-16778
- RESERVED
+CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...)
+ TODO: check
+CVE-2019-16778 (In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSu ...)
+ TODO: check
CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...)
- npm <unfixed>
NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
@@ -19941,8 +19974,8 @@ CVE-2019-15013
RESERVED
CVE-2019-15012
RESERVED
-CVE-2019-15011
- RESERVED
+CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links before versio ...)
+ TODO: check
CVE-2019-15010
RESERVED
CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and ...)
@@ -21232,28 +21265,27 @@ CVE-2019-14614
RESERVED
CVE-2019-14613
RESERVED
-CVE-2019-14612
- RESERVED
-CVE-2019-14611
- RESERVED
-CVE-2019-14610
- RESERVED
-CVE-2019-14609
- RESERVED
-CVE-2019-14608
- RESERVED
-CVE-2019-14607 [Unexpected Page Fault in Virtualized Environment Advisory]
- RESERVED
+CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...)
+ TODO: check
+CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...)
+ TODO: check
+CVE-2019-14610 (Improper access control in firmware for Intel(R) NUC(R) may allow an a ...)
+ TODO: check
+CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may allow a ...)
+ TODO: check
+CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...)
+ TODO: check
+CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may allow ...)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
TODO: check, this is likely the issue addressed with intel-microcode/3.20191115
CVE-2019-14606
RESERVED
-CVE-2019-14605
- RESERVED
-CVE-2019-14604
- RESERVED
-CVE-2019-14603
- RESERVED
+CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS Platform Di ...)
+ TODO: check
+CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for Intel(R) Quartu ...)
+ TODO: check
+CVE-2019-14603 (Improper permissions in the installer for the License Server software ...)
+ TODO: check
CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...)
NOT-FOR-US: Nuvoton* CIR Driver
CVE-2019-14601
@@ -21322,8 +21354,8 @@ CVE-2019-14570 (Memory corruption in system firmware for Intel(R) NUC may allow
NOT-FOR-US: Intel
CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may allow a pri ...)
NOT-FOR-US: Intel
-CVE-2019-14568
- RESERVED
+CVE-2019-14568 (Improper permissions in the executable for Intel(R) RST before version ...)
+ TODO: check
CVE-2019-14567
RESERVED
CVE-2019-14566 (Insufficient input validation in Intel(R) SGX SDK multiple Linux and W ...)
@@ -25615,8 +25647,8 @@ CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version
NOT-FOR-US: Medtronic Valleylab FT10 Energy Platform
CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
NOT-FOR-US: Philips
-CVE-2019-13533
- RESERVED
+CVE-2019-13533 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...)
+ TODO: check
CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
NOT-FOR-US: CODESYS
CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...)
@@ -26554,10 +26586,10 @@ CVE-2019-13184
RESERVED
CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as ...)
NOT-FOR-US: Flarum
-CVE-2019-13182
- RESERVED
-CVE-2019-13181
- RESERVED
+CVE-2019-13182 (A stored cross-site scripting (XSS) vulnerability exists in the web UI ...)
+ TODO: check
+CVE-2019-13181 (A CSV injection vulnerability exists in the web UI of SolarWinds Serv- ...)
+ TODO: check
CVE-2019-13180
RESERVED
CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...)
@@ -28687,11 +28719,9 @@ CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml t
[stretch] - libapache-poi-java <no-dsa> (Minor issue)
[jessie] - libapache-poi-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/10/23/1
-CVE-2019-12414
- RESERVED
+CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view database nam ...)
NOT-FOR-US: Apache Superset
-CVE-2019-12413
- RESERVED
+CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query database met ...)
NOT-FOR-US: Apache Superset
CVE-2019-12411
RESERVED
@@ -32236,8 +32266,8 @@ CVE-2019-11167 (Improper file permission in software installer for Intel(R) Smar
NOT-FOR-US: Intel
CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy Streaming ...)
NOT-FOR-US: Intel
-CVE-2019-11165
- RESERVED
+CVE-2019-11165 (Improper conditions check in the Linux kernel driver for the Intel(R) ...)
+ TODO: check
CVE-2019-11164
RESERVED
CVE-2019-11163 (Insufficient access control in a hardware abstraction driver for Intel ...)
@@ -32252,8 +32282,8 @@ CVE-2019-11159
RESERVED
CVE-2019-11158
RESERVED
-CVE-2019-11157
- RESERVED
+CVE-2019-11157 (Improper conditions check in voltage settings for some Intel(R) Proces ...)
+ TODO: check
CVE-2019-11156 (Logic errors in Intel(R) PROSet/Wireless WiFi Software before version ...)
NOT-FOR-US: Intel
CVE-2019-11155 (Improper directory permissions in Intel(R) PROSet/Wireless WiFi Softwa ...)
@@ -32400,8 +32430,8 @@ CVE-2019-11098
CVE-2019-11097
RESERVED
NOT-FOR-US: Intel
-CVE-2019-11096
- RESERVED
+CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218 Adapter driv ...)
+ TODO: check
CVE-2019-11095 (Insufficient access control in Intel(R) Driver & Support Assistant ...)
NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) NUC Kit ...)
@@ -33312,8 +33342,8 @@ CVE-2019-10775
RESERVED
CVE-2019-10774
RESERVED
-CVE-2019-10773
- RESERVED
+CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be abused ...)
+ TODO: check
CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 using th ...)
TODO: check
CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...)
@@ -48928,8 +48958,8 @@ CVE-2019-5261
RESERVED
CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of s ...)
NOT-FOR-US: Huawei
-CVE-2019-5259
- RESERVED
+CVE-2019-5259 (There is an information leakage vulnerability on some Huawei products( ...)
+ TODO: check
CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
NOT-FOR-US: Huawei
CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
@@ -64317,8 +64347,8 @@ CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthent
NOTE: https://github.com/tianocore/edk2/commit/5c0748f43f4e1cc15fdd0be64a764eacd7df92f6
NOTE: https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
NOTE: https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
-CVE-2019-0159
- RESERVED
+CVE-2019-0159 (Insufficient memory protection in the Linux Administrative Tools for I ...)
+ TODO: check
CVE-2019-0158 (Insufficient path checking in the installation package for Intel(R) Gr ...)
NOT-FOR-US: Intel
CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...)
@@ -64375,8 +64405,8 @@ CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi
NOTE: https://git.kernel.org/linus/588f7d39b3592a36fb7702ae3b8bdd9be4621e2f
CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...)
NOT-FOR-US: Intel
-CVE-2019-0134
- RESERVED
+CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and Thermal Fram ...)
+ TODO: check
CVE-2019-0133
RESERVED
CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...)
@@ -84352,8 +84382,8 @@ CVE-2018-11753
RESERVED
CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...)
NOT-FOR-US: cisco_ios Puppet module
-CVE-2018-11751
- RESERVED
+CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...)
+ TODO: check
CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ho ...)
NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at login tim ...)
@@ -99151,8 +99181,8 @@ CVE-2017-18109 (The login resource of CrowdId in Atlassian Crowd before version
NOT-FOR-US: Atlassian Crowd
CVE-2017-18108 (The administration SMTP configuration resource in Atlassian Crowd befo ...)
NOT-FOR-US: Atlassian Crowd
-CVE-2017-18107
- RESERVED
+CVE-2017-18107 (Various resources in the Crowd Demo application of Atlassian Crowd bef ...)
+ TODO: check
CVE-2017-18106 (The identifier_hash for a session token in Atlassian Crowd before vers ...)
NOT-FOR-US: Atlassian Crowd
CVE-2017-18105 (The console login resource in Atlassian Crowd before version 3.0.2 and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44b41964e5780f088216f9d752d0c59db5e52e7d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44b41964e5780f088216f9d752d0c59db5e52e7d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191217/e1743be9/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list