[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 23 20:10:51 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de0dfaa4 by security tracker role at 2019-12-23T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
+ TODO: check
CVE-2019-19943
RESERVED
CVE-2019-19942
@@ -964,8 +966,7 @@ CVE-2019-19810
RESERVED
CVE-2019-19809
RESERVED
-CVE-2019-3467 [kadm5.acl should set proper rights for users]
- RESERVED
+CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of configuration fi ...)
{DSA-4589-1 DLA-2041-1}
- debian-edu-config 2.11.10 (bug #946797)
CVE-2019-19808
@@ -5968,8 +5969,7 @@ CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA
- linux <not-affected> (Only affects specific distro kernels which do not include commit e1d38b63acd8)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/10/3
NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1
-CVE-2019-19337
- RESERVED
+CVE-2019-19337 (A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph ...)
- ceph <not-affected> (Only affects Ceph as packaged by Red Hat)
CVE-2019-19336
RESERVED
@@ -6488,10 +6488,10 @@ CVE-2019-19153
RESERVED
CVE-2019-19152
RESERVED
-CVE-2019-19151
- RESERVED
-CVE-2019-19150
- RESERVED
+CVE-2019-19151 (On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12 ...)
+ TODO: check
+CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1 ...)
+ TODO: check
CVE-2019-19149
RESERVED
CVE-2019-19148
@@ -10733,20 +10733,18 @@ CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 doe
NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-18392
RESERVED
-CVE-2019-18391 [heap based buffer overflow in the vrend_renderer_transfer_write_iov function]
- RESERVED
+CVE-2019-18391 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
- virglrenderer 0.8.1-1 (bug #946942)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
-CVE-2019-18390
- RESERVED
-CVE-2019-18389 [heap buffer overflow in the vrend_renderer_transfer_write_iov function]
- RESERVED
+CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function in vrend ...)
+ TODO: check
+CVE-2019-18389 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
- virglrenderer 0.8.1-1 (bug #946942)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
-CVE-2019-18388
- RESERVED
+CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
+ TODO: check
CVE-2019-18387 (Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to ...)
NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
CVE-2019-18386
@@ -11091,8 +11089,8 @@ CVE-2019-18236
RESERVED
CVE-2019-18235
RESERVED
-CVE-2019-18234
- RESERVED
+CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...)
+ TODO: check
CVE-2019-18233
RESERVED
CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...)
@@ -13536,8 +13534,7 @@ CVE-2019-17565
RESERVED
CVE-2019-17564
RESERVED
-CVE-2019-17563 [Session fixation]
- RESERVED
+CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
- tomcat7 <removed>
@@ -29707,8 +29704,7 @@ CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in
NOTE: https://svn.apache.org/r1866128
CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...)
NOT-FOR-US: Apache CFX
-CVE-2019-12418 [local privilege escalation]
- RESERVED
+CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
- tomcat7 <removed>
@@ -41815,8 +41811,8 @@ CVE-2019-8465
RESERVED
CVE-2019-8464
RESERVED
-CVE-2019-8463
- RESERVED
+CVE-2019-8463 (A denial of service vulnerability was reported in Check Point Endpoint ...)
+ TODO: check
CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before JHF Tak ...)
NOT-FOR-US: Check Point R80.30 Security Gateway
CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
@@ -46197,32 +46193,32 @@ CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web frame
NOT-FOR-US: Jenkins
CVE-2019-6689 (An issue was discovered in Dillon Kane Tidal Workload Automation Agent ...)
NOT-FOR-US: Dillon Kane Tidal Workload Automation Agent
-CVE-2019-6688
- RESERVED
-CVE-2019-6687
- RESERVED
-CVE-2019-6686
- RESERVED
-CVE-2019-6685
- RESERVED
-CVE-2019-6684
- RESERVED
-CVE-2019-6683
- RESERVED
-CVE-2019-6682
- RESERVED
-CVE-2019-6681
- RESERVED
-CVE-2019-6680
- RESERVED
-CVE-2019-6679
- RESERVED
-CVE-2019-6678
- RESERVED
-CVE-2019-6677
- RESERVED
-CVE-2019-6676
- RESERVED
+CVE-2019-6688 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13 ...)
+ TODO: check
+CVE-2019-6687 (On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services pr ...)
+ TODO: check
+CVE-2019-6686 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1 ...)
+ TODO: check
+CVE-2019-6685 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13 ...)
+ TODO: check
+CVE-2019-6684 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0- ...)
+ TODO: check
+CVE-2019-6683 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13 ...)
+ TODO: check
+CVE-2019-6682 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0- ...)
+ TODO: check
+CVE-2019-6681 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1 ...)
+ TODO: check
+CVE-2019-6680 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0 ...)
+ TODO: check
+CVE-2019-6679 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, ...)
+ TODO: check
+CVE-2019-6678 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and ...)
+ TODO: check
+CVE-2019-6677 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0 ...)
+ TODO: check
+CVE-2019-6676 (On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM m ...)
+ TODO: check
CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6674 (On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash ...)
@@ -49845,8 +49841,8 @@ CVE-2019-5278 (There is an out-of-bounds read vulnerability in the Advanced Pack
NOT-FOR-US: Huawei
CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak v ...)
NOT-FOR-US: Huawei
-CVE-2019-5276
- RESERVED
+CVE-2019-5276 (Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C0 ...)
+ TODO: check
CVE-2019-5275
RESERVED
CVE-2019-5274
@@ -49863,12 +49859,12 @@ CVE-2019-5269 (Some Huawei home routers have an improper authorization vulnerabi
NOT-FOR-US: Huawei
CVE-2019-5268 (Some Huawei home routers have an input validation vulnerability. Due t ...)
NOT-FOR-US: Huawei
-CVE-2019-5267
- RESERVED
-CVE-2019-5266
- RESERVED
-CVE-2019-5265
- RESERVED
+CVE-2019-5267 (Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vu ...)
+ TODO: check
+CVE-2019-5266 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an ...)
+ TODO: check
+CVE-2019-5265 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an ...)
+ TODO: check
CVE-2019-5264 (There is an information disclosure vulnerability in certain Huawei sma ...)
NOT-FOR-US: Huawei
CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...)
@@ -50193,8 +50189,8 @@ CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authentica
NOT-FOR-US: Forma LMS
CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...)
NOT-FOR-US: Forma LMS
-CVE-2019-5108
- RESERVED
+CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...)
+ TODO: check
CVE-2019-5107
RESERVED
CVE-2019-5106
@@ -54099,12 +54095,12 @@ CVE-2019-3433
RESERVED
CVE-2019-3432
RESERVED
-CVE-2019-3431
- RESERVED
-CVE-2019-3430
- RESERVED
-CVE-2019-3429
- RESERVED
+CVE-2019-3431 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
+ TODO: check
+CVE-2019-3430 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
+ TODO: check
+CVE-2019-3429 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
+ TODO: check
CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
NOT-FOR-US: ZTE
CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
@@ -116496,7 +116492,7 @@ CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS
NOT-FOR-US: Huawei
CVE-2017-17305 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
NOT-FOR-US: Huawei
-CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R ...)
+CVE-2017-17304 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
NOT-FOR-US: Huawei
CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C0 ...)
NOT-FOR-US: Huawei
@@ -116764,11 +116760,11 @@ CVE-2017-17172 (Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L
NOT-FOR-US: Huawei
CVE-2017-17171 (Some Huawei smart phones have the denial of service (DoS) vulnerabilit ...)
NOT-FOR-US: Huawei
-CVE-2017-17170 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R ...)
+CVE-2017-17170 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
NOT-FOR-US: Huawei
-CVE-2017-17169 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R ...)
+CVE-2017-17169 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
NOT-FOR-US: Huawei
-CVE-2017-17168 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R ...)
+CVE-2017-17168 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
NOT-FOR-US: Huawei
CVE-2017-17167 (Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C ...)
NOT-FOR-US: Huawei
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de0dfaa410595316848dbfa21b7d39fbb3d0e2d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de0dfaa410595316848dbfa21b7d39fbb3d0e2d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191223/d1f77a2e/attachment.html>
More information about the debian-security-tracker-commits
mailing list