[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 1 21:10:27 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0bb47b9 by security tracker role at 2019-07-01T20:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-13132
+ RESERVED
+CVE-2019-13131 (Super Micro SuperDoctor 5, when restrictions are not implemented in ag ...)
+ TODO: check
+CVE-2019-13130
+ RESERVED
+CVE-2019-13129 (On the Motorola router CX2L MWR04L 1.01, there is a stack consumption ...)
+ TODO: check
+CVE-2019-13128 (An issue was discovered on D-Link DIR-823G devices with firmware 1.02B ...)
+ TODO: check
+CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to the "draw ...)
+ TODO: check
+CVE-2019-13126
+ RESERVED
+CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evad ...)
+ TODO: check
+CVE-2019-13124
+ RESERVED
+CVE-2019-13123
+ RESERVED
+CVE-2019-13122
+ RESERVED
+CVE-2019-13121
+ RESERVED
CVE-2019-13120
RESERVED
CVE-2019-13119
@@ -211,8 +235,8 @@ CVE-2019-13026
RESERVED
CVE-2019-13025
RESERVED
-CVE-2019-13024
- RESERVED
+CVE-2019-13024 (Centreon V19.04 allows the attacker to execute arbitrary system comman ...)
+ TODO: check
CVE-2019-13023
RESERVED
CVE-2019-13022
@@ -338,8 +362,8 @@ CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) libr
NOTE: binutils not covered by security support
CVE-2019-12971
RESERVED
-CVE-2019-12970
- RESERVED
+CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...)
+ TODO: check
CVE-2019-12969
RESERVED
CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_ ...)
@@ -688,8 +712,8 @@ CVE-2019-12828 (An issue was discovered in Electronic Arts Origin before 10.5.39
NOT-FOR-US: Electronic Arts Origin
CVE-2019-12827
RESERVED
-CVE-2019-12826
- RESERVED
+CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php ...)
+ TODO: check
CVE-2019-12825
RESERVED
CVE-2019-12824
@@ -829,8 +853,7 @@ CVE-2019-12783
RESERVED
CVE-2019-12782
RESERVED
-CVE-2019-12781 [Incorrect HTTP detection with reverse-proxy connecting via HTTPS]
- RESERVED
+CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
- python-django <unfixed> (bug #931316)
NOTE: https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
NOTE: https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (master)
@@ -14410,16 +14433,16 @@ CVE-2019-7672 (Prima Systems FlexAir devices have Hard-coded Credentials. ...)
NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS. ...)
NOT-FOR-US: Prima Systems FlexAir devices
-CVE-2019-7670
- RESERVED
-CVE-2019-7669
- RESERVED
-CVE-2019-7668
- RESERVED
-CVE-2019-7667
- RESERVED
-CVE-2019-7666
- RESERVED
+CVE-2019-7670 (Prima Systems FlexAir devices allow Authenticated Command Injection re ...)
+ TODO: check
+CVE-2019-7669 (Prima Systems FlexAir devices allow Unauthenticated Command Injection ...)
+ TODO: check
+CVE-2019-7668 (Prima Systems FlexAir devices have Default Credentials. ...)
+ TODO: check
+CVE-2019-7667 (Prima Systems FlexAir devices allow unauthenticated download of the da ...)
+ TODO: check
+CVE-2019-7666 (Prima Systems FlexAir devices allow authentication with MD5 hashes dir ...)
+ TODO: check
CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
{DLA-1689-1}
- elfutils 0.176-1 (low; bug #921880)
@@ -15614,12 +15637,12 @@ CVE-2019-7285
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-7284
RESERVED
-CVE-2019-7281
- RESERVED
-CVE-2019-7280
- RESERVED
-CVE-2019-7279
- RESERVED
+CVE-2019-7281 (Prima Systems FlexAir devices allow Cross-Site Request Forgery (CSRF). ...)
+ TODO: check
+CVE-2019-7280 (Prima Systems FlexAir devices have an Insufficient Session-ID Length. ...)
+ TODO: check
+CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials. ...)
+ TODO: check
CVE-2019-7278
RESERVED
CVE-2019-7277
@@ -22277,8 +22300,8 @@ CVE-2019-4412
RESERVED
CVE-2019-4411
RESERVED
-CVE-2019-4410
- RESERVED
+CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...)
+ TODO: check
CVE-2019-4409
RESERVED
CVE-2019-4408
@@ -22325,14 +22348,14 @@ CVE-2019-4388
RESERVED
CVE-2019-4387
RESERVED
-CVE-2019-4386
- RESERVED
+CVE-2019-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+ TODO: check
CVE-2019-4385 (IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password i ...)
NOT-FOR-US: IBM
CVE-2019-4384 (IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse ...)
NOT-FOR-US: IBM
-CVE-2019-4383
- RESERVED
+CVE-2019-4383 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to pro ...)
+ TODO: check
CVE-2019-4382 (IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized us ...)
NOT-FOR-US: IBM
CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain sensiti ...)
@@ -22383,8 +22406,8 @@ CVE-2019-4359
RESERVED
CVE-2019-4358
RESERVED
-CVE-2019-4357
- RESERVED
+CVE-2019-4357 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to pro ...)
+ TODO: check
CVE-2019-4356
RESERVED
CVE-2019-4355
@@ -22423,10 +22446,10 @@ CVE-2019-4339
RESERVED
CVE-2019-4338
RESERVED
-CVE-2019-4337
- RESERVED
-CVE-2019-4336
- RESERVED
+CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
+ TODO: check
+CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses an ina ...)
+ TODO: check
CVE-2019-4335
RESERVED
CVE-2019-4334
@@ -22453,8 +22476,8 @@ CVE-2019-4324
RESERVED
CVE-2019-4323
RESERVED
-CVE-2019-4322
- RESERVED
+CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2019-4321
RESERVED
CVE-2019-4320
@@ -22499,16 +22522,16 @@ CVE-2019-4301
RESERVED
CVE-2019-4300
RESERVED
-CVE-2019-4299
- RESERVED
-CVE-2019-4298
- RESERVED
-CVE-2019-4297
- RESERVED
-CVE-2019-4296
- RESERVED
-CVE-2019-4295
- RESERVED
+CVE-2019-4299 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
+ TODO: check
+CVE-2019-4298 (IBM Robotic Process Automation with Automation Anywhere 11 uses a high ...)
+ TODO: check
+CVE-2019-4297 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
+ TODO: check
+CVE-2019-4296 (IBM Robotic Process Automation with Automation Anywhere 11 information ...)
+ TODO: check
+CVE-2019-4295 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
+ TODO: check
CVE-2019-4294
RESERVED
CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...)
@@ -22623,8 +22646,8 @@ CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1)
NOT-FOR-US: IBM
CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
NOT-FOR-US: IBM
-CVE-2019-4237
- RESERVED
+CVE-2019-4237 (A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Se ...)
+ TODO: check
CVE-2019-4236
RESERVED
CVE-2019-4235 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require th ...)
@@ -22789,8 +22812,8 @@ CVE-2019-4156 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than
NOT-FOR-US: IBM
CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted b ...)
NOT-FOR-US: IBM
-CVE-2019-4154
- RESERVED
+CVE-2019-4154 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2019-4153 (IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote a ...)
NOT-FOR-US: IBM
CVE-2019-4152 (IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate se ...)
@@ -22893,10 +22916,10 @@ CVE-2019-4104
RESERVED
CVE-2019-4103 (IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command ...)
NOT-FOR-US: IBM
-CVE-2019-4102
- RESERVED
-CVE-2019-4101
- RESERVED
+CVE-2019-4102 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
+CVE-2019-4101 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...)
+ TODO: check
CVE-2019-4100
RESERVED
CVE-2019-4099
@@ -22983,8 +23006,8 @@ CVE-2019-4059 (IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficientl
NOT-FOR-US: IBM
CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to ma ...)
NOT-FOR-US: IBM
-CVE-2019-4057
- RESERVED
+CVE-2019-4057 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work Centers' application does not val ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 ...)
@@ -30739,10 +30762,10 @@ CVE-2019-1580
RESERVED
CVE-2019-1579
RESERVED
-CVE-2019-1578
- RESERVED
-CVE-2019-1577
- RESERVED
+CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks MineMeld vers ...)
+ TODO: check
+CVE-2019-1577 (Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and ear ...)
+ TODO: check
CVE-2019-1576
RESERVED
CVE-2019-1575
@@ -154278,10 +154301,10 @@ CVE-2016-5240 (The DrawDashPolygon function in magick/render.c in GraphicsMagick
NOTE: DLA-547-1 didn't fix this properly
CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in the Stea ...)
NOT-FOR-US: Valve Steam
-CVE-2016-5236
- RESERVED
-CVE-2016-5235
- RESERVED
+CVE-2016-5236 (Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9 ...)
+ TODO: check
+CVE-2016-5235 (A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe D ...)
+ TODO: check
CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-n ...)
- linux <not-affected> (Vulnerable code never present, introduced and fixed in 3.16 development cycle)
NOTE: Introduced by: https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 (v3.16-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0bb47b9a19480d5cc64f67e39ec943ab79c3e5b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0bb47b9a19480d5cc64f67e39ec943ab79c3e5b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190701/1cd3a0f2/attachment.html>
More information about the debian-security-tracker-commits
mailing list