[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 2 21:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
249c08dd by security tracker role at 2019-07-02T20:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-13172
+ RESERVED
+CVE-2019-13171
+ RESERVED
+CVE-2019-13170
+ RESERVED
+CVE-2019-13169
+ RESERVED
+CVE-2019-13168
+ RESERVED
+CVE-2019-13167
+ RESERVED
+CVE-2019-13166
+ RESERVED
+CVE-2019-13165
+ RESERVED
+CVE-2019-13164
+ RESERVED
+CVE-2019-13163
+ RESERVED
+CVE-2019-13162
+ RESERVED
+CVE-2019-13161
+ RESERVED
+CVE-2019-13160
+ RESERVED
+CVE-2019-13159
+ RESERVED
+CVE-2019-13158
+ RESERVED
+CVE-2019-13157
+ RESERVED
+CVE-2019-13156
+ RESERVED
+CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
+CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
+CVE-2019-13153 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
+CVE-2019-13152 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
+CVE-2019-13151 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
+CVE-2019-13150 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
+CVE-2019-13149 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
+CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
+ TODO: check
CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...)
- audiofile <unfixed> (low; bug #931343)
[buster] - audiofile <no-dsa> (Minor issue)
@@ -238,8 +288,8 @@ CVE-2019-13058
RESERVED
CVE-2019-13057
RESERVED
-CVE-2019-13056
- RESERVED
+CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit ...)
+ TODO: check
CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES keys and ...)
NOT-FOR-US: Logitech
CVE-2019-13054 (The Logitech R500 presentation clicker allows attackers to determine t ...)
@@ -554,7 +604,7 @@ CVE-2019-12931
RESERVED
CVE-2019-12930
RESERVED
-CVE-2019-12929 (The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS co ...)
+CVE-2019-12929 (** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is ...)
- qemu <unfixed>
[buster] - qemu <no-dsa> (Minor issue)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -562,7 +612,7 @@ CVE-2019-12929 (The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to
NOTE: https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/
NOTE: The QEMU machine protocol (QMP) should not be exposed to unprivileged users,
NOTE: and is only intended for administrative control of QEMU instances.
-CVE-2019-12928 (The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerabl ...)
+CVE-2019-12928 (** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earli ...)
- qemu <unfixed>
[buster] - qemu <no-dsa> (Minor issue)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -1008,7 +1058,7 @@ CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via c
[stretch] - pyxdg <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
-CVE-2019-12760 (A deserialization vulnerability exists in the way parso through 0.4.0 ...)
+CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way parso ...)
- parso <unfixed> (bug #930356)
[buster] - parso <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1718212
@@ -1365,8 +1415,7 @@ CVE-2019-12596
RESERVED
CVE-2019-12595
RESERVED
-CVE-2019-12594
- RESERVED
+CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
- dosbox <unfixed> (bug #931222)
NOTE: Fixed in 0.74-3 upstream.
NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594
@@ -1719,7 +1768,7 @@ CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside t
NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ...)
- linux <unfixed>
-CVE-2019-12455 (An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/c ...)
+CVE-2019-12455 (** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in driv ...)
- linux <unfixed> (unimportant)
NOTE: No/negligible security impact
CVE-2019-12454 (** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in ...)
@@ -1939,10 +1988,10 @@ CVE-2019-12382 (** DISPUTED ** An issue was discovered in drm_load_edid_firmware
CVE-2019-12381 (** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip ...)
- linux <unfixed> (unimportant)
NOTE: Issue with no security impact, see kernel-sec, invalid issue
-CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux kernel throu ...)
+CVE-2019-12380 (**DISPUTED** An issue was discovered in the efi subsystem in the Linux ...)
- linux <unfixed> (unimportant)
NOTE: No security impact, all code involved runs at boot before userland starts
-CVE-2019-12379 (An issue was discovered in con_insert_unipair in drivers/tty/vt/consol ...)
+CVE-2019-12379 (** DISPUTED ** An issue was discovered in con_insert_unipair in driver ...)
- linux <unfixed> (unimportant)
NOTE: No real security issue and fix introduces real security issue, see kernel-sec
CVE-2019-12378 (** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/i ...)
@@ -15756,44 +15805,44 @@ CVE-2019-7272 (Optergy Proton/Enterprise devices allow Username Disclosure. ...)
NOT-FOR-US: Optergy Proton
CVE-2019-7271 (Nortek Linear eMerge 50P/5000P devices have Default Credentials. ...)
NOT-FOR-US: Nortek Linear
-CVE-2019-7270
- RESERVED
-CVE-2019-7269
- RESERVED
-CVE-2019-7268
- RESERVED
-CVE-2019-7267
- RESERVED
-CVE-2019-7266
- RESERVED
-CVE-2019-7265
- RESERVED
-CVE-2019-7264
- RESERVED
-CVE-2019-7263
- RESERVED
-CVE-2019-7262
- RESERVED
-CVE-2019-7261
- RESERVED
-CVE-2019-7260
- RESERVED
-CVE-2019-7259
- RESERVED
-CVE-2019-7258
- RESERVED
-CVE-2019-7257
- RESERVED
-CVE-2019-7256
- RESERVED
-CVE-2019-7255
- RESERVED
-CVE-2019-7254
- RESERVED
-CVE-2019-7253
- RESERVED
-CVE-2019-7252
- RESERVED
+CVE-2019-7270 (Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF ...)
+ TODO: check
+CVE-2019-7269 (Linear eMerge 50P/5000P devices allow Authenticated Command Injection ...)
+ TODO: check
+CVE-2019-7268 (Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. ...)
+ TODO: check
+CVE-2019-7267 (Linear eMerge 50P/5000P devices allow Cookie Path Traversal. ...)
+ TODO: check
+CVE-2019-7266 (Linear eMerge 50P/5000P devices allow Authentication Bypass. ...)
+ TODO: check
+CVE-2019-7265 (Linear eMerge E3-Series devices allow Remote Code Execution (root acce ...)
+ TODO: check
+CVE-2019-7264 (Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on ...)
+ TODO: check
+CVE-2019-7263 (Linear eMerge E3-Series devices have a Version Control Failure. ...)
+ TODO: check
+CVE-2019-7262 (Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF ...)
+ TODO: check
+CVE-2019-7261 (Linear eMerge E3-Series devices have Hard-coded Credentials. ...)
+ TODO: check
+CVE-2019-7260 (Linear eMerge E3-Series devices have Cleartext Credentials in a Databa ...)
+ TODO: check
+CVE-2019-7259 (Linear eMerge E3-Series devices allow Authorization Bypass with Inform ...)
+ TODO: check
+CVE-2019-7258 (Linear eMerge E3-Series devices allow Privilege Escalation. ...)
+ TODO: check
+CVE-2019-7257 (Linear eMerge E3-Series devices allow Unrestricted File Upload. ...)
+ TODO: check
+CVE-2019-7256 (Linear eMerge E3-Series devices allow Command Injections. ...)
+ TODO: check
+CVE-2019-7255 (Linear eMerge E3-Series devices allow XSS. ...)
+ TODO: check
+CVE-2019-7254 (Linear eMerge E3-Series devices allow File Inclusion. ...)
+ TODO: check
+CVE-2019-7253 (Linear eMerge E3-Series devices allow Directory Traversal. ...)
+ TODO: check
+CVE-2019-7252 (Linear eMerge E3-Series devices have Default Credentials. ...)
+ TODO: check
CVE-2019-7251 (An Integer Signedness issue (for a return code) in the res_pjsip_sdp_r ...)
- asterisk 1:16.2.1~dfsg-1 (bug #923690)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
@@ -20263,8 +20312,7 @@ CVE-2019-5445
RESERVED
CVE-2019-5444
RESERVED
-CVE-2019-5443
- RESERVED
+CVE-2019-5443 (A non-privileged user or program can put code and a config file in a k ...)
- curl <not-affected> (Windows-specific build issue)
CVE-2019-5442 (XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results i ...)
NOT-FOR-US: Pippo
@@ -22633,8 +22681,8 @@ CVE-2019-4294
RESERVED
CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...)
NOT-FOR-US: IBM
-CVE-2019-4292
- RESERVED
+CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
+ TODO: check
CVE-2019-4291
RESERVED
CVE-2019-4290
@@ -22697,8 +22745,8 @@ CVE-2019-4262
RESERVED
CVE-2019-4261
RESERVED
-CVE-2019-4260
- RESERVED
+CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0 ...)
+ TODO: check
CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...)
NOT-FOR-US: IBM
CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...)
@@ -22937,8 +22985,8 @@ CVE-2019-4142 (IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to
NOT-FOR-US: IBM
CVE-2019-4141
RESERVED
-CVE-2019-4140
- RESERVED
+CVE-2019-4140 (IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) c ...)
+ TODO: check
CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-s ...)
NOT-FOR-US: IBM
CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could al ...)
@@ -22949,8 +22997,8 @@ CVE-2019-4136 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0
NOT-FOR-US: IBM
CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a secur ...)
NOT-FOR-US: IBM
-CVE-2019-4134
- RESERVED
+CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
+ TODO: check
CVE-2019-4133
RESERVED
CVE-2019-4132
@@ -22959,8 +23007,8 @@ CVE-2019-4131
RESERVED
CVE-2019-4130
RESERVED
-CVE-2019-4129
- RESERVED
+CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...)
+ TODO: check
CVE-2019-4128
RESERVED
CVE-2019-4127
@@ -23041,10 +23089,10 @@ CVE-2019-4090
RESERVED
CVE-2019-4089
RESERVED
-CVE-2019-4088
- RESERVED
-CVE-2019-4087
- RESERVED
+CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allo ...)
+ TODO: check
+CVE-2019-4087 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulner ...)
+ TODO: check
CVE-2019-4086
RESERVED
CVE-2019-4085
@@ -115799,22 +115847,22 @@ CVE-2017-8413
RESERVED
CVE-2017-8412
RESERVED
-CVE-2017-8411
- RESERVED
+CVE-2017-8411 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
+ TODO: check
CVE-2017-8410
RESERVED
CVE-2017-8409
RESERVED
-CVE-2017-8408
- RESERVED
-CVE-2017-8407
- RESERVED
-CVE-2017-8406
- RESERVED
+CVE-2017-8408 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
+ TODO: check
+CVE-2017-8407 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
+ TODO: check
+CVE-2017-8406 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
+ TODO: check
CVE-2017-8405
RESERVED
-CVE-2017-8404
- RESERVED
+CVE-2017-8404 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
+ TODO: check
CVE-2017-8403 (360fly 4K cameras allow unauthenticated Wi-Fi password changes and com ...)
NOT-FOR-US: 360fly
CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute arbitrary P ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/249c08dd1b623b6e5beecb97fbf36937a7bd8571
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/249c08dd1b623b6e5beecb97fbf36937a7bd8571
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190702/804d05c8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list