[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 17 21:10:39 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3b586115 by security tracker role at 2019-07-17T20:10:30Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-13633
+ RESERVED
+CVE-2019-13632
+ RESERVED
+CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
+ TODO: check
+CVE-2019-13630
+ RESERVED
+CVE-2019-13629
+ RESERVED
+CVE-2019-13628
+ RESERVED
+CVE-2019-13627
+ RESERVED
+CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buff ...)
+ TODO: check
CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or restore ...)
- ghidra <itp> (bug #923851)
TODO: check
@@ -26,10 +42,10 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.
CVE-2019-13615 (VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in ...)
- vlc <unfixed> (bug #932241)
NOTE: https://trac.videolan.org/vlc/ticket/22474
-CVE-2019-13614
- RESERVED
-CVE-2019-13613
- RESERVED
+CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link ...)
+ TODO: check
+CVE-2019-13613 (CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wirel ...)
+ TODO: check
CVE-2019-13612 (MDaemon Email Server 19 skips SpamAssassin checks by default for e-mai ...)
NOT-FOR-US: MDaemon Email Server
CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. There is a C ...)
@@ -1076,10 +1092,10 @@ CVE-2019-13587
RESERVED
CVE-2019-13586
RESERVED
-CVE-2019-13585
- RESERVED
-CVE-2019-13584
- RESERVED
+CVE-2019-13585 (The remote admin webserver on FANUC Robotics Virtual Robot Controller ...)
+ TODO: check
+CVE-2019-13584 (The remote admin webserver on FANUC Robotics Virtual Robot Controller ...)
+ TODO: check
CVE-2019-13583
RESERVED
CVE-2019-13582
@@ -1113,8 +1129,8 @@ CVE-2019-13575
CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...)
{DSA-4481-1}
- ruby-mini-magick <unfixed> (bug #931932)
-CVE-2019-13573
- RESERVED
+CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowplayer ...)
+ TODO: check
CVE-2019-13572
RESERVED
CVE-2019-13571
@@ -1368,8 +1384,8 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplic
- imagemagick <unfixed> (bug #931740)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
-CVE-2019-13453
- RESERVED
+CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...)
+ TODO: check
CVE-2019-13452
RESERVED
CVE-2019-13451
@@ -1386,7 +1402,7 @@ CVE-2019-13448
CVE-2019-13447
RESERVED
CVE-2019-13446
- RESERVED
+ REJECTED
CVE-2019-13445
RESERVED
CVE-2019-13444
@@ -1471,8 +1487,8 @@ CVE-2019-13405
RESERVED
CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows ...)
NOT-FOR-US: Disputed issue for Windows installer for Python
-CVE-2019-13403
- RESERVED
+CVE-2019-13403 (Temenos CWX version 8.9 has an Broken Access Control vulnerability in ...)
+ TODO: check
CVE-2019-13402 (/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactoryd ...)
NOT-FOR-US: Dynacolor
CVE-2019-13401 (Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi ...)
@@ -1594,8 +1610,8 @@ CVE-2019-13348
RESERVED
CVE-2019-13347
RESERVED
-CVE-2019-13346
- RESERVED
+CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
+ TODO: check
CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
{DLA-1847-1}
- squid <unfixed> (bug #931478)
@@ -1792,8 +1808,8 @@ CVE-2019-13274
RESERVED
CVE-2019-13273
RESERVED
-CVE-2019-13272
- RESERVED
+CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mish ...)
+ TODO: check
CVE-2019-13271
RESERVED
CVE-2019-13270
@@ -1911,6 +1927,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguru
[jessie] - libonig <not-affected> (vulnerable code was introduced later)
NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...)
+ {DLA-1854-1}
- libonig 6.9.2-1 (low; bug #931878)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
@@ -3820,8 +3837,8 @@ CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiv
NOT-FOR-US: Supra Smart Cloud TV
CVE-2019-12476 (An authentication bypass vulnerability in the password reset functiona ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2019-12475
- RESERVED
+CVE-2019-12475 (In MicroStrategy Web before 10.4.6, there is stored XSS in metric due ...)
+ TODO: check
CVE-2019-12474 (Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Pri ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
@@ -4671,8 +4688,8 @@ CVE-2019-12177 (Privilege escalation due to insecure directory permissions affec
NOT-FOR-US: HTC VIVEPORT
CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and "ViveportDesktop ...)
NOT-FOR-US: HTC VIVEPORT
-CVE-2019-12175
- RESERVED
+CVE-2019-12175 (In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, ...)
+ TODO: check
CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege escalation vuln ...)
NOT-FOR-US: hide.me
CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, w ...)
@@ -9312,12 +9329,12 @@ CVE-2019-10356
RESERVED
CVE-2019-10355
RESERVED
-CVE-2019-10354
- RESERVED
-CVE-2019-10353
- RESERVED
-CVE-2019-10352
- RESERVED
+CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...)
+ TODO: check
+CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did ...)
+ TODO: check
+CVE-2019-10352 (A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176 ...)
+ TODO: check
CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in job config ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted in job co ...)
@@ -11097,8 +11114,8 @@ CVE-2019-1010093
RESERVED
CVE-2019-1010092
RESERVED
-CVE-2019-1010091
- RESERVED
+CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...)
+ TODO: check
CVE-2019-1010090
RESERVED
CVE-2019-1010089
@@ -11111,10 +11128,10 @@ CVE-2019-1010086
RESERVED
CVE-2019-1010085
RESERVED
-CVE-2019-1010084
- RESERVED
-CVE-2019-1010083
- RESERVED
+CVE-2019-1010084 (Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect ...)
+ TODO: check
+CVE-2019-1010083 (The Pallets Project Flask before 1.0 is affected by: unexpected memory ...)
+ TODO: check
CVE-2019-1010082
RESERVED
CVE-2019-1010081
@@ -11190,8 +11207,8 @@ CVE-2019-1010050
RESERVED
CVE-2019-1010049
RESERVED
-CVE-2019-1010048 (UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can ...)
- TODO: check
+CVE-2019-1010048
+ REJECTED
CVE-2019-1010047
RESERVED
CVE-2019-1010046
@@ -11391,14 +11408,12 @@ CVE-2019-9851
RESERVED
CVE-2019-9850
RESERVED
-CVE-2019-9849 [remote bullet graphics retrieved in 'stealth mode']
- RESERVED
+CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from location ...)
{DSA-4483-1}
[experimental] - libreoffice 1:6.3.0~beta2-1
- libreoffice 1:6.3.0~rc1-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/
-CVE-2019-9848 [LibreLogo arbitrary script execution]
- RESERVED
+CVE-2019-9848 (LibreOffice has a feature where documents can specify that pre-install ...)
{DSA-4483-1}
[experimental] - libreoffice 1:6.3.0~beta2-1
- libreoffice 1:6.3.0~rc1-1
@@ -24767,8 +24782,8 @@ CVE-2019-4432
RESERVED
CVE-2019-4431
RESERVED
-CVE-2019-4430
- RESERVED
+CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker to trave ...)
+ TODO: check
CVE-2019-4429
RESERVED
CVE-2019-4428
@@ -25205,8 +25220,8 @@ CVE-2019-4213
RESERVED
CVE-2019-4212
RESERVED
-CVE-2019-4211
- RESERVED
+CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...)
NOT-FOR-US: IBM
CVE-2019-4209
@@ -25239,8 +25254,8 @@ CVE-2019-4196
RESERVED
CVE-2019-4195
RESERVED
-CVE-2019-4194
- RESERVED
+CVE-2019-4194 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing ...)
+ TODO: check
CVE-2019-4193 (IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive inf ...)
NOT-FOR-US: IBM
CVE-2019-4192
@@ -25519,8 +25534,8 @@ CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work Centers' application does no
NOT-FOR-US: IBM Maximo Asset Management
CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 ...)
NOT-FOR-US: IBM
-CVE-2019-4054
- RESERVED
+CVE-2019-4054 (IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensiti ...)
+ TODO: check
CVE-2019-4053
RESERVED
CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthe ...)
@@ -85737,10 +85752,10 @@ CVE-2018-2024
RESERVED
CVE-2018-2023
RESERVED
-CVE-2018-2022
- RESERVED
-CVE-2018-2021
- RESERVED
+CVE-2018-2022 (IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unautho ...)
+ TODO: check
+CVE-2018-2021 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2018-2020
RESERVED
CVE-2018-2019 (IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to ...)
@@ -85939,8 +85954,8 @@ CVE-2018-1923 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2018-1922 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
-CVE-2018-1921
- RESERVED
+CVE-2018-1921 (IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2018-1920 (IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML Ex ...)
NOT-FOR-US: IBM
CVE-2018-1919
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b5861155314dd299004d1dd72ea72b2eb989055
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b5861155314dd299004d1dd72ea72b2eb989055
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190717/e57a9d74/attachment.html>
More information about the debian-security-tracker-commits
mailing list