[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 31 21:10:30 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c40f92c by security tracker role at 2019-07-31T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,561 @@
+CVE-2019-14453
+ RESERVED
+CVE-2018-20953
+ RESERVED
+CVE-2018-20952
+ RESERVED
+CVE-2018-20951
+ RESERVED
+CVE-2018-20950
+ RESERVED
+CVE-2018-20949
+ RESERVED
+CVE-2018-20948
+ RESERVED
+CVE-2018-20947
+ RESERVED
+CVE-2018-20946
+ RESERVED
+CVE-2018-20945
+ RESERVED
+CVE-2018-20944
+ RESERVED
+CVE-2018-20943
+ RESERVED
+CVE-2018-20942
+ RESERVED
+CVE-2018-20941
+ RESERVED
+CVE-2018-20940
+ RESERVED
+CVE-2018-20939
+ RESERVED
+CVE-2018-20938
+ RESERVED
+CVE-2018-20937
+ RESERVED
+CVE-2018-20936
+ RESERVED
+CVE-2018-20935
+ RESERVED
+CVE-2018-20934
+ RESERVED
+CVE-2018-20933
+ RESERVED
+CVE-2018-20932
+ RESERVED
+CVE-2018-20931
+ RESERVED
+CVE-2018-20930
+ RESERVED
+CVE-2018-20929
+ RESERVED
+CVE-2018-20928
+ RESERVED
+CVE-2018-20927
+ RESERVED
+CVE-2018-20926
+ RESERVED
+CVE-2018-20925
+ RESERVED
+CVE-2018-20924
+ RESERVED
+CVE-2018-20923
+ RESERVED
+CVE-2018-20922
+ RESERVED
+CVE-2018-20921
+ RESERVED
+CVE-2018-20920
+ RESERVED
+CVE-2018-20919
+ RESERVED
+CVE-2018-20918
+ RESERVED
+CVE-2018-20917
+ RESERVED
+CVE-2018-20916
+ RESERVED
+CVE-2018-20915
+ RESERVED
+CVE-2018-20914
+ RESERVED
+CVE-2018-20913
+ RESERVED
+CVE-2018-20912
+ RESERVED
+CVE-2018-20911
+ RESERVED
+CVE-2018-20910
+ RESERVED
+CVE-2018-20909
+ RESERVED
+CVE-2018-20908
+ RESERVED
+CVE-2018-20907
+ RESERVED
+CVE-2018-20906
+ RESERVED
+CVE-2018-20905
+ RESERVED
+CVE-2018-20904
+ RESERVED
+CVE-2018-20903
+ RESERVED
+CVE-2018-20902
+ RESERVED
+CVE-2018-20901
+ RESERVED
+CVE-2018-20900
+ RESERVED
+CVE-2018-20899
+ RESERVED
+CVE-2018-20898
+ RESERVED
+CVE-2018-20897
+ RESERVED
+CVE-2018-20896
+ RESERVED
+CVE-2018-20895
+ RESERVED
+CVE-2018-20894
+ RESERVED
+CVE-2018-20893
+ RESERVED
+CVE-2018-20892
+ RESERVED
+CVE-2018-20891
+ RESERVED
+CVE-2018-20890
+ RESERVED
+CVE-2018-20889
+ RESERVED
+CVE-2018-20888
+ RESERVED
+CVE-2018-20887
+ RESERVED
+CVE-2018-20886
+ RESERVED
+CVE-2018-20885
+ RESERVED
+CVE-2018-20884
+ RESERVED
+CVE-2018-20883
+ RESERVED
+CVE-2018-20882
+ RESERVED
+CVE-2018-20881
+ RESERVED
+CVE-2018-20880
+ RESERVED
+CVE-2018-20879
+ RESERVED
+CVE-2018-20878
+ RESERVED
+CVE-2018-20877
+ RESERVED
+CVE-2018-20876
+ RESERVED
+CVE-2018-20875
+ RESERVED
+CVE-2018-20874
+ RESERVED
+CVE-2018-20873
+ RESERVED
+CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...)
+ TODO: check
+CVE-2017-18482
+ RESERVED
+CVE-2017-18481
+ RESERVED
+CVE-2017-18480
+ RESERVED
+CVE-2017-18479
+ RESERVED
+CVE-2017-18478
+ RESERVED
+CVE-2017-18477
+ RESERVED
+CVE-2017-18476
+ RESERVED
+CVE-2017-18475
+ RESERVED
+CVE-2017-18474
+ RESERVED
+CVE-2017-18473
+ RESERVED
+CVE-2017-18472
+ RESERVED
+CVE-2017-18471
+ RESERVED
+CVE-2017-18470
+ RESERVED
+CVE-2017-18469
+ RESERVED
+CVE-2017-18468
+ RESERVED
+CVE-2017-18467
+ RESERVED
+CVE-2017-18466
+ RESERVED
+CVE-2017-18465
+ RESERVED
+CVE-2017-18464
+ RESERVED
+CVE-2017-18463
+ RESERVED
+CVE-2017-18462
+ RESERVED
+CVE-2017-18461
+ RESERVED
+CVE-2017-18460
+ RESERVED
+CVE-2017-18459
+ RESERVED
+CVE-2017-18458
+ RESERVED
+CVE-2017-18457
+ RESERVED
+CVE-2017-18456
+ RESERVED
+CVE-2017-18455
+ RESERVED
+CVE-2017-18454
+ RESERVED
+CVE-2017-18453
+ RESERVED
+CVE-2017-18452
+ RESERVED
+CVE-2017-18451
+ RESERVED
+CVE-2017-18450
+ RESERVED
+CVE-2017-18449
+ RESERVED
+CVE-2017-18448
+ RESERVED
+CVE-2017-18447
+ RESERVED
+CVE-2017-18446
+ RESERVED
+CVE-2017-18445
+ RESERVED
+CVE-2017-18444
+ RESERVED
+CVE-2017-18443
+ RESERVED
+CVE-2017-18442
+ RESERVED
+CVE-2017-18441
+ RESERVED
+CVE-2017-18440
+ RESERVED
+CVE-2017-18439
+ RESERVED
+CVE-2017-18438
+ RESERVED
+CVE-2017-18437
+ RESERVED
+CVE-2017-18436
+ RESERVED
+CVE-2017-18435
+ RESERVED
+CVE-2017-18434
+ RESERVED
+CVE-2017-18433
+ RESERVED
+CVE-2017-18432
+ RESERVED
+CVE-2017-18431
+ RESERVED
+CVE-2017-18430
+ RESERVED
+CVE-2017-18429
+ RESERVED
+CVE-2017-18428
+ RESERVED
+CVE-2017-18427
+ RESERVED
+CVE-2017-18426
+ RESERVED
+CVE-2017-18425
+ RESERVED
+CVE-2017-18424
+ RESERVED
+CVE-2017-18423
+ RESERVED
+CVE-2017-18422
+ RESERVED
+CVE-2017-18421
+ RESERVED
+CVE-2017-18420
+ RESERVED
+CVE-2017-18419
+ RESERVED
+CVE-2017-18418
+ RESERVED
+CVE-2017-18417
+ RESERVED
+CVE-2017-18416
+ RESERVED
+CVE-2017-18415
+ RESERVED
+CVE-2017-18414
+ RESERVED
+CVE-2017-18413
+ RESERVED
+CVE-2017-18412
+ RESERVED
+CVE-2017-18411
+ RESERVED
+CVE-2017-18410
+ RESERVED
+CVE-2017-18409
+ RESERVED
+CVE-2017-18408
+ RESERVED
+CVE-2017-18407
+ RESERVED
+CVE-2017-18406
+ RESERVED
+CVE-2017-18405
+ RESERVED
+CVE-2017-18404
+ RESERVED
+CVE-2017-18403
+ RESERVED
+CVE-2017-18402
+ RESERVED
+CVE-2017-18401
+ RESERVED
+CVE-2017-18400
+ RESERVED
+CVE-2017-18399
+ RESERVED
+CVE-2017-18398
+ RESERVED
+CVE-2017-18397
+ RESERVED
+CVE-2017-18396
+ RESERVED
+CVE-2017-18395
+ RESERVED
+CVE-2017-18394
+ RESERVED
+CVE-2017-18393
+ RESERVED
+CVE-2017-18392
+ RESERVED
+CVE-2017-18391
+ RESERVED
+CVE-2017-18390
+ RESERVED
+CVE-2017-18389
+ RESERVED
+CVE-2017-18388
+ RESERVED
+CVE-2017-18387
+ RESERVED
+CVE-2017-18386
+ RESERVED
+CVE-2017-18385
+ RESERVED
+CVE-2017-18384
+ RESERVED
+CVE-2017-18383
+ RESERVED
+CVE-2017-18382
+ RESERVED
+CVE-2016-10860
+ RESERVED
+CVE-2016-10859
+ RESERVED
+CVE-2016-10858
+ RESERVED
+CVE-2016-10857
+ RESERVED
+CVE-2016-10856
+ RESERVED
+CVE-2016-10855
+ RESERVED
+CVE-2016-10854
+ RESERVED
+CVE-2016-10853
+ RESERVED
+CVE-2016-10852
+ RESERVED
+CVE-2016-10851
+ RESERVED
+CVE-2016-10850
+ RESERVED
+CVE-2016-10849
+ RESERVED
+CVE-2016-10848
+ RESERVED
+CVE-2016-10847
+ RESERVED
+CVE-2016-10846
+ RESERVED
+CVE-2016-10845
+ RESERVED
+CVE-2016-10844
+ RESERVED
+CVE-2016-10843
+ RESERVED
+CVE-2016-10842
+ RESERVED
+CVE-2016-10841
+ RESERVED
+CVE-2016-10840
+ RESERVED
+CVE-2016-10839
+ RESERVED
+CVE-2016-10838
+ RESERVED
+CVE-2016-10837
+ RESERVED
+CVE-2016-10836
+ RESERVED
+CVE-2016-10835
+ RESERVED
+CVE-2016-10834
+ RESERVED
+CVE-2016-10833
+ RESERVED
+CVE-2016-10832
+ RESERVED
+CVE-2016-10831
+ RESERVED
+CVE-2016-10830
+ RESERVED
+CVE-2016-10829
+ RESERVED
+CVE-2016-10828
+ RESERVED
+CVE-2016-10827
+ RESERVED
+CVE-2016-10826
+ RESERVED
+CVE-2016-10825
+ RESERVED
+CVE-2016-10824
+ RESERVED
+CVE-2016-10823
+ RESERVED
+CVE-2016-10822
+ RESERVED
+CVE-2016-10821
+ RESERVED
+CVE-2016-10820
+ RESERVED
+CVE-2016-10819
+ RESERVED
+CVE-2016-10818
+ RESERVED
+CVE-2016-10817
+ RESERVED
+CVE-2016-10816
+ RESERVED
+CVE-2016-10815
+ RESERVED
+CVE-2016-10814
+ RESERVED
+CVE-2016-10813
+ RESERVED
+CVE-2016-10812
+ RESERVED
+CVE-2016-10811
+ RESERVED
+CVE-2016-10810
+ RESERVED
+CVE-2016-10809
+ RESERVED
+CVE-2016-10808
+ RESERVED
+CVE-2016-10807
+ RESERVED
+CVE-2016-10806
+ RESERVED
+CVE-2016-10805
+ RESERVED
+CVE-2016-10804
+ RESERVED
+CVE-2016-10803
+ RESERVED
+CVE-2016-10802
+ RESERVED
+CVE-2016-10801
+ RESERVED
+CVE-2016-10800
+ RESERVED
+CVE-2016-10799
+ RESERVED
+CVE-2016-10798
+ RESERVED
+CVE-2016-10797
+ RESERVED
+CVE-2016-10796
+ RESERVED
+CVE-2016-10795
+ RESERVED
+CVE-2016-10794
+ RESERVED
+CVE-2016-10793
+ RESERVED
+CVE-2016-10792
+ RESERVED
+CVE-2016-10791
+ RESERVED
+CVE-2016-10790
+ RESERVED
+CVE-2016-10789
+ RESERVED
+CVE-2016-10788
+ RESERVED
+CVE-2016-10787
+ RESERVED
+CVE-2016-10786
+ RESERVED
+CVE-2016-10785
+ RESERVED
+CVE-2016-10784
+ RESERVED
+CVE-2016-10783
+ RESERVED
+CVE-2016-10782
+ RESERVED
+CVE-2016-10781
+ RESERVED
+CVE-2016-10780
+ RESERVED
+CVE-2016-10779
+ RESERVED
+CVE-2016-10778
+ RESERVED
+CVE-2016-10777
+ RESERVED
+CVE-2016-10776
+ RESERVED
+CVE-2016-10775
+ RESERVED
+CVE-2016-10774
+ RESERVED
+CVE-2016-10773
+ RESERVED
+CVE-2016-10772
+ RESERVED
+CVE-2016-10771
+ RESERVED
+CVE-2016-10770
+ RESERVED
+CVE-2016-10769
+ RESERVED
+CVE-2016-10768
+ RESERVED
+CVE-2016-10767
+ RESERVED
+CVE-2015-9291
+ RESERVED
CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
TODO: check
CVE-2019-14451
@@ -12,8 +570,8 @@ CVE-2019-14447
RESERVED
CVE-2019-14446
RESERVED
-CVE-2007-6763
- RESERVED
+CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...)
+ TODO: check
CVE-2019-14445
RESERVED
CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...)
@@ -236,7 +794,7 @@ CVE-2019-14363 (A stack-based buffer overflow in the upnpd binary running on NET
CVE-2019-14362 (Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. T ...)
NOT-FOR-US: Openbravo ERP
CVE-2019-14361
- RESERVED
+ REJECTED
CVE-2019-14360
RESERVED
CVE-2019-14359
@@ -647,32 +1205,32 @@ CVE-2019-14206 (An Arbitrary File Deletion vulnerability in the Nevma Adaptive I
NOT-FOR-US: Nevma Adaptive Images plugin for WordPress
CVE-2019-14205 (A Local File Inclusion vulnerability in the Nevma Adaptive Images plug ...)
NOT-FOR-US: Nevma Adaptive Images plugin for WordPress
-CVE-2019-14204
- RESERVED
-CVE-2019-14203
- RESERVED
-CVE-2019-14202
- RESERVED
-CVE-2019-14201
- RESERVED
-CVE-2019-14200
- RESERVED
-CVE-2019-14199
- RESERVED
-CVE-2019-14198
- RESERVED
-CVE-2019-14197
- RESERVED
-CVE-2019-14196
- RESERVED
-CVE-2019-14195
- RESERVED
-CVE-2019-14194
- RESERVED
-CVE-2019-14193
- RESERVED
-CVE-2019-14192
- RESERVED
+CVE-2019-14204 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
+ TODO: check
+CVE-2019-14203 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
+ TODO: check
+CVE-2019-14202 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
+ TODO: check
+CVE-2019-14201 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
+ TODO: check
+CVE-2019-14200 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
+ TODO: check
+CVE-2019-14199 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
+ TODO: check
+CVE-2019-14198 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
+ TODO: check
+CVE-2019-14197 (An issue was discovered in Das U-Boot through 2019.07. There is a read ...)
+ TODO: check
+CVE-2019-14196 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
+ TODO: check
+CVE-2019-14195 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
+ TODO: check
+CVE-2019-14194 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
+ TODO: check
+CVE-2019-14193 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
+ TODO: check
+CVE-2019-14192 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
+ TODO: check
CVE-2019-14191
RESERVED
CVE-2019-14190
@@ -2991,8 +3549,8 @@ CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Inj
NOT-FOR-US: WordPress plugin AJdG AdRotate
CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...)
NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress
-CVE-2019-13568
- RESERVED
+CVE-2019-13568 (CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CI ...)
+ TODO: check
CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote code exec ...)
NOT-FOR-US: Zoom
CVE-2019-13566
@@ -4976,8 +5534,8 @@ CVE-2019-12799 (In createInstanceFromNamedArguments in Shopware through 5.6.x, a
NOT-FOR-US: Shopware
CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c do ...)
NOT-FOR-US: MuJS
-CVE-2019-12797
- RESERVED
+CVE-2019-12797 (A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN ...)
+ TODO: check
CVE-2019-12796
RESERVED
CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...)
@@ -5129,8 +5687,8 @@ CVE-2019-12752
RESERVED
CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...)
NOT-FOR-US: Symantec
-CVE-2019-12750
- RESERVED
+CVE-2019-12750 (Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 an ...)
+ TODO: check
CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...)
{DSA-4462-1 DLA-1818-1}
- dbus 1.12.16-1 (bug #930375)
@@ -5848,6 +6406,7 @@ CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when
CVE-2019-12451
RESERVED
CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 ...)
+ {DLA-1866-1}
[experimental] - glib2.0 2.60.0-1
- glib2.0 2.60.5-1 (bug #931234)
[buster] - glib2.0 <no-dsa> (Minor issue)
@@ -11211,30 +11770,30 @@ CVE-2019-10368
RESERVED
CVE-2019-10367
RESERVED
-CVE-2019-10366
- RESERVED
-CVE-2019-10365
- RESERVED
-CVE-2019-10364
- RESERVED
-CVE-2019-10363
- RESERVED
-CVE-2019-10362
- RESERVED
-CVE-2019-10361
- RESERVED
-CVE-2019-10360
- RESERVED
-CVE-2019-10359
- RESERVED
-CVE-2019-10358
- RESERVED
-CVE-2019-10357
- RESERVED
-CVE-2019-10356
- RESERVED
-CVE-2019-10355
- RESERVED
+CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...)
+ TODO: check
+CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...)
+ TODO: check
+CVE-2019-10364 (Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of priv ...)
+ TODO: check
+CVE-2019-10363 (Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably ...)
+ TODO: check
+CVE-2019-10362 (Jenkins Configuration as Code Plugin 1.24 and earlier did not escape v ...)
+ TODO: check
+CVE-2019-10361 (Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials une ...)
+ TODO: check
+CVE-2019-10360 (A stored cross site scripting vulnerability in Jenkins Maven Release P ...)
+ TODO: check
+CVE-2019-10359 (A cross-site request forgery vulnerability in Jenkins Maven Release Pl ...)
+ TODO: check
+CVE-2019-10358 (Jenkins Maven Integration Plugin 3.3 and earlier did not apply build l ...)
+ TODO: check
+CVE-2019-10357 (A missing permission check in Jenkins Pipeline: Shared Groovy Librarie ...)
+ TODO: check
+CVE-2019-10356 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...)
+ TODO: check
+CVE-2019-10355 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...)
+ TODO: check
CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...)
NOT-FOR-US: Jenkins
CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did ...)
@@ -11253,12 +11812,12 @@ CVE-2019-10347 (Jenkins Mashup Portlets Plugin stored credentials unencrypted on
NOT-FOR-US: Jenkins plugin
CVE-2019-10346 (A reflected cross site scripting vulnerability in Jenkins Embeddable B ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10345
- RESERVED
-CVE-2019-10344
- RESERVED
-CVE-2019-10343
- RESERVED
+CVE-2019-10345 (Jenkins Configuration as Code Plugin 1.20 and earlier did not treat th ...)
+ TODO: check
+CVE-2019-10344 (Missing permission checks in Jenkins Configuration as Code Plugin 1.24 ...)
+ TODO: check
+CVE-2019-10343 (Jenkins Configuration as Code Plugin 1.24 and earlier did not properly ...)
+ TODO: check
CVE-2019-10342 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10341 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...)
@@ -15238,7 +15797,7 @@ CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as eT
NOT-FOR-US: ETSI protocol
CVE-2019-9190
RESERVED
-CVE-2019-9189 (On Prima Systems FlexAir devices through 2.4.9api3, an authenticated u ...)
+CVE-2019-9189 (Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application a ...)
NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-9188
RESERVED
@@ -18917,19 +19476,19 @@ CVE-2019-7674 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /adm
NOT-FOR-US: MOBOTIX
CVE-2019-7673 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administr ...)
NOT-FOR-US: MOBOTIX
-CVE-2019-7672 (Prima Systems FlexAir devices have Hard-coded Credentials. ...)
+CVE-2019-7672 (Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of ...)
NOT-FOR-US: Prima Systems FlexAir devices
-CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS. ...)
+CVE-2019-7671 (Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to s ...)
NOT-FOR-US: Prima Systems FlexAir devices
-CVE-2019-7670 (Prima Systems FlexAir devices allow Authenticated Command Injection re ...)
+CVE-2019-7670 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application inco ...)
NOT-FOR-US: Prima Systems FlexAir devices
-CVE-2019-7669 (Prima Systems FlexAir devices allow Unauthenticated Command Injection ...)
+CVE-2019-7669 (Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation ...)
NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7668 (Prima Systems FlexAir devices have Default Credentials. ...)
NOT-FOR-US: Prima Systems FlexAir devices
-CVE-2019-7667 (Prima Systems FlexAir devices allow unauthenticated download of the da ...)
+CVE-2019-7667 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application gene ...)
NOT-FOR-US: Prima Systems FlexAir devices
-CVE-2019-7666 (Prima Systems FlexAir devices allow authentication with MD5 hashes dir ...)
+CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application allo ...)
NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
{DLA-1689-1}
@@ -20124,9 +20683,9 @@ CVE-2019-7285
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-7284
RESERVED
-CVE-2019-7281 (Prima Systems FlexAir devices allow Cross-Site Request Forgery (CSRF). ...)
+CVE-2019-7281 (Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated u ...)
NOT-FOR-US: Prima Systems FlexAir
-CVE-2019-7280 (Prima Systems FlexAir devices have an Insufficient Session-ID Length. ...)
+CVE-2019-7280 (Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of ...)
NOT-FOR-US: Prima Systems FlexAir
CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials. ...)
NOT-FOR-US: Optergy Proton
@@ -25505,14 +26064,14 @@ CVE-2019-5062
RESERVED
CVE-2019-5061
RESERVED
-CVE-2019-5060
- RESERVED
-CVE-2019-5059
- RESERVED
-CVE-2019-5058
- RESERVED
-CVE-2019-5057
- RESERVED
+CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM image re ...)
+ TODO: check
+CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...)
+ TODO: check
+CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...)
+ TODO: check
+CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...)
+ TODO: check
CVE-2019-5056
RESERVED
CVE-2019-5055
@@ -25601,8 +26160,8 @@ CVE-2019-5022
REJECTED
CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...)
NOT-FOR-US: Official Alpine Linux Docker images
-CVE-2019-5020
- RESERVED
+CVE-2019-5020 (An exploitable denial of service vulnerability exists in the object lo ...)
+ TODO: check
CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint document ...)
NOT-FOR-US: Rainbow PDF Office Server Document Converter
CVE-2019-5018 (An exploitable use after free vulnerability exists in the window funct ...)
@@ -27346,12 +27905,12 @@ CVE-2019-4167
RESERVED
CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...)
NOT-FOR-US: IBM
-CVE-2019-4165
- RESERVED
+CVE-2019-4165 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to ...)
+ TODO: check
CVE-2019-4164
RESERVED
-CVE-2019-4163
- RESERVED
+CVE-2019-4163 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated use ...)
+ TODO: check
CVE-2019-4162 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missi ...)
NOT-FOR-US: IBM
CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 disclose ...)
@@ -27756,12 +28315,12 @@ CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0
NOT-FOR-US: Nessus
CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...)
NOT-FOR-US: Nessus
-CVE-2019-3960
- RESERVED
-CVE-2019-3959
- RESERVED
-CVE-2019-3958
- RESERVED
+CVE-2019-3960 (Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 al ...)
+ TODO: check
+CVE-2019-3959 (Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacke ...)
+ TODO: check
+CVE-2019-3958 (Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, ...)
+ TODO: check
CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
@@ -34658,8 +35217,8 @@ CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an unauthen
NOT-FOR-US: Cisco
CVE-2019-1902
RESERVED
-CVE-2019-1901
- RESERVED
+CVE-2019-1901 (A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem ...)
+ TODO: check
CVE-2019-1900
RESERVED
CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W, and RV21 ...)
@@ -46584,8 +47143,7 @@ CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the
NOTE: Fixed by: https://git.kernel.org/linus/6ff38bd40230af35e446239396e5fc8ebd6a5248
CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman component o ...)
- foreman <itp> (bug #663101)
-CVE-2018-16860 [Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum]
- RESERVED
+CVE-2018-16860 (A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x ...)
{DSA-4455-1 DSA-4443-1 DLA-1788-1}
- heimdal 7.5.0+dfsg-3 (bug #928966)
[jessie] - heimdal <no-dsa> (Minor issue)
@@ -47786,11 +48344,13 @@ CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read vulnerabi
NOTE: https://gnunet.org/bugs/view.php?id=5405
NOTE: https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
CVE-2018-16429 (GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_ ...)
+ {DLA-1866-1}
- glib2.0 2.58.0-1 (low)
[stretch] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b
NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1361
CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c ...)
+ {DLA-1866-1}
- glib2.0 2.58.0-1 (low)
[stretch] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c40f92cce47754f5a0a663ec6cb0122666446fd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c40f92cce47754f5a0a663ec6cb0122666446fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190731/cabe8b0d/attachment.html>
More information about the debian-security-tracker-commits
mailing list