[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 4 20:10:39 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0a845190 by security tracker role at 2019-11-04T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,20 @@
-CVE-2019-18683 [media: vivid: Fix wrong locking that causes race conditions on streaming stop]
+CVE-2019-18684 (Sudo through 1.8.29 allows local users to escalate to root if they hav ...)
+ TODO: check
+CVE-2019-18682
+ RESERVED
+CVE-2019-18681
+ RESERVED
+CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...)
+ TODO: check
+CVE-2019-18679
+ RESERVED
+CVE-2019-18678
+ RESERVED
+CVE-2019-18677
+ RESERVED
+CVE-2019-18676
+ RESERVED
+CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the Linux k ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1
CVE-2019-18675
@@ -25,8 +41,8 @@ CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inc
NOT-FOR-US: SECUDOS DOMOS
CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...)
NOT-FOR-US: SECUDOS DOMOS
-CVE-2019-18663
- RESERVED
+CVE-2019-18663 (A SQL injection vulnerability in a /login/forgot1 POST request in ARP- ...)
+ TODO: check
CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input passed t ...)
NOT-FOR-US: YouPHPTube
CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...)
@@ -8653,7 +8669,7 @@ CVE-2019-15712
RESERVED
CVE-2019-15711
RESERVED
-CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.1 and below ...)
+CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...)
NOT-FOR-US: FortiExtender
CVE-2019-15709
RESERVED
@@ -16487,10 +16503,10 @@ CVE-2019-13499
RESERVED
CVE-2019-13498 (One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Trans ...)
NOT-FOR-US: One Identity Cloud Access Manager
-CVE-2019-13497
- RESERVED
-CVE-2019-13496
- RESERVED
+CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF fo ...)
+ TODO: check
+CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...)
+ TODO: check
CVE-2019-13495
RESERVED
CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
@@ -30483,6 +30499,7 @@ CVE-2019-8772
RESERVED
CVE-2019-8771
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30491,6 +30508,7 @@ CVE-2019-8770
RESERVED
CVE-2019-8769
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30615,6 +30633,7 @@ CVE-2019-8721
RESERVED
CVE-2019-8720
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30939,6 +30958,7 @@ CVE-2019-8626
RESERVED
CVE-2019-8625
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -53459,8 +53479,8 @@ CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before ve
NOT-FOR-US: SAP
CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
NOT-FOR-US: SAP
-CVE-2019-0350
- RESERVED
+CVE-2019-0350 (SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker ...)
+ TODO: check
CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...)
NOT-FOR-US: SAP
CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...)
@@ -55521,8 +55541,8 @@ CVE-2018-19033
RESERVED
CVE-2018-19032
RESERVED
-CVE-2018-19031
- RESERVED
+CVE-2018-19031 (A command injection vulnerability exists when the authorized user pass ...)
+ TODO: check
CVE-2018-19030
RESERVED
CVE-2018-19029 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using ...)
@@ -148977,7 +148997,7 @@ CVE-2017-3991
CVE-2017-3990
REJECTED
CVE-2017-3989
- RESERVED
+ REJECTED
CVE-2017-3988
RESERVED
CVE-2017-3987
@@ -231024,8 +231044,7 @@ CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to caus
CVE-2014-3650
RESERVED
NOT-FOR-US: JBoss AeroGear
-CVE-2014-3649
- RESERVED
+CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...)
NOT-FOR-US: JBoss AeroGear
CVE-2014-3648
RESERVED
@@ -248210,8 +248229,7 @@ CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent attacker
- libxslt <not-affected> (The versions in wheezy and squeeze contain the full patch)
CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1. ...)
- reviewboard <itp> (bug #653113)
-CVE-2013-4518
- RESERVED
+CVE-2013-4518 (RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI enti ...)
NOT-FOR-US: Red Hat Update Infrastructure
CVE-2013-4517 (Apache Santuario XML Security for Java before 1.5.6, when applying Tra ...)
- libxml-security-java 1.5.6-1 (bug #733938)
@@ -248556,8 +248574,7 @@ CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when s
NOT-FOR-US: Osirix
CVE-2013-4424 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Port ...)
NOT-FOR-US: GateIn
-CVE-2013-4423
- RESERVED
+CVE-2013-4423 (CloudForms stores user passwords in recoverable format ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...)
- quassel 0.9.1-1
@@ -248593,8 +248610,7 @@ CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for
NOT-FOR-US: Cumin
CVE-2013-4413 (Directory traversal vulnerability in controller/concerns/render_redire ...)
NOT-FOR-US: Wicked Ruby Gem
-CVE-2013-4412 [NULL ptr dereference]
- RESERVED
+CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from glibc ...)
- slim 1.3.6-0.1 (bug #725902)
[wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
[squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
@@ -249098,8 +249114,7 @@ CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in
NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
CVE-2013-4281
RESERVED
-CVE-2013-4280
- RESERVED
+CVE-2013-4280 (Insecure temporary file vulnerability in RedHat vsdm 4.9.6. ...)
- vdsm <itp> (bug #668538)
CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which ...)
- imapsync <removed>
@@ -249712,23 +249727,17 @@ CVE-2013-4107
CVE-2013-4106
RESERVED
NOT-FOR-US: Cryptocat
-CVE-2013-4105
- RESERVED
+CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information D ...)
NOT-FOR-US: Cryptocat
-CVE-2013-4104
- RESERVED
+CVE-2013-4104 (Cryptocat before 2.0.22 has weak encryption in the Socialist Millionna ...)
NOT-FOR-US: Cryptocat
-CVE-2013-4103
- RESERVED
+CVE-2013-4103 (Cryptocat before 2.0.22 has Remote Script Injection due to improperly ...)
NOT-FOR-US: Cryptocat
-CVE-2013-4102
- RESERVED
+CVE-2013-4102 (Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generat ...)
NOT-FOR-US: Cryptocat
-CVE-2013-4101
- RESERVED
+CVE-2013-4101 (Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness ...)
NOT-FOR-US: Cryptocat
-CVE-2013-4100
- RESERVED
+CVE-2013-4100 (Cryptocat before 2.0.22 has Remote Denial of Service via username ...)
NOT-FOR-US: Cryptocat
CVE-2013-4099 (Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, ...)
NOT-FOR-US: JOGAMP
@@ -254253,23 +254262,17 @@ CVE-2013-2264 (The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.2
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-21013
CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 5. ...)
NOT-FOR-US: Citrix Access Gateway
-CVE-2013-2262
- RESERVED
+CVE-2013-2262 (Cryptocat strophe.js before 2.0.22 has information disclosure ...)
NOT-FOR-US: Cryptocat
-CVE-2013-2261
- RESERVED
+CVE-2013-2261 (Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Informat ...)
NOT-FOR-US: Cryptocat
-CVE-2013-2260
- RESERVED
+CVE-2013-2260 (Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Ent ...)
NOT-FOR-US: Cryptocat
-CVE-2013-2259
- RESERVED
+CVE-2013-2259 (Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conver ...)
NOT-FOR-US: Cryptocat
-CVE-2013-2258
- RESERVED
+CVE-2013-2258 (Cryptocat before 2.0.22 has Nickname User Impersonation ...)
NOT-FOR-US: Cryptocat
-CVE-2013-2257
- RESERVED
+CVE-2013-2257 (Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brut ...)
NOT-FOR-US: Cryptocat
CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 do ...)
- nova 2013.1.2-3 (bug #718905)
@@ -286593,8 +286596,7 @@ CVE-2011-2183 (Race condition in the scan_get_next_rmap_item function in mm/ksm.
- linux-2.6 2.6.39-3 (low)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
[squeeze] - linux-2.6 2.6.32-36
-CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl]
- RESERVED
+CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ...)
- shadow 1:4.1.5-1 (low; bug #628843)
[squeeze] - shadow <no-dsa> (Minor issue)
[lenny] - shadow <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a84519026b5f61b789ec27523cdb5268bb77e2f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a84519026b5f61b789ec27523cdb5268bb77e2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191104/ad16d37b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list