[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 8 20:10:42 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
168f61c9 by security tracker role at 2019-11-08T20:10:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-18837
+ RESERVED
CVE-2019-18836
RESERVED
CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...)
@@ -74,6 +76,7 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
+ {DLA-1985-1}
- djvulibre <unfixed>
[buster] - djvulibre <no-dsa> (Minor issue)
[stretch] - djvulibre <no-dsa> (Minor issue)
@@ -2636,8 +2639,8 @@ CVE-2019-18625
RESERVED
CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...)
NOT-FOR-US: Opera Mini for Android
-CVE-2019-18623
- RESERVED
+CVE-2019-18623 (Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attack ...)
+ TODO: check
CVE-2019-18622
RESERVED
CVE-2019-18621
@@ -5863,8 +5866,8 @@ CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessag
NOT-FOR-US: D-Link
CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a c ...)
NOT-FOR-US: ThinVNC
-CVE-2019-17661
- RESERVED
+CVE-2019-17661 (A CSV injection in the codepress-admin-columns (aka Admin Columns) plu ...)
+ TODO: check
CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/translat ...)
- limesurvey <itp> (bug #472802)
CVE-2019-17659
@@ -6879,8 +6882,8 @@ CVE-2019-17329
RESERVED
CVE-2019-17328
RESERVED
-CVE-2019-17327
- RESERVED
+CVE-2019-17327 (JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory travers ...)
+ TODO: check
CVE-2019-17326 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...)
NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17325 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...)
@@ -9822,18 +9825,18 @@ CVE-2019-16212
RESERVED
CVE-2019-16211
RESERVED
-CVE-2019-16210
- RESERVED
-CVE-2019-16209
- RESERVED
-CVE-2019-16208
- RESERVED
-CVE-2019-16207
- RESERVED
-CVE-2019-16206
- RESERVED
-CVE-2019-16205
- RESERVED
+CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database connecti ...)
+ TODO: check
+CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade SANnav ve ...)
+ TODO: check
+CVE-2019-16208 (Password-based encryption (PBE) algorithm, of Brocade SANnav versions ...)
+ TODO: check
+CVE-2019-16207 (Brocade SANnav versions before v2.0 use a hard-coded password, which c ...)
+ TODO: check
+CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions before v2.0, ...)
+ TODO: check
+CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could allow r ...)
+ TODO: check
CVE-2019-16204
RESERVED
CVE-2019-16203
@@ -13844,8 +13847,7 @@ CVE-2019-14862
NOTE: Only impacts browsers which are totally insecure and EOLed anyway
CVE-2019-14861
RESERVED
-CVE-2019-14860
- RESERVED
+CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...)
NOT-FOR-US: Syndesis
CVE-2019-14859 [DER encoding is not being verified in signatures]
RESERVED
@@ -13982,8 +13984,7 @@ CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session co
CVE-2019-14825
RESERVED
NOT-FOR-US: Katello
-CVE-2019-14824 [Read permission check bypass via the deref plugin]
- RESERVED
+CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...)
- 389-ds-base <unfixed> (bug #944150)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448
NOTE: https://pagure.io/freeipa/issue/8050
@@ -18908,8 +18909,8 @@ CVE-2019-13559
RESERVED
CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...)
NOT-FOR-US: WebAccess
-CVE-2019-13557
- RESERVED
+CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an ...)
+ TODO: check
CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...)
NOT-FOR-US: WebAccess
CVE-2019-13555
@@ -18936,16 +18937,16 @@ CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation
NOT-FOR-US: Horner Automation Cscape
CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...)
NOT-FOR-US: Delta Electronics TPEditor
-CVE-2019-13543
- RESERVED
+CVE-2019-13543 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...)
+ TODO: check
CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...)
NOT-FOR-US: 3S-Smart
CVE-2019-13541 (In Horner Automation Cscape 9.90 and prior, an improper input validati ...)
NOT-FOR-US: Horner Automation Cscape
CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...)
NOT-FOR-US: Delta Electronics TPEditor
-CVE-2019-13539
- RESERVED
+CVE-2019-13539 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...)
+ TODO: check
CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...)
NOT-FOR-US: 3S-Smart
CVE-2019-13537
@@ -22011,13 +22012,11 @@ CVE-2019-12413
RESERVED
CVE-2019-12411
RESERVED
-CVE-2019-12410
- RESERVED
+CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...)
NOT-FOR-US: Apache Arrow
CVE-2019-12409
RESERVED
-CVE-2019-12408
- RESERVED
+CVE-2019-12408 (It was discovered that the C++ implementation (which underlies the R, ...)
NOT-FOR-US: Apache Arrow
CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
@@ -27904,8 +27903,7 @@ CVE-2019-10224 [using dscreate in verbose mode results in information disclosure
NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310
CVE-2019-10223 (A security issue was discovered in the kube-state-metrics versions v1. ...)
NOT-FOR-US: kube-state-metrics
-CVE-2019-10222 [unauthenticated clients can crash RGW]
- RESERVED
+CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the front ...)
- ceph <unfixed> (bug #936015)
[buster] - ceph <no-dsa> (Minor issue; only triggerable if experimental feature enabled)
[stretch] - ceph <not-affected> (Vulnerable code not present)
@@ -27919,8 +27917,7 @@ CVE-2019-10221
RESERVED
CVE-2019-10220
RESERVED
-CVE-2019-10219
- RESERVED
+CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...)
- libhibernate-validator-java <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673
TODO: 20190910: Asked for more information in #1738673. (apo)
@@ -45047,8 +45044,7 @@ CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access or
CVE-2019-3867
RESERVED
NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
-CVE-2019-3866
- RESERVED
+CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...)
- mistral <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768731
CVE-2019-3865
@@ -46258,10 +46254,10 @@ CVE-2019-3428
RESERVED
CVE-2019-3427
RESERVED
-CVE-2019-3426
- RESERVED
-CVE-2019-3425
- RESERVED
+CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
+ TODO: check
+CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
+ TODO: check
CVE-2019-3424
RESERVED
CVE-2019-3423
@@ -258133,8 +258129,7 @@ CVE-2013-1891
RESERVED
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
- owncloud <not-affected> (only affecting 5.0 branch)
-CVE-2013-1889
- RESERVED
+CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...)
- libapache2-mod-ruid2 0.9.8-1 (low; bug #704066)
[wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue)
NOTE: Fix: https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
@@ -258386,8 +258381,7 @@ CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 a
- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
- ruby1.8 1.8.7.358-7 (bug #702526)
NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
-CVE-2013-1820
- RESERVED
+CVE-2013-1820 (tuned before 2.x allows local users to kill running processes due to i ...)
- tuned <not-affected> (Fixed before initial release to Debian)
CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel bef ...)
- linux 3.8-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/168f61c939b971174acacf7ad34468720d42fb24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/168f61c939b971174acacf7ad34468720d42fb24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191108/7645b308/attachment.html>
More information about the debian-security-tracker-commits
mailing list