[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 9 08:10:39 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d35f2de by security tracker role at 2019-11-09T08:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-18838
+ RESERVED
CVE-2019-18837
RESERVED
CVE-2019-18836
@@ -18971,16 +18973,16 @@ CVE-2019-13537
RESERVED
CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...)
NOT-FOR-US: Delta Electronics TPEditor
-CVE-2019-13535
- RESERVED
+CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...)
+ TODO: check
CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
NOT-FOR-US: Philips
CVE-2019-13533
RESERVED
CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
NOT-FOR-US: CODESYS
-CVE-2019-13531
- RESERVED
+CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...)
+ TODO: check
CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
NOT-FOR-US: Philips
CVE-2019-13529 (An attacker could send a malicious link to an authenticated operator, ...)
@@ -41087,32 +41089,32 @@ CVE-2019-5703
RESERVED
CVE-2019-5702
RESERVED
-CVE-2019-5701
- RESERVED
+CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
+ TODO: check
CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...)
NOT-FOR-US: NVIDIA Shield TV Experience
CVE-2019-5699 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader c ...)
NOT-FOR-US: NVIDIA Shield TV Experience
-CVE-2019-5698
- RESERVED
-CVE-2019-5697
- RESERVED
-CVE-2019-5696
- RESERVED
+CVE-2019-5698 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...)
+ TODO: check
+CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...)
+ TODO: check
+CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...)
+ TODO: check
CVE-2019-5695
RESERVED
-CVE-2019-5694
- RESERVED
-CVE-2019-5693
- RESERVED
-CVE-2019-5692
- RESERVED
-CVE-2019-5691
- RESERVED
-CVE-2019-5690
- RESERVED
-CVE-2019-5689
- RESERVED
+CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ TODO: check
+CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ TODO: check
+CVE-2019-5692 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ TODO: check
+CVE-2019-5691 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ TODO: check
+CVE-2019-5690 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ TODO: check
+CVE-2019-5689 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
+ TODO: check
CVE-2019-5688
RESERVED
CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
@@ -43411,8 +43413,8 @@ CVE-2019-4647
RESERVED
CVE-2019-4646
RESERVED
-CVE-2019-4645
- RESERVED
+CVE-2019-4645 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
+ TODO: check
CVE-2019-4644
RESERVED
CVE-2019-4643
@@ -43539,8 +43541,8 @@ CVE-2019-4583
RESERVED
CVE-2019-4582
RESERVED
-CVE-2019-4581
- RESERVED
+CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
+ TODO: check
CVE-2019-4580
RESERVED
CVE-2019-4579
@@ -43589,8 +43591,8 @@ CVE-2019-4558 (A security vulnerability has been identified in all levels of IBM
NOT-FOR-US: IBM
CVE-2019-4557
RESERVED
-CVE-2019-4556
- RESERVED
+CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting fo ...)
+ TODO: check
CVE-2019-4555
RESERVED
CVE-2019-4554
@@ -43683,8 +43685,8 @@ CVE-2019-4511
RESERVED
CVE-2019-4510
RESERVED
-CVE-2019-4509
- RESERVED
+CVE-2019-4509 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authoriza ...)
+ TODO: check
CVE-2019-4508
RESERVED
CVE-2019-4507
@@ -43761,8 +43763,8 @@ CVE-2019-4472
RESERVED
CVE-2019-4471
RESERVED
-CVE-2019-4470
- RESERVED
+CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
+ TODO: check
CVE-2019-4469
RESERVED
CVE-2019-4468
@@ -43793,16 +43795,16 @@ CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and
NOT-FOR-US: IBM
CVE-2019-4455
RESERVED
-CVE-2019-4454
- RESERVED
+CVE-2019-4454 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
+ TODO: check
CVE-2019-4453
RESERVED
CVE-2019-4452
RESERVED
CVE-2019-4451
RESERVED
-CVE-2019-4450
- RESERVED
+CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. T ...)
+ TODO: check
CVE-2019-4449
RESERVED
CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...)
@@ -43877,10 +43879,10 @@ CVE-2019-4414
RESERVED
CVE-2019-4413
RESERVED
-CVE-2019-4412
- RESERVED
-CVE-2019-4411
- RESERVED
+CVE-2019-4412 (IBM Cognos Controller stores sensitive information in URL parameters. ...)
+ TODO: check
+CVE-2019-4411 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow a ...)
+ TODO: check
CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...)
NOT-FOR-US: IBM
CVE-2019-4409 (HCL Traveler versions 9.x and earlier are susceptible to cross-site sc ...)
@@ -44033,8 +44035,8 @@ CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses a
NOT-FOR-US: IBM
CVE-2019-4335
RESERVED
-CVE-2019-4334
- RESERVED
+CVE-2019-4334 (IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information ...)
+ TODO: check
CVE-2019-4333
RESERVED
CVE-2019-4332
@@ -105685,8 +105687,8 @@ CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 an
NOT-FOR-US: IBM
CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow ...)
NOT-FOR-US: IBM
-CVE-2018-1721
- RESERVED
+CVE-2018-1721 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Ent ...)
+ TODO: check
CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0 ...)
NOT-FOR-US: IBM
CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...)
@@ -297785,8 +297787,7 @@ CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function
- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache ...)
- qpid-cpp <not-affected> (Fixed before initial upload to archive)
-CVE-2009-5004
- RESERVED
+CVE-2009-5004 (qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 m ...)
- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in pl ...)
- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
@@ -310461,8 +310462,7 @@ CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x th
CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow contex ...)
{DSA-1971-1}
- libthai 0.1.13-1
-CVE-2009-4011 [dtc-xen race condition]
- RESERVED
+CVE-2009-4011 (dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an atta ...)
- dtc-xen 0.5.4-1
[lenny] - dtc-xen <not-affected> (Only affects 0.5.x)
CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows r ...)
@@ -311698,8 +311698,7 @@ CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and
{DSA-1932-1}
- pidgin 2.6.3-1
NOTE: http://pidgin.im/news/security/?id=41
-CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
- RESERVED
+CVE-2009-3614 (liboping 1.3.2 allows users reading arbitrary files upon the local sys ...)
- liboping 1.3.3-1 (low; bug #548684)
[lenny] - liboping <not-affected> (doesn't have -f option yet)
[etch] - liboping <not-affected> (doesn't have -f option yet)
@@ -311963,8 +311962,7 @@ CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor hand
[lenny] - cups <no-dsa> (Minor issue)
- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
-CVE-2009-3552
- RESERVED
+CVE-2009-3552 (In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not ver ...)
NOT-FOR-US: Red Hat Enterprise Virtualization Manager
CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in packet-sm ...)
- wireshark 1.2.3-1 (low; bug #553583)
@@ -314464,8 +314462,7 @@ CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.
NOT-FOR-US: Apple Mac OS X
CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ex ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2009-2802
- RESERVED
+CVE-2009-2802 (MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME ty ...)
- mantis <not-affected> (Only affects 1.2.x)
NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
NOTE: http://www.mantisbt.org/blog/?p=113
@@ -324927,8 +324924,7 @@ CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19
CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...)
- libvirt 0.5.1-7 (unimportant)
NOTE: not building libvirt proxy from libvirt source package
-CVE-2009-0035 [alsainfo insecure temp file usage]
- RESERVED
+CVE-2009-0035 (alsa-utils 1.0.19 and later versions allows local users to overwrite a ...)
- alsa-driver 1.0.20-1 (unimportant)
NOTE: alsainfo not built into source package
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d35f2de049ed63456aff64c9d6e944125f64e07
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d35f2de049ed63456aff64c9d6e944125f64e07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191109/b8c449ca/attachment.html>
More information about the debian-security-tracker-commits
mailing list