[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 13 08:10:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9840d01 by security tracker role at 2019-11-13T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-18931
+ RESERVED
+CVE-2019-18930
+ RESERVED
+CVE-2019-18929
+ RESERVED
+CVE-2019-18928
+ RESERVED
CVE-2019-18927
RESERVED
CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable t ...)
@@ -6654,6 +6662,7 @@ CVE-2019-17500
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
NOT-FOR-US: Compal CH7465LG devices
CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...)
+ {DLA-1991-1}
- libssh2 <unfixed> (bug #943562)
NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
@@ -7101,12 +7110,12 @@ CVE-2019-17334
RESERVED
CVE-2019-17333
RESERVED
-CVE-2019-17332
- RESERVED
-CVE-2019-17331
- RESERVED
-CVE-2019-17330
- RESERVED
+CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO Software In ...)
+ TODO: check
+CVE-2019-17331 (The Data Exchange Web Interface component of TIBCO Software Inc.'s TIB ...)
+ TODO: check
+CVE-2019-17330 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains m ...)
+ TODO: check
CVE-2019-17329
RESERVED
CVE-2019-17328
@@ -8113,7 +8122,7 @@ CVE-2019-16900 (Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write
CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Add ...)
NOT-FOR-US: Advantech
CVE-2019-16898
- RESERVED
+ REJECTED
CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security ...)
NOT-FOR-US: K7
CVE-2019-16896
@@ -14257,6 +14266,7 @@ CVE-2019-14819
NOT-FOR-US: openshift-ansible
CVE-2019-14818
RESERVED
+ {DSA-4567-1}
- dpdk 18.11.4-1
NOTE: http://mails.dpdk.org/archives/announce/2019-November/000293.html
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=363
@@ -16136,12 +16146,12 @@ CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafI
NOTE: https://github.com/Exiv2/exiv2/issues/952
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e
-CVE-2019-14367
- RESERVED
-CVE-2019-14366
- RESERVED
-CVE-2019-14365
- RESERVED
+CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An ...)
+ TODO: check
+CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access T ...)
+ TODO: check
+CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access T ...)
+ TODO: check
CVE-2019-14364 (An XSS vulnerability in the "Email Subscribers & Newsletters" plug ...)
NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2019-14363 (A stack-based buffer overflow in the upnpd binary running on NETGEAR W ...)
@@ -25859,6 +25869,7 @@ CVE-2019-11140 (Insufficient session validation in system firmware for Intel(R)
NOT-FOR-US: Intel
CVE-2019-11139
RESERVED
+ {DSA-4565-1}
- intel-microcode 3.20191112.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
CVE-2019-11138
@@ -25869,7 +25880,7 @@ CVE-2019-11136
RESERVED
CVE-2019-11135 [TSX Asynchronous Abort]
RESERVED
- {DSA-4565-1 DSA-4564-1}
+ {DSA-4565-1 DSA-4564-1 DLA-1990-1 DLA-1989-1}
- linux 5.3.9-2
- intel-microcode 3.20191112.1
- xen <unfixed>
@@ -40084,8 +40095,8 @@ CVE-2019-6190
RESERVED
CVE-2019-6189
RESERVED
-CVE-2019-6188
- RESERVED
+CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
+ TODO: check
CVE-2019-6187
RESERVED
CVE-2019-6186
@@ -40116,12 +40127,12 @@ CVE-2019-6174
RESERVED
CVE-2019-6173
RESERVED
-CVE-2019-6172
- RESERVED
+CVE-2019-6172 (A potential vulnerability in the SMI callback function in some Lenovo ...)
+ TODO: check
CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...)
NOT-FOR-US: Lenovo
-CVE-2019-6170
- RESERVED
+CVE-2019-6170 (A potential vulnerability in some Lenovo ThinkPads may allow an attack ...)
+ TODO: check
CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
NOT-FOR-US: Lenovo Service Bridge
CVE-2019-6168 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
@@ -41496,8 +41507,8 @@ CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerabilit
NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...)
NOT-FOR-US: NVIDIA Virtual GPU Manager
-CVE-2019-5695
- RESERVED
+CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Dr ...)
+ TODO: check
CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
@@ -42508,8 +42519,8 @@ CVE-2019-5248
RESERVED
CVE-2019-5247
RESERVED
-CVE-2019-5246
- RESERVED
+CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...)
+ TODO: check
CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...)
NOT-FOR-US: Huawei
CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
@@ -42534,18 +42545,18 @@ CVE-2019-5235
RESERVED
CVE-2019-5234
RESERVED
-CVE-2019-5233
- RESERVED
+CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...)
+ TODO: check
CVE-2019-5232
RESERVED
-CVE-2019-5231
- RESERVED
-CVE-2019-5230
- RESERVED
-CVE-2019-5229
- RESERVED
-CVE-2019-5228
- RESERVED
+CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E18 ...)
+ TODO: check
+CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte ...)
+ TODO: check
+CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...)
+ TODO: check
+CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone whith V ...)
+ TODO: check
CVE-2019-5227
RESERVED
CVE-2019-5226
@@ -42574,8 +42585,8 @@ CVE-2019-5215 (There is a man-in-the-middle (MITM) vulnerability on Huawei P30 s
NOT-FOR-US: Huawei
CVE-2019-5214 (There is a use after free vulnerability on certain driver component in ...)
NOT-FOR-US: Huawei
-CVE-2019-5213
- RESERVED
+CVE-2019-5213 (Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0. ...)
+ TODO: check
CVE-2019-5212
RESERVED
CVE-2019-5211
@@ -57819,12 +57830,12 @@ CVE-2019-0156
RESERVED
CVE-2019-0155
RESERVED
- {DSA-4564-1}
+ {DSA-4564-1 DLA-1990-1}
- linux 5.3.9-2
[jessie] - linux <not-affected> (Driver doesn't support this hardware)
CVE-2019-0154
RESERVED
- {DSA-4564-1}
+ {DSA-4564-1 DLA-1990-1 DLA-1989-1}
- linux 5.3.9-2
CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...)
NOT-FOR-US: Intel(R) CSME
@@ -76583,7 +76594,7 @@ CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versio
NOT-FOR-US: Intel
CVE-2018-12207 [iTLB Multihit]
RESERVED
- {DSA-4564-1}
+ {DSA-4564-1 DLA-1990-1}
- linux 5.3.9-2
[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
- xen <unfixed>
@@ -109135,8 +109146,8 @@ CVE-2017-17226 (The TripAdvisor app with the versions before TAMobileApp-24.6.4
NOT-FOR-US: The TripAdvisor app on Huawei
CVE-2017-17225 (The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile ...)
NOT-FOR-US: Huawei
-CVE-2017-17224
- RESERVED
+CVE-2017-17224 (Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0. ...)
+ TODO: check
CVE-2017-17223 (Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V ...)
NOT-FOR-US: Huawei
CVE-2017-17222 (Import Language Package function in Huawei eSpace 7950 V200R003C30; eS ...)
@@ -289199,10 +289210,10 @@ CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in
NOTE: Historic webkit/Chromium issues
CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...)
NOTE: Historic webkit/Chromium issues
-CVE-2011-2335
- RESERVED
-CVE-2011-2334
- RESERVED
+CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...)
+ TODO: check
+CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before ...)
+ TODO: check
CVE-2011-2333
RESERVED
CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...)
@@ -290598,10 +290609,10 @@ CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as us
- chromium-browser 11.0.696.71~r86024-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/86448
-CVE-2011-1803
- RESERVED
-CVE-2011-1802
- RESERVED
+CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...)
+ TODO: check
+CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...)
+ TODO: check
CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...)
- chromium-browser 11.0.696.71~r86024-1 (unimportant)
NOTE: http://trac.webkit.org/changeset/85977
@@ -297349,8 +297360,7 @@ CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into proces
- mysql-gui-tools <unfixed> (low; bug #605542)
[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
-CVE-2010-4177
- RESERVED
+CVE-2010-4177 (mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+op ...)
- mysql-gui-tools <unfixed> (low; bug #605542)
[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
@@ -298146,8 +298156,7 @@ CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in
CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...)
{DSA-2126-1}
- linux-2.6 2.6.32-27
-CVE-2010-3857 [JBoss BRMS XSS via UUID parameter]
- RESERVED
+CVE-2010-3857 (JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID paramet ...)
- jbossas4 <not-affected> (Vulnerable code not present)
NOTE: JBoss 5 only; fixed in 5.1.0
CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...)
@@ -298184,8 +298193,7 @@ CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6)
CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS 1.1 ...)
- cvs <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
-CVE-2010-3844
- RESERVED
+CVE-2010-3844 (An unchecked sscanf() call in ettercap 0.7.3 allows an insecure tempor ...)
- ettercap 1:0.7.4-1 (unimportant; bug #600130)
NOTE: Very far-fetched attack vector
CVE-2010-3843
@@ -299332,15 +299340,12 @@ CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in sound/c
CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote ...)
- abcm2ps 5.9.13-0.1 (low; bug #577014)
[lenny] - abcm2ps <no-dsa> (Minor issue)
-CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files]
- RESERVED
+CVE-2010-3440 (babiloo 2.0.9 before 2.0.11 creates temporary files with predictable n ...)
- babiloo 2.0.11-1 (low; bug #591995)
-CVE-2010-3439 [alien-arena: server dos]
- RESERVED
+CVE-2010-3439 (It is possible to cause a DoS condition by causing the server to crash ...)
- alien-arena 7.33-5 (low; bug #575621)
[lenny] - alien-arena 7.0-1+lenny2
-CVE-2010-3438 [Insufficient stripping of CR/LF allows arbitrary IRC command execution]
- RESERVED
+CVE-2010-3438 (libpoe-component-irc-perl before v6.32 does not remove carriage return ...)
- libpoe-component-irc-perl 6.32+dfsg-1
[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in dr ...)
@@ -299696,8 +299701,7 @@ CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Opensw
[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
NOT-FOR-US: Free Simple CMS 1.0
-CVE-2010-3305 [pixel CSRF]
- RESERVED
+CVE-2010-3305 (Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 cou ...)
- pixelpost <removed> (bug #597224)
CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...)
- dovecot 1.2.13-1
@@ -299713,8 +299717,7 @@ CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia3
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
CVE-2010-3300
RESERVED
-CVE-2010-3299 [ruby on rails: padding oracle attack]
- RESERVED
+CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...)
- rails <unfixed> (unimportant)
NOTE: http://seclists.org/oss-sec/2010/q3/415
NOTE: http://seclists.org/oss-sec/2010/q3/413
@@ -299766,8 +299769,7 @@ CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Altern
CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...)
- mailscanner <removed> (bug #596397; unimportant)
NOTE: or even unimportant, the script is not used by default
-CVE-2010-3292 [mailscanner may use spoofed data]
- RESERVED
+CVE-2010-3292 (The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 down ...)
- mailscanner <removed> (bug #596396; low)
[squeeze] - mailscanner <no-dsa> (Minor issue)
CVE-2010-3278
@@ -300366,8 +300368,7 @@ CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP cli
NOT-FOR-US: WinFrigate Frigate 3 FTP
CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...)
NOT-FOR-US: SoftX FTP Client 3.3
-CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313]
- RESERVED
+CVE-2010-3095 (mailscanner before 4.79.11-2.1 might allow local users to overwrite ar ...)
- mailscanner 4.79.11-2.1 (bug #596403)
CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...)
{DSA-2113-1}
@@ -302067,8 +302068,7 @@ CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...)
CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...)
- ruby1.8 <not-affected> (Windows-specific)
- ruby1.9.1 <not-affected> (Windows-specific)
-CVE-2010-2488 [znc null pointer deref]
- RESERVED
+CVE-2010-2488 (NULL pointer dereference vulnerability in ZNC before 0.092 caused by t ...)
{DSA-2069-1}
- znc 0.090-2 (bug #584929)
CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9840d01c8b95c38830555ef22c358c272e2a6b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9840d01c8b95c38830555ef22c358c272e2a6b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191113/a3dc25ca/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list