[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 15 20:10:41 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e64163a1 by security tracker role at 2019-11-15T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2019-19005
+ RESERVED
+CVE-2019-19004
+ RESERVED
+CVE-2019-19003
+ RESERVED
+CVE-2019-19002
+ RESERVED
+CVE-2019-19001
+ RESERVED
+CVE-2019-19000
+ RESERVED
+CVE-2019-18999
+ RESERVED
+CVE-2019-18998
+ RESERVED
+CVE-2019-18997
+ RESERVED
+CVE-2019-18996
+ RESERVED
+CVE-2019-18995
+ RESERVED
+CVE-2019-18994
+ RESERVED
+CVE-2019-18993
+ RESERVED
+CVE-2019-18992
+ RESERVED
+CVE-2019-18991
+ RESERVED
+CVE-2019-18990
+ RESERVED
+CVE-2019-18989
+ RESERVED
CVE-2019-18988
RESERVED
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...)
@@ -3784,8 +3818,8 @@ CVE-2019-18374
RESERVED
CVE-2019-18373
RESERVED
-CVE-2019-18372
- RESERVED
+CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...)
+ TODO: check
CVE-2019-18371 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
NOT-FOR-US: Xiaomi
CVE-2019-18370 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
@@ -14192,8 +14226,7 @@ CVE-2019-14871
RESERVED
CVE-2019-14870
RESERVED
-CVE-2019-14869 [-dSAFER escape in .charkeys]
- RESERVED
+CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.28, where ...)
{DSA-4569-1 DLA-1992-1}
- ghostscript <unfixed> (bug #944760)
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
@@ -16333,12 +16366,12 @@ CVE-2019-14347 (Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote
NOT-FOR-US: Schben Adive
CVE-2019-14346 (Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CS ...)
NOT-FOR-US: Schben Adive
-CVE-2019-14345
- RESERVED
+CVE-2019-14345 (TemaTres 3.0 allows remote unprivileged users to create an administrat ...)
+ TODO: check
CVE-2019-14344
RESERVED
-CVE-2019-14343
- RESERVED
+CVE-2019-14343 (TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin ...)
+ TODO: check
CVE-2019-14342
RESERVED
CVE-2019-14341
@@ -21584,14 +21617,14 @@ CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way
NOTE: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7
NOTE: https://github.com/davidhalter/parso/issues/75
NOTE: Not considered a security issue by upstream
-CVE-2019-12759
- RESERVED
-CVE-2019-12758
- RESERVED
-CVE-2019-12757
- RESERVED
-CVE-2019-12756
- RESERVED
+CVE-2019-12759 (Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security ...)
+ TODO: check
+CVE-2019-12758 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...)
+ TODO: check
+CVE-2019-12757 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 M ...)
+ TODO: check
+CVE-2019-12756 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptib ...)
+ TODO: check
CVE-2019-12755 (Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an ...)
NOT-FOR-US: Norton
CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...)
@@ -43060,6 +43093,7 @@ CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthen
CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
NOT-FOR-US: Epignosis eFront LMS
CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...)
+ {DLA-1993-1}
- mesa <unfixed> (bug #944298)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
@@ -46774,7 +46808,7 @@ CVE-2019-3467
RESERVED
CVE-2019-3466
RESERVED
- {DSA-4568-1}
+ {DSA-4568-1 DLA-1994-1}
- postgresql-common 210
NOTE: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c
NOTE: https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/
@@ -46881,7 +46915,7 @@ CVE-2019-3424
RESERVED
CVE-2019-3423
RESERVED
-CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab report ...)
+CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure vulner ...)
NOT-FOR-US: ZTE
CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
NOT-FOR-US: ZTE
@@ -60472,8 +60506,8 @@ CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP co
NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
NOT-FOR-US: Norton Security
-CVE-2018-18368
- RESERVED
+CVE-2018-18368 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be ...)
+ TODO: check
CVE-2018-18367 (Symantec Endpoint Protection Manager (SEPM) prior to and including 12. ...)
NOT-FOR-US: Symantec
CVE-2018-18366 (Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior ...)
@@ -146991,8 +147025,7 @@ CVE-2017-5732
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
-CVE-2017-5731
- REJECTED
+CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allow an ...)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
@@ -176619,8 +176652,7 @@ CVE-2016-5287 (A potentially exploitable use-after-free crash during actor destr
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
CVE-2016-5286
RESERVED
-CVE-2016-5285
- RESERVED
+CVE-2016-5285 (Null pointer dereference vulnerability exists in K11_SignWithSymKey / ...)
- nss 2:3.25-1
NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
@@ -243732,17 +243764,14 @@ CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before
- linux 3.12.5-1
[wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b)
- linux-2.6 <not-affected> (Introduced in 8b8d52ac382b)
-CVE-2013-7089 [dbg_printhex possible information leak]
- RESERVED
+CVE-2013-7089 (ClamAV before 0.97.7: dbg_printhex possible information leak ...)
- clamav 0.97.7+dfsg-1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
-CVE-2013-7088 [buffer overflow]
- RESERVED
+CVE-2013-7088 (ClamAV before 0.97.7 has buffer overflow in the libclamav component ...)
- clamav 0.97.7+dfsg-1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809
NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
-CVE-2013-7087 [[clamav: WWPack corrupt heap memory]
- RESERVED
+CVE-2013-7087 (ClamAV before 0.97.7 has WWPack corrupt heap memory ...)
- clamav 0.97.7+dfsg-1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38
NOTE: from https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c
@@ -245249,13 +245278,11 @@ CVE-2014-0025
REJECTED
CVE-2014-0024
RESERVED
-CVE-2014-0023
- RESERVED
+CVE-2014-0023 (OpenShift: Install script has temporary file creation vulnerability wh ...)
NOT-FOR-US: OpenShift
CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and e ...)
NOT-FOR-US: yum cron
-CVE-2014-0021 [traffic amplification in cmdmon protocol]
- RESERVED
+CVE-2014-0021 (Chrony before 1.29.1 has traffic amplification in cmdmon protocol ...)
- chrony 1.29.1-1 (low; bug #737644)
[squeeze] - chrony <no-dsa> (Minor issue)
[wheezy] - chrony <no-dsa> (Minor issue)
@@ -251171,8 +251198,7 @@ CVE-2013-4586
RESERVED
CVE-2013-4585
RESERVED
-CVE-2013-4584 [ssl_outgoing_ciphers not applied to STARTTLS connections]
- RESERVED
+CVE-2013-4584 (Perdition before 2.2 may have weak security when handling outbound con ...)
- perdition 2.1-1 (low; bug #729028)
[wheezy] - perdition <no-dsa> (Minor issue)
[squeeze] - perdition <no-dsa> (Minor issue)
@@ -287619,8 +287645,7 @@ CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 d
[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2917 (SQL injection vulnerability in administrator/index2.php in Mambo CMS 4 ...)
NOT-FOR-US: Mambo
-CVE-2011-2916
- RESERVED
+CVE-2011-2916 (qtnx 0.9 stores non-custom SSH keys in a world-readable configuration ...)
- qtnx <removed> (low; bug #637439)
[squeeze] - qtnx <no-dsa> (Minor issue)
CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams. ...)
@@ -287638,8 +287663,7 @@ CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function i
CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.c ...)
{DSA-2415-1}
- libmodplug 1:0.8.8.4-1
-CVE-2011-2910
- RESERVED
+CVE-2011-2910 (The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check ...)
- ax25-tools 0.0.8-13.2 (low; bug #638198)
[lenny] - ax25-tools <no-dsa> (Minor issue)
[squeeze] - ax25-tools <no-dsa> (Minor issue)
@@ -288238,8 +288262,7 @@ CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.
NOTE: requires the attacker to manipulate glob flags
CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3 ...)
NOT-FOR-US: Tribiq CMS
-CVE-2011-2726 [SA-CORE-2011-003]
- RESERVED
+CVE-2011-2726 (An access bypass issue was found in Drupal 7.x before version 7.5. If ...)
- drupal7 7.6-1
CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows remo ...)
- kdeutils 4:4.6.5-4 (low; bug #635541)
@@ -294106,8 +294129,7 @@ CVE-2011-0705
REJECTED
CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote a ...)
NOT-FOR-US: 389 Directory Server
-CVE-2011-0703
- RESERVED
+CVE-2011-0703 (In gksu-polkit before 0.0.3, the source file for xauth may contain arb ...)
- gksu-polkit <removed> (bug #684489)
[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
@@ -311650,8 +311672,7 @@ CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
-CVE-2009-5047 [multiple vulnerabilities in jetty]
- RESERVED
+CVE-2009-5047 (Jetty 6.x before 6.1.22 suffers from an escape sequence injection vuln ...)
- jetty 6.1.22-1 (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e64163a12cf380e39824d3e9610af16439bdf68f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e64163a12cf380e39824d3e9610af16439bdf68f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191115/2d215e66/attachment.html>
More information about the debian-security-tracker-commits
mailing list