[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 20 08:10:39 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d5c23fb by security tracker role at 2019-11-20T08:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...)
+ TODO: check
+CVE-2019-19125
+ RESERVED
+CVE-2019-19124
+ RESERVED
+CVE-2019-19123
+ RESERVED
+CVE-2019-19122
+ RESERVED
+CVE-2019-19121
+ RESERVED
+CVE-2019-19120
+ RESERVED
CVE-2019-19119
RESERVED
CVE-2019-19118
@@ -13871,12 +13885,12 @@ CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.2
- mantis <removed>
NOTE: https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27
NOTE: https://mantisbt.org/bugs/view.php?id=25995
-CVE-2019-15073
- RESERVED
-CVE-2019-15072
- RESERVED
-CVE-2019-15071
- RESERVED
+CVE-2019-15073 (An Open Redirect vulnerability for all browsers in MAIL2000 through ve ...)
+ TODO: check
+CVE-2019-15072 (The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 ...)
+ TODO: check
+CVE-2019-15071 (The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a c ...)
+ TODO: check
CVE-2019-15070
RESERVED
CVE-2019-15069 (An unsafe authentication interface was discovered in Smart Battery A4, ...)
@@ -22828,8 +22842,7 @@ CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me"
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/18/1
TODO: check details on fix
-CVE-2019-12421
- RESERVED
+CVE-2019-12421 (When using an authentication mechanism other than PKI, when the user c ...)
NOT-FOR-US: Apache NiFi
CVE-2019-12420
RESERVED
@@ -27439,12 +27452,12 @@ CVE-2019-10770
RESERVED
CVE-2019-10769
RESERVED
-CVE-2019-10768
- RESERVED
+CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...)
+ TODO: check
CVE-2019-10767
RESERVED
-CVE-2019-10766
- RESERVED
+CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL In ...)
+ TODO: check
CVE-2019-10765
RESERVED
CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might be possi ...)
@@ -29354,8 +29367,7 @@ CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for sto
NOT-FOR-US: Apache Allura
CVE-2019-10084 (In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to ...)
NOT-FOR-US: Apache Impala
-CVE-2019-10083
- RESERVED
+CVE-2019-10083 (When updating a Process Group via the API in NiFi versions 1.3.0 to 1. ...)
NOT-FOR-US: Apache NiFi
CVE-2019-10082 (In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the h ...)
{DSA-4509-1}
@@ -29369,8 +29381,7 @@ CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example co
[jessie] - apache2 <not-affected> (HTTP/2 support only available since version 2.4.17 and later)
NOTE: Affects upstream versions 2.4.20 to 2.4.39
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10081
-CVE-2019-10080
- RESERVED
+CVE-2019-10080 (The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trust ...)
NOT-FOR-US: Apache NiFi
CVE-2019-10079 (Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...)
{DSA-4520-1}
@@ -40669,22 +40680,22 @@ CVE-2019-6193
RESERVED
CVE-2019-6192
RESERVED
-CVE-2019-6191
- RESERVED
+CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...)
+ TODO: check
CVE-2019-6190
RESERVED
-CVE-2019-6189
- RESERVED
+CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
+ TODO: check
CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
NOT-FOR-US: Lenovo
-CVE-2019-6187
- RESERVED
-CVE-2019-6186
- RESERVED
+CVE-2019-6187 (A stored CSV Injection vulnerability was reported in Lenovo XClarity C ...)
+ TODO: check
+CVE-2019-6186 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
+ TODO: check
CVE-2019-6185
RESERVED
-CVE-2019-6184
- RESERVED
+CVE-2019-6184 (A potential vulnerability in the discontinued Customer Engagement Serv ...)
+ TODO: check
CVE-2019-6183
RESERVED
CVE-2019-6182 (A stored CSV Injection vulnerability was reported in Lenovo XClarity A ...)
@@ -40699,8 +40710,8 @@ CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS
NOT-FOR-US: Iomega and LenovoEMC NAS products
CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003, ...)
NOT-FOR-US: Lenovo
-CVE-2019-6176
- RESERVED
+CVE-2019-6176 (A potential vulnerability reported in ThinkPad USB-C Dock Firmware ver ...)
+ TODO: check
CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System Update ...)
NOT-FOR-US: Lenovo
CVE-2019-6174
@@ -130686,7 +130697,7 @@ CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when dis
NOT-FOR-US: MySQL Dumper
CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database manag ...)
NOT-FOR-US: MyWebSQL
-CVE-2017-1000010 (Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat- ...)
+CVE-2017-1000010 (Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avf ...)
- audacity <not-affected> (Specific to Windows packaging)
CVE-2017-1000009 (Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable ...)
NOT-FOR-US: Akeneo PIM
@@ -286456,8 +286467,7 @@ CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
NOT-FOR-US: IBM OpenAdmin Too
CVE-2010-4833 (Untrusted search path vulnerability in modules/engines/ms-windows/xp_t ...)
- gtk+2.0 <not-affected> (win32 specific)
-CVE-2011-3350 [masqmail improper privilege dropping]
- RESERVED
+CVE-2011-3350 (masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c ...)
- masqmail 0.2.30-1 (low; bug #638002)
[lenny] - masqmail <no-dsa> (no security issue by itself)
[squeeze] - masqmail 0.2.27-1.1+squeeze1
@@ -286633,16 +286643,14 @@ CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fus
- linux-2.6 3.1.0~rc4-1~experimental.1 (low)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
[squeeze] - linux-2.6 2.6.32-36
-CVE-2011-3352
- RESERVED
+CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improp ...)
NOT-FOR-US: Zikula
CVE-2011-3351
RESERVED
- openvas-server <removed> (low; bug #641327)
[squeeze] - openvas-server <no-dsa> (Minor issue)
NOTE: openvas-scanner in experimental also affected according to #671327
-CVE-2011-3349 [lightdm denial of service]
- RESERVED
+CVE-2011-3349 (lightdm before 0.9.6 writes in .dmrc and Xauthority files using root p ...)
- lightdm 0.9.6-1 (bug #639151)
CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...)
- apache2 2.2.21-1
@@ -287963,12 +287971,10 @@ CVE-2011-2926
RESERVED
CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 re ...)
NOT-FOR-US: Cumin
-CVE-2011-2924
- RESERVED
+CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates temporar ...)
- foomatic-filters 4.0.12-1 (low)
[squeeze] - foomatic-filters 4.0.5-6+squeeze2
-CVE-2011-2923
- RESERVED
+CVE-2011-2923 (foomatic-rip filter, all versions, used insecurely creates temporary f ...)
- foomatic-filters <unfixed> (unimportant)
NOTE: debug mode-only
CVE-2011-2922 (ktsuss versions 1.4 and prior spawns the GTK interface to run as root. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d5c23fb21cd5c055dc338b76fd7dc51bb8e258e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d5c23fb21cd5c055dc338b76fd7dc51bb8e258e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191120/cc63c6df/attachment.html>
More information about the debian-security-tracker-commits
mailing list