[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 26 20:10:37 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
647c9483 by security tracker role at 2019-11-26T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2019-19308
+ RESERVED
+CVE-2019-19307 (An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6. ...)
+ TODO: check
+CVE-2019-19306 (The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via m ...)
+ TODO: check
+CVE-2019-19305
+ RESERVED
+CVE-2019-19304
+ RESERVED
+CVE-2019-19303
+ RESERVED
+CVE-2019-19302
+ RESERVED
+CVE-2019-19301
+ RESERVED
+CVE-2019-19300
+ RESERVED
+CVE-2019-19299
+ RESERVED
+CVE-2019-19298
+ RESERVED
+CVE-2019-19297
+ RESERVED
+CVE-2019-19296
+ RESERVED
+CVE-2019-19295
+ RESERVED
+CVE-2019-19294
+ RESERVED
+CVE-2019-19293
+ RESERVED
+CVE-2019-19292
+ RESERVED
+CVE-2019-19291
+ RESERVED
+CVE-2019-19290
+ RESERVED
+CVE-2019-19289
+ RESERVED
+CVE-2019-19288
+ RESERVED
+CVE-2019-19287
+ RESERVED
+CVE-2019-19286
+ RESERVED
+CVE-2019-19285
+ RESERVED
+CVE-2019-19284
+ RESERVED
+CVE-2019-19283
+ RESERVED
+CVE-2019-19282
+ RESERVED
+CVE-2019-19281
+ RESERVED
+CVE-2019-19280
+ RESERVED
+CVE-2019-19279
+ RESERVED
+CVE-2019-19278
+ RESERVED
+CVE-2019-19277
+ RESERVED
+CVE-2019-19276
+ RESERVED
+CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...)
+ TODO: check
+CVE-2019-19274 (typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds ...)
+ TODO: check
+CVE-2019-19273
+ RESERVED
+CVE-2015-9539 (The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows ...)
+ TODO: check
+CVE-2015-9538 (The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Dire ...)
+ TODO: check
+CVE-2015-9537 (The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XS ...)
+ TODO: check
CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...)
- proftpd-dfsg <unfixed>
[buster] - proftpd-dfsg <no-dsa> (Minor issue)
@@ -156,8 +234,8 @@ CVE-2019-19208
RESERVED
CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. ...)
NOT-FOR-US: rConfig
-CVE-2019-19206
- RESERVED
+CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to J ...)
+ TODO: check
CVE-2019-19205
RESERVED
CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...)
@@ -319,8 +397,8 @@ CVE-2019-19131
RESERVED
CVE-2019-19130
RESERVED
-CVE-2019-19129
- RESERVED
+CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11 ...)
+ TODO: check
CVE-2019-19128
RESERVED
CVE-2019-19127
@@ -3543,27 +3621,23 @@ CVE-2019-18681
CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2019/9/18/337
-CVE-2019-18679 [Information Disclosure issue in HTTP Digest Authentication]
- RESERVED
+CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...)
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
-CVE-2019-18678 [HTTP Request Splitting issue in HTTP message processing]
- RESERVED
+CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...)
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
-CVE-2019-18677 [Cross-Site Request Forgery issue in HTTP Request processing]
- RESERVED
+CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...)
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch
NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
-CVE-2019-18676 [Multiple issues in URI processing]
- RESERVED
+CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...)
- squid 4.9-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
@@ -3778,8 +3852,8 @@ CVE-2019-18582
RESERVED
CVE-2019-18581
RESERVED
-CVE-2019-18580
- RESERVED
+CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Jav ...)
+ TODO: check
CVE-2019-18579
RESERVED
CVE-2019-18578
@@ -4224,92 +4298,74 @@ CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability
NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-18464 (In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 1 ...)
NOT-FOR-US: Progress MOVEit Transfer
-CVE-2019-18463
- RESERVED
+CVE-2019-18463 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18462
- RESERVED
+CVE-2019-18462 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18461
- RESERVED
+CVE-2019-18461 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18460
- RESERVED
+CVE-2019-18460 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18459
- RESERVED
+CVE-2019-18459 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18458
- RESERVED
+CVE-2019-18458 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18457
- RESERVED
+CVE-2019-18457 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18456
- RESERVED
+CVE-2019-18456 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18455
- RESERVED
+CVE-2019-18455 (An issue was discovered in GitLab Community and Enterprise Edition 11 ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18454
- RESERVED
+CVE-2019-18454 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18453
- RESERVED
+CVE-2019-18453 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18452
- RESERVED
+CVE-2019-18452 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18451
- RESERVED
+CVE-2019-18451 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18450
- RESERVED
+CVE-2019-18450 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18449
- RESERVED
+CVE-2019-18449 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18448
- RESERVED
+CVE-2019-18448 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18447
- RESERVED
+CVE-2019-18447 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
-CVE-2019-18446
- RESERVED
+CVE-2019-18446 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.2.9-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
@@ -7149,8 +7205,8 @@ CVE-2019-17592 (The csv-parse module before 4.4.6 for Node.js is vulnerable to R
NOT-FOR-US: csv-parse Node module
CVE-2019-17591
RESERVED
-CVE-2019-17590
- RESERVED
+CVE-2019-17590 (The csrf_callback function in the CSRF Magic library through 2016-03-2 ...)
+ TODO: check
CVE-2019-17589
RESERVED
CVE-2019-17588
@@ -7823,8 +7879,8 @@ CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, t
NOT-FOR-US: Seesaw Parent and Family application
CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to the Vend ...)
NOT-FOR-US: Tomedo Server
-CVE-2019-17392
- RESERVED
+CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a ...)
+ TODO: check
CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...)
NOT-FOR-US: Espressif ESP32
CVE-2019-17390
@@ -10236,12 +10292,12 @@ CVE-2019-16390
RESERVED
CVE-2019-16389
RESERVED
-CVE-2019-16388
- RESERVED
-CVE-2019-16387
- RESERVED
-CVE-2019-16386
- RESERVED
+CVE-2019-16388 (PEGA Platform 8.3.0 is vulnerable to Information disclosure via a dire ...)
+ TODO: check
+CVE-2019-16387 (PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/! ...)
+ TODO: check
+CVE-2019-16386 (PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via ...)
+ TODO: check
CVE-2019-16385
RESERVED
CVE-2019-16384
@@ -10738,8 +10794,7 @@ CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via
NOT-FOR-US: Wordpress plugin
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16255 [A code injection vulnerability of Shell#[] and Shell#test]
- RESERVED
+CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
{DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
@@ -10747,8 +10802,7 @@ CVE-2019-16255 [A code injection vulnerability of Shell#[] and Shell#test]
- jruby <unfixed>
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
-CVE-2019-16254 [HTTP response splitting in WEBrick (Additional fix)]
- RESERVED
+CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
{DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
@@ -10780,12 +10834,12 @@ CVE-2019-16245
RESERVED
CVE-2019-16244
RESERVED
-CVE-2019-16243
- RESERVED
-CVE-2019-16242
- RESERVED
-CVE-2019-16241
- RESERVED
+CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...)
+ TODO: check
+CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...)
+ TODO: check
+CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...)
+ TODO: check
CVE-2019-16240
RESERVED
CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...)
@@ -10930,8 +10984,7 @@ CVE-2019-16203
RESERVED
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
NOT-FOR-US: MISP
-CVE-2019-16201 [Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication]
- RESERVED
+CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
{DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
@@ -10949,8 +11002,8 @@ CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the
- dolibarr <removed>
CVE-2019-16196
RESERVED
-CVE-2019-16195
- RESERVED
+CVE-2019-16195 (Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 a ...)
+ TODO: check
CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks ...)
NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...)
@@ -11898,8 +11951,7 @@ CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary
- exim4 4.92.1-3
NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
-CVE-2019-15845 [A NUL injection vulnerability of File.fnmatch and File.fnmatch?]
- RESERVED
+CVE-2019-15845 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 misha ...)
{DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
@@ -12364,14 +12416,14 @@ CVE-2019-15690
RESERVED
CVE-2019-15689
RESERVED
-CVE-2019-15688
- RESERVED
-CVE-2019-15687
- RESERVED
-CVE-2019-15686
- RESERVED
-CVE-2019-15685
- RESERVED
+CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
+ TODO: check
+CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
+ TODO: check
+CVE-2019-15686 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
+ TODO: check
+CVE-2019-15685 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
+ TODO: check
CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to ...)
NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome
CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...)
@@ -15010,8 +15062,7 @@ CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and An
- ansible 2.8.6+dfsg-1 (bug #942332)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
-CVE-2019-14857
- RESERVED
+CVE-2019-14857 (mod_auth_openidc before version 2.4.0.1 is vulnerable to a None ...)
{DLA-1996-1}
- libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -15033,8 +15084,7 @@ CVE-2019-14855 [WoT forgeries using SHA-1]
CVE-2019-14854
RESERVED
NOT-FOR-US: OpenShift
-CVE-2019-14853
- RESERVED
+CVE-2019-14853 (An error-handling flaw was found in python-ecdsa. During signature dec ...)
{DLA-1978-1}
- python-ecdsa 0.13.3-1
NOTE: https://github.com/warner/python-ecdsa/issues/114
@@ -15097,8 +15147,8 @@ CVE-2019-14844 (A flaw was found in, Fedora versions of krb5 from 1.16.1 to, inc
CVE-2019-14843
RESERVED
- wildfly <itp> (bug #752018)
-CVE-2019-14842
- RESERVED
+CVE-2019-14842 (Structured reply is a feature of the newstyle NBD protocol allowing th ...)
+ TODO: check
CVE-2019-14841
RESERVED
CVE-2019-14840
@@ -16792,8 +16842,8 @@ CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not
NOT-FOR-US: Repetier-Server
CVE-2019-14450 (A directory traversal vulnerability was discovered in RepetierServer.e ...)
NOT-FOR-US: Repetier-Server
-CVE-2019-14449
- RESERVED
+CVE-2019-14449 (An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x b ...)
+ TODO: check
CVE-2019-14448
RESERVED
CVE-2019-14447
@@ -22821,8 +22871,7 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki
NOTE: The code in squid 3.x limits the amount of input data decoded to one byte less
NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded
NOTE: without regard for the size of the target buffer.
-CVE-2019-12526 [Heap Overflow issue in URN processing]
- RESERVED
+CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in ...)
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
@@ -22836,8 +22885,7 @@ CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x th
NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch
CVE-2019-12524
RESERVED
-CVE-2019-12523 [Multiple issues in URI processing]
- RESERVED
+CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...)
- squid 4.9-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
@@ -22923,8 +22971,8 @@ CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacke
NOT-FOR-US: OnApp
CVE-2019-12490
RESERVED
-CVE-2019-12489
- RESERVED
+CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...)
+ TODO: check
CVE-2019-12488
RESERVED
CVE-2019-12487
@@ -29231,8 +29279,7 @@ CVE-2019-10207 (A flaw was found in the Linux kernel's Bluetooth implementation
NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
NOTE: https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73
-CVE-2019-14856 [Incomplete fix for CVE-2019-10206]
- RESERVED
+CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ...)
- ansible <not-affected> (Incomplete fix for CVE-2019-10206 not applied)
NOTE: https://github.com/ansible/ansible/pull/63351
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
@@ -38205,8 +38252,8 @@ CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a craf
[jessie] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/33/
NOTE: https://sourceforge.net/p/podofo/code/1954
-CVE-2019-7319
- RESERVED
+CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When usin ...)
+ TODO: check
CVE-2019-7318
RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...)
@@ -39746,8 +39793,8 @@ CVE-2019-6677
RESERVED
CVE-2019-6676
RESERVED
-CVE-2019-6675
- RESERVED
+CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...)
+ TODO: check
CVE-2019-6674
RESERVED
CVE-2019-6673
@@ -40206,8 +40253,7 @@ CVE-2019-6479
RESERVED
CVE-2019-6478
RESERVED
-CVE-2019-6477 [TCP-pipelined queries can bypass tcp-clients limit]
- RESERVED
+CVE-2019-6477 (With pipelining enabled each incoming query on a TCP connection requir ...)
- bind9 <unfixed> (bug #945171)
[buster] - bind9 <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - bind9 <no-dsa> (Minor issue; can be fixed via point release)
@@ -45249,8 +45295,8 @@ CVE-2019-4389
RESERVED
CVE-2019-4388
RESERVED
-CVE-2019-4387
- RESERVED
+CVE-2019-4387 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 i ...)
+ TODO: check
CVE-2019-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2019-4385 (IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password i ...)
@@ -51714,8 +51760,8 @@ CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a director
NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...)
NOT-FOR-US: Cloudera Data Science Workbench
-CVE-2018-20090
- RESERVED
+CVE-2018-20090 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4. ...)
+ TODO: check
CVE-2018-20089
RESERVED
CVE-2018-20088
@@ -62678,8 +62724,8 @@ CVE-2018-17862
RESERVED
CVE-2018-17861
RESERVED
-CVE-2018-17860
- RESERVED
+CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...)
+ TODO: check
CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
NOT-FOR-US: Joomla!
CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer action ...)
@@ -142599,8 +142645,8 @@ CVE-2016-1000348
REJECTED
CVE-2016-1000268
REJECTED
-CVE-2017-7399
- RESERVED
+CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x be ...)
+ TODO: check
CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request For ...)
NOT-FOR-US: D-Link
CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a de ...)
@@ -164239,8 +164285,8 @@ CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows
NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches)
CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...)
NOT-FOR-US: Exponent CMS
-CVE-2016-9271
- RESERVED
+CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...)
+ TODO: check
CVE-2016-9270
RESERVED
CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...)
@@ -173487,8 +173533,8 @@ CVE-2016-6356 (A vulnerability in the email message filtering feature of Cisco A
NOT-FOR-US: Cisco
CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, ...)
NOT-FOR-US: Cisco
-CVE-2016-6353
- RESERVED
+CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...)
+ TODO: check
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...)
- resteasy <unfixed> (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
@@ -175780,8 +175826,8 @@ CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on
- jsch 0.1.54-1 (low)
[jessie] - jsch <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/
-CVE-2016-5724
- RESERVED
+CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagn ...)
+ TODO: check
CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
NOT-FOR-US: Huawei
CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3 ...)
@@ -179956,8 +180002,8 @@ CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial of
- libksba 1.3.4-3
[jessie] - libksba 1.3.2-1+deb8u1
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
-CVE-2016-4572
- RESERVED
+CVE-2016-4572 (In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do ...)
+ TODO: check
CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN decoder ( ...)
- libksba 1.3.4-3
[jessie] - libksba <not-affected> (Incomplete fix not applied)
@@ -183860,8 +183906,8 @@ CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added pag
NOT-FOR-US: Fortinet
CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance web-applicat ...)
NOT-FOR-US: Fortinet
-CVE-2016-3192
- RESERVED
+CVE-2016-3192 (Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext R ...)
+ TODO: check
CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
- cairo 1.14.2-2
[jessie] - cairo 1.14.0-2.1+deb8u1
@@ -183999,8 +184045,8 @@ CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet f
- php7.0 7.0.6-1
NOTE: https://bugs.php.net/bug.php?id=71735
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
-CVE-2016-3131
- RESERVED
+CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...)
+ TODO: check
CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...)
NOT-FOR-US: BlackBerry
CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good Enterpri ...)
@@ -196836,8 +196882,8 @@ CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1.
NOTE: initial fix missed a second needed commit.
CVE-2015-7832
RESERVED
-CVE-2015-7831
- RESERVED
+CVE-2015-7831 (In Cloudera Hue, there is privilege escalation by a read-only user whe ...)
+ TODO: check
CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
NOT-FOR-US: Adobe
CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require authentication ...)
@@ -200627,8 +200673,8 @@ CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.
NOT-FOR-US: Alcatel-Lucent Home Device Manager
CVE-2015-6497
RESERVED
-CVE-2015-6495
- RESERVED
+CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 Diagno ...)
+ TODO: check
CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango ...)
NOT-FOR-US: Infinite Automation Mango Automation
CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite Automation ...)
@@ -206324,8 +206370,8 @@ CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7718
NOTE: http://jvn.jp/en/jp/JVN78187936/
NOTE: Fixed upstream in 0.8.8d
-CVE-2015-4457
- RESERVED
+CVE-2015-4457 (Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Ma ...)
+ TODO: check
CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::igno ...)
{DSA-3363-1}
- owncloud-client 1.8.4+dfsg-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/647c94837c09b9bff91be27e3e05ca772148b252
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/647c94837c09b9bff91be27e3e05ca772148b252
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191126/0c162712/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list