[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Oct 2 21:10:37 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6188e5bc by security tracker role at 2019-10-02T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2019-17103
+	RESERVED
+CVE-2019-17102
+	RESERVED
+CVE-2019-17101
+	RESERVED
+CVE-2019-17100
+	RESERVED
+CVE-2019-17099
+	RESERVED
+CVE-2019-17098
+	RESERVED
+CVE-2019-17097
+	RESERVED
+CVE-2019-17096
+	RESERVED
+CVE-2019-17095
+	RESERVED
+CVE-2019-17094
+	RESERVED
+CVE-2019-17093
+	RESERVED
+CVE-2019-17092
+	RESERVED
+CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used  ...)
+	TODO: check
+CVE-2019-17090
+	RESERVED
+CVE-2019-17089
+	RESERVED
+CVE-2019-17088
+	RESERVED
+CVE-2019-17087
+	RESERVED
+CVE-2019-17086
+	RESERVED
+CVE-2019-17085
+	RESERVED
+CVE-2019-17084
+	RESERVED
+CVE-2019-17083
+	RESERVED
+CVE-2019-17082
+	RESERVED
+CVE-2019-17081
+	RESERVED
+CVE-2019-17080 (mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code ex ...)
+	TODO: check
+CVE-2019-17079
+	RESERVED
+CVE-2019-17078
+	RESERVED
+CVE-2019-17077
+	RESERVED
+CVE-2019-17076
+	RESERVED
 CVE-2019-17075 (An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cx ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/lkml/20191001165611.GA3542072@kroah.com
@@ -803,7 +859,7 @@ CVE-2019-16757
 	RESERVED
 CVE-2019-16756
 	RESERVED
-CVE-2019-16755 (An unspecified vulnerability in both DWP and SmartIT components can pe ...)
+CVE-2019-16755 (BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both  ...)
 	NOT-FOR-US: BMC MyIT Digital Workplace DWP
 CVE-2019-16754 (RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implem ...)
 	NOT-FOR-US: RIOT RIOT-OS
@@ -1633,8 +1689,8 @@ CVE-2019-16409 (In the Versioned Files module through 2.0.3 for SilverStripe 3.x
 	NOT-FOR-US: SilverStripe
 CVE-2019-16408
 	RESERVED
-CVE-2019-16407
-	RESERVED
+CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a DLL Hi ...)
+	TODO: check
 CVE-2019-16406
 	RESERVED
 CVE-2019-16405
@@ -2423,8 +2479,8 @@ CVE-2019-16173 (LimeSurvey before v3.17.14 allows reflected XSS for escalating p
 	- limesurvey <itp> (bug #472802)
 CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating privileges ...)
 	- limesurvey <itp> (bug #472802)
-CVE-2019-16171
-	RESERVED
+CVE-2019-16171 (In JetBrains YouTrack through 2019.2.56594, stored XSS was found on th ...)
+	TODO: check
 CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and 12.x bef ...)
 	[experimental] - gitlab 12.0.9-1
 	- gitlab <unfixed> (bug #940007)
@@ -2567,8 +2623,8 @@ CVE-2019-16118 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gal
 	NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress
 CVE-2019-16117 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery)  ...)
 	NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress
-CVE-2019-16116
-	RESERVED
+CVE-2019-16116 (EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable  ...)
+	TODO: check
 CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the applicatio ...)
@@ -4836,8 +4892,8 @@ CVE-2019-15274
 	RESERVED
 CVE-2019-15273
 	RESERVED
-CVE-2019-15272
-	RESERVED
+CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
+	TODO: check
 CVE-2019-15271
 	RESERVED
 CVE-2019-15270
@@ -4862,14 +4918,14 @@ CVE-2019-15261
 	RESERVED
 CVE-2019-15260
 	RESERVED
-CVE-2019-15259
-	RESERVED
+CVE-2019-15259 (A vulnerability in Cisco Unified Contact Center Express (UCCX) Softwar ...)
+	TODO: check
 CVE-2019-15258
 	RESERVED
 CVE-2019-15257
 	RESERVED
-CVE-2019-15256
-	RESERVED
+CVE-2019-15256 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
+	TODO: check
 CVE-2019-15255
 	RESERVED
 CVE-2019-15254
@@ -5666,16 +5722,16 @@ CVE-2019-15042 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had n
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15041 (JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL  ...)
 	NOT-FOR-US: JetBrains YouTrack
-CVE-2019-15040
-	RESERVED
+CVE-2019-15040 (JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on  ...)
+	TODO: check
 CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possi ...)
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity s ...)
 	NOT-FOR-US: JetBrains TeamCity
-CVE-2019-15037
-	RESERVED
-CVE-2019-15036
-	RESERVED
+CVE-2019-15037 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had several ...)
+	TODO: check
+CVE-2019-15036 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...)
+	TODO: check
 CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...)
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15034
@@ -5921,14 +5977,14 @@ CVE-2019-14961 (JetBrains Upsource before 2019.1.1412 was not properly escaping
 	NOT-FOR-US: JetBrains Upsource
 CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider. ...)
 	NOT-FOR-US: JetBrains Rider
-CVE-2019-14959
-	RESERVED
-CVE-2019-14958
-	RESERVED
+CVE-2019-14959 (JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a ...)
+	TODO: check
+CVE-2019-14958 (JetBrains PyCharm before 2019.2 was allocating a buffer of unknown siz ...)
+	TODO: check
 CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing individual pr ...)
 	NOT-FOR-US: JetBrains Vim plugin
-CVE-2019-14956
-	RESERVED
+CVE-2019-14956 (JetBrains YouTrack before 2019.2.53938 was using incorrect settings, a ...)
+	TODO: check
 CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was no opti ...)
 	NOT-FOR-US: JetBrains Hub
 CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...)
@@ -6584,7 +6640,7 @@ CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel al
 	NOT-FOR-US: Backpack\CRUD Backpack
 CVE-2019-14753 (SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buff ...)
 	NOT-FOR-US: SICK FX0-GPNT00000 and FX0-GENT00000 devices
-CVE-2019-14752 (SuiteCRM 7.10.x and 7.11.x has XSS. ...)
+CVE-2019-14752 (SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...)
 	- nltk 3.4.5-1 (low; bug #935201)
@@ -7399,8 +7455,8 @@ CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a
 	NOT-FOR-US: Opengear console server firmware
 CVE-2019-14455
 	RESERVED
-CVE-2019-14454
-	RESERVED
+CVE-2019-14454 (SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to  ...)
+	TODO: check
 CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit  ...)
 	NOT-FOR-US: Windu CMS
 CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...)
@@ -9265,8 +9321,8 @@ CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle
 	NOT-FOR-US: Bento4
 CVE-2019-13958
 	RESERVED
-CVE-2019-13957
-	RESERVED
+CVE-2019-13957 (In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprov ...)
+	TODO: check
 CVE-2019-13956 (Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Discuz!ML
 CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...)
@@ -9905,8 +9961,8 @@ CVE-2019-13660
 CVE-2019-13659
 	RESERVED
 	- chromium <unfixed>
-CVE-2019-13658
-	RESERVED
+CVE-2019-13658 (CA Network Flow Analysis 9.x and 10.0.x have a default credential vuln ...)
+	TODO: check
 CVE-2019-13657
 	RESERVED
 CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA Technologies C ...)
@@ -11731,8 +11787,8 @@ CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the
 	NOTE: Squid 3.x: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-5730c2b5cb56e7639dc423dd62651c8736a54e35.patch
 CVE-2019-13344 (An authentication bypass vulnerability in the CRUDLab WP Like Button p ...)
 	NOT-FOR-US: CRUDLab WP Like Button plugin for WordPress
-CVE-2019-13343
-	RESERVED
+CVE-2019-13343 (Butor Portal before 1.0.27 is affected by a Path Traversal vulnerabili ...)
+	TODO: check
 CVE-2019-13342
 	RESERVED
 CVE-2019-13341 (In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment b ...)
@@ -11747,8 +11803,8 @@ CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic authentication
 	NOT-FOR-US: WESEEK GROWI
 CVE-2019-13336
 	RESERVED
-CVE-2019-13335
-	RESERVED
+CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has  ...)
+	TODO: check
 CVE-2019-13334
 	RESERVED
 CVE-2019-13333
@@ -12640,8 +12696,8 @@ CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071
 	NOT-FOR-US: Realization Concerto Critical Chain Planner
 CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Inject ...)
 	NOT-FOR-US: OXID eShop
-CVE-2019-13025
-	RESERVED
+CVE-2019-13025 (Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorre ...)
+	TODO: check
 CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...)
 	NOT-FOR-US: Centreon web UI (not packaged in Debian)
 CVE-2019-13023
@@ -13469,10 +13525,10 @@ CVE-2019-12739 (lib/Controller/ExtractionController.php in the Extract add-on be
 	- nextcloud <itp> (bug #835086)
 CVE-2019-12738
 	RESERVED
-CVE-2019-12737
-	RESERVED
-CVE-2019-12736
-	RESERVED
+CVE-2019-12737 (UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a ...)
+	TODO: check
+CVE-2019-12736 (JetBrains Ktor framework before 1.2.0-rc does not sanitize the usernam ...)
+	TODO: check
 CVE-2019-12734
 	RESERVED
 CVE-2019-12733
@@ -13518,28 +13574,28 @@ CVE-2019-12718
 	RESERVED
 CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...)
 	NOT-FOR-US: Cisco
-CVE-2019-12716
-	RESERVED
-CVE-2019-12715
-	RESERVED
-CVE-2019-12714
-	RESERVED
-CVE-2019-12713
-	RESERVED
-CVE-2019-12712
-	RESERVED
-CVE-2019-12711
-	RESERVED
-CVE-2019-12710
-	RESERVED
+CVE-2019-12716 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
+	TODO: check
+CVE-2019-12715 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
+	TODO: check
+CVE-2019-12714 (A vulnerability in the web-based management interface of Cisco IC3000  ...)
+	TODO: check
+CVE-2019-12713 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+	TODO: check
+CVE-2019-12712 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+	TODO: check
+CVE-2019-12711 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
+	TODO: check
+CVE-2019-12710 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
+	TODO: check
 CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization manager ...)
 	NOT-FOR-US: Cisco
 CVE-2019-12708
 	RESERVED
-CVE-2019-12707
-	RESERVED
-CVE-2019-12706
-	RESERVED
+CVE-2019-12707 (A vulnerability in the web-based interface of multiple Cisco Unified C ...)
+	TODO: check
+CVE-2019-12706 (A vulnerability in the Sender Policy Framework (SPF) functionality of  ...)
+	TODO: check
 CVE-2019-12705
 	RESERVED
 CVE-2019-12704
@@ -13548,64 +13604,64 @@ CVE-2019-12703
 	RESERVED
 CVE-2019-12702
 	RESERVED
-CVE-2019-12701
-	RESERVED
-CVE-2019-12700
-	RESERVED
-CVE-2019-12699
-	RESERVED
-CVE-2019-12698
-	RESERVED
-CVE-2019-12697
-	RESERVED
-CVE-2019-12696
-	RESERVED
-CVE-2019-12695
-	RESERVED
-CVE-2019-12694
-	RESERVED
-CVE-2019-12693
-	RESERVED
+CVE-2019-12701 (A vulnerability in the file and malware inspection feature of Cisco Fi ...)
+	TODO: check
+CVE-2019-12700 (A vulnerability in the configuration of the Pluggable Authentication M ...)
+	TODO: check
+CVE-2019-12699 (Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco F ...)
+	TODO: check
+CVE-2019-12698 (A vulnerability in the WebVPN feature of Cisco Adaptive Security Appli ...)
+	TODO: check
+CVE-2019-12697 (Multiple vulnerabilities in the Cisco Firepower System Software Detect ...)
+	TODO: check
+CVE-2019-12696 (Multiple vulnerabilities in the Cisco Firepower System Software Detect ...)
+	TODO: check
+CVE-2019-12695 (A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Ada ...)
+	TODO: check
+CVE-2019-12694 (A vulnerability in the command line interface (CLI) of Cisco Firepower ...)
+	TODO: check
+CVE-2019-12693 (A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Sec ...)
+	TODO: check
 CVE-2019-12692
 	RESERVED
-CVE-2019-12691
-	RESERVED
-CVE-2019-12690
-	RESERVED
-CVE-2019-12689
-	RESERVED
-CVE-2019-12688
-	RESERVED
-CVE-2019-12687
-	RESERVED
-CVE-2019-12686
-	RESERVED
-CVE-2019-12685
-	RESERVED
-CVE-2019-12684
-	RESERVED
-CVE-2019-12683
-	RESERVED
-CVE-2019-12682
-	RESERVED
-CVE-2019-12681
-	RESERVED
-CVE-2019-12680
-	RESERVED
-CVE-2019-12679
-	RESERVED
-CVE-2019-12678
-	RESERVED
-CVE-2019-12677
-	RESERVED
-CVE-2019-12676
-	RESERVED
-CVE-2019-12675
-	RESERVED
-CVE-2019-12674
-	RESERVED
-CVE-2019-12673
-	RESERVED
+CVE-2019-12691 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+	TODO: check
+CVE-2019-12690 (A vulnerability in the web UI of the Cisco Firepower Management Center ...)
+	TODO: check
+CVE-2019-12689 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+	TODO: check
+CVE-2019-12688 (A vulnerability in the web UI of the Cisco Firepower Management Center ...)
+	TODO: check
+CVE-2019-12687 (A vulnerability in the web UI of the Cisco Firepower Management Center ...)
+	TODO: check
+CVE-2019-12686 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12685 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12684 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12683 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12682 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12681 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12680 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12679 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2019-12678 (A vulnerability in the Session Initiation Protocol (SIP) inspection mo ...)
+	TODO: check
+CVE-2019-12677 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...)
+	TODO: check
+CVE-2019-12676 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
+	TODO: check
+CVE-2019-12675 (Multiple vulnerabilities in the multi-instance feature of Cisco Firepo ...)
+	TODO: check
+CVE-2019-12674 (Multiple vulnerabilities in the multi-instance feature of Cisco Firepo ...)
+	TODO: check
+CVE-2019-12673 (A vulnerability in the FTP inspection engine of Cisco Adaptive Securit ...)
+	TODO: check
 CVE-2019-12672 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
 	NOT-FOR-US: Cisco
 CVE-2019-12671 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
@@ -13688,10 +13744,10 @@ CVE-2019-12633 (A vulnerability in Cisco Unified Contact Center Express (Unified
 	NOT-FOR-US: Cisco
 CVE-2019-12632 (A vulnerability in Cisco Finesse could allow an unauthenticated, remot ...)
 	NOT-FOR-US: Cisco
-CVE-2019-12631
-	RESERVED
-CVE-2019-12630
-	RESERVED
+CVE-2019-12631 (A vulnerability in the web-based guest portal of Cisco Identity Servic ...)
+	TODO: check
+CVE-2019-12630 (A vulnerability in the Java deserialization function used by Cisco Sec ...)
+	TODO: check
 CVE-2019-12629
 	RESERVED
 CVE-2019-12628
@@ -14687,7 +14743,7 @@ CVE-2019-12257 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2019-12255 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP co ...)
+CVE-2019-12255 (Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12254
 	RESERVED
@@ -14973,10 +15029,10 @@ CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in
 	NOT-FOR-US: GoHTTP
 CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...)
 	NOT-FOR-US: GoHTTP
-CVE-2019-12157
-	RESERVED
-CVE-2019-12156
-	RESERVED
+CVE-2019-12157 (In JetBrains TeamCity versions before 2018.2.5 and UpSource versions b ...)
+	TODO: check
+CVE-2019-12156 (Server metadata could be exposed because one of the error messages ref ...)
+	TODO: check
 CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NUL ...)
 	{DSA-4454-1 DLA-1927-1}
 	- qemu 1:3.1+dfsg-8 (bug #929353)
@@ -15500,8 +15556,8 @@ CVE-2019-11931
 	RESERVED
 CVE-2019-11930
 	RESERVED
-CVE-2019-11929
-	RESERVED
+CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format  ...)
+	TODO: check
 CVE-2019-11928
 	RESERVED
 CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows a remot ...)
@@ -18451,7 +18507,7 @@ CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/O
 	NOT-FOR-US: CentOS-WebPanel.com
 CVE-2019-10892 (An issue was discovered in D-Link DIR-806 devices.There is an stack ov ...)
 	NOT-FOR-US: D-Link
-CVE-2019-10891 (D-Link DIR-806 devices allow remote attackers to execute arbitrary she ...)
+CVE-2019-10891 (An issue was discovered in D-Link DIR-806 devices. There is a command  ...)
 	NOT-FOR-US: D-Link
 CVE-2019-10890
 	RESERVED
@@ -20116,8 +20172,7 @@ CVE-2019-10214
 CVE-2019-10213
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2019-10212
-	RESERVED
+CVE-2019-10212 (A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for i ...)
 	- undertow <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1731984
 CVE-2019-10211
@@ -26032,8 +26087,8 @@ CVE-2019-8464
 	RESERVED
 CVE-2019-8463
 	RESERVED
-CVE-2019-8462
-	RESERVED
+CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before JHF Tak ...)
+	TODO: check
 CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
 	NOT-FOR-US: Check Point
 CVE-2019-8460 (Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologi ...)
@@ -34608,8 +34663,8 @@ CVE-2019-5033 (An exploitable out-of-bounds read vulnerability exists in the Num
 	NOT-FOR-US: Aspose
 CVE-2019-5032 (An exploitable out-of-bounds read vulnerability exists in the LabelSst ...)
 	NOT-FOR-US: Aspose
-CVE-2019-5031
-	RESERVED
+CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the JavaScrip ...)
+	TODO: check
 CVE-2019-5030
 	RESERVED
 CVE-2019-5029
@@ -35613,8 +35668,8 @@ CVE-2019-4551
 	RESERVED
 CVE-2019-4550
 	RESERVED
-CVE-2019-4549
-	RESERVED
+CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive information to ...)
+	TODO: check
 CVE-2019-4548
 	RESERVED
 CVE-2019-4547
@@ -35627,16 +35682,16 @@ CVE-2019-4544
 	RESERVED
 CVE-2019-4543
 	RESERVED
-CVE-2019-4542
-	RESERVED
+CVE-2019-4542 (IBM Security Directory Server 6.4.0 is vulnerable to cross-site script ...)
+	TODO: check
 CVE-2019-4541
 	RESERVED
 CVE-2019-4540
 	RESERVED
-CVE-2019-4539
-	RESERVED
-CVE-2019-4538
-	RESERVED
+CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly neutralize speci ...)
+	TODO: check
+CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote attacker to c ...)
+	TODO: check
 CVE-2019-4537
 	RESERVED
 CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a  ...)
@@ -35671,8 +35726,8 @@ CVE-2019-4522
 	RESERVED
 CVE-2019-4521
 	RESERVED
-CVE-2019-4520
-	RESERVED
+CVE-2019-4520 (IBM Security Directory Server 6.4.0 uses an inadequate account lockout ...)
+	TODO: check
 CVE-2019-4519
 	RESERVED
 CVE-2019-4518
@@ -43734,8 +43789,8 @@ CVE-2019-1917 (A vulnerability in the REST API interface of Cisco Vision Dynamic
 	NOT-FOR-US: Cisco
 CVE-2019-1916
 	RESERVED
-CVE-2019-1915
-	RESERVED
+CVE-2019-1915 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
+	TODO: check
 CVE-2019-1914 (A vulnerability in the web management interface of Cisco Small Busines ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1913 (Multiple vulnerabilities in the web management interface of Cisco Smal ...)
@@ -104214,7 +104269,7 @@ CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables ta
 	NOT-FOR-US: Octopus Deploy
 CVE-2017-16809
 	RESERVED
-CVE-2017-16808 (tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print i ...)
+CVE-2017-16808 (tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_ ...)
 	- tcpdump 4.9.3~git20190901-1 (unimportant; bug #881862)
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/645
 	NOTE: Crash in CLI tool, no security impact



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6188e5bc75052001129a4a99c2f14cb0dca11cb0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6188e5bc75052001129a4a99c2f14cb0dca11cb0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191002/3fd58689/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list