[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 11 21:10:40 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d56ced60 by security tracker role at 2019-10-11T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2019-17504 (An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5. ...)
+ TODO: check
+CVE-2019-17503 (An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5. ...)
+ TODO: check
+CVE-2019-17502
+ RESERVED
+CVE-2019-17501
+ RESERVED
+CVE-2019-17500
+ RESERVED
+CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
+ TODO: check
+CVE-2019-17498
+ RESERVED
+CVE-2018-21028
+ RESERVED
+CVE-2018-21027
+ RESERVED
+CVE-2015-9492 (The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 fo ...)
+ TODO: check
+CVE-2015-9491 (The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 f ...)
+ TODO: check
+CVE-2015-9490 (The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPr ...)
+ TODO: check
+CVE-2015-9489 (The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 fo ...)
+ TODO: check
+CVE-2015-9488 (The ThemeMakers Almera Responsive Portfolio Site Template component th ...)
+ TODO: check
+CVE-2015-9487 (The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 f ...)
+ TODO: check
+CVE-2015-9486 (The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for ...)
+ TODO: check
+CVE-2015-9485 (The ThemeMakers Accio Responsive Parallax One Page Site Template compo ...)
+ TODO: check
+CVE-2015-9484 (The ThemeMakers Accio One Page Parallax Responsive theme through 2015- ...)
+ TODO: check
+CVE-2015-9483 (The ThemeMakers Invento Responsive Gallery/Architecture Template compo ...)
+ TODO: check
+CVE-2015-9482 (The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015 ...)
+ TODO: check
+CVE-2015-9481 (The ThemeMakers Diplomat | Political theme through 2015-05-15 for Word ...)
+ TODO: check
+CVE-2010-5340 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
+ TODO: check
+CVE-2010-5339 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
+ TODO: check
+CVE-2010-5338 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
+ TODO: check
+CVE-2010-5337 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
+ TODO: check
+CVE-2010-5336 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admi ...)
+ TODO: check
+CVE-2010-5335 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...)
+ TODO: check
+CVE-2010-5334 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...)
+ TODO: check
CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft ...)
NOT-FOR-US: Tracker PDF-XChange Editor
CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This field is ...)
@@ -971,8 +1027,8 @@ CVE-2019-17061
RESERVED
CVE-2019-17060
RESERVED
-CVE-2019-17059
- RESERVED
+CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam firewall applia ...)
+ TODO: check
CVE-2019-17058
RESERVED
CVE-2019-17057
@@ -8056,10 +8112,10 @@ CVE-2019-14572
RESERVED
CVE-2019-14571
RESERVED
-CVE-2019-14570
- RESERVED
-CVE-2019-14569
- RESERVED
+CVE-2019-14570 (Memory corruption in system firmware for Intel(R) NUC may allow a priv ...)
+ TODO: check
+CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may allow a pri ...)
+ TODO: check
CVE-2019-14568
RESERVED
CVE-2019-14567
@@ -8238,8 +8294,8 @@ CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authenticatio
NOTE: sphinxsearch should ideally update the defaults in sample configs to bind
NOTE: listeners to localhost.
NOTE: This is not treated as a vulnerability, subject to design choices for deployment
-CVE-2019-14510
- RESERVED
+CVE-2019-14510 (An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using ...)
+ TODO: check
CVE-2019-14509
RESERVED
CVE-2019-14508
@@ -18721,8 +18777,8 @@ CVE-2019-11169
RESERVED
CVE-2019-11168
RESERVED
-CVE-2019-11167
- RESERVED
+CVE-2019-11167 (Improper file permission in software installer for Intel(R) Smart Conn ...)
+ TODO: check
CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy Streaming ...)
NOT-FOR-US: Intel
CVE-2019-11165
@@ -18815,8 +18871,8 @@ CVE-2019-11122
RESERVED
CVE-2019-11121
RESERVED
-CVE-2019-11120
- RESERVED
+CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active System ...)
+ TODO: check
CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...)
NOT-FOR-US: Intel
CVE-2019-11118
@@ -32344,12 +32400,12 @@ CVE-2019-6337
RESERVED
CVE-2019-6336
RESERVED
-CVE-2019-6335
- RESERVED
+CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...)
+ TODO: check
CVE-2019-6334
RESERVED
-CVE-2019-6333
- RESERVED
+CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...)
+ TODO: check
CVE-2019-6332
RESERVED
CVE-2019-6331
@@ -34839,7 +34895,7 @@ CVE-2019-5419 (There is a possible denial of service vulnerability in Action Vie
- rails 2:5.2.2.1+dfsg-1 (bug #924520)
[stretch] - rails 2:4.2.7.1-1+deb9u1
NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/4
-CVE-2019-5418 (There is a File Content Disclosure vulnerability in Action View (Rails ...)
+CVE-2019-5418 (There is a File Content Disclosure vulnerability in Action View <5. ...)
{DLA-1739-1}
- rails 2:5.2.2.1+dfsg-1 (bug #924520)
[stretch] - rails 2:4.2.7.1-1+deb9u1
@@ -43894,8 +43950,8 @@ CVE-2019-2217
RESERVED
CVE-2019-2216
RESERVED
-CVE-2019-2215
- RESERVED
+CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...)
+ TODO: check
CVE-2019-2214
RESERVED
CVE-2019-2213
@@ -43950,16 +44006,16 @@ CVE-2019-2189 (In the Easel driver, there is possible memory corruption due to r
NOT-FOR-US: Android
CVE-2019-2188 (In the Easel driver, there is possible memory corruption due to race c ...)
NOT-FOR-US: Android
-CVE-2019-2187
- RESERVED
-CVE-2019-2186
- RESERVED
-CVE-2019-2185
- RESERVED
-CVE-2019-2184
- RESERVED
-CVE-2019-2183
- RESERVED
+CVE-2019-2187 (In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out o ...)
+ TODO: check
+CVE-2019-2186 (In GetMBheader of combined_decode.cpp, there is a possible out of boun ...)
+ TODO: check
+CVE-2019-2185 (In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible ...)
+ TODO: check
+CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a poss ...)
+ TODO: check
+CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...)
+ TODO: check
CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...)
- linux 4.16.5-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -43989,8 +44045,8 @@ CVE-2019-2175 (In checkAccess of SliceManagerService.java in Android 9, there is
NOT-FOR-US: Android
CVE-2019-2174 (In SensorManager::assertStateLocked of SensorManager.cpp in Android 7. ...)
NOT-FOR-US: Android
-CVE-2019-2173
- RESERVED
+CVE-2019-2173 (In startActivityMayWait of ActivityStarter.java, there is a possible i ...)
+ TODO: check
CVE-2019-2172 (In libxaac there is a possible information disclosure due to uninitial ...)
NOT-FOR-US: Android
CVE-2019-2171 (In libxaac there is a possible information disclosure due to uninitial ...)
@@ -44107,16 +44163,16 @@ CVE-2019-2116 (In save_attr_seq of sdp_discovery.cc, there is a possible out-of-
NOT-FOR-US: Android
CVE-2019-2115 (In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2 ...)
NOT-FOR-US: Android
-CVE-2019-2114
- RESERVED
+CVE-2019-2114 (In the default privileges of NFC, there is a possible local bypass of ...)
+ TODO: check
CVE-2019-2113 (In setup wizard there is a bypass of some checks when wifi connection ...)
NOT-FOR-US: Android
CVE-2019-2112 (In several functions of alarm.cc, there is possible memory corruption ...)
NOT-FOR-US: Android
CVE-2019-2111 (In loop of DnsTlsSocket.cpp, there is a possible heap memory corruptio ...)
NOT-FOR-US: Android
-CVE-2019-2110
- RESERVED
+CVE-2019-2110 (In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a ...)
+ TODO: check
CVE-2019-2109 (In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a pos ...)
NOT-FOR-US: Android media framework
CVE-2019-2108 (In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a poss ...)
@@ -48997,7 +49053,7 @@ CVE-2019-0381 (A binary planting in SAP SQL Anywhere, before version 17.0, SAP I
NOT-FOR-US: SAP
CVE-2019-0380 (Under certain conditions, SAP Landscape Management enterprise edition, ...)
NOT-FOR-US: SAP
-CVE-2019-0379 (In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1. ...)
+CVE-2019-0379 (SAP Process Integration, business-to-business add-on, versions 1.0, 2. ...)
NOT-FOR-US: SAP
CVE-2019-0378 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
NOT-FOR-US: SAP
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d56ced6047dcf96ca6e2b53fd8e265328da8705b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d56ced6047dcf96ca6e2b53fd8e265328da8705b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191011/fefcce93/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list