[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 25 21:10:35 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a32fbbe by security tracker role at 2019-10-25T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-18445
+ RESERVED
+CVE-2019-18444
+ RESERVED
+CVE-2019-18443
+ RESERVED
+CVE-2019-18442
+ RESERVED
+CVE-2019-18441
+ RESERVED
+CVE-2019-18440
+ RESERVED
+CVE-2019-18439
+ RESERVED
+CVE-2019-18438
+ RESERVED
+CVE-2019-18437
+ RESERVED
+CVE-2019-18436
+ RESERVED
+CVE-2019-18435
+ RESERVED
+CVE-2019-18434
+ RESERVED
+CVE-2019-18433
+ RESERVED
+CVE-2019-18432
+ RESERVED
+CVE-2019-18431
+ RESERVED
+CVE-2019-18430
+ RESERVED
+CVE-2019-18429
+ RESERVED
+CVE-2019-18428
+ RESERVED
+CVE-2019-18427
+ RESERVED
+CVE-2019-18426
+ RESERVED
CVE-2019-18425
RESERVED
CVE-2019-18424
@@ -3922,22 +3962,22 @@ CVE-2019-17147
RESERVED
CVE-2019-17146
RESERVED
-CVE-2019-17145
- RESERVED
-CVE-2019-17144
- RESERVED
-CVE-2019-17143
- RESERVED
-CVE-2019-17142
- RESERVED
-CVE-2019-17141
- RESERVED
-CVE-2019-17140
- RESERVED
-CVE-2019-17139
- RESERVED
-CVE-2019-17138
- RESERVED
+CVE-2019-17145 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17144 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17143 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2019-17142 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17141 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17140 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17139 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
CVE-2019-17137
RESERVED
CVE-2019-17136
@@ -6208,8 +6248,8 @@ CVE-2019-16267
RESERVED
CVE-2019-16266
RESERVED
-CVE-2019-16265
- RESERVED
+CVE-2019-16265 (3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow. ...)
+ TODO: check
CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...)
NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)
CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properly vali ...)
@@ -12233,8 +12273,8 @@ CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allo
NOTE: https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4
NOTE: https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f
NOTE: https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4
-CVE-2019-14451
- RESERVED
+CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not proper ...)
+ TODO: check
CVE-2019-14450
RESERVED
CVE-2019-14449
@@ -15511,22 +15551,22 @@ CVE-2019-13555
RESERVED
CVE-2019-13554
RESERVED
-CVE-2019-13553
- RESERVED
+CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
+ TODO: check
CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
NOT-FOR-US: WebAccess
CVE-2019-13551
RESERVED
CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...)
NOT-FOR-US: WebAccess
-CVE-2019-13549
- RESERVED
+CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
+ TODO: check
CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
NOT-FOR-US: CODESYS
CVE-2019-13547
RESERVED
-CVE-2019-13546
- RESERVED
+CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a vulnerability withi ...)
+ TODO: check
CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...)
NOT-FOR-US: Horner Automation Cscape
CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...)
@@ -15567,8 +15607,8 @@ CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, V
NOT-FOR-US: Rockwell
CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 ...)
NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
-CVE-2019-13525
- RESERVED
+CVE-2019-13525 (In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrat ...)
+ TODO: check
CVE-2019-13524
RESERVED
CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...)
@@ -31040,8 +31080,8 @@ CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier vers
NOT-FOR-US: Adobe
CVE-2019-8235
RESERVED
-CVE-2019-8234
- RESERVED
+CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...)
+ TODO: check
CVE-2019-8233
RESERVED
CVE-2019-8232
@@ -31332,22 +31372,22 @@ CVE-2019-8090
RESERVED
CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...)
NOT-FOR-US: Adobe
-CVE-2019-8088
- RESERVED
-CVE-2019-8087
- RESERVED
-CVE-2019-8086
- RESERVED
-CVE-2019-8085
- RESERVED
-CVE-2019-8084
- RESERVED
-CVE-2019-8083
- RESERVED
-CVE-2019-8082
- RESERVED
-CVE-2019-8081
- RESERVED
+CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...)
+ TODO: check
+CVE-2019-8087 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
+ TODO: check
+CVE-2019-8086 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
+ TODO: check
+CVE-2019-8085 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
+ TODO: check
+CVE-2019-8084 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
+ TODO: check
+CVE-2019-8083 (Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site s ...)
+ TODO: check
+CVE-2019-8082 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external ...)
+ TODO: check
+CVE-2019-8081 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authen ...)
+ TODO: check
CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site ...)
NOT-FOR-US: Adobe
CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
@@ -37938,8 +37978,8 @@ CVE-2019-5510
RESERVED
CVE-2019-5509
RESERVED
-CVE-2019-5508
- RESERVED
+CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vul ...)
+ TODO: check
CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...)
NOT-FOR-US: SnapManager for Oracle
CVE-2019-5506 (Clustered Data ONTAP versions 9.0 and higher do not enforce hostname v ...)
@@ -38792,38 +38832,38 @@ CVE-2019-5131
RESERVED
CVE-2019-5130
RESERVED
-CVE-2019-5129
- RESERVED
-CVE-2019-5128
- RESERVED
-CVE-2019-5127
- RESERVED
+CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
+ TODO: check
+CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
+ TODO: check
+CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
+ TODO: check
CVE-2019-5126
RESERVED
CVE-2019-5125
RESERVED
CVE-2019-5124
RESERVED
-CVE-2019-5123
- RESERVED
-CVE-2019-5122
- RESERVED
-CVE-2019-5121
- RESERVED
-CVE-2019-5120
- RESERVED
-CVE-2019-5119
- RESERVED
+CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube ...)
+ TODO: check
+CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
+ TODO: check
+CVE-2019-5121 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
+ TODO: check
+CVE-2019-5120 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+ TODO: check
+CVE-2019-5119 (An exploitable SQL injection vulnerability exist in the authenticated ...)
+ TODO: check
CVE-2019-5118
RESERVED
-CVE-2019-5117
- RESERVED
-CVE-2019-5116
- RESERVED
+CVE-2019-5117 (Exploitable SQL injection vulnerabilities exists in the authenticated ...)
+ TODO: check
+CVE-2019-5116 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+ TODO: check
CVE-2019-5115
RESERVED
-CVE-2019-5114
- RESERVED
+CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+ TODO: check
CVE-2019-5113
RESERVED
CVE-2019-5112
@@ -40225,8 +40265,8 @@ CVE-2019-4463
RESERVED
CVE-2019-4462
RESERVED
-CVE-2019-4461
- RESERVED
+CVE-2019-4461 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is ...)
+ TODO: check
CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
NOT-FOR-US: IBM
CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
@@ -40347,20 +40387,20 @@ CVE-2019-4402 (IBM API Connect 2018.1 through 2018.4.1.6 developer portal could
NOT-FOR-US: IBM
CVE-2019-4401
RESERVED
-CVE-2019-4400
- RESERVED
-CVE-2019-4399
- RESERVED
+CVE-2019-4400 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
+ TODO: check
+CVE-2019-4399 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 use ...)
+ TODO: check
CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
NOT-FOR-US: IBM
CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
NOT-FOR-US: IBM
-CVE-2019-4396
- RESERVED
-CVE-2019-4395
- RESERVED
-CVE-2019-4394
- RESERVED
+CVE-2019-4396 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is ...)
+ TODO: check
+CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
+ TODO: check
+CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...)
+ TODO: check
CVE-2019-4393
RESERVED
CVE-2019-4392
@@ -41075,8 +41115,8 @@ CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker
NOT-FOR-US: IBM
CVE-2019-4037
RESERVED
-CVE-2019-4036
- RESERVED
+CVE-2019-4036 (IBM Security Access Manager Appliance could allow unauthenticated atta ...)
+ TODO: check
CVE-2019-4035 (IBM Content Navigator 3.0CD could allow attackers to direct web traffi ...)
NOT-FOR-US: IBM
CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to execute arbi ...)
@@ -111691,11 +111731,11 @@ CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the m
CVE-2017-15841 (When HOST sends a Special command ID packet, Controller triggers a RAM ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15840
- RESERVED
+ REJECTED
CVE-2017-15839
- RESERVED
+ REJECTED
CVE-2017-15838
- RESERVED
+ REJECTED
CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -111740,7 +111780,7 @@ CVE-2017-15818 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15816
- RESERVED
+ REJECTED
CVE-2017-15815 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15814 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -126431,7 +126471,7 @@ CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdra
CVE-2017-11009
RESERVED
CVE-2017-11008
- RESERVED
+ REJECTED
CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -130166,7 +130206,7 @@ CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all And
CVE-2017-9689 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9688
- RESERVED
+ REJECTED
CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -172983,8 +173023,7 @@ CVE-2016-5203 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5202 [various fixes from internal audits]
- RESERVED
+CVE-2016-5202 (browser/extensions/api/dial/dial_registry.cc in Google Chrome before 5 ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -181650,16 +181689,16 @@ CVE-2016-2362 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-
NOT-FOR-US: Fonality
CVE-2016-2361
RESERVED
-CVE-2016-2360
- RESERVED
-CVE-2016-2359
- RESERVED
-CVE-2016-2358
- RESERVED
-CVE-2016-2357
- RESERVED
-CVE-2016-2356
- RESERVED
+CVE-2016-2360 (Milesight IP security cameras through 2016-11-14 have a default root p ...)
+ TODO: check
+CVE-2016-2359 (Milesight IP security cameras through 2016-11-14 allow remote attacker ...)
+ TODO: check
+CVE-2016-2358 (Milesight IP security cameras through 2016-11-14 have a default set of ...)
+ TODO: check
+CVE-2016-2357 (Milesight IP security cameras through 2016-11-14 have a hardcoded SSL ...)
+ TODO: check
+CVE-2016-2356 (Milesight IP security cameras through 2016-11-14 have a buffer overflo ...)
+ TODO: check
CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 all ...)
NOT-FOR-US: dotCMS
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver befor ...)
@@ -216237,8 +216276,7 @@ CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of
NOTE: Issue introduced in 0.9.10 with http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=7d5779300450bc2602ba4f7f472ebfa58bea3571
CVE-2015-0271 (The log-viewing function in the Red Hat redhat-access-plugin before 6. ...)
- horizon <not-affected> (RedHat-specific plugin)
-CVE-2015-0270 [Potential SQL injection in PostgreSQL Zend\Db adapter]
- RESERVED
+CVE-2015-0270 (Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL ...)
- zendframework <not-affected> (the vulnerability was introduced in the 2 series)
- php-zend-db <not-affected> (Fixed before initial upload to the archive)
NOTE: http://framework.zend.com/security/advisory/ZF2015-02
@@ -246303,12 +246341,12 @@ CVE-2013-4859
RESERVED
CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remo ...)
NOT-FOR-US: Microsoft Windows Movie Maker
-CVE-2013-4857
- RESERVED
-CVE-2013-4856
- RESERVED
-CVE-2013-4855
- RESERVED
+CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. ...)
+ TODO: check
+CVE-2013-4856 (D-Link DIR-865L has Information Disclosure. ...)
+ TODO: check
+CVE-2013-4855 (D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in t ...)
+ TODO: check
CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ...)
{DSA-2728-1}
- bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936)
@@ -246333,8 +246371,8 @@ CVE-2013-4850
RESERVED
CVE-2013-4849
RESERVED
-CVE-2013-4848
- RESERVED
+CVE-2013-4848 (TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. ...)
+ TODO: check
CVE-2013-4847
RESERVED
CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
@@ -246767,8 +246805,8 @@ CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without
NOT-FOR-US: js-yaml
CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ar ...)
NOT-FOR-US: Broadcom ACSD
-CVE-2013-4658
- RESERVED
+CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be ...)
+ TODO: check
CVE-2013-4657
RESERVED
CVE-2013-4656
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a32fbbe72e1733f93a75b360de8286b0f2bceb0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a32fbbe72e1733f93a75b360de8286b0f2bceb0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191025/3bd12907/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list