[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Oct 25 21:10:35 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a32fbbe by security tracker role at 2019-10-25T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-18445
+	RESERVED
+CVE-2019-18444
+	RESERVED
+CVE-2019-18443
+	RESERVED
+CVE-2019-18442
+	RESERVED
+CVE-2019-18441
+	RESERVED
+CVE-2019-18440
+	RESERVED
+CVE-2019-18439
+	RESERVED
+CVE-2019-18438
+	RESERVED
+CVE-2019-18437
+	RESERVED
+CVE-2019-18436
+	RESERVED
+CVE-2019-18435
+	RESERVED
+CVE-2019-18434
+	RESERVED
+CVE-2019-18433
+	RESERVED
+CVE-2019-18432
+	RESERVED
+CVE-2019-18431
+	RESERVED
+CVE-2019-18430
+	RESERVED
+CVE-2019-18429
+	RESERVED
+CVE-2019-18428
+	RESERVED
+CVE-2019-18427
+	RESERVED
+CVE-2019-18426
+	RESERVED
 CVE-2019-18425
 	RESERVED
 CVE-2019-18424
@@ -3922,22 +3962,22 @@ CVE-2019-17147
 	RESERVED
 CVE-2019-17146
 	RESERVED
-CVE-2019-17145
-	RESERVED
-CVE-2019-17144
-	RESERVED
-CVE-2019-17143
-	RESERVED
-CVE-2019-17142
-	RESERVED
-CVE-2019-17141
-	RESERVED
-CVE-2019-17140
-	RESERVED
-CVE-2019-17139
-	RESERVED
-CVE-2019-17138
-	RESERVED
+CVE-2019-17145 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-17144 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-17143 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2019-17142 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-17141 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-17140 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-17139 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
 CVE-2019-17137
 	RESERVED
 CVE-2019-17136
@@ -6208,8 +6248,8 @@ CVE-2019-16267
 	RESERVED
 CVE-2019-16266
 	RESERVED
-CVE-2019-16265
-	RESERVED
+CVE-2019-16265 (3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow. ...)
+	TODO: check
 CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...)
 	NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)
 CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properly vali ...)
@@ -12233,8 +12273,8 @@ CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allo
 	NOTE: https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4
 	NOTE: https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f
 	NOTE: https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4
-CVE-2019-14451
-	RESERVED
+CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not proper ...)
+	TODO: check
 CVE-2019-14450
 	RESERVED
 CVE-2019-14449
@@ -15511,22 +15551,22 @@ CVE-2019-13555
 	RESERVED
 CVE-2019-13554
 	RESERVED
-CVE-2019-13553
-	RESERVED
+CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
+	TODO: check
 CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
 	NOT-FOR-US: WebAccess
 CVE-2019-13551
 	RESERVED
 CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...)
 	NOT-FOR-US: WebAccess
-CVE-2019-13549
-	RESERVED
+CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
+	TODO: check
 CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
 	NOT-FOR-US: CODESYS
 CVE-2019-13547
 	RESERVED
-CVE-2019-13546
-	RESERVED
+CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a vulnerability withi ...)
+	TODO: check
 CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...)
 	NOT-FOR-US: Horner Automation Cscape
 CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...)
@@ -15567,8 +15607,8 @@ CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, V
 	NOT-FOR-US: Rockwell
 CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0  ...)
 	NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
-CVE-2019-13525
-	RESERVED
+CVE-2019-13525 (In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrat ...)
+	TODO: check
 CVE-2019-13524
 	RESERVED
 CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...)
@@ -31040,8 +31080,8 @@ CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier vers
 	NOT-FOR-US: Adobe
 CVE-2019-8235
 	RESERVED
-CVE-2019-8234
-	RESERVED
+CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...)
+	TODO: check
 CVE-2019-8233
 	RESERVED
 CVE-2019-8232
@@ -31332,22 +31372,22 @@ CVE-2019-8090
 	RESERVED
 CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...)
 	NOT-FOR-US: Adobe
-CVE-2019-8088
-	RESERVED
-CVE-2019-8087
-	RESERVED
-CVE-2019-8086
-	RESERVED
-CVE-2019-8085
-	RESERVED
-CVE-2019-8084
-	RESERVED
-CVE-2019-8083
-	RESERVED
-CVE-2019-8082
-	RESERVED
-CVE-2019-8081
-	RESERVED
+CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...)
+	TODO: check
+CVE-2019-8087 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
+	TODO: check
+CVE-2019-8086 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
+	TODO: check
+CVE-2019-8085 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
+	TODO: check
+CVE-2019-8084 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
+	TODO: check
+CVE-2019-8083 (Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site s ...)
+	TODO: check
+CVE-2019-8082 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external ...)
+	TODO: check
+CVE-2019-8081 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authen ...)
+	TODO: check
 CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site ...)
 	NOT-FOR-US: Adobe
 CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
@@ -37938,8 +37978,8 @@ CVE-2019-5510
 	RESERVED
 CVE-2019-5509
 	RESERVED
-CVE-2019-5508
-	RESERVED
+CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vul ...)
+	TODO: check
 CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...)
 	NOT-FOR-US: SnapManager for Oracle
 CVE-2019-5506 (Clustered Data ONTAP versions 9.0 and higher do not enforce hostname v ...)
@@ -38792,38 +38832,38 @@ CVE-2019-5131
 	RESERVED
 CVE-2019-5130
 	RESERVED
-CVE-2019-5129
-	RESERVED
-CVE-2019-5128
-	RESERVED
-CVE-2019-5127
-	RESERVED
+CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
+	TODO: check
+CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
+	TODO: check
+CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
+	TODO: check
 CVE-2019-5126
 	RESERVED
 CVE-2019-5125
 	RESERVED
 CVE-2019-5124
 	RESERVED
-CVE-2019-5123
-	RESERVED
-CVE-2019-5122
-	RESERVED
-CVE-2019-5121
-	RESERVED
-CVE-2019-5120
-	RESERVED
-CVE-2019-5119
-	RESERVED
+CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube  ...)
+	TODO: check
+CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
+	TODO: check
+CVE-2019-5121 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
+	TODO: check
+CVE-2019-5120 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+	TODO: check
+CVE-2019-5119 (An exploitable SQL injection vulnerability exist in the authenticated  ...)
+	TODO: check
 CVE-2019-5118
 	RESERVED
-CVE-2019-5117
-	RESERVED
-CVE-2019-5116
-	RESERVED
+CVE-2019-5117 (Exploitable SQL injection vulnerabilities exists in the authenticated  ...)
+	TODO: check
+CVE-2019-5116 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+	TODO: check
 CVE-2019-5115
 	RESERVED
-CVE-2019-5114
-	RESERVED
+CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the authenticated ...)
+	TODO: check
 CVE-2019-5113
 	RESERVED
 CVE-2019-5112
@@ -40225,8 +40265,8 @@ CVE-2019-4463
 	RESERVED
 CVE-2019-4462
 	RESERVED
-CVE-2019-4461
-	RESERVED
+CVE-2019-4461 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is  ...)
+	TODO: check
 CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
 	NOT-FOR-US: IBM
 CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
@@ -40347,20 +40387,20 @@ CVE-2019-4402 (IBM API Connect 2018.1 through 2018.4.1.6 developer portal could
 	NOT-FOR-US: IBM
 CVE-2019-4401
 	RESERVED
-CVE-2019-4400
-	RESERVED
-CVE-2019-4399
-	RESERVED
+CVE-2019-4400 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
+	TODO: check
+CVE-2019-4399 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 use ...)
+	TODO: check
 CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
 	NOT-FOR-US: IBM
 CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
 	NOT-FOR-US: IBM
-CVE-2019-4396
-	RESERVED
-CVE-2019-4395
-	RESERVED
-CVE-2019-4394
-	RESERVED
+CVE-2019-4396 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is  ...)
+	TODO: check
+CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
+	TODO: check
+CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...)
+	TODO: check
 CVE-2019-4393
 	RESERVED
 CVE-2019-4392
@@ -41075,8 +41115,8 @@ CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker
 	NOT-FOR-US: IBM
 CVE-2019-4037
 	RESERVED
-CVE-2019-4036
-	RESERVED
+CVE-2019-4036 (IBM Security Access Manager Appliance could allow unauthenticated atta ...)
+	TODO: check
 CVE-2019-4035 (IBM Content Navigator 3.0CD could allow attackers to direct web traffi ...)
 	NOT-FOR-US: IBM
 CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to execute arbi ...)
@@ -111691,11 +111731,11 @@ CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the m
 CVE-2017-15841 (When HOST sends a Special command ID packet, Controller triggers a RAM ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15840
-	RESERVED
+	REJECTED
 CVE-2017-15839
-	RESERVED
+	REJECTED
 CVE-2017-15838
-	RESERVED
+	REJECTED
 CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
@@ -111740,7 +111780,7 @@ CVE-2017-15818 (In all android releases (Android for MSM, Firefox OS for MSM, QR
 CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the Linu ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-15816
-	RESERVED
+	REJECTED
 CVE-2017-15815 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15814 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
@@ -126431,7 +126471,7 @@ CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdra
 CVE-2017-11009
 	RESERVED
 CVE-2017-11008
-	RESERVED
+	REJECTED
 CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
@@ -130166,7 +130206,7 @@ CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all And
 CVE-2017-9689 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-9688
-	RESERVED
+	REJECTED
 CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
@@ -172983,8 +173023,7 @@ CVE-2016-5203 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75
 	{DSA-3731-1}
 	- chromium-browser 55.0.2883.75-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5202 [various fixes from internal audits]
-	RESERVED
+CVE-2016-5202 (browser/extensions/api/dial/dial_registry.cc in Google Chrome before 5 ...)
 	{DSA-3731-1}
 	- chromium-browser 54.0.2840.101-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -181650,16 +181689,16 @@ CVE-2016-2362 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-
 	NOT-FOR-US: Fonality
 CVE-2016-2361
 	RESERVED
-CVE-2016-2360
-	RESERVED
-CVE-2016-2359
-	RESERVED
-CVE-2016-2358
-	RESERVED
-CVE-2016-2357
-	RESERVED
-CVE-2016-2356
-	RESERVED
+CVE-2016-2360 (Milesight IP security cameras through 2016-11-14 have a default root p ...)
+	TODO: check
+CVE-2016-2359 (Milesight IP security cameras through 2016-11-14 allow remote attacker ...)
+	TODO: check
+CVE-2016-2358 (Milesight IP security cameras through 2016-11-14 have a default set of ...)
+	TODO: check
+CVE-2016-2357 (Milesight IP security cameras through 2016-11-14 have a hardcoded SSL  ...)
+	TODO: check
+CVE-2016-2356 (Milesight IP security cameras through 2016-11-14 have a buffer overflo ...)
+	TODO: check
 CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 all ...)
 	NOT-FOR-US: dotCMS
 CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver befor ...)
@@ -216237,8 +216276,7 @@ CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of
 	NOTE: Issue introduced in 0.9.10 with http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=7d5779300450bc2602ba4f7f472ebfa58bea3571
 CVE-2015-0271 (The log-viewing function in the Red Hat redhat-access-plugin before 6. ...)
 	- horizon <not-affected> (RedHat-specific plugin)
-CVE-2015-0270 [Potential SQL injection in PostgreSQL Zend\Db adapter]
-	RESERVED
+CVE-2015-0270 (Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL  ...)
 	- zendframework <not-affected> (the vulnerability was introduced in the 2 series)
 	- php-zend-db <not-affected> (Fixed before initial upload to the archive)
 	NOTE: http://framework.zend.com/security/advisory/ZF2015-02
@@ -246303,12 +246341,12 @@ CVE-2013-4859
 	RESERVED
 CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remo ...)
 	NOT-FOR-US: Microsoft Windows Movie Maker
-CVE-2013-4857
-	RESERVED
-CVE-2013-4856
-	RESERVED
-CVE-2013-4855
-	RESERVED
+CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. ...)
+	TODO: check
+CVE-2013-4856 (D-Link DIR-865L has Information Disclosure. ...)
+	TODO: check
+CVE-2013-4855 (D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in t ...)
+	TODO: check
 CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ...)
 	{DSA-2728-1}
 	- bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936)
@@ -246333,8 +246371,8 @@ CVE-2013-4850
 	RESERVED
 CVE-2013-4849
 	RESERVED
-CVE-2013-4848
-	RESERVED
+CVE-2013-4848 (TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. ...)
+	TODO: check
 CVE-2013-4847
 	RESERVED
 CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
@@ -246767,8 +246805,8 @@ CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without
 	NOT-FOR-US: js-yaml
 CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ar ...)
 	NOT-FOR-US: Broadcom ACSD
-CVE-2013-4658
-	RESERVED
+CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be ...)
+	TODO: check
 CVE-2013-4657
 	RESERVED
 CVE-2013-4656



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a32fbbe72e1733f93a75b360de8286b0f2bceb0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a32fbbe72e1733f93a75b360de8286b0f2bceb0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191025/3bd12907/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list