[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 29 08:10:35 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
064a1dbc by security tracker role at 2019-10-29T08:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2007,12 +2007,12 @@ CVE-2019-18191
RESERVED
CVE-2019-18190
RESERVED
-CVE-2019-18189
- RESERVED
-CVE-2019-18188
- RESERVED
-CVE-2019-18187
- RESERVED
+CVE-2019-18189 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
+ TODO: check
+CVE-2019-18188 (Trend Micro Apex One could be exploited by an attacker utilizing a com ...)
+ TODO: check
+CVE-2019-18187 (Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited ...)
+ TODO: check
CVE-2019-18186
RESERVED
CVE-2019-18185
@@ -6392,22 +6392,22 @@ CVE-2019-16375
NOTE: https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x)
NOTE: https://github.com/OTRS/otrs/commit/03ca8f396b1aa9933c212a63f52a9ea26c06e7da (5.x)
CVE-2019-16394 (SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ...)
- {DSA-4532-1}
+ {DSA-4532-1 DLA-1975-1}
- spip 3.2.5-1
NOTE: https://core.spip.net/issues/4171
NOTE: https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone
NOTE: https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone
CVE-2019-16393 (SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ...)
- {DSA-4532-1}
+ {DSA-4532-1 DLA-1975-1}
- spip 3.2.5-1
NOTE: https://core.spip.net/issues/4362
NOTE: https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1
CVE-2019-16392 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ...)
- {DSA-4532-1}
+ {DSA-4532-1 DLA-1975-1}
- spip 3.2.5-1
NOTE: https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028
CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors ...)
- {DSA-4532-1}
+ {DSA-4532-1 DLA-1975-1}
- spip 3.2.5-1
NOTE: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
NOTE: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
@@ -8661,6 +8661,7 @@ CVE-2019-15589
CVE-2019-15588
RESERVED
CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...)
+ {DSA-4554-1}
- ruby-loofah 2.3.1+dfsg-1 (bug #942894)
NOTE: https://github.com/flavorjones/loofah/issues/171
CVE-2019-15586
@@ -22889,7 +22890,7 @@ CVE-2019-11045
CVE-2019-11044
RESERVED
CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...)
- {DLA-1970-1}
+ {DSA-4553-1 DSA-4552-1 DLA-1970-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
@@ -23692,8 +23693,8 @@ CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 3
NOT-FOR-US: deeply
CVE-2019-10749
RESERVED
-CVE-2019-10748
- RESERVED
+CVE-2019-10748 (Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnera ...)
+ TODO: check
CVE-2019-10747 (set-value is vulnerable to Prototype Pollution in versions lower than ...)
[experimental] - node-set-value 3.0.1-1
- node-set-value 0.4.0-2 (bug #941189)
@@ -23717,8 +23718,8 @@ CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototyp
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-450202
NOTE: https://github.com/lodash/lodash/issues/4348
NOTE: https://github.com/lodash/lodash/pull/4336
-CVE-2019-10743
- RESERVED
+CVE-2019-10743 (github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are ...)
+ TODO: check
CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a denial of ...)
- node-axios 0.17.1+dfsg-2 (bug #928624)
NOTE: https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
@@ -38431,8 +38432,8 @@ CVE-2019-5535 (VMware Workstation and Fusion contain a network denial-of-service
NOT-FOR-US: VMware
CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...)
NOT-FOR-US: VMware
-CVE-2019-5533
- RESERVED
+CVE-2019-5533 (In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloClo ...)
+ TODO: check
CVE-2019-5532 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...)
NOT-FOR-US: VMware
CVE-2019-5531 (VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to E ...)
@@ -40490,8 +40491,8 @@ CVE-2019-4602
RESERVED
CVE-2019-4601
RESERVED
-CVE-2019-4600
- RESERVED
+CVE-2019-4600 (IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitiv ...)
+ TODO: check
CVE-2019-4599
RESERVED
CVE-2019-4598
@@ -40598,8 +40599,8 @@ CVE-2019-4548
RESERVED
CVE-2019-4547
RESERVED
-CVE-2019-4546
- RESERVED
+CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...)
+ TODO: check
CVE-2019-4545
RESERVED
CVE-2019-4544
@@ -41012,8 +41013,8 @@ CVE-2019-4341
RESERVED
CVE-2019-4340 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2019-4339
- RESERVED
+CVE-2019-4339 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker t ...)
+ TODO: check
CVE-2019-4338 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not prop ...)
NOT-FOR-US: IBM
CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
@@ -41030,10 +41031,10 @@ CVE-2019-4332
RESERVED
CVE-2019-4331
RESERVED
-CVE-2019-4330
- RESERVED
-CVE-2019-4329
- RESERVED
+CVE-2019-4330 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set ...)
+ TODO: check
+CVE-2019-4329 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomple ...)
+ TODO: check
CVE-2019-4328
RESERVED
CVE-2019-4327
@@ -41062,24 +41063,24 @@ CVE-2019-4316
RESERVED
CVE-2019-4315
RESERVED
-CVE-2019-4314
- RESERVED
+CVE-2019-4314 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensit ...)
+ TODO: check
CVE-2019-4313
RESERVED
CVE-2019-4312
RESERVED
-CVE-2019-4311
- RESERVED
+CVE-2019-4311 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sen ...)
+ TODO: check
CVE-2019-4310 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inade ...)
NOT-FOR-US: IBM
-CVE-2019-4309
- RESERVED
+CVE-2019-4309 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard cod ...)
+ TODO: check
CVE-2019-4308 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
NOT-FOR-US: IBM
-CVE-2019-4307
- RESERVED
-CVE-2019-4306
- RESERVED
+CVE-2019-4307 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user c ...)
+ TODO: check
+CVE-2019-4306 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies per ...)
+ TODO: check
CVE-2019-4305 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
NOT-FOR-US: IBM
CVE-2019-4304 (IBM WebSphere Application Server - Liberty could allow a remote attack ...)
@@ -41732,14 +41733,14 @@ CVE-2019-3981
RESERVED
CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports s ...)
NOT-FOR-US: Solarwinds
-CVE-2019-3979
- RESERVED
-CVE-2019-3978
- RESERVED
-CVE-2019-3977
- RESERVED
-CVE-2019-3976
- RESERVED
+CVE-2019-3979 (RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulne ...)
+ TODO: check
+CVE-2019-3978 (RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow rem ...)
+ TODO: check
+CVE-2019-3977 (RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insuffici ...)
+ TODO: check
+CVE-2019-3976 (RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulne ...)
+ TODO: check
CVE-2019-3975 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to contain an ...)
@@ -54176,8 +54177,7 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM eve
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
NOTE: https://svn.apache.org/r1855378
-CVE-2019-0210 [out-of-bounds read vulnerability]
- RESERVED
+CVE-2019-0210 (In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJS ...)
- thrift <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2
CVE-2019-0209
@@ -54188,8 +54188,7 @@ CVE-2019-0207 (Tapestry processes assets `/assets/ctx` using classes chain `Stat
NOT-FOR-US: Apache Tapestry
CVE-2019-0206
REJECTED
-CVE-2019-0205 [potential DoS when processing untrusted Thrift payload]
- RESERVED
+CVE-2019-0205 (In Apache Thrift all versions up to and including 0.12.0, a server or ...)
- thrift <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1
CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...)
@@ -269978,8 +269977,7 @@ CVE-2012-2947 (chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.
- asterisk 1:1.8.13.0~dfsg-1 (bug #675204)
CVE-2012-2946
RESERVED
-CVE-2012-2945
- RESERVED
+CVE-2012-2945 (Hadoop 1.0.3 contains a symlink vulnerability. ...)
- hadoop <itp> (bug #535861)
CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins a ...)
- bitcoin <not-affected> (Fixed before initial release)
@@ -285176,8 +285174,7 @@ CVE-2011-2540
RESERVED
CVE-2011-2539
RESERVED
-CVE-2011-2538
- RESERVED
+CVE-2011-2538 (Cisco Video Communications Server (VCS) before X7.0.3 contains a comma ...)
- plone3 <removed>
CVE-2011-2537
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/064a1dbc2047c9205203c2b628f12c165f025872
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/064a1dbc2047c9205203c2b628f12c165f025872
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191029/6e5a5f55/attachment.html>
More information about the debian-security-tracker-commits
mailing list