Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 168f61c9 by security tracker role at 2019-11-08T20:10:31Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,5 @@ +CVE-2019-18837 + RESERVED CVE-2019-18836 RESERVED CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...) @@ -74,6 +76,7 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin [jessie] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78 CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...) + {DLA-1985-1} - djvulibre <unfixed> [buster] - djvulibre <no-dsa> (Minor issue) [stretch] - djvulibre <no-dsa> (Minor issue) @@ -2636,8 +2639,8 @@ CVE-2019-18625 RESERVED CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...) NOT-FOR-US: Opera Mini for Android -CVE-2019-18623 - RESERVED +CVE-2019-18623 (Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attack ...) + TODO: check CVE-2019-18622 RESERVED CVE-2019-18621 @@ -5863,8 +5866,8 @@ CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessag NOT-FOR-US: D-Link CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a c ...) NOT-FOR-US: ThinVNC -CVE-2019-17661 - RESERVED +CVE-2019-17661 (A CSV injection in the codepress-admin-columns (aka Admin Columns) plu ...) + TODO: check CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/translat ...) - limesurvey <itp> (bug #472802) CVE-2019-17659 @@ -6879,8 +6882,8 @@ CVE-2019-17329 RESERVED CVE-2019-17328 RESERVED -CVE-2019-17327 - RESERVED +CVE-2019-17327 (JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory travers ...) + TODO: check CVE-2019-17326 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...) NOT-FOR-US: ClipSoft REXPERT CVE-2019-17325 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...) @@ -9822,18 +9825,18 @@ CVE-2019-16212 RESERVED CVE-2019-16211 RESERVED -CVE-2019-16210 - RESERVED -CVE-2019-16209 - RESERVED -CVE-2019-16208 - RESERVED -CVE-2019-16207 - RESERVED -CVE-2019-16206 - RESERVED -CVE-2019-16205 - RESERVED +CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database connecti ...) + TODO: check +CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade SANnav ve ...) + TODO: check +CVE-2019-16208 (Password-based encryption (PBE) algorithm, of Brocade SANnav versions ...) + TODO: check +CVE-2019-16207 (Brocade SANnav versions before v2.0 use a hard-coded password, which c ...) + TODO: check +CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions before v2.0, ...) + TODO: check +CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could allow r ...) + TODO: check CVE-2019-16204 RESERVED CVE-2019-16203 @@ -13844,8 +13847,7 @@ CVE-2019-14862 NOTE: Only impacts browsers which are totally insecure and EOLed anyway CVE-2019-14861 RESERVED -CVE-2019-14860 - RESERVED +CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...) NOT-FOR-US: Syndesis CVE-2019-14859 [DER encoding is not being verified in signatures] RESERVED @@ -13982,8 +13984,7 @@ CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session co CVE-2019-14825 RESERVED NOT-FOR-US: Katello -CVE-2019-14824 [Read permission check bypass via the deref plugin] - RESERVED +CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...) - 389-ds-base <unfixed> (bug #944150) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448 NOTE: https://pagure.io/freeipa/issue/8050 @@ -18908,8 +18909,8 @@ CVE-2019-13559 RESERVED CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...) NOT-FOR-US: WebAccess -CVE-2019-13557 - RESERVED +CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an ...) + TODO: check CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...) NOT-FOR-US: WebAccess CVE-2019-13555 @@ -18936,16 +18937,16 @@ CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation NOT-FOR-US: Horner Automation Cscape CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...) NOT-FOR-US: Delta Electronics TPEditor -CVE-2019-13543 - RESERVED +CVE-2019-13543 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...) + TODO: check CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...) NOT-FOR-US: 3S-Smart CVE-2019-13541 (In Horner Automation Cscape 9.90 and prior, an improper input validati ...) NOT-FOR-US: Horner Automation Cscape CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...) NOT-FOR-US: Delta Electronics TPEditor -CVE-2019-13539 - RESERVED +CVE-2019-13539 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...) + TODO: check CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...) NOT-FOR-US: 3S-Smart CVE-2019-13537 @@ -22011,13 +22012,11 @@ CVE-2019-12413 RESERVED CVE-2019-12411 RESERVED -CVE-2019-12410 - RESERVED +CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...) NOT-FOR-US: Apache Arrow CVE-2019-12409 RESERVED -CVE-2019-12408 - RESERVED +CVE-2019-12408 (It was discovered that the C++ implementation (which underlies the R, ...) NOT-FOR-US: Apache Arrow CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki <removed> @@ -27904,8 +27903,7 @@ CVE-2019-10224 [using dscreate in verbose mode results in information disclosure NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310 CVE-2019-10223 (A security issue was discovered in the kube-state-metrics versions v1. ...) NOT-FOR-US: kube-state-metrics -CVE-2019-10222 [unauthenticated clients can crash RGW] - RESERVED +CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the front ...) - ceph <unfixed> (bug #936015) [buster] - ceph <no-dsa> (Minor issue; only triggerable if experimental feature enabled) [stretch] - ceph <not-affected> (Vulnerable code not present) @@ -27919,8 +27917,7 @@ CVE-2019-10221 RESERVED CVE-2019-10220 RESERVED -CVE-2019-10219 - RESERVED +CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...) - libhibernate-validator-java <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673 TODO: 20190910: Asked for more information in #1738673. (apo) @@ -45047,8 +45044,7 @@ CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access or CVE-2019-3867 RESERVED NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only) -CVE-2019-3866 - RESERVED +CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...) - mistral <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768731 CVE-2019-3865 @@ -46258,10 +46254,10 @@ CVE-2019-3428 RESERVED CVE-2019-3427 RESERVED -CVE-2019-3426 - RESERVED -CVE-2019-3425 - RESERVED +CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...) + TODO: check +CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...) + TODO: check CVE-2019-3424 RESERVED CVE-2019-3423 @@ -258133,8 +258129,7 @@ CVE-2013-1891 RESERVED CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...) - owncloud <not-affected> (only affecting 5.0 branch) -CVE-2013-1889 - RESERVED +CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...) - libapache2-mod-ruid2 0.9.8-1 (low; bug #704066) [wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue) NOTE: Fix: https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2 @@ -258386,8 +258381,7 @@ CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 a - ruby1.9.1 1.9.3.194-8.1 (bug #702525) - ruby1.8 1.8.7.358-7 (bug #702526) NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ -CVE-2013-1820 - RESERVED +CVE-2013-1820 (tuned before 2.x allows local users to kill running processes due to i ...) - tuned <not-affected> (Fixed before initial release to Debian) CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel bef ...) - linux 3.8-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/168f61c939b971174acacf7ad34468720d42fb24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/168f61c939b971174acacf7ad34468720d42fb24 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits