Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
168f61c9 by security tracker role at 2019-11-08T20:10:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-18837
+ RESERVED
CVE-2019-18836
RESERVED
CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on
some fede ...)
@@ -74,6 +76,7 @@ CVE-2019-18805 (An issue was discovered in
net/ipv4/sysctl_net_ipv4.c in the Lin
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the
function DJVU:: ...)
+ {DLA-1985-1}
- djvulibre <unfixed>
[buster] - djvulibre <no-dsa> (Minor issue)
[stretch] - djvulibre <no-dsa> (Minor issue)
@@ -2636,8 +2639,8 @@ CVE-2019-18625
RESERVED
CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended
restriction ...)
NOT-FOR-US: Opera Mini for Android
-CVE-2019-18623
- RESERVED
+CVE-2019-18623 (Escalation of privileges in EnergyCAP 7 through 7.5.6 allows
an attack ...)
+ TODO: check
CVE-2019-18622
RESERVED
CVE-2019-18621
@@ -5863,8 +5866,8 @@ CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS
via HtmlResponseMessag
NOT-FOR-US: D-Link
CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which
leads to a c ...)
NOT-FOR-US: ThinVNC
-CVE-2019-17661
- RESERVED
+CVE-2019-17661 (A CSV injection in the codepress-admin-columns (aka Admin
Columns) plu ...)
+ TODO: check
CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in
admin/translate/translat ...)
- limesurvey <itp> (bug #472802)
CVE-2019-17659
@@ -6879,8 +6882,8 @@ CVE-2019-17329
RESERVED
CVE-2019-17328
RESERVED
-CVE-2019-17327
- RESERVED
+CVE-2019-17327 (JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory
travers ...)
+ TODO: check
CVE-2019-17326 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote
attacker ...)
NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17325 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote
attacker ...)
@@ -9822,18 +9825,18 @@ CVE-2019-16212
RESERVED
CVE-2019-16211
RESERVED
-CVE-2019-16210
- RESERVED
-CVE-2019-16209
- RESERVED
-CVE-2019-16208
- RESERVED
-CVE-2019-16207
- RESERVED
-CVE-2019-16206
- RESERVED
-CVE-2019-16205
- RESERVED
+CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database
connecti ...)
+ TODO: check
+CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade
SANnav ve ...)
+ TODO: check
+CVE-2019-16208 (Password-based encryption (PBE) algorithm, of Brocade SANnav
versions ...)
+ TODO: check
+CVE-2019-16207 (Brocade SANnav versions before v2.0 use a hard-coded password,
which c ...)
+ TODO: check
+CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions
before v2.0, ...)
+ TODO: check
+CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could
allow r ...)
+ TODO: check
CVE-2019-16204
RESERVED
CVE-2019-16203
@@ -13844,8 +13847,7 @@ CVE-2019-14862
NOTE: Only impacts browsers which are totally insecure and EOLed anyway
CVE-2019-14861
RESERVED
-CVE-2019-14860
- RESERVED
+CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin
Resource ...)
NOT-FOR-US: Syndesis
CVE-2019-14859 [DER encoding is not being verified in signatures]
RESERVED
@@ -13982,8 +13984,7 @@ CVE-2019-14826 (A flaw was found in FreeIPA versions
4.5.0 and later. Session co
CVE-2019-14825
RESERVED
NOT-FOR-US: Katello
-CVE-2019-14824 [Read permission check bypass via the deref plugin]
- RESERVED
+CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it
could u ...)
- 389-ds-base <unfixed> (bug #944150)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448
NOTE: https://pagure.io/freeipa/issue/8050
@@ -18908,8 +18909,8 @@ CVE-2019-13559
RESERVED
CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed
over the ne ...)
NOT-FOR-US: WebAccess
-CVE-2019-13557
- RESERVED
+CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior,
there is an ...)
+ TODO: check
CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based
buffer ove ...)
NOT-FOR-US: WebAccess
CVE-2019-13555
@@ -18936,16 +18937,16 @@ CVE-2019-13545 (In Horner Automation Cscape 9.90 and
prior, improper validation
NOT-FOR-US: Horner Automation Cscape
CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple
out-of-b ...)
NOT-FOR-US: Delta Electronics TPEditor
-CVE-2019-13543
- RESERVED
+CVE-2019-13543 (Medtronic Valleylab Exchange Client version 3.4 and below,
Valleylab F ...)
+ TODO: check
CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all
version ...)
NOT-FOR-US: 3S-Smart
CVE-2019-13541 (In Horner Automation Cscape 9.90 and prior, an improper input
validati ...)
NOT-FOR-US: Horner Automation Cscape
CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple
stack-ba ...)
NOT-FOR-US: Delta Electronics TPEditor
-CVE-2019-13539
- RESERVED
+CVE-2019-13539 (Medtronic Valleylab Exchange Client version 3.4 and below,
Valleylab F ...)
+ TODO: check
CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager,
all versi ...)
NOT-FOR-US: 3S-Smart
CVE-2019-13537
@@ -22011,13 +22012,11 @@ CVE-2019-12413
RESERVED
CVE-2019-12411
RESERVED
-CVE-2019-12410
- RESERVED
+CVE-2019-12410 (While investigating UBSAN errors in
https://github.com/apache/arrow/pu ...)
NOT-FOR-US: Apache Arrow
CVE-2019-12409
RESERVED
-CVE-2019-12408
- RESERVED
+CVE-2019-12408 (It was discovered that the C++ implementation (which underlies
the R, ...)
NOT-FOR-US: Apache Arrow
CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully
crafted plugin ...)
- jspwiki <removed>
@@ -27904,8 +27903,7 @@ CVE-2019-10224 [using dscreate in verbose mode results
in information disclosure
NOTE:
https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310
CVE-2019-10223 (A security issue was discovered in the kube-state-metrics
versions v1. ...)
NOT-FOR-US: kube-state-metrics
-CVE-2019-10222 [unauthenticated clients can crash RGW]
- RESERVED
+CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as
the front ...)
- ceph <unfixed> (bug #936015)
[buster] - ceph <no-dsa> (Minor issue; only triggerable if experimental
feature enabled)
[stretch] - ceph <not-affected> (Vulnerable code not present)
@@ -27919,8 +27917,7 @@ CVE-2019-10221
RESERVED
CVE-2019-10220
RESERVED
-CVE-2019-10219
- RESERVED
+CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml
validat ...)
- libhibernate-validator-java <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673
TODO: 20190910: Asked for more information in #1738673. (apo)
@@ -45047,8 +45044,7 @@ CVE-2019-3868 (Keycloak up to version 6.0.0 allows the
end user token (access or
CVE-2019-3867
RESERVED
NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
-CVE-2019-3866
- RESERVED
+CVE-2019-3866 (An information-exposure vulnerability was discovered where
openstack-m ...)
- mistral <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768731
CVE-2019-3865
@@ -46258,10 +46254,10 @@ CVE-2019-3428
RESERVED
CVE-2019-3427
RESERVED
-CVE-2019-3426
- RESERVED
-CVE-2019-3425
- RESERVED
+CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE
product ZX ...)
+ TODO: check
+CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE
product ZX ...)
+ TODO: check
CVE-2019-3424
RESERVED
CVE-2019-3423
@@ -258133,8 +258129,7 @@ CVE-2013-1891
RESERVED
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud
Server ...)
- owncloud <not-affected> (only affecting 5.0 branch)
-CVE-2013-1889
- RESERVED
+CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors
which allow ...)
- libapache2-mod-ruid2 0.9.8-1 (low; bug #704066)
[wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue)
NOTE: Fix:
https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
@@ -258386,8 +258381,7 @@ CVE-2013-1821 (lib/rexml/text.rb in the REXML parser
in Ruby before 1.9.3-p392 a
- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
- ruby1.8 1.8.7.358-7 (bug #702526)
NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
-CVE-2013-1820
- RESERVED
+CVE-2013-1820 (tuned before 2.x allows local users to kill running processes
due to i ...)
- tuned <not-affected> (Fixed before initial release to Debian)
CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux
kernel bef ...)
- linux 3.8-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/168f61c939b971174acacf7ad34468720d42fb24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/168f61c939b971174acacf7ad34468720d42fb24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
