Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5d35f2de by security tracker role at 2019-11-09T08:10:25Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,5 @@ +CVE-2019-18838 + RESERVED CVE-2019-18837 RESERVED CVE-2019-18836 @@ -18971,16 +18973,16 @@ CVE-2019-13537 RESERVED CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...) NOT-FOR-US: Delta Electronics TPEditor -CVE-2019-13535 - RESERVED +CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...) + TODO: check CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...) NOT-FOR-US: Philips CVE-2019-13533 RESERVED CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...) NOT-FOR-US: CODESYS -CVE-2019-13531 - RESERVED +CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...) + TODO: check CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...) NOT-FOR-US: Philips CVE-2019-13529 (An attacker could send a malicious link to an authenticated operator, ...) @@ -41087,32 +41089,32 @@ CVE-2019-5703 RESERVED CVE-2019-5702 RESERVED -CVE-2019-5701 - RESERVED +CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...) + TODO: check CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...) NOT-FOR-US: NVIDIA Shield TV Experience CVE-2019-5699 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader c ...) NOT-FOR-US: NVIDIA Shield TV Experience -CVE-2019-5698 - RESERVED -CVE-2019-5697 - RESERVED -CVE-2019-5696 - RESERVED +CVE-2019-5698 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) + TODO: check +CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) + TODO: check +CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) + TODO: check CVE-2019-5695 RESERVED -CVE-2019-5694 - RESERVED -CVE-2019-5693 - RESERVED -CVE-2019-5692 - RESERVED -CVE-2019-5691 - RESERVED -CVE-2019-5690 - RESERVED -CVE-2019-5689 - RESERVED +CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) + TODO: check +CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) + TODO: check +CVE-2019-5692 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) + TODO: check +CVE-2019-5691 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) + TODO: check +CVE-2019-5690 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) + TODO: check +CVE-2019-5689 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...) + TODO: check CVE-2019-5688 RESERVED CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...) @@ -43411,8 +43413,8 @@ CVE-2019-4647 RESERVED CVE-2019-4646 RESERVED -CVE-2019-4645 - RESERVED +CVE-2019-4645 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) + TODO: check CVE-2019-4644 RESERVED CVE-2019-4643 @@ -43539,8 +43541,8 @@ CVE-2019-4583 RESERVED CVE-2019-4582 RESERVED -CVE-2019-4581 - RESERVED +CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...) + TODO: check CVE-2019-4580 RESERVED CVE-2019-4579 @@ -43589,8 +43591,8 @@ CVE-2019-4558 (A security vulnerability has been identified in all levels of IBM NOT-FOR-US: IBM CVE-2019-4557 RESERVED -CVE-2019-4556 - RESERVED +CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting fo ...) + TODO: check CVE-2019-4555 RESERVED CVE-2019-4554 @@ -43683,8 +43685,8 @@ CVE-2019-4511 RESERVED CVE-2019-4510 RESERVED -CVE-2019-4509 - RESERVED +CVE-2019-4509 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authoriza ...) + TODO: check CVE-2019-4508 RESERVED CVE-2019-4507 @@ -43761,8 +43763,8 @@ CVE-2019-4472 RESERVED CVE-2019-4471 RESERVED -CVE-2019-4470 - RESERVED +CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...) + TODO: check CVE-2019-4469 RESERVED CVE-2019-4468 @@ -43793,16 +43795,16 @@ CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and NOT-FOR-US: IBM CVE-2019-4455 RESERVED -CVE-2019-4454 - RESERVED +CVE-2019-4454 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...) + TODO: check CVE-2019-4453 RESERVED CVE-2019-4452 RESERVED CVE-2019-4451 RESERVED -CVE-2019-4450 - RESERVED +CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. T ...) + TODO: check CVE-2019-4449 RESERVED CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...) @@ -43877,10 +43879,10 @@ CVE-2019-4414 RESERVED CVE-2019-4413 RESERVED -CVE-2019-4412 - RESERVED -CVE-2019-4411 - RESERVED +CVE-2019-4412 (IBM Cognos Controller stores sensitive information in URL parameters. ...) + TODO: check +CVE-2019-4411 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow a ...) + TODO: check CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...) NOT-FOR-US: IBM CVE-2019-4409 (HCL Traveler versions 9.x and earlier are susceptible to cross-site sc ...) @@ -44033,8 +44035,8 @@ CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses a NOT-FOR-US: IBM CVE-2019-4335 RESERVED -CVE-2019-4334 - RESERVED +CVE-2019-4334 (IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information ...) + TODO: check CVE-2019-4333 RESERVED CVE-2019-4332 @@ -105685,8 +105687,8 @@ CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 an NOT-FOR-US: IBM CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow ...) NOT-FOR-US: IBM -CVE-2018-1721 - RESERVED +CVE-2018-1721 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Ent ...) + TODO: check CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0 ...) NOT-FOR-US: IBM CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...) @@ -297785,8 +297787,7 @@ CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function - qpid-cpp <not-affected> (Fixed before initial upload to archive) CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache ...) - qpid-cpp <not-affected> (Fixed before initial upload to archive) -CVE-2009-5004 - RESERVED +CVE-2009-5004 (qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 m ...) - qpid-cpp <not-affected> (Fixed before initial upload to archive) CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in pl ...) - libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712) @@ -310461,8 +310462,7 @@ CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x th CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow contex ...) {DSA-1971-1} - libthai 0.1.13-1 -CVE-2009-4011 [dtc-xen race condition] - RESERVED +CVE-2009-4011 (dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an atta ...) - dtc-xen 0.5.4-1 [lenny] - dtc-xen <not-affected> (Only affects 0.5.x) CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows r ...) @@ -311698,8 +311698,7 @@ CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and {DSA-1932-1} - pidgin 2.6.3-1 NOTE: http://pidgin.im/news/security/?id=41 -CVE-2009-3614 [oping suid 0 arbitrary file disclosure] - RESERVED +CVE-2009-3614 (liboping 1.3.2 allows users reading arbitrary files upon the local sys ...) - liboping 1.3.3-1 (low; bug #548684) [lenny] - liboping <not-affected> (doesn't have -f option yet) [etch] - liboping <not-affected> (doesn't have -f option yet) @@ -311963,8 +311962,7 @@ CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor hand [lenny] - cups <no-dsa> (Minor issue) - cupsys <not-affected> (vulnerable code introduced in 1.3.x) NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200 -CVE-2009-3552 - RESERVED +CVE-2009-3552 (In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not ver ...) NOT-FOR-US: Red Hat Enterprise Virtualization Manager CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in packet-sm ...) - wireshark 1.2.3-1 (low; bug #553583) @@ -314464,8 +314462,7 @@ CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5. NOT-FOR-US: Apple Mac OS X CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ex ...) NOT-FOR-US: Apple Mac OS X -CVE-2009-2802 - RESERVED +CVE-2009-2802 (MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME ty ...) - mantis <not-affected> (Only affects 1.2.x) NOTE: http://www.mantisbt.org/bugs/view.php?id=11952 NOTE: http://www.mantisbt.org/blog/?p=113 @@ -324927,8 +324924,7 @@ CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19 CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...) - libvirt 0.5.1-7 (unimportant) NOTE: not building libvirt proxy from libvirt source package -CVE-2009-0035 [alsainfo insecure temp file usage] - RESERVED +CVE-2009-0035 (alsa-utils 1.0.19 and later versions allows local users to overwrite a ...) - alsa-driver 1.0.20-1 (unimportant) NOTE: alsainfo not built into source package CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d35f2de049ed63456aff64c9d6e944125f64e07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d35f2de049ed63456aff64c9d6e944125f64e07 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits