[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 09 Nov 2019 00:11:39 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5d35f2de by security tracker role at 2019-11-09T08:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-18838
+       RESERVED
 CVE-2019-18837
        RESERVED
 CVE-2019-18836
@@ -18971,16 +18973,16 @@ CVE-2019-13537
        RESERVED
 CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple 
heap-bas ...)
        NOT-FOR-US: Delta Electronics TPEditor
-CVE-2019-13535
-       RESERVED
+CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) 
version 2.1.0  ...)
+       TODO: check
 CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN 
Version A, Fi ...)
        NOT-FOR-US: Philips
 CVE-2019-13533
        RESERVED
 CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows 
an atta ...)
        NOT-FOR-US: CODESYS
-CVE-2019-13531
-       RESERVED
+CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) 
version 2.1.0  ...)
+       TODO: check
 CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN 
Version A, Fi ...)
        NOT-FOR-US: Philips
 CVE-2019-13529 (An attacker could send a malicious link to an authenticated 
operator,  ...)
@@ -41087,32 +41089,32 @@ CVE-2019-5703
        RESERVED
 CVE-2019-5702
        RESERVED
-CVE-2019-5701
-       RESERVED
+CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, 
contains a vu ...)
+       TODO: check
 CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra 
software con ...)
        NOT-FOR-US: NVIDIA Shield TV Experience
 CVE-2019-5699 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra 
bootloader c ...)
        NOT-FOR-US: NVIDIA Shield TV Experience
-CVE-2019-5698
-       RESERVED
-CVE-2019-5697
-       RESERVED
-CVE-2019-5696
-       RESERVED
+CVE-2019-5698 (NVIDIA Virtual GPU Manager, all versions, contains a 
vulnerability in  ...)
+       TODO: check
+CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a 
vulnerability in  ...)
+       TODO: check
+CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a 
vulnerability in  ...)
+       TODO: check
 CVE-2019-5695
        RESERVED
-CVE-2019-5694
-       RESERVED
-CVE-2019-5693
-       RESERVED
-CVE-2019-5692
-       RESERVED
-CVE-2019-5691
-       RESERVED
-CVE-2019-5690
-       RESERVED
-CVE-2019-5689
-       RESERVED
+CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a 
vulnerabil ...)
+       TODO: check
+CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a 
vulnerabil ...)
+       TODO: check
+CVE-2019-5692 (NVIDIA Windows GPU Display Driver, all versions, contains a 
vulnerabil ...)
+       TODO: check
+CVE-2019-5691 (NVIDIA Windows GPU Display Driver, all versions, contains a 
vulnerabil ...)
+       TODO: check
+CVE-2019-5690 (NVIDIA Windows GPU Display Driver, all versions, contains a 
vulnerabil ...)
+       TODO: check
+CVE-2019-5689 (NVIDIA GeForce Experience, all versions prior to 3.20.1, 
contains a vu ...)
+       TODO: check
 CVE-2019-5688
        RESERVED
 CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a 
vulnerabil ...)
@@ -43411,8 +43413,8 @@ CVE-2019-4647
        RESERVED
 CVE-2019-4646
        RESERVED
-CVE-2019-4645
-       RESERVED
+CVE-2019-4645 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site 
scripti ...)
+       TODO: check
 CVE-2019-4644
        RESERVED
 CVE-2019-4643
@@ -43539,8 +43541,8 @@ CVE-2019-4583
        RESERVED
 CVE-2019-4582
        RESERVED
-CVE-2019-4581
-       RESERVED
+CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site 
scriptin ...)
+       TODO: check
 CVE-2019-4580
        RESERVED
 CVE-2019-4579
@@ -43589,8 +43591,8 @@ CVE-2019-4558 (A security vulnerability has been 
identified in all levels of IBM
        NOT-FOR-US: IBM
 CVE-2019-4557
        RESERVED
-CVE-2019-4556
-       RESERVED
+CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete 
blacklisting fo ...)
+       TODO: check
 CVE-2019-4555
        RESERVED
 CVE-2019-4554
@@ -43683,8 +43685,8 @@ CVE-2019-4511
        RESERVED
 CVE-2019-4510
        RESERVED
-CVE-2019-4509
-       RESERVED
+CVE-2019-4509 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect 
authoriza ...)
+       TODO: check
 CVE-2019-4508
        RESERVED
 CVE-2019-4507
@@ -43761,8 +43763,8 @@ CVE-2019-4472
        RESERVED
 CVE-2019-4471
        RESERVED
-CVE-2019-4470
-       RESERVED
+CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site 
scriptin ...)
+       TODO: check
 CVE-2019-4469
        RESERVED
 CVE-2019-4468
@@ -43793,16 +43795,16 @@ CVE-2019-4456 (IBM Daeja ViewONE Professional, 
Standard &amp; Virtual 5.0.5 and
        NOT-FOR-US: IBM
 CVE-2019-4455
        RESERVED
-CVE-2019-4454
-       RESERVED
+CVE-2019-4454 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site 
scriptin ...)
+       TODO: check
 CVE-2019-4453
        RESERVED
 CVE-2019-4452
        RESERVED
 CVE-2019-4451
        RESERVED
-CVE-2019-4450
-       RESERVED
+CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site 
scripting. T ...)
+       TODO: check
 CVE-2019-4449
        RESERVED
 CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 
6.1.0.1 IF1 ...)
@@ -43877,10 +43879,10 @@ CVE-2019-4414
        RESERVED
 CVE-2019-4413
        RESERVED
-CVE-2019-4412
-       RESERVED
-CVE-2019-4411
-       RESERVED
+CVE-2019-4412 (IBM Cognos Controller stores sensitive information in URL 
parameters.  ...)
+       TODO: check
+CVE-2019-4411 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could 
allow a ...)
+       TODO: check
 CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 
and 19. ...)
        NOT-FOR-US: IBM
 CVE-2019-4409 (HCL Traveler versions 9.x and earlier are susceptible to 
cross-site sc ...)
@@ -44033,8 +44035,8 @@ CVE-2019-4336 (IBM Robotic Process Automation with 
Automation Anywhere 11 uses a
        NOT-FOR-US: IBM
 CVE-2019-4335
        RESERVED
-CVE-2019-4334
-       RESERVED
+CVE-2019-4334 (IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive 
information  ...)
+       TODO: check
 CVE-2019-4333
        RESERVED
 CVE-2019-4332
@@ -105685,8 +105687,8 @@ CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 
4.2.0.0, 4.2.3.10, 5.0.0 an
        NOT-FOR-US: IBM
 CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could 
allow  ...)
        NOT-FOR-US: IBM
-CVE-2018-1721
-       RESERVED
+CVE-2018-1721 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML 
External Ent ...)
+       TODO: check
 CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 
5.2.6.3_6, 6.0.0 ...)
        NOT-FOR-US: IBM
 CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide 
weaker than ...)
@@ -297785,8 +297787,7 @@ CVE-2009-5006 (The 
SessionAdapter::ExchangeHandlerImpl::checkAlternate function
        - qpid-cpp <not-affected> (Fixed before initial upload to archive)
 CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in 
Apache  ...)
        - qpid-cpp <not-affected> (Fixed before initial upload to archive)
-CVE-2009-5004
-       RESERVED
+CVE-2009-5004 (qpid-cpp 1.0 crashes when a large message is sent and the 
Digest-MD5 m ...)
        - qpid-cpp <not-affected> (Fixed before initial upload to archive)
 CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and 
passwords in pl ...)
        - libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
@@ -310461,8 +310462,7 @@ CVE-2009-4013 (Multiple directory traversal 
vulnerabilities in Lintian 1.23.x th
 CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow 
contex ...)
        {DSA-1971-1}
        - libthai 0.1.13-1
-CVE-2009-4011 [dtc-xen race condition]
-       RESERVED
+CVE-2009-4011 (dtc-xen 0.5.x before 0.5.4 suffers from a race condition where 
an atta ...)
        - dtc-xen 0.5.4-1
        [lenny] - dtc-xen <not-affected> (Only affects 0.5.x)
 CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 
allows r ...)
@@ -311698,8 +311698,7 @@ CVE-2009-3615 (The OSCAR protocol plugin in libpurple 
in Pidgin before 2.6.3 and
        {DSA-1932-1}
        - pidgin 2.6.3-1
        NOTE: http://pidgin.im/news/security/?id=41
-CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
-       RESERVED
+CVE-2009-3614 (liboping 1.3.2 allows users reading arbitrary files upon the 
local sys ...)
        - liboping 1.3.3-1 (low; bug #548684)
        [lenny] - liboping <not-affected> (doesn't have -f option yet)
        [etch] - liboping <not-affected> (doesn't have -f option yet)
@@ -311963,8 +311962,7 @@ CVE-2009-3553 (Use-after-free vulnerability in the 
abstract file-descriptor hand
        [lenny] - cups <no-dsa> (Minor issue)
        - cupsys <not-affected> (vulnerable code introduced in 1.3.x)
        NOTE: 
http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
-CVE-2009-3552
-       RESERVED
+CVE-2009-3552 (In RHEV-M VDC 2.2.0, it was found that the SSL certificate was 
not ver ...)
        NOT-FOR-US: Red Hat Enterprise Virtualization Manager
 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in 
packet-sm ...)
        - wireshark 1.2.3-1 (low; bug #553583)
@@ -314464,8 +314462,7 @@ CVE-2009-2804 (Integer overflow in ColorSync in Apple 
Mac OS X 10.4.11 and 10.5.
        NOT-FOR-US: Apple Mac OS X
 CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows 
attackers to ex ...)
        NOT-FOR-US: Apple Mac OS X
-CVE-2009-2802
-       RESERVED
+CVE-2009-2802 (MantisBT 1.2.x before 1.2.2 insecurely handles attachments and 
MIME ty ...)
        - mantis <not-affected> (Only affects 1.2.x)
        NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
        NOTE: http://www.mantisbt.org/blog/?p=113
@@ -324927,8 +324924,7 @@ CVE-2009-0037 (The redirect implementation in curl 
and libcurl 5.11 through 7.19
 CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in 
proxy/libvirt ...)
        - libvirt 0.5.1-7 (unimportant)
        NOTE: not building libvirt proxy from libvirt source package
-CVE-2009-0035 [alsainfo insecure temp file usage]
-       RESERVED
+CVE-2009-0035 (alsa-utils 1.0.19 and later versions allows local users to 
overwrite a ...)
        - alsa-driver 1.0.20-1 (unimportant)
        NOTE: alsainfo not built into source package
 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly 
interpret  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d35f2de049ed63456aff64c9d6e944125f64e07

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d35f2de049ed63456aff64c9d6e944125f64e07
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to