Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 647c9483 by security tracker role at 2019-11-26T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,81 @@ +CVE-2019-19308 + RESERVED +CVE-2019-19307 (An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6. ...) + TODO: check +CVE-2019-19306 (The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via m ...) + TODO: check +CVE-2019-19305 + RESERVED +CVE-2019-19304 + RESERVED +CVE-2019-19303 + RESERVED +CVE-2019-19302 + RESERVED +CVE-2019-19301 + RESERVED +CVE-2019-19300 + RESERVED +CVE-2019-19299 + RESERVED +CVE-2019-19298 + RESERVED +CVE-2019-19297 + RESERVED +CVE-2019-19296 + RESERVED +CVE-2019-19295 + RESERVED +CVE-2019-19294 + RESERVED +CVE-2019-19293 + RESERVED +CVE-2019-19292 + RESERVED +CVE-2019-19291 + RESERVED +CVE-2019-19290 + RESERVED +CVE-2019-19289 + RESERVED +CVE-2019-19288 + RESERVED +CVE-2019-19287 + RESERVED +CVE-2019-19286 + RESERVED +CVE-2019-19285 + RESERVED +CVE-2019-19284 + RESERVED +CVE-2019-19283 + RESERVED +CVE-2019-19282 + RESERVED +CVE-2019-19281 + RESERVED +CVE-2019-19280 + RESERVED +CVE-2019-19279 + RESERVED +CVE-2019-19278 + RESERVED +CVE-2019-19277 + RESERVED +CVE-2019-19276 + RESERVED +CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...) + TODO: check +CVE-2019-19274 (typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds ...) + TODO: check +CVE-2019-19273 + RESERVED +CVE-2015-9539 (The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows ...) + TODO: check +CVE-2015-9538 (The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Dire ...) + TODO: check +CVE-2015-9537 (The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XS ...) + TODO: check CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...) - proftpd-dfsg <unfixed> [buster] - proftpd-dfsg <no-dsa> (Minor issue) @@ -156,8 +234,8 @@ CVE-2019-19208 RESERVED CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. ...) NOT-FOR-US: rConfig -CVE-2019-19206 - RESERVED +CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to J ...) + TODO: check CVE-2019-19205 RESERVED CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...) @@ -319,8 +397,8 @@ CVE-2019-19131 RESERVED CVE-2019-19130 RESERVED -CVE-2019-19129 - RESERVED +CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11 ...) + TODO: check CVE-2019-19128 RESERVED CVE-2019-19127 @@ -3543,27 +3621,23 @@ CVE-2019-18681 CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...) - linux <not-affected> (Vulnerable code not present) NOTE: https://lkml.org/lkml/2019/9/18/337 -CVE-2019-18679 [Information Disclosure issue in HTTP Digest Authentication] - RESERVED +CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...) - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt -CVE-2019-18678 [HTTP Request Splitting issue in HTTP message processing] - RESERVED +CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...) - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt -CVE-2019-18677 [Cross-Site Request Forgery issue in HTTP Request processing] - RESERVED +CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...) - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt -CVE-2019-18676 [Multiple issues in URI processing] - RESERVED +CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...) - squid 4.9-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt @@ -3778,8 +3852,8 @@ CVE-2019-18582 RESERVED CVE-2019-18581 RESERVED -CVE-2019-18580 - RESERVED +CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Jav ...) + TODO: check CVE-2019-18579 RESERVED CVE-2019-18578 @@ -4224,92 +4298,74 @@ CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability NOT-FOR-US: Progress MOVEit Transfer CVE-2019-18464 (In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 1 ...) NOT-FOR-US: Progress MOVEit Transfer -CVE-2019-18463 - RESERVED +CVE-2019-18463 (An issue was discovered in GitLab Community and Enterprise Edition thr ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18462 - RESERVED +CVE-2019-18462 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18461 - RESERVED +CVE-2019-18461 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18460 - RESERVED +CVE-2019-18460 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18459 - RESERVED +CVE-2019-18459 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18458 - RESERVED +CVE-2019-18458 (An issue was discovered in GitLab Community and Enterprise Edition thr ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18457 - RESERVED +CVE-2019-18457 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18456 - RESERVED +CVE-2019-18456 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) - gitlab <not-affected> (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18455 - RESERVED +CVE-2019-18455 (An issue was discovered in GitLab Community and Enterprise Edition 11 ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18454 - RESERVED +CVE-2019-18454 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18453 - RESERVED +CVE-2019-18453 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18452 - RESERVED +CVE-2019-18452 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18451 - RESERVED +CVE-2019-18451 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18450 - RESERVED +CVE-2019-18450 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18449 - RESERVED +CVE-2019-18449 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18448 - RESERVED +CVE-2019-18448 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18447 - RESERVED +CVE-2019-18447 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ -CVE-2019-18446 - RESERVED +CVE-2019-18446 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.2.9-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ @@ -7149,8 +7205,8 @@ CVE-2019-17592 (The csv-parse module before 4.4.6 for Node.js is vulnerable to R NOT-FOR-US: csv-parse Node module CVE-2019-17591 RESERVED -CVE-2019-17590 - RESERVED +CVE-2019-17590 (The csrf_callback function in the CSRF Magic library through 2016-03-2 ...) + TODO: check CVE-2019-17589 RESERVED CVE-2019-17588 @@ -7823,8 +7879,8 @@ CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, t NOT-FOR-US: Seesaw Parent and Family application CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to the Vend ...) NOT-FOR-US: Tomedo Server -CVE-2019-17392 - RESERVED +CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a ...) + TODO: check CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...) NOT-FOR-US: Espressif ESP32 CVE-2019-17390 @@ -10236,12 +10292,12 @@ CVE-2019-16390 RESERVED CVE-2019-16389 RESERVED -CVE-2019-16388 - RESERVED -CVE-2019-16387 - RESERVED -CVE-2019-16386 - RESERVED +CVE-2019-16388 (PEGA Platform 8.3.0 is vulnerable to Information disclosure via a dire ...) + TODO: check +CVE-2019-16387 (PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/! ...) + TODO: check +CVE-2019-16386 (PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via ...) + TODO: check CVE-2019-16385 RESERVED CVE-2019-16384 @@ -10738,8 +10794,7 @@ CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via NOT-FOR-US: Wordpress plugin CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...) NOT-FOR-US: Wordpress plugin -CVE-2019-16255 [A code injection vulnerability of Shell#[] and Shell#test] - RESERVED +CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...) {DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 <removed> @@ -10747,8 +10802,7 @@ CVE-2019-16255 [A code injection vulnerability of Shell#[] and Shell#test] - jruby <unfixed> NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/ NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640 -CVE-2019-16254 [HTTP response splitting in WEBrick (Additional fix)] - RESERVED +CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...) {DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 <removed> @@ -10780,12 +10834,12 @@ CVE-2019-16245 RESERVED CVE-2019-16244 RESERVED -CVE-2019-16243 - RESERVED -CVE-2019-16242 - RESERVED -CVE-2019-16241 - RESERVED +CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...) + TODO: check +CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...) + TODO: check +CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...) + TODO: check CVE-2019-16240 RESERVED CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...) @@ -10930,8 +10984,7 @@ CVE-2019-16203 RESERVED CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...) NOT-FOR-US: MISP -CVE-2019-16201 [Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication] - RESERVED +CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...) {DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 <removed> @@ -10949,8 +11002,8 @@ CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the - dolibarr <removed> CVE-2019-16196 RESERVED -CVE-2019-16195 - RESERVED +CVE-2019-16195 (Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 a ...) + TODO: check CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks ...) NOT-FOR-US: Centreon web UI (not packaged in Debian) CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...) @@ -11898,8 +11951,7 @@ CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary - exim4 4.92.1-3 NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1 NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4 -CVE-2019-15845 [A NUL injection vulnerability of File.fnmatch and File.fnmatch?] - RESERVED +CVE-2019-15845 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 misha ...) {DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 <removed> @@ -12364,14 +12416,14 @@ CVE-2019-15690 RESERVED CVE-2019-15689 RESERVED -CVE-2019-15688 - RESERVED -CVE-2019-15687 - RESERVED -CVE-2019-15686 - RESERVED -CVE-2019-15685 - RESERVED +CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) + TODO: check +CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) + TODO: check +CVE-2019-15686 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) + TODO: check +CVE-2019-15685 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) + TODO: check CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to ...) NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...) @@ -15010,8 +15062,7 @@ CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and An - ansible 2.8.6+dfsg-1 (bug #942332) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593 NOTE: https://github.com/ansible/ansible/pull/63405 -CVE-2019-14857 - RESERVED +CVE-2019-14857 (mod_auth_openidc before version 2.4.0.1 is vulnerable to a None ...) {DLA-1996-1} - libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165) [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) @@ -15033,8 +15084,7 @@ CVE-2019-14855 [WoT forgeries using SHA-1] CVE-2019-14854 RESERVED NOT-FOR-US: OpenShift -CVE-2019-14853 - RESERVED +CVE-2019-14853 (An error-handling flaw was found in python-ecdsa. During signature dec ...) {DLA-1978-1} - python-ecdsa 0.13.3-1 NOTE: https://github.com/warner/python-ecdsa/issues/114 @@ -15097,8 +15147,8 @@ CVE-2019-14844 (A flaw was found in, Fedora versions of krb5 from 1.16.1 to, inc CVE-2019-14843 RESERVED - wildfly <itp> (bug #752018) -CVE-2019-14842 - RESERVED +CVE-2019-14842 (Structured reply is a feature of the newstyle NBD protocol allowing th ...) + TODO: check CVE-2019-14841 RESERVED CVE-2019-14840 @@ -16792,8 +16842,8 @@ CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not NOT-FOR-US: Repetier-Server CVE-2019-14450 (A directory traversal vulnerability was discovered in RepetierServer.e ...) NOT-FOR-US: Repetier-Server -CVE-2019-14449 - RESERVED +CVE-2019-14449 (An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x b ...) + TODO: check CVE-2019-14448 RESERVED CVE-2019-14447 @@ -22821,8 +22871,7 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki NOTE: The code in squid 3.x limits the amount of input data decoded to one byte less NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded NOTE: without regard for the size of the target buffer. -CVE-2019-12526 [Heap Overflow issue in URN processing] - RESERVED +CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in ...) - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch @@ -22836,8 +22885,7 @@ CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x th NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch CVE-2019-12524 RESERVED -CVE-2019-12523 [Multiple issues in URI processing] - RESERVED +CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...) - squid 4.9-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt @@ -22923,8 +22971,8 @@ CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacke NOT-FOR-US: OnApp CVE-2019-12490 RESERVED -CVE-2019-12489 - RESERVED +CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...) + TODO: check CVE-2019-12488 RESERVED CVE-2019-12487 @@ -29231,8 +29279,7 @@ CVE-2019-10207 (A flaw was found in the Linux kernel's Bluetooth implementation NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1 NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdro...@redhat.com/T/#u NOTE: https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73 -CVE-2019-14856 [Incomplete fix for CVE-2019-10206] - RESERVED +CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ...) - ansible <not-affected> (Incomplete fix for CVE-2019-10206 not applied) NOTE: https://github.com/ansible/ansible/pull/63351 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829 @@ -38205,8 +38252,8 @@ CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a craf [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/podofo/tickets/33/ NOTE: https://sourceforge.net/p/podofo/code/1954 -CVE-2019-7319 - RESERVED +CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When usin ...) + TODO: check CVE-2019-7318 RESERVED CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...) @@ -39746,8 +39793,8 @@ CVE-2019-6677 RESERVED CVE-2019-6676 RESERVED -CVE-2019-6675 - RESERVED +CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...) + TODO: check CVE-2019-6674 RESERVED CVE-2019-6673 @@ -40206,8 +40253,7 @@ CVE-2019-6479 RESERVED CVE-2019-6478 RESERVED -CVE-2019-6477 [TCP-pipelined queries can bypass tcp-clients limit] - RESERVED +CVE-2019-6477 (With pipelining enabled each incoming query on a TCP connection requir ...) - bind9 <unfixed> (bug #945171) [buster] - bind9 <no-dsa> (Minor issue; can be fixed via point release) [stretch] - bind9 <no-dsa> (Minor issue; can be fixed via point release) @@ -45249,8 +45295,8 @@ CVE-2019-4389 RESERVED CVE-2019-4388 RESERVED -CVE-2019-4387 - RESERVED +CVE-2019-4387 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 i ...) + TODO: check CVE-2019-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2019-4385 (IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password i ...) @@ -51714,8 +51760,8 @@ CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a director NOT-FOR-US: PTC ThingWorx Platform CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...) NOT-FOR-US: Cloudera Data Science Workbench -CVE-2018-20090 - RESERVED +CVE-2018-20090 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4. ...) + TODO: check CVE-2018-20089 RESERVED CVE-2018-20088 @@ -62678,8 +62724,8 @@ CVE-2018-17862 RESERVED CVE-2018-17861 RESERVED -CVE-2018-17860 - RESERVED +CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...) + TODO: check CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...) NOT-FOR-US: Joomla! CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer action ...) @@ -142599,8 +142645,8 @@ CVE-2016-1000348 REJECTED CVE-2016-1000268 REJECTED -CVE-2017-7399 - RESERVED +CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x be ...) + TODO: check CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request For ...) NOT-FOR-US: D-Link CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a de ...) @@ -164239,8 +164285,8 @@ CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches) CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...) NOT-FOR-US: Exponent CMS -CVE-2016-9271 - RESERVED +CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...) + TODO: check CVE-2016-9270 RESERVED CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...) @@ -173487,8 +173533,8 @@ CVE-2016-6356 (A vulnerability in the email message filtering feature of Cisco A NOT-FOR-US: Cisco CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, ...) NOT-FOR-US: Cisco -CVE-2016-6353 - RESERVED +CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...) + TODO: check CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...) - resteasy <unfixed> (low; bug #837170) [jessie] - resteasy <no-dsa> (Minor issue) @@ -175780,8 +175826,8 @@ CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on - jsch 0.1.54-1 (low) [jessie] - jsch <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/ -CVE-2016-5724 - RESERVED +CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagn ...) + TODO: check CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...) NOT-FOR-US: Huawei CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3 ...) @@ -179956,8 +180002,8 @@ CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial of - libksba 1.3.4-3 [jessie] - libksba 1.3.2-1+deb8u1 NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64 -CVE-2016-4572 - RESERVED +CVE-2016-4572 (In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do ...) + TODO: check CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN decoder ( ...) - libksba 1.3.4-3 [jessie] - libksba <not-affected> (Incomplete fix not applied) @@ -183860,8 +183906,8 @@ CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added pag NOT-FOR-US: Fortinet CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance web-applicat ...) NOT-FOR-US: Fortinet -CVE-2016-3192 - RESERVED +CVE-2016-3192 (Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext R ...) + TODO: check CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...) - cairo 1.14.2-2 [jessie] - cairo 1.14.0-2.1+deb8u1 @@ -183999,8 +184045,8 @@ CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet f - php7.0 7.0.6-1 NOTE: https://bugs.php.net/bug.php?id=71735 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5 -CVE-2016-3131 - RESERVED +CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...) + TODO: check CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...) NOT-FOR-US: BlackBerry CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good Enterpri ...) @@ -196836,8 +196882,8 @@ CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1. NOTE: initial fix missed a second needed commit. CVE-2015-7832 RESERVED -CVE-2015-7831 - RESERVED +CVE-2015-7831 (In Cloudera Hue, there is privilege escalation by a read-only user whe ...) + TODO: check CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...) NOT-FOR-US: Adobe CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require authentication ...) @@ -200627,8 +200673,8 @@ CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4. NOT-FOR-US: Alcatel-Lucent Home Device Manager CVE-2015-6497 RESERVED -CVE-2015-6495 - RESERVED +CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 Diagno ...) + TODO: check CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango ...) NOT-FOR-US: Infinite Automation Mango Automation CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite Automation ...) @@ -206324,8 +206370,8 @@ CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7718 NOTE: http://jvn.jp/en/jp/JVN78187936/ NOTE: Fixed upstream in 0.8.8d -CVE-2015-4457 - RESERVED +CVE-2015-4457 (Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Ma ...) + TODO: check CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::igno ...) {DSA-3363-1} - owncloud-client 1.8.4+dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/647c94837c09b9bff91be27e3e05ca772148b252 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/647c94837c09b9bff91be27e3e05ca772148b252 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits