Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1150583d by security tracker role at 2019-12-11T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-19726
+ RESERVED
+CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst
in sa_co ...)
+ TODO: check
+CVE-2019-19724
+ RESERVED
+CVE-2019-19723
+ RESERVED
+CVE-2019-19722
+ RESERVED
+CVE-2019-19721
+ RESERVED
CVE-2020-3109
RESERVED
CVE-2020-3108
@@ -1383,10 +1395,10 @@ CVE-2019-19652
RESERVED
CVE-2019-19651
RESERVED
-CVE-2019-19650
- RESERVED
-CVE-2019-19649
- RESERVED
+CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a
remote au ...)
+ TODO: check
+CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a
remote un ...)
+ TODO: check
CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA
3.11.0, ...)
- yara <unfixed>
NOTE: https://github.com/VirusTotal/yara/issues/1178
@@ -2598,28 +2610,22 @@ CVE-2019-19585
RESERVED
CVE-2019-19584
RESERVED
-CVE-2019-19583 [VMX: VMentry failure with debug exceptions and blocked states]
- RESERVED
+CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86
HVM/PVH gue ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-308.html
-CVE-2019-19582
- RESERVED
+CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86
guest OS us ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
-CVE-2019-19581
- RESERVED
+CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit
Arm gues ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
-CVE-2019-19580
- RESERVED
+CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-310.html
-CVE-2019-19578
- RESERVED
+CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-309.html
-CVE-2019-19577
- RESERVED
+CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD
HVM gue ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-311.html
CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing
attackers to ga ...)
@@ -3526,8 +3532,8 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a
configuration where SSL
NOT-FOR-US: Octopus Deploy
CVE-2019-19374
RESERVED
-CVE-2019-19373
- RESERVED
+CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to
5.5.0.3, 5. ...)
+ TODO: check
CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal
vulnera ...)
NOT-FOR-US: rConfig
CVE-2019-19371
@@ -4771,8 +4777,8 @@ CVE-2019-18962
RESERVED
CVE-2019-18961
RESERVED
-CVE-2019-18960
- RESERVED
+CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...)
+ TODO: check
CVE-2019-18959
RESERVED
CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the
directory where ...)
@@ -4821,8 +4827,8 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3
3.47.18 with the Script Par
NOT-FOR-US: eQ-3 Homematic
CVE-2019-18936
RESERVED
-CVE-2019-18935
- RESERVED
+CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023
contains a .N ...)
+ TODO: check
CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the
ipsec modul ...)
- unbound <unfixed> (unimportant)
[stretch] - unbound <not-affected> (ipsecmod module introduced later)
@@ -8530,12 +8536,12 @@ CVE-2019-18381 (Norton Password Manager, prior to
6.6.2.5, may be susceptible to
NOT-FOR-US: Norton Password Manager
CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions
6.x.x, ...)
NOT-FOR-US: Symantec
-CVE-2019-18379
- RESERVED
-CVE-2019-18378
- RESERVED
-CVE-2019-18377
- RESERVED
+CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be
susceptible to a s ...)
+ TODO: check
+CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be
susceptible to a c ...)
+ TODO: check
+CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be
susceptible to a p ...)
+ TODO: check
CVE-2019-18376
RESERVED
CVE-2019-18375
@@ -12018,6 +12024,7 @@ CVE-2019-17359 (The ASN.1 parser in Bouncy Castle
Crypto (aka BC Java) 1.63 can
NOTE:
https://github.com/bcgit/bc-java/commit/b1bc75254f5fea633a49a751a1a7339056f97856
CVE-2019-17358
RESERVED
+ {DLA-2032-1}
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/issues/3026
NOTE:
https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8
@@ -18672,12 +18679,12 @@ CVE-2019-15011
RESERVED
CVE-2019-15010
RESERVED
-CVE-2019-15009
- RESERVED
-CVE-2019-15008
- RESERVED
-CVE-2019-15007
- RESERVED
+CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian
Fisheye and ...)
+ TODO: check
+CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian
Fisheye and Cr ...)
+ TODO: check
+CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before
version 4 ...)
+ TODO: check
CVE-2019-15006
RESERVED
CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior
to versio ...)
@@ -19046,8 +19053,7 @@ CVE-2019-14901 (A heap overflow flaw was found in the
Linux kernel, all versions
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2
CVE-2019-14900
RESERVED
-CVE-2019-14899
- RESERVED
+CVE-2019-14899 (A vulnerability was discovered in Linux, FreeBSD, OpenBSD,
MacOS, iOS, ...)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/05/1
CVE-2019-14898 [RHEL-7 specific incompete fix issue for CVE-2019-11599]
RESERVED
@@ -21362,8 +21368,8 @@ CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a
timing side channel in ECD
[stretch] - libcrypto++ <no-dsa> (Minor issue)
[jessie] - libcrypto++ <no-dsa> (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/869
-CVE-2019-14317
- RESERVED
+CVE-2019-14317 (wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as
CyaSSL) gen ...)
+ TODO: check
CVE-2019-14316
RESERVED
CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in
SunHater K ...)
@@ -32018,8 +32024,8 @@ CVE-2019-10774
RESERVED
CVE-2019-10773
RESERVED
-CVE-2019-10772
- RESERVED
+CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1
using th ...)
+ TODO: check
CVE-2019-10771 (Characters in the GET url path are not properly escaped and
can be ref ...)
NOT-FOR-US: IOBroker
CVE-2019-10770
@@ -48840,8 +48846,8 @@ CVE-2019-4717
RESERVED
CVE-2019-4716
RESERVED
-CVE-2019-4715
- RESERVED
+CVE-2019-4715 (IBM Spectrum Scale 4.2 and 5.0 could allow a remote
authenticated atta ...)
+ TODO: check
CVE-2019-4714
RESERVED
CVE-2019-4713
@@ -48940,8 +48946,8 @@ CVE-2019-4667
RESERVED
CVE-2019-4666
RESERVED
-CVE-2019-4665
- RESERVED
+CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2019-4664
RESERVED
CVE-2019-4663 (IBM WebSphere Application Server - Liberty is vulnerable to
cross-site ...)
@@ -230617,8 +230623,8 @@ CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei
Million Arthur before 2.25 for
NOT-FOR-US: SQUARE ENIX
CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board
2.91 a ...)
NOT-FOR-US: KENT-WEB CLip Board
-CVE-2014-7257
- RESERVED
+CVE-2014-7257 (SQL injection vulnerability in DBD::PgPP 0.05 and earlier ...)
+ TODO: check
CVE-2014-7256 (The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up
Networking Int ...)
NOT-FOR-US: SEIL Routers
CVE-2014-7255 (Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50
throug ...)
@@ -241755,12 +241761,10 @@ CVE-2014-2857 (The default configuration of the
Resources plugin 1.0.0 before 1.
- grails <itp> (bug #473213)
CVE-2013-7374 (The Ubuntu Date and Time Indicator (aka indicator-datetime)
13.10.0+13 ...)
NOT-FOR-US: indicator-datetime
-CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
- RESERVED
+CVE-2013-7371 (node-connects before 2.8.2 has cross site scripting in Sencha
Labs Con ...)
- node-connect <not-affected> (Only applies when incomplete fix applied)
NOTE: CVE for incomplete fix for CVE-2013-7370, fixed in 2.8.2
-CVE-2013-7370 [XSS in the Sencha Labs Connect middleware]
- RESERVED
+CVE-2013-7370 (node-connect before 2.8.1 has XSS in the Sencha Labs Connect
middlewar ...)
- node-connect 3.0.0-1 (bug #744374)
CVE-2013-7368 (Multiple cross-site scripting (XSS) vulnerabilities in Gnew
2013.1 all ...)
NOT-FOR-US: Gnew
@@ -249718,8 +249722,7 @@ CVE-2014-0165 (WordPress before 3.7.2 and 3.8.x
before 3.8.2 allows remote authe
- wordpress 3.8.2+dfsg-1 (bug #744018)
CVE-2014-0164 (openshift-origin-broker-util, as used in Red Hat OpenShift
Enterprise ...)
- mcollective 1.2.1+dfsg-2
-CVE-2014-0163
- RESERVED
+CVE-2014-0163 (Openshift has shell command injection flaws due to unsanitized
data be ...)
NOT-FOR-US: OpenShift
CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery
Service ...)
- glance 2014.1-1
@@ -249999,8 +250002,7 @@ CVE-2014-0092 (lib/x509/verify.c in GnuTLS before
3.1.22 and 3.2.x before 3.2.12
- gnutls26 2.12.23-13
- gnutls28 3.2.11-2
NOTE: http://gnutls.org/security.html#GNUTLS-SA-2014-2
-CVE-2014-0091
- RESERVED
+CVE-2014-0091 (Foreman has improper input validation which could lead to
partial Deni ...)
- foreman <itp> (bug #663101)
CVE-2014-0090 (Session fixation vulnerability in Foreman before 1.4.2 allows
remote a ...)
- foreman <itp> (bug #663101)
@@ -250239,8 +250241,7 @@ CVE-2014-0027 (The play_wave_from_socket function in
audio/auserver.c in Flite 1
- flite 1.4-release-8 (low; bug #734746)
[wheezy] - flite <no-dsa> (Minor issue)
[squeeze] - flite <no-dsa> (Minor issue)
-CVE-2014-0026
- RESERVED
+CVE-2014-0026 (katello-headpin is vulnerable to CSRF in REST API ...)
NOT-FOR-US: Katello
CVE-2014-0025
REJECTED
@@ -251405,8 +251406,7 @@ CVE-2013-6497 (clamscan in ClamAV before 0.98.5, when
using -a option, allows re
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11088
CVE-2013-6496 (Red Hat Conga 0.12.2 allows remote attackers to obtain
sensitive infor ...)
NOT-FOR-US: Red Hat Conga
-CVE-2013-6495
- RESERVED
+CVE-2013-6495 (JBossWeb Bayeux has reflected XSS ...)
NOT-FOR-US: JBossWeb Bayeux
CVE-2013-6494 (fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory
with a ...)
NOT-FOR-US: fedup (Fedora specific)
@@ -252779,8 +252779,8 @@ CVE-2013-5980
RESERVED
CVE-2013-5979 (Directory traversal vulnerability in Spring Signage Xibo 1.2.x
before ...)
NOT-FOR-US: Xibo
-CVE-2013-5978
- RESERVED
+CVE-2013-5978 (Multiple cross-site scripting (XSS) vulnerabilities in
products.php in ...)
+ TODO: check
CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in
Cart66Product.php i ...)
NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy
logout p ...)
@@ -253364,8 +253364,7 @@ CVE-2013-5746
RESERVED
CVE-2013-5744 (Cross-site scripting (XSS) vulnerability in Feng Office
2.3.2-rc and e ...)
NOT-FOR-US: Feng Office
-CVE-2013-5743
- RESERVED
+CVE-2013-5743 (Multiple SQL injection vulnerabilities in Zabbix 1.8.x before
1.8.18rc ...)
- zabbix 1:2.0.8+dfsg-2
[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2013-5742
@@ -255202,8 +255201,7 @@ CVE-2013-4969 (Puppet before 3.3.3 and 3.4 before
3.4.1 and Puppet Enterprise (P
{DSA-2831-1}
- puppet 3.4.1-1
NOTE: http://puppetlabs.com/security/cve/cve-2013-4969
-CVE-2013-4968
- RESERVED
+CVE-2013-4968 (Puppet Enterprise before 3.0.1 allows remote attackers to (1)
conduct ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4967 (Puppet Enterprise before 3.0.1 allows remote attackers to
obtain the d ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
@@ -256121,8 +256119,7 @@ CVE-2013-4595 (The Secure Pages module 6.x-2.x before
6.x-2.0 for Drupal does no
NOT-FOR-US: Drupal module Secure Pages
CVE-2013-4594 (The Payment for Webform module 7.x-1.x before 7.x-1.5 for
Drupal does ...)
NOT-FOR-US: Drupal module Payment for Webform
-CVE-2013-4593
- RESERVED
+CVE-2013-4593 (RubyGem omniauth-facebook has an access token security
vulnerability ...)
- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in
virt/kvm/kvm_ma ...)
- linux 3.8-1
@@ -257237,8 +257234,7 @@ CVE-2013-4305 (Cross-site scripting (XSS)
vulnerability in contrib/example.php i
NOTE: Just an example file
CVE-2013-4304 (The CentralAuth extension for MediaWiki 1.19.x before 1.19.8,
1.20.x b ...)
NOT-FOR-US: Mediawiki CentralAuth extension
-CVE-2013-4303 [mediawiki XSS with IE6]
- RESERVED
+CVE-2013-4303 (includes/libs/IEUrlExtension.php in the MediaWiki API in
MediaWiki 1.1 ...)
- mediawiki 1:1.19.8+dfsg-1 (unimportant)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=52746
@@ -257440,8 +257436,7 @@ CVE-2013-4247 (Off-by-one error in the
build_unc_path_to_root function in fs/cif
[wheezy] - linux <not-affected> (Introduced in 3.8)
CVE-2013-4246 (libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2
might all ...)
- subversion <not-affected> (only affects 1.8.0 and 1.8.1)
-CVE-2013-4245 [Arbitrary code execution due to insecure CWD Python module load]
- RESERVED
+CVE-2013-4245 (Orca has arbitrary code execution due to insecure Python module
load ...)
- gnome-orca <unfixed> (unimportant)
NOTE: Negligible security impact
CVE-2013-4244 (The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and
earlier ...)
@@ -257727,8 +257722,7 @@ CVE-2013-4159 (ctdb before 2.3 in OpenSUSE 12.3 and
13.1 does not create tempora
- ctdb 2.5.1+debian0-1 (bug #749840)
[wheezy] - ctdb <no-dsa> (Minor issue)
[squeeze] - ctdb <no-dsa> (Minor issue)
-CVE-2013-4158
- RESERVED
+CVE-2013-4158 (smokeping before 2.6.9 has XSS (incomplete fix for
CVE-2012-0790) ...)
- smokeping <not-affected> (fix for CVE-2012-0790/DSA-2651-1 uses
regexp from 2.6.9 upstream release)
NOTE: CVE is for incomplete fix for CVE-2012-0790
NOTE: Debian package applied already the more complete fix, see #659899
@@ -258891,8 +258885,8 @@ CVE-2013-3693 (The BlackBerry Universal Device
Service in BlackBerry Enterprise
NOT-FOR-US: BlackBerry
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10
smartphones uses ...)
NOT-FOR-US: Blackberry OS
-CVE-2013-3691
- RESERVED
+CVE-2013-3691 (AirLive POE-2600HD allows remote attackers to cause a denial of
servic ...)
+ TODO: check
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in
cgi-bin/users.cgi i ...)
NOT-FOR-US: Brickcom
CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae,
OSD-040E, ...)
@@ -259267,8 +259261,8 @@ CVE-2013-3544
REJECTED
CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control
(AxisMediaControlEmb.dll) ...)
NOT-FOR-US: AXIS Media Control
-CVE-2013-3542
- RESERVED
+CVE-2013-3542 (Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL,
GXV3611HD/LL, GXV ...)
+ TODO: check
CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in
AirLive ...)
NOT-FOR-US: AirLive
CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in
cgi-bin/admin/usrgr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1150583d303386c66642250547ca356888e4dff4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1150583d303386c66642250547ca356888e4dff4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
