Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3fbabc59 by security tracker role at 2019-12-16T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-19812
+ RESERVED
+CVE-2019-19811
+ RESERVED
+CVE-2019-19810
+ RESERVED
+CVE-2019-19809
+ RESERVED
CVE-2019-XXXX [kadm5.acl should set proper rights for users]
- debian-edu-config <unfixed> (bug #946797)
CVE-2019-19808
@@ -60,8 +68,7 @@ CVE-2019-19785 (ATasm 1.06 has a stack-based buffer overflow
in the to_comma() f
NOT-FOR-US: ATasm
CVE-2019-19784
RESERVED
-CVE-2019-19783
- RESERVED
+CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x
before 3.0. ...)
- cyrus-imapd 3.0.13-1
NOTE:
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes
CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via
a long ...)
@@ -1162,8 +1169,8 @@ CVE-2019-19745
RESERVED
CVE-2019-19744
RESERVED
-CVE-2019-19743
- RESERVED
+CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a
root(admi ...)
+ TODO: check
CVE-2019-19742
RESERVED
CVE-2019-19741
@@ -1186,8 +1193,8 @@ CVE-2019-19733
RESERVED
CVE-2019-19732
RESERVED
-CVE-2019-19731
- RESERVED
+CVE-2019-19731 (Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A
remote ...)
+ TODO: check
CVE-2019-19730
RESERVED
CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka
bson-objectid) packa ...)
@@ -4769,8 +4776,8 @@ CVE-2019-19370
RESERVED
CVE-2019-19369
RESERVED
-CVE-2019-19368
- RESERVED
+CVE-2019-19368 (A Reflected Cross Site Scripting was discovered in the Login
page of R ...)
+ TODO: check
CVE-2019-19367 (A cross-site scripting (XSS) vulnerability in
app/fax/fax_files.php in ...)
NOT-FOR-US: FusionPBX
CVE-2019-19366 (A cross-site scripting (XSS) vulnerability in
app/xml_cdr/xml_cdr_sear ...)
@@ -5007,8 +5014,7 @@ CVE-2019-19332 [KVM: x86: fix out-of-bounds write in
KVM_GET_EMULATED_CPUID]
RESERVED
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
-CVE-2019-19331
- RESERVED
+CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of
service ...)
- knot-resolver <unfixed> (bug #946181)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4
CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT
2019-11-0 ...)
@@ -6318,18 +6324,18 @@ CVE-2019-18833
RESERVED
CVE-2019-18832
RESERVED
-CVE-2019-18831
- RESERVED
-CVE-2019-18830
- RESERVED
+CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow
Informa ...)
+ TODO: check
+CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow
OS Comm ...)
+ TODO: check
CVE-2019-18829
RESERVED
-CVE-2019-18828
- RESERVED
-CVE-2019-18827
- RESERVED
-CVE-2019-18826
- RESERVED
+CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have
Insuffic ...)
+ TODO: check
+CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before
firmware versio ...)
+ TODO: check
+CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have
Improper ...)
+ TODO: check
CVE-2019-18825
RESERVED
CVE-2019-18824
@@ -14014,7 +14020,7 @@ CVE-2019-17013
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
CVE-2019-17012
RESERVED
- {DSA-4585-1 DSA-4580-1 DLA-2029-1}
+ {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
- thunderbird 1:68.3.0-1
@@ -14023,7 +14029,7 @@ CVE-2019-17012
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012
CVE-2019-17011
RESERVED
- {DSA-4585-1 DSA-4580-1 DLA-2029-1}
+ {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
- thunderbird 1:68.3.0-1
@@ -14032,7 +14038,7 @@ CVE-2019-17011
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011
CVE-2019-17010
RESERVED
- {DSA-4585-1 DSA-4580-1 DLA-2029-1}
+ {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
- thunderbird 1:68.3.0-1
@@ -14049,7 +14055,7 @@ CVE-2019-17009
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009
CVE-2019-17008
RESERVED
- {DSA-4585-1 DSA-4580-1 DLA-2029-1}
+ {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
- thunderbird 1:68.3.0-1
@@ -14069,7 +14075,7 @@ CVE-2019-17006
RESERVED
CVE-2019-17005
RESERVED
- {DSA-4585-1 DSA-4580-1 DLA-2029-1}
+ {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
- thunderbird 1:68.3.0-1
@@ -21245,8 +21251,8 @@ CVE-2019-14601
RESERVED
CVE-2019-14600
RESERVED
-CVE-2019-14599
- RESERVED
+CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and
earlier ...)
+ TODO: check
CVE-2019-14598
RESERVED
CVE-2019-14597
@@ -28653,7 +28659,7 @@ CVE-2019-12422 (Apache Shiro before 1.4.2, when using
the default "remember me"
CVE-2019-12421 (When using an authentication mechanism other than PKI, when
the user c ...)
NOT-FOR-US: Apache NiFi
CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted
in a way ...)
- {DSA-4584-1}
+ {DSA-4584-1 DLA-2037-1}
- spamassassin 3.4.3~rc6-1 (bug #946653)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/2
NOTE: https://markmail.org/message/pyp425yrulfxyhrn
@@ -50422,8 +50428,8 @@ CVE-2019-4562
RESERVED
CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote
attacker to e ...)
NOT-FOR-US: IBM
-CVE-2019-4560
- RESERVED
+CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0
is vulne ...)
+ TODO: check
CVE-2019-4559
RESERVED
CVE-2019-4558 (A security vulnerability has been identified in all levels of
IBM Spec ...)
@@ -50654,8 +50660,8 @@ CVE-2019-4446
RESERVED
CVE-2019-4445
RESERVED
-CVE-2019-4444
- RESERVED
+CVE-2019-4444 (IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's
user regi ...)
+ TODO: check
CVE-2019-4443
RESERVED
CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could
allow a ...)
@@ -84156,7 +84162,7 @@ CVE-2018-1000183 (A exposure of sensitive information
vulnerability exists in Je
CVE-2018-1000182 (A server-side request forgery vulnerability exists in
Jenkins Git Plug ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be
configu ...)
- {DSA-4584-1}
+ {DSA-4584-1 DLA-2037-1}
- spamassassin 3.4.3~rc6-1 (bug #946652)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/1
NOTE: https://markmail.org/message/pyp425yrulfxyhrn
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbabc59642fbd50788027194aac02e456469edf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbabc59642fbd50788027194aac02e456469edf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
