Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3fbabc59 by security tracker role at 2019-12-16T20:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,11 @@ +CVE-2019-19812 + RESERVED +CVE-2019-19811 + RESERVED +CVE-2019-19810 + RESERVED +CVE-2019-19809 + RESERVED CVE-2019-XXXX [kadm5.acl should set proper rights for users] - debian-edu-config <unfixed> (bug #946797) CVE-2019-19808 @@ -60,8 +68,7 @@ CVE-2019-19785 (ATasm 1.06 has a stack-based buffer overflow in the to_comma() f NOT-FOR-US: ATasm CVE-2019-19784 RESERVED -CVE-2019-19783 - RESERVED +CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0. ...) - cyrus-imapd 3.0.13-1 NOTE: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long ...) @@ -1162,8 +1169,8 @@ CVE-2019-19745 RESERVED CVE-2019-19744 RESERVED -CVE-2019-19743 - RESERVED +CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a root(admi ...) + TODO: check CVE-2019-19742 RESERVED CVE-2019-19741 @@ -1186,8 +1193,8 @@ CVE-2019-19733 RESERVED CVE-2019-19732 RESERVED -CVE-2019-19731 - RESERVED +CVE-2019-19731 (Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote ...) + TODO: check CVE-2019-19730 RESERVED CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...) @@ -4769,8 +4776,8 @@ CVE-2019-19370 RESERVED CVE-2019-19369 RESERVED -CVE-2019-19368 - RESERVED +CVE-2019-19368 (A Reflected Cross Site Scripting was discovered in the Login page of R ...) + TODO: check CVE-2019-19367 (A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in ...) NOT-FOR-US: FusionPBX CVE-2019-19366 (A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_sear ...) @@ -5007,8 +5014,7 @@ CVE-2019-19332 [KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID] RESERVED - linux <unfixed> NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e -CVE-2019-19331 - RESERVED +CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...) - knot-resolver <unfixed> (bug #946181) NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4 CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...) @@ -6318,18 +6324,18 @@ CVE-2019-18833 RESERVED CVE-2019-18832 RESERVED -CVE-2019-18831 - RESERVED -CVE-2019-18830 - RESERVED +CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...) + TODO: check +CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Comm ...) + TODO: check CVE-2019-18829 RESERVED -CVE-2019-18828 - RESERVED -CVE-2019-18827 - RESERVED -CVE-2019-18826 - RESERVED +CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insuffic ...) + TODO: check +CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before firmware versio ...) + TODO: check +CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper ...) + TODO: check CVE-2019-18825 RESERVED CVE-2019-18824 @@ -14014,7 +14020,7 @@ CVE-2019-17013 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013 CVE-2019-17012 RESERVED - {DSA-4585-1 DSA-4580-1 DLA-2029-1} + {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 @@ -14023,7 +14029,7 @@ CVE-2019-17012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012 CVE-2019-17011 RESERVED - {DSA-4585-1 DSA-4580-1 DLA-2029-1} + {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 @@ -14032,7 +14038,7 @@ CVE-2019-17011 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011 CVE-2019-17010 RESERVED - {DSA-4585-1 DSA-4580-1 DLA-2029-1} + {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 @@ -14049,7 +14055,7 @@ CVE-2019-17009 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009 CVE-2019-17008 RESERVED - {DSA-4585-1 DSA-4580-1 DLA-2029-1} + {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 @@ -14069,7 +14075,7 @@ CVE-2019-17006 RESERVED CVE-2019-17005 RESERVED - {DSA-4585-1 DSA-4580-1 DLA-2029-1} + {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 @@ -21245,8 +21251,8 @@ CVE-2019-14601 RESERVED CVE-2019-14600 RESERVED -CVE-2019-14599 - RESERVED +CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier ...) + TODO: check CVE-2019-14598 RESERVED CVE-2019-14597 @@ -28653,7 +28659,7 @@ CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me" CVE-2019-12421 (When using an authentication mechanism other than PKI, when the user c ...) NOT-FOR-US: Apache NiFi CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in a way ...) - {DSA-4584-1} + {DSA-4584-1 DLA-2037-1} - spamassassin 3.4.3~rc6-1 (bug #946653) NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/2 NOTE: https://markmail.org/message/pyp425yrulfxyhrn @@ -50422,8 +50428,8 @@ CVE-2019-4562 RESERVED CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...) NOT-FOR-US: IBM -CVE-2019-4560 - RESERVED +CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulne ...) + TODO: check CVE-2019-4559 RESERVED CVE-2019-4558 (A security vulnerability has been identified in all levels of IBM Spec ...) @@ -50654,8 +50660,8 @@ CVE-2019-4446 RESERVED CVE-2019-4445 RESERVED -CVE-2019-4444 - RESERVED +CVE-2019-4444 (IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user regi ...) + TODO: check CVE-2019-4443 RESERVED CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a ...) @@ -84156,7 +84162,7 @@ CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in Je CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins Git Plug ...) NOT-FOR-US: Jenkins plugin CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be configu ...) - {DSA-4584-1} + {DSA-4584-1 DLA-2037-1} - spamassassin 3.4.3~rc6-1 (bug #946652) NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/1 NOTE: https://markmail.org/message/pyp425yrulfxyhrn View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbabc59642fbd50788027194aac02e456469edf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbabc59642fbd50788027194aac02e456469edf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits