Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 44b41964 by security tracker role at 2019-12-17T08:10:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,10 +1,42 @@ -CVE-2019-19816 +CVE-2019-19833 + RESERVED +CVE-2019-19832 + RESERVED +CVE-2019-19831 + RESERVED +CVE-2019-19829 + RESERVED +CVE-2019-19828 + RESERVED +CVE-2019-19827 + RESERVED +CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal make ...) + TODO: check +CVE-2019-19825 + RESERVED +CVE-2019-19824 + RESERVED +CVE-2019-19823 + RESERVED +CVE-2019-19822 + RESERVED +CVE-2019-19821 + RESERVED +CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...) + TODO: check +CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.1 ...) + TODO: check +CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...) + TODO: check +CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...) + TODO: check +CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...) - linux <unfixed> -CVE-2019-19815 +CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux <unfixed> -CVE-2019-19814 +CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux <unfixed> -CVE-2019-19813 +CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...) - linux <unfixed> CVE-2019-19812 RESERVED @@ -111,7 +143,8 @@ CVE-2019-19772 RESERVED CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...) NOT-FOR-US: lodahs malicious package on npm -CVE-2019-19830 [identified authors can inject content into database] +CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...) + {DSA-4583-1} - spip 3.2.7-1 [stretch] - spip <not-affected> (Vulnerable code not present) [jessie] - spip <not-affected> (Vulnerable code not present) @@ -9111,8 +9144,8 @@ CVE-2019-18581 RESERVED CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Jav ...) NOT-FOR-US: EMC -CVE-2019-18579 - RESERVED +CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1. ...) + TODO: check CVE-2019-18578 RESERVED CVE-2019-18577 @@ -10036,8 +10069,8 @@ CVE-2019-18271 RESERVED CVE-2019-18270 RESERVED -CVE-2019-18269 - RESERVED +CVE-2019-18269 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...) + TODO: check CVE-2019-18268 RESERVED CVE-2019-18267 @@ -10052,12 +10085,12 @@ CVE-2019-18263 RESERVED CVE-2019-18262 RESERVED -CVE-2019-18261 - RESERVED +CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all version ...) + TODO: check CVE-2019-18260 RESERVED -CVE-2019-18259 - RESERVED +CVE-2019-18259 (In Omron PLC CJ series, all versions and Omron PLC CS series, all vers ...) + TODO: check CVE-2019-18258 RESERVED CVE-2019-18257 @@ -11210,8 +11243,8 @@ CVE-2020-0001 CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an arbitrary user' ...) - guix <itp> (bug #850644) NOTE: https://issues.guix.gnu.org/issue/37744 -CVE-2019-18191 - RESERVED +CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep Security ...) + TODO: check CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerab ...) NOT-FOR-US: Trend Micro CVE-2019-18189 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...) @@ -14724,10 +14757,10 @@ CVE-2019-16781 RESERVED CVE-2019-16780 RESERVED -CVE-2019-16779 - RESERVED -CVE-2019-16778 - RESERVED +CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...) + TODO: check +CVE-2019-16778 (In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSu ...) + TODO: check CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...) - npm <unfixed> NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr @@ -19941,8 +19974,8 @@ CVE-2019-15013 RESERVED CVE-2019-15012 RESERVED -CVE-2019-15011 - RESERVED +CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links before versio ...) + TODO: check CVE-2019-15010 RESERVED CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and ...) @@ -21232,28 +21265,27 @@ CVE-2019-14614 RESERVED CVE-2019-14613 RESERVED -CVE-2019-14612 - RESERVED -CVE-2019-14611 - RESERVED -CVE-2019-14610 - RESERVED -CVE-2019-14609 - RESERVED -CVE-2019-14608 - RESERVED -CVE-2019-14607 [Unexpected Page Fault in Virtualized Environment Advisory] - RESERVED +CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...) + TODO: check +CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...) + TODO: check +CVE-2019-14610 (Improper access control in firmware for Intel(R) NUC(R) may allow an a ...) + TODO: check +CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may allow a ...) + TODO: check +CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...) + TODO: check +CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may allow ...) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html TODO: check, this is likely the issue addressed with intel-microcode/3.20191115 CVE-2019-14606 RESERVED -CVE-2019-14605 - RESERVED -CVE-2019-14604 - RESERVED -CVE-2019-14603 - RESERVED +CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS Platform Di ...) + TODO: check +CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for Intel(R) Quartu ...) + TODO: check +CVE-2019-14603 (Improper permissions in the installer for the License Server software ...) + TODO: check CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...) NOT-FOR-US: Nuvoton* CIR Driver CVE-2019-14601 @@ -21322,8 +21354,8 @@ CVE-2019-14570 (Memory corruption in system firmware for Intel(R) NUC may allow NOT-FOR-US: Intel CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may allow a pri ...) NOT-FOR-US: Intel -CVE-2019-14568 - RESERVED +CVE-2019-14568 (Improper permissions in the executable for Intel(R) RST before version ...) + TODO: check CVE-2019-14567 RESERVED CVE-2019-14566 (Insufficient input validation in Intel(R) SGX SDK multiple Linux and W ...) @@ -25615,8 +25647,8 @@ CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version NOT-FOR-US: Medtronic Valleylab FT10 Energy Platform CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...) NOT-FOR-US: Philips -CVE-2019-13533 - RESERVED +CVE-2019-13533 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...) + TODO: check CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...) NOT-FOR-US: CODESYS CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...) @@ -26554,10 +26586,10 @@ CVE-2019-13184 RESERVED CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as ...) NOT-FOR-US: Flarum -CVE-2019-13182 - RESERVED -CVE-2019-13181 - RESERVED +CVE-2019-13182 (A stored cross-site scripting (XSS) vulnerability exists in the web UI ...) + TODO: check +CVE-2019-13181 (A CSV injection vulnerability exists in the web UI of SolarWinds Serv- ...) + TODO: check CVE-2019-13180 RESERVED CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...) @@ -28687,11 +28719,9 @@ CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml t [stretch] - libapache-poi-java <no-dsa> (Minor issue) [jessie] - libapache-poi-java <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/10/23/1 -CVE-2019-12414 - RESERVED +CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view database nam ...) NOT-FOR-US: Apache Superset -CVE-2019-12413 - RESERVED +CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query database met ...) NOT-FOR-US: Apache Superset CVE-2019-12411 RESERVED @@ -32236,8 +32266,8 @@ CVE-2019-11167 (Improper file permission in software installer for Intel(R) Smar NOT-FOR-US: Intel CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy Streaming ...) NOT-FOR-US: Intel -CVE-2019-11165 - RESERVED +CVE-2019-11165 (Improper conditions check in the Linux kernel driver for the Intel(R) ...) + TODO: check CVE-2019-11164 RESERVED CVE-2019-11163 (Insufficient access control in a hardware abstraction driver for Intel ...) @@ -32252,8 +32282,8 @@ CVE-2019-11159 RESERVED CVE-2019-11158 RESERVED -CVE-2019-11157 - RESERVED +CVE-2019-11157 (Improper conditions check in voltage settings for some Intel(R) Proces ...) + TODO: check CVE-2019-11156 (Logic errors in Intel(R) PROSet/Wireless WiFi Software before version ...) NOT-FOR-US: Intel CVE-2019-11155 (Improper directory permissions in Intel(R) PROSet/Wireless WiFi Softwa ...) @@ -32400,8 +32430,8 @@ CVE-2019-11098 CVE-2019-11097 RESERVED NOT-FOR-US: Intel -CVE-2019-11096 - RESERVED +CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218 Adapter driv ...) + TODO: check CVE-2019-11095 (Insufficient access control in Intel(R) Driver & Support Assistant ...) NOT-FOR-US: Intel(R) Driver & Support Assistant CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) NUC Kit ...) @@ -33312,8 +33342,8 @@ CVE-2019-10775 RESERVED CVE-2019-10774 RESERVED -CVE-2019-10773 - RESERVED +CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be abused ...) + TODO: check CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 using th ...) TODO: check CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...) @@ -48928,8 +48958,8 @@ CVE-2019-5261 RESERVED CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of s ...) NOT-FOR-US: Huawei -CVE-2019-5259 - RESERVED +CVE-2019-5259 (There is an information leakage vulnerability on some Huawei products( ...) + TODO: check CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...) NOT-FOR-US: Huawei CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...) @@ -64317,8 +64347,8 @@ CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthent NOTE: https://github.com/tianocore/edk2/commit/5c0748f43f4e1cc15fdd0be64a764eacd7df92f6 NOTE: https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5 NOTE: https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca -CVE-2019-0159 - RESERVED +CVE-2019-0159 (Insufficient memory protection in the Linux Administrative Tools for I ...) + TODO: check CVE-2019-0158 (Insufficient path checking in the installation package for Intel(R) Gr ...) NOT-FOR-US: Intel CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...) @@ -64375,8 +64405,8 @@ CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi NOTE: https://git.kernel.org/linus/588f7d39b3592a36fb7702ae3b8bdd9be4621e2f CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...) NOT-FOR-US: Intel -CVE-2019-0134 - RESERVED +CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and Thermal Fram ...) + TODO: check CVE-2019-0133 RESERVED CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...) @@ -84352,8 +84382,8 @@ CVE-2018-11753 RESERVED CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...) NOT-FOR-US: cisco_ios Puppet module -CVE-2018-11751 - RESERVED +CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...) + TODO: check CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ho ...) NOT-FOR-US: cisco_ios Puppet module CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at login tim ...) @@ -99151,8 +99181,8 @@ CVE-2017-18109 (The login resource of CrowdId in Atlassian Crowd before version NOT-FOR-US: Atlassian Crowd CVE-2017-18108 (The administration SMTP configuration resource in Atlassian Crowd befo ...) NOT-FOR-US: Atlassian Crowd -CVE-2017-18107 - RESERVED +CVE-2017-18107 (Various resources in the Crowd Demo application of Atlassian Crowd bef ...) + TODO: check CVE-2017-18106 (The identifier_hash for a session token in Atlassian Crowd before vers ...) NOT-FOR-US: Atlassian Crowd CVE-2017-18105 (The console login resource in Atlassian Crowd before version 3.0.2 and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44b41964e5780f088216f9d752d0c59db5e52e7d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44b41964e5780f088216f9d752d0c59db5e52e7d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits