[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 01 Jul 2019 13:10:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f0bb47b9 by security tracker role at 2019-07-01T20:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-13132
+       RESERVED
+CVE-2019-13131 (Super Micro SuperDoctor 5, when restrictions are not 
implemented in ag ...)
+       TODO: check
+CVE-2019-13130
+       RESERVED
+CVE-2019-13129 (On the Motorola router CX2L MWR04L 1.01, there is a stack 
consumption  ...)
+       TODO: check
+CVE-2019-13128 (An issue was discovered on D-Link DIR-823G devices with 
firmware 1.02B ...)
+       TODO: check
+CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to 
the "draw ...)
+       TODO: check
+CVE-2019-13126
+       RESERVED
+CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers 
to evad ...)
+       TODO: check
+CVE-2019-13124
+       RESERVED
+CVE-2019-13123
+       RESERVED
+CVE-2019-13122
+       RESERVED
+CVE-2019-13121
+       RESERVED
 CVE-2019-13120
        RESERVED
 CVE-2019-13119
@@ -211,8 +235,8 @@ CVE-2019-13026
        RESERVED
 CVE-2019-13025
        RESERVED
-CVE-2019-13024
-       RESERVED
+CVE-2019-13024 (Centreon V19.04 allows the attacker to execute arbitrary 
system comman ...)
+       TODO: check
 CVE-2019-13023
        RESERVED
 CVE-2019-13022
@@ -338,8 +362,8 @@ CVE-2019-12972 (An issue was discovered in the Binary File 
Descriptor (BFD) libr
        NOTE: binutils not covered by security support
 CVE-2019-12971
        RESERVED
-CVE-2019-12970
-       RESERVED
+CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x 
through 1. ...)
+       TODO: check
 CVE-2019-12969
        RESERVED
 CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) 
plugin (EP_ ...)
@@ -688,8 +712,8 @@ CVE-2019-12828 (An issue was discovered in Electronic Arts 
Origin before 10.5.39
        NOT-FOR-US: Electronic Arts Origin
 CVE-2019-12827
        RESERVED
-CVE-2019-12826
-       RESERVED
+CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in 
widget_logic.php  ...)
+       TODO: check
 CVE-2019-12825
        RESERVED
 CVE-2019-12824
@@ -829,8 +853,7 @@ CVE-2019-12783
        RESERVED
 CVE-2019-12782
        RESERVED
-CVE-2019-12781 [Incorrect HTTP detection with reverse-proxy connecting via 
HTTPS]
-       RESERVED
+CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 
before 2.1. ...)
        - python-django <unfixed> (bug #931316)
        NOTE: 
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
        NOTE: 
https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8
 (master)
@@ -14410,16 +14433,16 @@ CVE-2019-7672 (Prima Systems FlexAir devices have 
Hard-coded Credentials. ...)
        NOT-FOR-US: Prima Systems FlexAir devices
 CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS. 
...)
        NOT-FOR-US: Prima Systems FlexAir devices
-CVE-2019-7670
-       RESERVED
-CVE-2019-7669
-       RESERVED
-CVE-2019-7668
-       RESERVED
-CVE-2019-7667
-       RESERVED
-CVE-2019-7666
-       RESERVED
+CVE-2019-7670 (Prima Systems FlexAir devices allow Authenticated Command 
Injection re ...)
+       TODO: check
+CVE-2019-7669 (Prima Systems FlexAir devices allow Unauthenticated Command 
Injection  ...)
+       TODO: check
+CVE-2019-7668 (Prima Systems FlexAir devices have Default Credentials. ...)
+       TODO: check
+CVE-2019-7667 (Prima Systems FlexAir devices allow unauthenticated download of 
the da ...)
+       TODO: check
+CVE-2019-7666 (Prima Systems FlexAir devices allow authentication with MD5 
hashes dir ...)
+       TODO: check
 CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered 
in the ...)
        {DLA-1689-1}
        - elfutils 0.176-1 (low; bug #921880)
@@ -15614,12 +15637,12 @@ CVE-2019-7285
        NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
 CVE-2019-7284
        RESERVED
-CVE-2019-7281
-       RESERVED
-CVE-2019-7280
-       RESERVED
-CVE-2019-7279
-       RESERVED
+CVE-2019-7281 (Prima Systems FlexAir devices allow Cross-Site Request Forgery 
(CSRF). ...)
+       TODO: check
+CVE-2019-7280 (Prima Systems FlexAir devices have an Insufficient Session-ID 
Length. ...)
+       TODO: check
+CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials. 
...)
+       TODO: check
 CVE-2019-7278
        RESERVED
 CVE-2019-7277
@@ -22277,8 +22300,8 @@ CVE-2019-4412
        RESERVED
 CVE-2019-4411
        RESERVED
-CVE-2019-4410
-       RESERVED
+CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 
and 19. ...)
+       TODO: check
 CVE-2019-4409
        RESERVED
 CVE-2019-4408
@@ -22325,14 +22348,14 @@ CVE-2019-4388
        RESERVED
 CVE-2019-4387
        RESERVED
-CVE-2019-4386
-       RESERVED
+CVE-2019-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 11.1 ...)
+       TODO: check
 CVE-2019-4385 (IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS 
password i ...)
        NOT-FOR-US: IBM
 CVE-2019-4384 (IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to 
traverse  ...)
        NOT-FOR-US: IBM
-CVE-2019-4383
-       RESERVED
+CVE-2019-4383 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 
to pro ...)
+       TODO: check
 CVE-2019-4382 (IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an 
unauthorized us ...)
        NOT-FOR-US: IBM
 CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain 
sensiti ...)
@@ -22383,8 +22406,8 @@ CVE-2019-4359
        RESERVED
 CVE-2019-4358
        RESERVED
-CVE-2019-4357
-       RESERVED
+CVE-2019-4357 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 
to pro ...)
+       TODO: check
 CVE-2019-4356
        RESERVED
 CVE-2019-4355
@@ -22423,10 +22446,10 @@ CVE-2019-4339
        RESERVED
 CVE-2019-4338
        RESERVED
-CVE-2019-4337
-       RESERVED
-CVE-2019-4336
-       RESERVED
+CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 
could allow ...)
+       TODO: check
+CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses 
an ina ...)
+       TODO: check
 CVE-2019-4335
        RESERVED
 CVE-2019-4334
@@ -22453,8 +22476,8 @@ CVE-2019-4324
        RESERVED
 CVE-2019-4323
        RESERVED
-CVE-2019-4322
-       RESERVED
+CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
 CVE-2019-4321
        RESERVED
 CVE-2019-4320
@@ -22499,16 +22522,16 @@ CVE-2019-4301
        RESERVED
 CVE-2019-4300
        RESERVED
-CVE-2019-4299
-       RESERVED
-CVE-2019-4298
-       RESERVED
-CVE-2019-4297
-       RESERVED
-CVE-2019-4296
-       RESERVED
-CVE-2019-4295
-       RESERVED
+CVE-2019-4299 (IBM Robotic Process Automation with Automation Anywhere 11 
could allow ...)
+       TODO: check
+CVE-2019-4298 (IBM Robotic Process Automation with Automation Anywhere 11 uses 
a high ...)
+       TODO: check
+CVE-2019-4297 (IBM Robotic Process Automation with Automation Anywhere 11 
could allow ...)
+       TODO: check
+CVE-2019-4296 (IBM Robotic Process Automation with Automation Anywhere 11 
information ...)
+       TODO: check
+CVE-2019-4295 (IBM Robotic Process Automation with Automation Anywhere 11 
could allow ...)
+       TODO: check
 CVE-2019-4294
        RESERVED
 CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow 
an attac ...)
@@ -22623,8 +22646,8 @@ CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud 
Private 1.0.0 through 3.0.1)
        NOT-FOR-US: IBM
 CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is 
vulnerable t ...)
        NOT-FOR-US: IBM
-CVE-2019-4237
-       RESERVED
+CVE-2019-4237 (A Cross-Frame Scripting vulnerability in IBM InfoSphere 
Information Se ...)
+       TODO: check
 CVE-2019-4236
        RESERVED
 CVE-2019-4235 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not 
require th ...)
@@ -22789,8 +22812,8 @@ CVE-2019-4156 (IBM Security Access Manager 9.0.1 
through 9.0.6 uses weaker than
        NOT-FOR-US: IBM
 CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is 
impacted b ...)
        NOT-FOR-US: IBM
-CVE-2019-4154
-       RESERVED
+CVE-2019-4154 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
 CVE-2019-4153 (IBM Security Access Manager 9.0.1 through 9.0.6 could allow a 
remote a ...)
        NOT-FOR-US: IBM
 CVE-2019-4152 (IBM Security Access Manager 9.0.1 through 9.0.6 does not 
invalidate se ...)
@@ -22893,10 +22916,10 @@ CVE-2019-4104
        RESERVED
 CVE-2019-4103 (IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of 
command ...)
        NOT-FOR-US: IBM
-CVE-2019-4102
-       RESERVED
-CVE-2019-4101
-       RESERVED
+CVE-2019-4102 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
+CVE-2019-4101 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 10.1 ...)
+       TODO: check
 CVE-2019-4100
        RESERVED
 CVE-2019-4099
@@ -22983,8 +23006,8 @@ CVE-2019-4059 (IBM Rational ClearCase 1.0.0.0 GIT 
connector does not sufficientl
        NOT-FOR-US: IBM
 CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege 
user to ma ...)
        NOT-FOR-US: IBM
-CVE-2019-4057
-       RESERVED
+CVE-2019-4057 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
+       TODO: check
 CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work Centers' application does 
not val ...)
        NOT-FOR-US: IBM Maximo Asset Management
 CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 
9.1.0.0  ...)
@@ -30739,10 +30762,10 @@ CVE-2019-1580
        RESERVED
 CVE-2019-1579
        RESERVED
-CVE-2019-1578
-       RESERVED
-CVE-2019-1577
-       RESERVED
+CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks 
MineMeld vers ...)
+       TODO: check
+CVE-2019-1577 (Code injection vulnerability in Palo Alto Networks Traps 5.0.5 
and ear ...)
+       TODO: check
 CVE-2019-1576
        RESERVED
 CVE-2019-1575
@@ -154278,10 +154301,10 @@ CVE-2016-5240 (The DrawDashPolygon function in 
magick/render.c in GraphicsMagick
        NOTE: DLA-547-1 didn't fix this properly
 CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in 
the Stea ...)
        NOT-FOR-US: Valve Steam
-CVE-2016-5236
-       RESERVED
-CVE-2016-5235
-       RESERVED
+CVE-2016-5236 (Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe 
Dashboard 3.9 ...)
+       TODO: check
+CVE-2016-5235 (A Cross Site Scripting (XSS) vulnerability in versions of F5 
WebSafe D ...)
+       TODO: check
 CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before 
3.15-rc5-n ...)
        - linux <not-affected> (Vulnerable code never present, introduced and 
fixed in 3.16 development cycle)
        NOTE: Introduced by: 
https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 
(v3.16-rc1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0bb47b9a19480d5cc64f67e39ec943ab79c3e5b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0bb47b9a19480d5cc64f67e39ec943ab79c3e5b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to