Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8714f726 by security tracker role at 2019-07-02T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one
NULL poi ...)
+ TODO: check
+CVE-2019-13146
+ RESERVED
+CVE-2019-13145
+ RESERVED
+CVE-2019-13144
+ RESERVED
+CVE-2019-13143
+ RESERVED
+CVE-2019-13142
+ RESERVED
+CVE-2019-13141
+ RESERVED
+CVE-2019-13140
+ RESERVED
+CVE-2019-13139
+ RESERVED
+CVE-2019-13138
+ RESERVED
+CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in
the fun ...)
+ TODO: check
+CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow
vulnerability in t ...)
+ TODO: check
+CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value"
vulnera ...)
+ TODO: check
+CVE-2019-13134 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in
the fun ...)
+ TODO: check
+CVE-2019-13133 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in
the fun ...)
+ TODO: check
CVE-2019-13132
RESERVED
CVE-2019-13131 (Super Micro SuperDoctor 5, when restrictions are not
implemented in ag ...)
@@ -867,6 +897,7 @@ CVE-2019-12783
CVE-2019-12782
RESERVED
CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1
before 2.1. ...)
+ {DLA-1842-1}
- python-django 1:1.11.22-1 (bug #931316)
NOTE:
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
NOTE:
https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8
(master)
@@ -3435,7 +3466,7 @@ CVE-2019-11709
RESERVED
CVE-2019-11708 [sandbox escape using Prompt:Open]
RESERVED
- {DSA-4471-1 DLA-1836-1}
+ {DSA-4474-1 DSA-4471-1 DLA-1836-1}
- firefox 67.0.4-1
- firefox-esr 60.7.2esr-1
- thunderbird 1:60.7.2-1
@@ -5426,8 +5457,8 @@ CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and
CitectSCADA 7.30 and 7.40, a
NOT-FOR-US: AVEVA
CVE-2019-10980
RESERVED
-CVE-2019-10979
- RESERVED
+CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected
firmware v ...)
+ TODO: check
CVE-2019-10978
RESERVED
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module
QJ71E71-100 ser ...)
@@ -9491,10 +9522,10 @@ CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian
package allows local user
- cron 3.0pl1-133 (low)
[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/f2525567
-CVE-2019-9703
- RESERVED
-CVE-2019-9702
- RESERVED
+CVE-2019-9703 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be
susceptible ...)
+ TODO: check
+CVE-2019-9702 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be
susceptible ...)
+ TODO: check
CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a
cross-site ...)
NOT-FOR-US: DLP (Symantec)
CVE-2019-9700
@@ -15656,22 +15687,22 @@ CVE-2019-7280 (Prima Systems FlexAir devices have an
Insufficient Session-ID Len
TODO: check
CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials.
...)
TODO: check
-CVE-2019-7278
- RESERVED
-CVE-2019-7277
- RESERVED
-CVE-2019-7276
- RESERVED
-CVE-2019-7275
- RESERVED
-CVE-2019-7274
- RESERVED
-CVE-2019-7273
- RESERVED
-CVE-2019-7272
- RESERVED
-CVE-2019-7271
- RESERVED
+CVE-2019-7278 (Optergy Proton/Enterprise devices have an Unauthenticated SMS
Sending ...)
+ TODO: check
+CVE-2019-7277 (Optergy Proton/Enterprise devices allow Unauthenticated
Internal Netwo ...)
+ TODO: check
+CVE-2019-7276 (Optergy Proton/Enterprise devices allow Remote Root Code
Execution via ...)
+ TODO: check
+CVE-2019-7275 (Optergy Proton/Enterprise devices allow Open Redirect. ...)
+ TODO: check
+CVE-2019-7274 (Optergy Proton/Enterprise devices allow Authenticated File
Upload with ...)
+ TODO: check
+CVE-2019-7273 (Optergy Proton/Enterprise devices allow Cross-Site Request
Forgery (CS ...)
+ TODO: check
+CVE-2019-7272 (Optergy Proton/Enterprise devices allow Username Disclosure.
...)
+ TODO: check
+CVE-2019-7271 (Nortek Linear eMerge 50P/5000P devices have Default
Credentials. ...)
+ TODO: check
CVE-2019-7270
RESERVED
CVE-2019-7269
@@ -17136,8 +17167,8 @@ CVE-2019-6644
RESERVED
CVE-2019-6643
RESERVED
-CVE-2019-6642
- RESERVED
+CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5,
12.1.0-12.1.4.2, a ...)
+ TODO: check
CVE-2019-6641
RESERVED
CVE-2019-6640
@@ -20070,8 +20101,8 @@ CVE-2019-5499
RESERVED
CVE-2019-5498
RESERVED
-CVE-2019-5497
- RESERVED
+CVE-2019-5497 (NetApp AFF A700s Baseboard Management Controller (BMC) firmware
versio ...)
+ TODO: check
CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without
certain HTTP ...)
NOT-FOR-US: Oncommand Insight / Netapp
CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows
prior ...)
@@ -23209,8 +23240,8 @@ CVE-2019-3964
RESERVED
CVE-2019-3963
RESERVED
-CVE-2019-3962
- RESERVED
+CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to
8.5.0 may a ...)
+ TODO: check
CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a
reflected XS ...)
TODO: check
CVE-2019-3960
@@ -31594,6 +31625,7 @@ CVE-2019-1545
CVE-2019-1544
RESERVED
CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique
nonce input ...)
+ {DSA-4475-1}
- openssl 1.1.1c-1 (low)
[jessie] - openssl <postponed> (Minor issue, fix along in future DLA)
- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8714f7269fdd2fe4284a6d43e92b8e106333e5c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8714f7269fdd2fe4284a6d43e92b8e106333e5c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
