[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 02 Jul 2019 13:10:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
249c08dd by security tracker role at 2019-07-02T20:10:29Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-13172
+       RESERVED
+CVE-2019-13171
+       RESERVED
+CVE-2019-13170
+       RESERVED
+CVE-2019-13169
+       RESERVED
+CVE-2019-13168
+       RESERVED
+CVE-2019-13167
+       RESERVED
+CVE-2019-13166
+       RESERVED
+CVE-2019-13165
+       RESERVED
+CVE-2019-13164
+       RESERVED
+CVE-2019-13163
+       RESERVED
+CVE-2019-13162
+       RESERVED
+CVE-2019-13161
+       RESERVED
+CVE-2019-13160
+       RESERVED
+CVE-2019-13159
+       RESERVED
+CVE-2019-13158
+       RESERVED
+CVE-2019-13157
+       RESERVED
+CVE-2019-13156
+       RESERVED
+CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
+CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
+CVE-2019-13153 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
+CVE-2019-13152 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
+CVE-2019-13151 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
+CVE-2019-13150 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
+CVE-2019-13149 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
+CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 
2.05B11 ...)
+       TODO: check
 CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one 
NULL poi ...)
        - audiofile <unfixed> (low; bug #931343)
        [buster] - audiofile <no-dsa> (Minor issue)
@@ -238,8 +288,8 @@ CVE-2019-13058
        RESERVED
 CVE-2019-13057
        RESERVED
-CVE-2019-13056
-       RESERVED
+CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the 
user edit  ...)
+       TODO: check
 CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES 
keys and ...)
        NOT-FOR-US: Logitech
 CVE-2019-13054 (The Logitech R500 presentation clicker allows attackers to 
determine t ...)
@@ -554,7 +604,7 @@ CVE-2019-12931
        RESERVED
 CVE-2019-12930
        RESERVED
-CVE-2019-12929 (The QMP guest_exec command in QEMU 4.0.0 and earlier is prone 
to OS co ...)
+CVE-2019-12929 (** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and 
earlier is ...)
        - qemu <unfixed>
        [buster] - qemu <no-dsa> (Minor issue)
        [jessie] - qemu <no-dsa> (Minor issue)
@@ -562,7 +612,7 @@ CVE-2019-12929 (The QMP guest_exec command in QEMU 4.0.0 
and earlier is prone to
        NOTE: https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/
        NOTE: The QEMU machine protocol (QMP) should not be exposed to 
unprivileged users,
        NOTE: and is only intended for administrative control of QEMU instances.
-CVE-2019-12928 (The QMP migrate command in QEMU version 4.0.0 and earlier is 
vulnerabl ...)
+CVE-2019-12928 (** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 
and earli ...)
        - qemu <unfixed>
        [buster] - qemu <no-dsa> (Minor issue)
        [jessie] - qemu <no-dsa> (Minor issue)
@@ -1008,7 +1058,7 @@ CVE-2019-12761 (A code injection issue was discovered in 
PyXDG before 0.26 via c
        [stretch] - pyxdg <no-dsa> (Minor issue)
        NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
        NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
-CVE-2019-12760 (A deserialization vulnerability exists in the way parso 
through 0.4.0  ...)
+CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the 
way parso ...)
        - parso <unfixed> (bug #930356)
        [buster] - parso <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1718212
@@ -1365,8 +1415,7 @@ CVE-2019-12596
        RESERVED
 CVE-2019-12595
        RESERVED
-CVE-2019-12594
-       RESERVED
+CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
        - dosbox <unfixed> (bug #931222)
        NOTE: Fixed in 0.74-3 upstream.
        NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594
@@ -1719,7 +1768,7 @@ CVE-2019-12589 (In Firejail before 0.9.60, seccomp 
filters are writable inside t
        NOTE: 
https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
 CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case 
in _ctl ...)
        - linux <unfixed>
-CVE-2019-12455 (An issue was discovered in sunxi_divs_clk_setup in 
drivers/clk/sunxi/c ...)
+CVE-2019-12455 (** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup 
in driv ...)
        - linux <unfixed> (unimportant)
        NOTE: No/negligible security impact
 CVE-2019-12454 (** DISPUTED ** An issue was discovered in 
wcd9335_codec_enable_dec in  ...)
@@ -1939,10 +1988,10 @@ CVE-2019-12382 (** DISPUTED ** An issue was discovered 
in drm_load_edid_firmware
 CVE-2019-12381 (** DISPUTED ** An issue was discovered in ip_ra_control in 
net/ipv4/ip ...)
        - linux <unfixed> (unimportant)
        NOTE: Issue with no security impact, see kernel-sec, invalid issue
-CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux 
kernel throu ...)
+CVE-2019-12380 (**DISPUTED** An issue was discovered in the efi subsystem in 
the Linux ...)
        - linux <unfixed> (unimportant)
        NOTE: No security impact, all code involved runs at boot before 
userland starts
-CVE-2019-12379 (An issue was discovered in con_insert_unipair in 
drivers/tty/vt/consol ...)
+CVE-2019-12379 (** DISPUTED ** An issue was discovered in con_insert_unipair 
in driver ...)
        - linux <unfixed> (unimportant)
        NOTE: No real security issue and fix introduces real security issue, 
see kernel-sec
 CVE-2019-12378 (** DISPUTED ** An issue was discovered in ip6_ra_control in 
net/ipv6/i ...)
@@ -15756,44 +15805,44 @@ CVE-2019-7272 (Optergy Proton/Enterprise devices 
allow Username Disclosure. ...)
        NOT-FOR-US: Optergy Proton
 CVE-2019-7271 (Nortek Linear eMerge 50P/5000P devices have Default 
Credentials. ...)
        NOT-FOR-US: Nortek Linear
-CVE-2019-7270
-       RESERVED
-CVE-2019-7269
-       RESERVED
-CVE-2019-7268
-       RESERVED
-CVE-2019-7267
-       RESERVED
-CVE-2019-7266
-       RESERVED
-CVE-2019-7265
-       RESERVED
-CVE-2019-7264
-       RESERVED
-CVE-2019-7263
-       RESERVED
-CVE-2019-7262
-       RESERVED
-CVE-2019-7261
-       RESERVED
-CVE-2019-7260
-       RESERVED
-CVE-2019-7259
-       RESERVED
-CVE-2019-7258
-       RESERVED
-CVE-2019-7257
-       RESERVED
-CVE-2019-7256
-       RESERVED
-CVE-2019-7255
-       RESERVED
-CVE-2019-7254
-       RESERVED
-CVE-2019-7253
-       RESERVED
-CVE-2019-7252
-       RESERVED
+CVE-2019-7270 (Linear eMerge 50P/5000P devices allow Cross-Site Request 
Forgery (CSRF ...)
+       TODO: check
+CVE-2019-7269 (Linear eMerge 50P/5000P devices allow Authenticated Command 
Injection  ...)
+       TODO: check
+CVE-2019-7268 (Linear eMerge 50P/5000P devices allow Unauthenticated File 
Upload. ...)
+       TODO: check
+CVE-2019-7267 (Linear eMerge 50P/5000P devices allow Cookie Path Traversal. 
...)
+       TODO: check
+CVE-2019-7266 (Linear eMerge 50P/5000P devices allow Authentication Bypass. 
...)
+       TODO: check
+CVE-2019-7265 (Linear eMerge E3-Series devices allow Remote Code Execution 
(root acce ...)
+       TODO: check
+CVE-2019-7264 (Linear eMerge E3-Series devices allow a Stack-based Buffer 
Overflow on ...)
+       TODO: check
+CVE-2019-7263 (Linear eMerge E3-Series devices have a Version Control Failure. 
...)
+       TODO: check
+CVE-2019-7262 (Linear eMerge E3-Series devices allow Cross-Site Request 
Forgery (CSRF ...)
+       TODO: check
+CVE-2019-7261 (Linear eMerge E3-Series devices have Hard-coded Credentials. 
...)
+       TODO: check
+CVE-2019-7260 (Linear eMerge E3-Series devices have Cleartext Credentials in a 
Databa ...)
+       TODO: check
+CVE-2019-7259 (Linear eMerge E3-Series devices allow Authorization Bypass with 
Inform ...)
+       TODO: check
+CVE-2019-7258 (Linear eMerge E3-Series devices allow Privilege Escalation. ...)
+       TODO: check
+CVE-2019-7257 (Linear eMerge E3-Series devices allow Unrestricted File Upload. 
...)
+       TODO: check
+CVE-2019-7256 (Linear eMerge E3-Series devices allow Command Injections. ...)
+       TODO: check
+CVE-2019-7255 (Linear eMerge E3-Series devices allow XSS. ...)
+       TODO: check
+CVE-2019-7254 (Linear eMerge E3-Series devices allow File Inclusion. ...)
+       TODO: check
+CVE-2019-7253 (Linear eMerge E3-Series devices allow Directory Traversal. ...)
+       TODO: check
+CVE-2019-7252 (Linear eMerge E3-Series devices have Default Credentials. ...)
+       TODO: check
 CVE-2019-7251 (An Integer Signedness issue (for a return code) in the 
res_pjsip_sdp_r ...)
        - asterisk 1:16.2.1~dfsg-1 (bug #923690)
        [stretch] - asterisk <not-affected> (Vulnerable code not present)
@@ -20263,8 +20312,7 @@ CVE-2019-5445
        RESERVED
 CVE-2019-5444
        RESERVED
-CVE-2019-5443
-       RESERVED
+CVE-2019-5443 (A non-privileged user or program can put code and a config file 
in a k ...)
        - curl <not-affected> (Windows-specific build issue)
 CVE-2019-5442 (XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 
results i ...)
        NOT-FOR-US: Pippo
@@ -22633,8 +22681,8 @@ CVE-2019-4294
        RESERVED
 CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow 
an attac ...)
        NOT-FOR-US: IBM
-CVE-2019-4292
-       RESERVED
+CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to 
upload arb ...)
+       TODO: check
 CVE-2019-4291
        RESERVED
 CVE-2019-4290
@@ -22697,8 +22745,8 @@ CVE-2019-4262
        RESERVED
 CVE-2019-4261
        RESERVED
-CVE-2019-4260
-       RESERVED
+CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5.0 
through 5.0 ...)
+       TODO: check
 CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum 
Scale 4.1 ...)
        NOT-FOR-US: IBM
 CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard 
Edition is vu ...)
@@ -22937,8 +22985,8 @@ CVE-2019-4142 (IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, 
and 3.1.2 is vulnerable to
        NOT-FOR-US: IBM
 CVE-2019-4141
        RESERVED
-CVE-2019-4140
-       RESERVED
+CVE-2019-4140 (IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 
8.1) c ...)
+       TODO: check
 CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to 
cross-s ...)
        NOT-FOR-US: IBM
 CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 
could al ...)
@@ -22949,8 +22997,8 @@ CVE-2019-4136 (IBM Cognos Controller 10.2.0, 10.2.1, 
10.3.0, 10.3.1, and 10.4.0
        NOT-FOR-US: IBM
 CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by 
a secur ...)
        NOT-FOR-US: IBM
-CVE-2019-4134
-       RESERVED
+CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site 
scripting. This ...)
+       TODO: check
 CVE-2019-4133
        RESERVED
 CVE-2019-4132
@@ -22959,8 +23007,8 @@ CVE-2019-4131
        RESERVED
 CVE-2019-4130
        RESERVED
-CVE-2019-4129
-       RESERVED
+CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow 
a remot ...)
+       TODO: check
 CVE-2019-4128
        RESERVED
 CVE-2019-4127
@@ -23041,10 +23089,10 @@ CVE-2019-4090
        RESERVED
 CVE-2019-4089
        RESERVED
-CVE-2019-4088
-       RESERVED
-CVE-2019-4087
-       RESERVED
+CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents 
could allo ...)
+       TODO: check
+CVE-2019-4087 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are 
vulner ...)
+       TODO: check
 CVE-2019-4086
        RESERVED
 CVE-2019-4085
@@ -115799,22 +115847,22 @@ CVE-2017-8413
        RESERVED
 CVE-2017-8412
        RESERVED
-CVE-2017-8411
-       RESERVED
+CVE-2017-8411 (An issue was discovered on D-Link DCS-1130 devices. The device 
provide ...)
+       TODO: check
 CVE-2017-8410
        RESERVED
 CVE-2017-8409
        RESERVED
-CVE-2017-8408
-       RESERVED
-CVE-2017-8407
-       RESERVED
-CVE-2017-8406
-       RESERVED
+CVE-2017-8408 (An issue was discovered on D-Link DCS-1130 devices. The device 
provide ...)
+       TODO: check
+CVE-2017-8407 (An issue was discovered on D-Link DCS-1130 devices. The device 
provide ...)
+       TODO: check
+CVE-2017-8406 (An issue was discovered on D-Link DCS-1130 devices. The device 
provide ...)
+       TODO: check
 CVE-2017-8405
        RESERVED
-CVE-2017-8404
-       RESERVED
+CVE-2017-8404 (An issue was discovered on D-Link DCS-1130 devices. The device 
provide ...)
+       TODO: check
 CVE-2017-8403 (360fly 4K cameras allow unauthenticated Wi-Fi password changes 
and com ...)
        NOT-FOR-US: 360fly
 CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute 
arbitrary P ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/249c08dd1b623b6e5beecb97fbf36937a7bd8571

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/249c08dd1b623b6e5beecb97fbf36937a7bd8571
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to