Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
226b6b19 by security tracker role at 2019-07-12T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,19 @@
-CVE-2019-13567
+CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a
fetched remo ...)
+ TODO: check
+CVE-2019-13573
+ RESERVED
+CVE-2019-13572
+ RESERVED
+CVE-2019-13571
+ RESERVED
+CVE-2019-13570
+ RESERVED
+CVE-2019-13569
+ RESERVED
+CVE-2019-13568
RESERVED
+CVE-2019-13567 (The Zoom Client before 4.4.2 on macOS allows remote code
execution, a ...)
+ TODO: check
CVE-2019-13566
RESERVED
CVE-2019-13565
@@ -147,8 +161,8 @@ CVE-2019-13496
RESERVED
CVE-2019-13495
RESERVED
-CVE-2019-13494
- RESERVED
+CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x
before 10.0. ...)
+ TODO: check
CVE-2019-13493
RESERVED
CVE-2019-13492
@@ -2043,8 +2057,8 @@ CVE-2019-12753
RESERVED
CVE-2019-12752
RESERVED
-CVE-2019-12751
- RESERVED
+CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be
susceptible to a p ...)
+ TODO: check
CVE-2019-12750
RESERVED
CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before
1.13.12, ...)
@@ -2411,24 +2425,24 @@ CVE-2019-12581 (A reflective Cross-site scripting (XSS)
vulnerability in the fre
NOT-FOR-US: Zyxel
CVE-2019-12580
RESERVED
-CVE-2019-12579
- RESERVED
-CVE-2019-12578
- RESERVED
-CVE-2019-12577
- RESERVED
-CVE-2019-12576
- RESERVED
-CVE-2019-12575
- RESERVED
-CVE-2019-12574
- RESERVED
-CVE-2019-12573
- RESERVED
+CVE-2019-12579 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
+CVE-2019-12578 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
+CVE-2019-12577 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
+CVE-2019-12576 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
+CVE-2019-12575 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
+CVE-2019-12574 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
+CVE-2019-12573 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client
-CVE-2019-12571
- RESERVED
+CVE-2019-12571 (A vulnerability in the London Trust Media Private Internet
Access (PIA ...)
+ TODO: check
CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server
Status by ...)
NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for
WordPress
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows)
could all ...)
@@ -4483,6 +4497,7 @@ CVE-2019-11731
RESERVED
CVE-2019-11730
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730
@@ -4557,6 +4572,7 @@ CVE-2019-11718
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718
CVE-2019-11717
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11717
@@ -4567,6 +4583,7 @@ CVE-2019-11716
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716
CVE-2019-11715
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11715
@@ -4577,18 +4594,21 @@ CVE-2019-11714
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714
CVE-2019-11713
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11713
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713
CVE-2019-11712
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11712
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712
CVE-2019-11711
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11711
@@ -4599,6 +4619,7 @@ CVE-2019-11710
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710
CVE-2019-11709
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11709
@@ -6162,8 +6183,8 @@ CVE-2019-11135
RESERVED
CVE-2019-11134
RESERVED
-CVE-2019-11133
- RESERVED
+CVE-2019-11133 (Improper access control in the Intel(R) Processor Diagnostic
Tool befo ...)
+ TODO: check
CVE-2019-11132
RESERVED
CVE-2019-11131
@@ -6617,8 +6638,8 @@ CVE-2019-10972
RESERVED
CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety
3.41 and pr ...)
NOT-FOR-US: Omron
-CVE-2019-10970
- RESERVED
+CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions
manufactured befor ...)
+ TODO: check
CVE-2019-10969
RESERVED
CVE-2019-10968
@@ -6687,18 +6708,18 @@ CVE-2019-10937
RESERVED
CVE-2019-10936
RESERVED
-CVE-2019-10935
- RESERVED
+CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
+ TODO: check
CVE-2019-10934
RESERVED
-CVE-2019-10933
- RESERVED
+CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3
(Corporate Use ...)
+ TODO: check
CVE-2019-10932
RESERVED
-CVE-2019-10931
- RESERVED
-CVE-2019-10930
- RESERVED
+CVE-2019-10931 (A vulnerability has been identified in SIPROTEC 5 device types
6MD85, ...)
+ TODO: check
+CVE-2019-10930 (A vulnerability has been identified in SIPROTEC 5 device types
6MD85, ...)
+ TODO: check
CVE-2019-10929
RESERVED
CVE-2019-10928
@@ -6727,8 +6748,8 @@ CVE-2019-10917 (A vulnerability has been identified in
SIMATIC PCS 7 V8.0 and ea
NOT-FOR-US: Siemens
CVE-2019-10916 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
NOT-FOR-US: Siemens
-CVE-2019-10915
- RESERVED
+CVE-2019-10915 (A vulnerability has been identified in TIA Administrator (All
versions ...)
+ TODO: check
CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside
Secure T ...)
- matrixssl <removed>
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
@@ -8502,6 +8523,7 @@ CVE-2019-10195
CVE-2019-10194 (Sensitive passwords used in deployment and configuration of
oVirt Metr ...)
NOT-FOR-US: ovirt-engine-metrics
CVE-2019-10193 (A stack-buffer overflow vulnerability was found in the Redis
hyperlogl ...)
+ {DSA-4480-1}
- redis 5:5.0.4-1 (bug #931625)
[stretch] - redis <not-affected> (vulnerable code added later)
[jessie] - redis <not-affected> (vulnerable code added later)
@@ -8511,7 +8533,7 @@ CVE-2019-10193 (A stack-buffer overflow vulnerability was
found in the Redis hyp
NOTE:
https://github.com/antirez/redis/commit/a4b90be9fcd5e1668ac941cabce3b1ab38dbe326
(master)
NOTE:
https://github.com/antirez/redis/commit/12b5ff109508c2a192f700c7738da7e7f09670f1
(5.0.4)
CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis
hyperloglo ...)
- {DLA-1850-1}
+ {DSA-4480-1 DLA-1850-1}
- redis 5:5.0.4-1 (bug #931625)
NOTE: https://github.com/antirez/redis/issues/6215 (upstream
announcement)
NOTE:
https://github.com/antirez/redis/commit/e216ceaf0e099536fe3658a29dcb725d812364e0
@@ -9410,18 +9432,18 @@ CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists
within the getSingleIndex
NOT-FOR-US: Vanilla Forums
CVE-2019-9888
RESERVED
-CVE-2019-1010319
- RESERVED
-CVE-2019-1010318
- RESERVED
-CVE-2019-1010317
- RESERVED
-CVE-2019-1010316
- RESERVED
-CVE-2019-1010315
- RESERVED
-CVE-2019-1010314
- RESERVED
+CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of
Uninitialize ...)
+ TODO: check
+CVE-2019-1010318 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of
Uninitialize ...)
+ TODO: check
+CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of
Uninitialize ...)
+ TODO: check
+CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access
Control. Th ...)
+ TODO: check
+CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by
Zero. The i ...)
+ TODO: check
+CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting
(XSS). The imp ...)
+ TODO: check
CVE-2019-1010313
RESERVED
CVE-2019-1010312
@@ -10315,6 +10337,7 @@ CVE-2019-9812
RESERVED
CVE-2019-9811
RESERVED
+ {DSA-4479-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-9811
@@ -21216,8 +21239,8 @@ CVE-2019-5530
RESERVED
CVE-2019-5529
RESERVED
-CVE-2019-5528
- RESERVED
+CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service
vulnerability i ...)
+ TODO: check
CVE-2019-5527
RESERVED
CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL
hijacking issue ...)
@@ -23827,8 +23850,8 @@ CVE-2019-4265
RESERVED
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to
obtain sen ...)
NOT-FOR-US: IBM
-CVE-2019-4263
- RESERVED
+CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file
inclusion, all ...)
+ TODO: check
CVE-2019-4262
RESERVED
CVE-2019-4261
@@ -23967,8 +23990,8 @@ CVE-2019-4195
RESERVED
CVE-2019-4194
RESERVED
-CVE-2019-4193
- RESERVED
+CVE-2019-4193 (IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores
sensitive inf ...)
+ TODO: check
CVE-2019-4192
RESERVED
CVE-2019-4191
@@ -24091,8 +24114,8 @@ CVE-2019-4133
RESERVED
CVE-2019-4132
RESERVED
-CVE-2019-4131
- RESERVED
+CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4)
could al ...)
+ TODO: check
CVE-2019-4130
RESERVED
CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow
a remot ...)
@@ -24117,8 +24140,8 @@ CVE-2019-4120
RESERVED
CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1,
and 3.1.2 ...)
NOT-FOR-US: IBM
-CVE-2019-4118
- RESERVED
+CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart
could all ...)
+ TODO: check
CVE-2019-4117
RESERVED
CVE-2019-4116
@@ -25929,8 +25952,8 @@ CVE-2019-3417
RESERVED
CVE-2019-3416
RESERVED
-CVE-2019-3415
- RESERVED
+CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path
traver ...)
+ TODO: check
CVE-2019-3414
RESERVED
CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product
have an ...)
@@ -39603,22 +39626,22 @@ CVE-2019-0055
RESERVED
CVE-2019-0054
RESERVED
-CVE-2019-0053
- RESERVED
-CVE-2019-0052
- RESERVED
+CVE-2019-0053 (Insufficient validation of environment variables in the telnet
client ...)
+ TODO: check
+CVE-2019-0052 (The srxpfe process may crash on SRX Series services gateways
when the ...)
+ TODO: check
CVE-2019-0051
RESERVED
CVE-2019-0050
RESERVED
-CVE-2019-0049
- RESERVED
-CVE-2019-0048
- RESERVED
+CVE-2019-0049 (On Junos devices with the BGP graceful restart helper mode
enabled or ...)
+ TODO: check
+CVE-2019-0048 (On EX4300 Series switches with TCAM optimization enabled,
incoming mul ...)
+ TODO: check
CVE-2019-0047
RESERVED
-CVE-2019-0046
- RESERVED
+CVE-2019-0046 (A vulnerability in the pfe-chassisd Chassis Manager (CMLC)
daemon of J ...)
+ TODO: check
CVE-2019-0045
RESERVED
CVE-2019-0044 (Receipt of a specific packet on the out-of-band management
interface f ...)
@@ -40056,8 +40079,8 @@ CVE-2018-18097 (Improper directory permissions in Intel
Solid State Drive Toolbo
NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for
Linux (al ...)
NOT-FOR-US: Intel QuickAssist Technology for Linux
-CVE-2018-18095
- RESERVED
+CVE-2018-18095 (Improper authentication in firmware for Intel(R) SSD DC S4500
Series a ...)
+ TODO: check
CVE-2018-18094 (Improper directory permissions in installer for Intel(R) Media
SDK bef ...)
NOT-FOR-US: Intel
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune
Amplifier 2 ...)
@@ -42300,8 +42323,8 @@ CVE-2018-17197 (A carefully crafted or corrupt sqlite
file can cause an infinite
- tika 1.20-1
[jessie] - tika <not-affected> (Only affects 1.8 to 1.19.1)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/2
-CVE-2018-17196
- RESERVED
+CVE-2018-17196 (In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is
possible to ...)
+ TODO: check
CVE-2018-17195 (The template upload API endpoint accepted requests from
different doma ...)
NOT-FOR-US: Apache NiFi
CVE-2018-17194 (When a client request to a cluster node was replicated to
other nodes ...)
@@ -51226,11 +51249,11 @@ CVE-2018-13812 (A vulnerability has been identified
in SIMATIC HMI Comfort Panel
NOT-FOR-US: Siemens
CVE-2018-13811 (A vulnerability has been identified in SIMATIC STEP 7 (TIA
Portal) (Al ...)
NOT-FOR-US: Siemens
-CVE-2018-13810 (A vulnerability has been identified in CP 1604 (All versions
< V2.8 ...)
+CVE-2018-13810 (A vulnerability has been identified in CP 1604 (All versions),
CP 1616 ...)
NOT-FOR-US: Siemens
-CVE-2018-13809 (A vulnerability has been identified in CP 1604 (All versions
< V2.8 ...)
+CVE-2018-13809 (A vulnerability has been identified in CP 1604 (All versions),
CP 1616 ...)
NOT-FOR-US: Siemens
-CVE-2018-13808 (A vulnerability has been identified in CP 1604 (All versions
< V2.8 ...)
+CVE-2018-13808 (A vulnerability has been identified in CP 1604 (All versions),
CP 1616 ...)
NOT-FOR-US: Siemens
CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All
versions < ...)
NOT-FOR-US: Siemens
@@ -84482,8 +84505,8 @@ CVE-2018-1970 (IBM Security Identity Manager 7.0.1 is
vulnerable to a XML Extern
NOT-FOR-US: IBM
CVE-2018-1969 (IBM Security Identity Manager 6.0.0 allows the attacker to
upload or t ...)
NOT-FOR-US: IBM
-CVE-2018-1968
- RESERVED
+CVE-2018-1968 (IBM Security Identity Manager 7.0.1 discloses sensitive
information to ...)
+ TODO: check
CVE-2018-1967 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site
script ...)
NOT-FOR-US: IBM
CVE-2018-1966
@@ -212562,8 +212585,8 @@ CVE-2014-3802 (msdia.dll in Microsoft Debug Interface
Access (DIA) SDK, as distr
NOT-FOR-US: Microsoft Visual Studio
CVE-2014-3799
REJECTED
-CVE-2014-3798
- RESERVED
+CVE-2014-3798 (The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier
allows ...)
+ TODO: check
CVE-2014-3797 (Cross-site scripting (XSS) vulnerability in VMware vCenter
Server Appl ...)
NOT-FOR-US: VMware vSphere
CVE-2014-3796 (VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security
(vCNS) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/226b6b19d79908318018dcd48b823ffbaa45d06d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/226b6b19d79908318018dcd48b823ffbaa45d06d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
