[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 17 Jul 2019 13:11:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3b586115 by security tracker role at 2019-07-17T20:10:30Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2019-13633
+       RESERVED
+CVE-2019-13632
+       RESERVED
+CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c 
in the L ...)
+       TODO: check
+CVE-2019-13630
+       RESERVED
+CVE-2019-13629
+       RESERVED
+CVE-2019-13628
+       RESERVED
+CVE-2019-13627
+       RESERVED
+CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a 
heap-based buff ...)
+       TODO: check
 CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or 
restore ...)
        - ghidra <itp> (bug #923851)
        TODO: check
@@ -26,10 +42,10 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 
1.2.15 and 2.x through 2.
 CVE-2019-13615 (VideoLAN VLC media player 3.0.7.1 has a heap-based buffer 
over-read in ...)
        - vlc <unfixed> (bug #932241)
        NOTE: https://trac.videolan.org/vlc/ticket/22474
-CVE-2019-13614
-       RESERVED
-CVE-2019-13613
-       RESERVED
+CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in 
TP-Link ...)
+       TODO: check
+CVE-2019-13613 (CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in 
TP-Link Wirel ...)
+       TODO: check
 CVE-2019-13612 (MDaemon Email Server 19 skips SpamAssassin checks by default 
for e-mai ...)
        NOT-FOR-US: MDaemon Email Server
 CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. 
There is a C ...)
@@ -1076,10 +1092,10 @@ CVE-2019-13587
        RESERVED
 CVE-2019-13586
        RESERVED
-CVE-2019-13585
-       RESERVED
-CVE-2019-13584
-       RESERVED
+CVE-2019-13585 (The remote admin webserver on FANUC Robotics Virtual Robot 
Controller  ...)
+       TODO: check
+CVE-2019-13584 (The remote admin webserver on FANUC Robotics Virtual Robot 
Controller  ...)
+       TODO: check
 CVE-2019-13583
        RESERVED
 CVE-2019-13582
@@ -1113,8 +1129,8 @@ CVE-2019-13575
 CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a 
fetched remo ...)
        {DSA-4481-1}
        - ruby-mini-magick <unfixed> (bug #931932)
-CVE-2019-13573
-       RESERVED
+CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV 
Flowplayer  ...)
+       TODO: check
 CVE-2019-13572
        RESERVED
 CVE-2019-13571
@@ -1368,8 +1384,8 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division 
by Zero in RemoveDuplic
        - imagemagick <unfixed> (bug #931740)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
-CVE-2019-13453
-       RESERVED
+CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed 
zip arc ...)
+       TODO: check
 CVE-2019-13452
        RESERVED
 CVE-2019-13451
@@ -1386,7 +1402,7 @@ CVE-2019-13448
 CVE-2019-13447
        RESERVED
 CVE-2019-13446
-       RESERVED
+       REJECTED
 CVE-2019-13445
        RESERVED
 CVE-2019-13444
@@ -1471,8 +1487,8 @@ CVE-2019-13405
        RESERVED
 CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on 
Windows  ...)
        NOT-FOR-US: Disputed issue for Windows installer for Python
-CVE-2019-13403
-       RESERVED
+CVE-2019-13403 (Temenos CWX version 8.9 has an Broken Access Control 
vulnerability in  ...)
+       TODO: check
 CVE-2019-13402 (/usr/sbin/default.sh and 
/usr/apache/htdocs/cgi-bin/admin/hardfactoryd ...)
        NOT-FOR-US: Dynacolor
 CVE-2019-13401 (Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts 
under cgi ...)
@@ -1594,8 +1610,8 @@ CVE-2019-13348
        RESERVED
 CVE-2019-13347
        RESERVED
-CVE-2019-13346
-       RESERVED
+CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
+       TODO: check
 CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via 
the user_ ...)
        {DLA-1847-1}
        - squid <unfixed> (bug #931478)
@@ -1792,8 +1808,8 @@ CVE-2019-13274
        RESERVED
 CVE-2019-13273
        RESERVED
-CVE-2019-13272
-       RESERVED
+CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in 
kernel/ptrace.c mish ...)
+       TODO: check
 CVE-2019-13271
        RESERVED
 CVE-2019-13270
@@ -1911,6 +1927,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in match_at() 
in regexec.c in Oniguru
        [jessie] - libonig <not-affected> (vulnerable code was introduced later)
        NOTE: 
https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
 
 CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 
6.9.2 a ...)
+       {DLA-1854-1}
        - libonig 6.9.2-1 (low; bug #931878)
        [buster] - libonig <no-dsa> (Minor issue)
        [stretch] - libonig <no-dsa> (Minor issue)
@@ -3820,8 +3837,8 @@ CVE-2019-12477 (Supra Smart Cloud TV allows remote file 
inclusion in the openLiv
        NOT-FOR-US: Supra Smart Cloud TV
 CVE-2019-12476 (An authentication bypass vulnerability in the password reset 
functiona ...)
        NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2019-12475
-       RESERVED
+CVE-2019-12475 (In MicroStrategy Web before 10.4.6, there is stored XSS in 
metric due  ...)
+       TODO: check
 CVE-2019-12474 (Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information 
leak. Pri ...)
        {DSA-4460-1}
        - mediawiki 1:1.31.2-1
@@ -4671,8 +4688,8 @@ CVE-2019-12177 (Privilege escalation due to insecure 
directory permissions affec
        NOT-FOR-US: HTC VIVEPORT
 CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and 
"ViveportDesktop ...)
        NOT-FOR-US: HTC VIVEPORT
-CVE-2019-12175
-       RESERVED
+CVE-2019-12175 (In Zeek Network Security Monitor (formerly known as Bro) 
before 2.6.2, ...)
+       TODO: check
 CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege 
escalation vuln ...)
        NOT-FOR-US: hide.me
 CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a 
file:\\\ URI, w ...)
@@ -9312,12 +9329,12 @@ CVE-2019-10356
        RESERVED
 CVE-2019-10355
        RESERVED
-CVE-2019-10354
-       RESERVED
-CVE-2019-10353
-       RESERVED
-CVE-2019-10352
-       RESERVED
+CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 
2.185 and ...)
+       TODO: check
+CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and 
earlier did  ...)
+       TODO: check
+CVE-2019-10352 (A path traversal vulnerability in Jenkins 2.185 and earlier, 
LTS 2.176 ...)
+       TODO: check
 CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in 
job config ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted 
in job co ...)
@@ -11097,8 +11114,8 @@ CVE-2019-1010093
        RESERVED
 CVE-2019-1010092
        RESERVED
-CVE-2019-1010091
-       RESERVED
+CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper 
Neutralization ...)
+       TODO: check
 CVE-2019-1010090
        RESERVED
 CVE-2019-1010089
@@ -11111,10 +11128,10 @@ CVE-2019-1010086
        RESERVED
 CVE-2019-1010085
        RESERVED
-CVE-2019-1010084
-       RESERVED
-CVE-2019-1010083
-       RESERVED
+CVE-2019-1010084 (Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: 
Incorrect  ...)
+       TODO: check
+CVE-2019-1010083 (The Pallets Project Flask before 1.0 is affected by: 
unexpected memory ...)
+       TODO: check
 CVE-2019-1010082
        RESERVED
 CVE-2019-1010081
@@ -11190,8 +11207,8 @@ CVE-2019-1010050
        RESERVED
 CVE-2019-1010049
        RESERVED
-CVE-2019-1010048 (UPX 3.95 is affected by: Integer Overflow. The impact is: 
attacker can ...)
-       TODO: check
+CVE-2019-1010048
+       REJECTED
 CVE-2019-1010047
        RESERVED
 CVE-2019-1010046
@@ -11391,14 +11408,12 @@ CVE-2019-9851
        RESERVED
 CVE-2019-9850
        RESERVED
-CVE-2019-9849 [remote bullet graphics retrieved in 'stealth mode']
-       RESERVED
+CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from 
location ...)
        {DSA-4483-1}
        [experimental] - libreoffice 1:6.3.0~beta2-1
        - libreoffice 1:6.3.0~rc1-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/
-CVE-2019-9848 [LibreLogo arbitrary script execution]
-       RESERVED
+CVE-2019-9848 (LibreOffice has a feature where documents can specify that 
pre-install ...)
        {DSA-4483-1}
        [experimental] - libreoffice 1:6.3.0~beta2-1
        - libreoffice 1:6.3.0~rc1-1
@@ -24767,8 +24782,8 @@ CVE-2019-4432
        RESERVED
 CVE-2019-4431
        RESERVED
-CVE-2019-4430
-       RESERVED
+CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker 
to trave ...)
+       TODO: check
 CVE-2019-4429
        RESERVED
 CVE-2019-4428
@@ -25205,8 +25220,8 @@ CVE-2019-4213
        RESERVED
 CVE-2019-4212
        RESERVED
-CVE-2019-4211
-       RESERVED
+CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site 
scripting. Thi ...)
+       TODO: check
 CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass 
authentication expo ...)
        NOT-FOR-US: IBM
 CVE-2019-4209
@@ -25239,8 +25254,8 @@ CVE-2019-4196
        RESERVED
 CVE-2019-4195
        RESERVED
-CVE-2019-4194
-       RESERVED
+CVE-2019-4194 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is 
missing ...)
+       TODO: check
 CVE-2019-4193 (IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores 
sensitive inf ...)
        NOT-FOR-US: IBM
 CVE-2019-4192
@@ -25519,8 +25534,8 @@ CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work 
Centers' application does no
        NOT-FOR-US: IBM Maximo Asset Management
 CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 
9.1.0.0  ...)
        NOT-FOR-US: IBM
-CVE-2019-4054
-       RESERVED
+CVE-2019-4054 (IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain 
sensiti ...)
+       TODO: check
 CVE-2019-4053
        RESERVED
 CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by 
unauthe ...)
@@ -85737,10 +85752,10 @@ CVE-2018-2024
        RESERVED
 CVE-2018-2023
        RESERVED
-CVE-2018-2022
-       RESERVED
-CVE-2018-2021
-       RESERVED
+CVE-2018-2022 (IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to 
unautho ...)
+       TODO: check
+CVE-2018-2021 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site 
scripting. Thi ...)
+       TODO: check
 CVE-2018-2020
        RESERVED
 CVE-2018-2019 (IBM Security Identity Manager 6.0.0 Virtual Appliance is 
vulnerable to ...)
@@ -85939,8 +85954,8 @@ CVE-2018-1923 (IBM DB2 for Linux, UNIX and Windows 
(includes DB2 Connect Server)
        NOT-FOR-US: IBM
 CVE-2018-1922 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
        NOT-FOR-US: IBM
-CVE-2018-1921
-       RESERVED
+CVE-2018-1921 (IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to 
cross-site  ...)
+       TODO: check
 CVE-2018-1920 (IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a 
XML Ex ...)
        NOT-FOR-US: IBM
 CVE-2018-1919



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b5861155314dd299004d1dd72ea72b2eb989055

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b5861155314dd299004d1dd72ea72b2eb989055
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to