Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ad6017e by security tracker role at 2019-08-02T20:10:44Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-14535
+ RESERVED
+CVE-2019-14534
+ RESERVED
+CVE-2019-14533
+ RESERVED
+CVE-2019-14532 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There
is an off ...)
+ TODO: check
+CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There
is an out ...)
+ TODO: check
+CVE-2019-14530
+ RESERVED
+CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in
interface/forms/eye_mag/s ...)
+ TODO: check
+CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal
in cobc/ ...)
+ TODO: check
+CVE-2019-14527
+ RESERVED
+CVE-2019-14526
+ RESERVED
+CVE-2019-14525
+ RESERVED
+CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722.
There is a ...)
+ TODO: check
+CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722.
There is a ...)
+ TODO: check
CVE-2019-14522
RESERVED
CVE-2019-14521
@@ -350,170 +376,170 @@ CVE-2017-18465
RESERVED
CVE-2017-18464
RESERVED
-CVE-2017-18463
- RESERVED
+CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of
the root ...)
+ TODO: check
CVE-2017-18462
RESERVED
-CVE-2017-18461
- RESERVED
-CVE-2017-18460
- RESERVED
-CVE-2017-18459
- RESERVED
-CVE-2017-18458
- RESERVED
-CVE-2017-18457
- RESERVED
-CVE-2017-18456
- RESERVED
-CVE-2017-18455
- RESERVED
-CVE-2017-18454
- RESERVED
-CVE-2017-18453
- RESERVED
-CVE-2017-18452
- RESERVED
-CVE-2017-18451
- RESERVED
-CVE-2017-18450
- RESERVED
-CVE-2017-18449
- RESERVED
-CVE-2017-18448
- RESERVED
-CVE-2017-18447
- RESERVED
-CVE-2017-18446
- RESERVED
-CVE-2017-18445
- RESERVED
-CVE-2017-18444
- RESERVED
-CVE-2017-18443
- RESERVED
-CVE-2017-18442
- RESERVED
-CVE-2017-18441
- RESERVED
-CVE-2017-18440
- RESERVED
-CVE-2017-18439
- RESERVED
-CVE-2017-18438
- RESERVED
-CVE-2017-18437
- RESERVED
-CVE-2017-18436
- RESERVED
-CVE-2017-18435
- RESERVED
-CVE-2017-18434
- RESERVED
-CVE-2017-18433
- RESERVED
-CVE-2017-18432
- RESERVED
-CVE-2017-18431
- RESERVED
-CVE-2017-18430
- RESERVED
-CVE-2017-18429
- RESERVED
-CVE-2017-18428
- RESERVED
-CVE-2017-18427
- RESERVED
-CVE-2017-18426
- RESERVED
-CVE-2017-18425
- RESERVED
-CVE-2017-18424
- RESERVED
-CVE-2017-18423
- RESERVED
-CVE-2017-18422
- RESERVED
-CVE-2017-18421
- RESERVED
-CVE-2017-18420
- RESERVED
-CVE-2017-18419
- RESERVED
-CVE-2017-18418
- RESERVED
-CVE-2017-18417
- RESERVED
-CVE-2017-18416
- RESERVED
-CVE-2017-18415
- RESERVED
-CVE-2017-18414
- RESERVED
-CVE-2017-18413
- RESERVED
-CVE-2017-18412
- RESERVED
-CVE-2017-18411
- RESERVED
-CVE-2017-18410
- RESERVED
-CVE-2017-18409
- RESERVED
-CVE-2017-18408
- RESERVED
-CVE-2017-18407
- RESERVED
-CVE-2017-18406
- RESERVED
-CVE-2017-18405
- RESERVED
-CVE-2017-18404
- RESERVED
-CVE-2017-18403
- RESERVED
-CVE-2017-18402
- RESERVED
-CVE-2017-18401
- RESERVED
-CVE-2017-18400
- RESERVED
-CVE-2017-18399
- RESERVED
-CVE-2017-18398
- RESERVED
-CVE-2017-18397
- RESERVED
-CVE-2017-18396
- RESERVED
-CVE-2017-18395
- RESERVED
-CVE-2017-18394
- RESERVED
-CVE-2017-18393
- RESERVED
-CVE-2017-18392
- RESERVED
-CVE-2017-18391
- RESERVED
-CVE-2017-18390
- RESERVED
-CVE-2017-18389
- RESERVED
-CVE-2017-18388
- RESERVED
-CVE-2017-18387
- RESERVED
-CVE-2017-18386
- RESERVED
-CVE-2017-18385
- RESERVED
-CVE-2017-18384
- RESERVED
-CVE-2017-18383
- RESERVED
-CVE-2017-18382
- RESERVED
+CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy
questio ...)
+ TODO: check
+CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during
automatic ...)
+ TODO: check
+CVE-2017-18459 (cPanel before 62.0.17 allows arbitrary code execution during
account m ...)
+ TODO: check
+CVE-2017-18458 (cPanel before 62.0.17 allows file overwrite when renaming an
account ( ...)
+ TODO: check
+CVE-2017-18457 (cPanel before 62.0.17 allows arbitrary file-read operations
via WHM /s ...)
+ TODO: check
+CVE-2017-18456 (cPanel before 62.0.17 allows self XSS in the WHM cPAddons
showsecurity ...)
+ TODO: check
+CVE-2017-18455 (In cPanel before 62.0.17, addon domain conversion did not
require a pa ...)
+ TODO: check
+CVE-2017-18454 (cPanel before 62.0.24 allows stored XSS in the WHM cPAddons
install in ...)
+ TODO: check
+CVE-2017-18453 (cPanel before 64.0.21 does not preserve supplemental groups
across acc ...)
+ TODO: check
+CVE-2017-18452 (cPanel before 64.0.21 allows code execution via Rails
configuration fi ...)
+ TODO: check
+CVE-2017-18451 (cPanel before 64.0.21 allows attackers to read a user's
crontab file d ...)
+ TODO: check
+CVE-2017-18450 (cPanel before 64.0.21 allows certain file-chmod operations via
/script ...)
+ TODO: check
+CVE-2017-18449 (cPanel before 64.0.21 allows certain file-rename operations in
the con ...)
+ TODO: check
+CVE-2017-18448 (cPanel before 64.0.21 allows certain file-read operations via
a Server ...)
+ TODO: check
+CVE-2017-18447 (cPanel before 64.0.21 allows demo accounts to execute code via
the Cla ...)
+ TODO: check
+CVE-2017-18446 (cPanel before 64.0.21 allows file-read and file-write
operations for d ...)
+ TODO: check
+CVE-2017-18445 (cPanel before 64.0.21 does not enforce demo restrictions for
SSL API c ...)
+ TODO: check
+CVE-2017-18444 (cPanel before 64.0.21 allows demo accounts to execute SSH API
commands ...)
+ TODO: check
+CVE-2017-18443 (cPanel before 64.0.21 allows demo and suspended accounts to
use SSH po ...)
+ TODO: check
+CVE-2017-18442 (cPanel before 64.0.21 allows demo accounts to execute
Cpanel::SPFUI AP ...)
+ TODO: check
+CVE-2017-18441 (cPanel before 64.0.21 allows demo accounts to redirect web
traffic (SE ...)
+ TODO: check
+CVE-2017-18440 (cPanel before 64.0.21 allows demo users to execute traceroute
via api2 ...)
+ TODO: check
+CVE-2017-18439 (cPanel before 64.0.21 allows demo accounts to execute code via
an Imag ...)
+ TODO: check
+CVE-2017-18438 (cPanel before 64.0.21 allows demo accounts to execute code via
Encodin ...)
+ TODO: check
+CVE-2017-18437 (cPanel before 64.0.21 allows a Webmail account to execute code
via for ...)
+ TODO: check
+CVE-2017-18436 (cPanel before 64.0.21 allows demo accounts to read files via a
Fileman ...)
+ TODO: check
+CVE-2017-18435 (cPanel before 64.0.21 allows demo accounts to execute code via
the Box ...)
+ TODO: check
+CVE-2017-18434 (cPanel before 64.0.21 allows code execution in the context of
the root ...)
+ TODO: check
+CVE-2017-18433 (cPanel before 64.0.21 allows code execution by webmail and
demo accoun ...)
+ TODO: check
+CVE-2017-18432 (In cPanel before 64.0.21, Horde MySQL to SQLite conversion can
leak a ...)
+ TODO: check
+CVE-2017-18431 (cPanel before 66.0.1 does not reliably perform
suspend/unsuspend opera ...)
+ TODO: check
+CVE-2017-18430 (In cPanel before 66.0.2, user and group ownership may be
incorrectly s ...)
+ TODO: check
+CVE-2017-18429 (In cPanel before 66.0.2, Apache HTTP Server SSL domain logs
can persis ...)
+ TODO: check
+CVE-2017-18428 (In cPanel before 66.0.2, Apache HTTP Server domlogs become
temporarily ...)
+ TODO: check
+CVE-2017-18427 (In cPanel before 66.0.2, weak log-file permissions can occur
after acc ...)
+ TODO: check
+CVE-2017-18426 (cPanel before 66.0.2 allows resellers to read other accounts'
domain l ...)
+ TODO: check
+CVE-2017-18425 (In cPanel before 66.0.2, the cpdavd_error_log file can be
created with ...)
+ TODO: check
+CVE-2017-18424 (In cPanel before 66.0.2, the Apache HTTP Server configuration
file is ...)
+ TODO: check
+CVE-2017-18423 (In cPanel before 66.0.2, domain log files become readable
after log pr ...)
+ TODO: check
+CVE-2017-18422 (In cPanel before 66.0.2, EasyApache 4 conversion sets weak
domlog owne ...)
+ TODO: check
+CVE-2017-18421 (cPanel before 66.0.2 allows demo accounts to create databases
and user ...)
+ TODO: check
+CVE-2017-18420 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons
processing ...)
+ TODO: check
+CVE-2017-18419 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons
uninstallat ...)
+ TODO: check
+CVE-2017-18418 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons
file operat ...)
+ TODO: check
+CVE-2017-18417 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons
installatio ...)
+ TODO: check
+CVE-2017-18416 (cPanel before 67.9999.103 allows arbitrary file-overwrite
operations d ...)
+ TODO: check
+CVE-2017-18415 (cPanel before 67.9999.103 allows code execution in the context
of the ...)
+ TODO: check
+CVE-2017-18414 (cPanel before 67.9999.103 allows an open redirect in
/unprotected/redi ...)
+ TODO: check
+CVE-2017-18413 (In cPanel before 67.9999.103, the backup system overwrites
root's home ...)
+ TODO: check
+CVE-2017-18412 (cPanel before 67.9999.103 allows Apache HTTP Server log files
to becom ...)
+ TODO: check
+CVE-2017-18411 (The "addon domain conversion" feature in cPanel before
67.9999.103 can ...)
+ TODO: check
+CVE-2017-18410 (In cPanel before 67.9999.103, a user account's backup archive
could co ...)
+ TODO: check
+CVE-2017-18409 (In cPanel before 67.9999.103, the backup interface could
return a back ...)
+ TODO: check
+CVE-2017-18408 (cPanel before 67.9999.103 allows stored XSS in WHM MySQL
Password Chan ...)
+ TODO: check
+CVE-2017-18407 (cPanel before 67.9999.103 does not enforce SSL hostname
verification f ...)
+ TODO: check
+CVE-2017-18406 (cPanel before 67.9999.103 allows SQL injection during
eximstats proces ...)
+ TODO: check
+CVE-2017-18405 (cPanel before 68.0.15 allows arbitrary file-read operations
because of ...)
+ TODO: check
+CVE-2017-18404 (cPanel before 68.0.15 allows domain data to be deleted for
domains wit ...)
+ TODO: check
+CVE-2017-18403 (cPanel before 68.0.15 allows code execution in the context of
the nobo ...)
+ TODO: check
+CVE-2017-18402 (cPanel before 68.0.15 allows stored XSS during a cpaddons
moderated up ...)
+ TODO: check
+CVE-2017-18401 (cPanel before 68.0.15 allows user accounts to be partially
created wit ...)
+ TODO: check
+CVE-2017-18400 (cPanel before 68.0.15 allows local root code execution via
cpdavd (SEC ...)
+ TODO: check
+CVE-2017-18399 (cPanel before 68.0.15 allows attackers to read root's crontab
file dur ...)
+ TODO: check
+CVE-2017-18398 (DnsUtils in cPanel before 68.0.15 allows zone creation for
hostname an ...)
+ TODO: check
+CVE-2017-18397 (cPanel before 68.0.15 does not preserve permissions for local
backup t ...)
+ TODO: check
+CVE-2017-18396 (cPanel before 68.0.15 allows arbitrary file-read operations
via Exim v ...)
+ TODO: check
+CVE-2017-18395 (cPanel before 68.0.15 does not block a username of ssl
(SEC-328). ...)
+ TODO: check
+CVE-2017-18394 (cPanel before 68.0.15 does not have a sufficient list of
reserved user ...)
+ TODO: check
+CVE-2017-18393 (cPanel before 68.0.15 does not block a username of postmaster,
which m ...)
+ TODO: check
+CVE-2017-18392 (cPanel before 68.0.15 allows collisions because PostgreSQL
databases c ...)
+ TODO: check
+CVE-2017-18391 (cPanel before 68.0.15 allows attackers to read backup files
because th ...)
+ TODO: check
+CVE-2017-18390 (cPanel before 68.0.15 allows code execution in the context of
the root ...)
+ TODO: check
+CVE-2017-18389 (cPanel before 68.0.15 allows string format injection in
dovecot-xaps-p ...)
+ TODO: check
+CVE-2017-18388 (cPanel before 68.0.15 can perform unsafe file operations
because Jails ...)
+ TODO: check
+CVE-2017-18387 (cPanel before 68.0.15 allows arbitrary code execution via
Maketext inj ...)
+ TODO: check
+CVE-2017-18386 (cPanel before 68.0.15 allows arbitrary code execution via
Maketext inj ...)
+ TODO: check
+CVE-2017-18385 (cPanel before 68.0.15 allows unprivileged users to access
restricted d ...)
+ TODO: check
+CVE-2017-18384 (cPanel before 68.0.15 allows jailed accounts to restore files
that are ...)
+ TODO: check
+CVE-2017-18383 (cPanel before 68.0.15 writes home-directory backups to an
incorrect lo ...)
+ TODO: check
+CVE-2017-18382 (cPanel before 68.0.15 allows use of an unreserved e-mail
address in DN ...)
+ TODO: check
CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification
via the ...)
NOT-FOR-US: cPanel
CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes
via Webma ...)
@@ -1305,8 +1331,7 @@ CVE-2019-14237
RESERVED
CVE-2019-14236
RESERVED
-CVE-2019-14235 [Potential memory exhaustion in
django.utils.encoding.uri_to_iri()]
- RESERVED
+CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534
(2.2.x)
@@ -1317,14 +1342,12 @@ CVE-2019-14234 [SQL injection possibility in key and
index lookups for JSONField
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
(2.2.x)
NOTE:
https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
(1.11.x)
-CVE-2019-14233 [the behavior of the underlying HTMLParser leading to DoS]
- RESERVED
+CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7
(2.2.x)
NOTE:
https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72
(1.11.x)
-CVE-2019-14232 [backtracking in a regular expression in
django.utils.text.Truncator leads to DoS]
- RESERVED
+CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f
(2.2.x)
@@ -8381,7 +8404,7 @@ CVE-2019-11732
CVE-2019-11731
RESERVED
CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved
HTML file ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8458,7 +8481,7 @@ CVE-2019-11718 (Activity Stream can display content from
sent from the Snippet S
- firefox 68.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718
CVE-2019-11717 (A vulnerability exists where the caret ("^") character is
improperly e ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8469,7 +8492,7 @@ CVE-2019-11716 (Until explicitly accessed by script,
window.globalThis is not en
- firefox 68.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716
CVE-2019-11715 (Due to an error while parsing page content, it is possible for
properl ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8480,7 +8503,7 @@ CVE-2019-11714 (Necko can access a child on the wrong
thread during UDP connecti
- firefox 68.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714
CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a
cached HTTP/ ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8488,7 +8511,7 @@ CVE-2019-11713 (A use-after-free vulnerability can occur
in HTTP/2 when a cached
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11713
CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that
receive a sta ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8496,7 +8519,7 @@ CVE-2019-11712 (POST requests made by NPAPI plugins, such
as Flash, that receive
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11712
CVE-2019-11711 (When an inner window is reused, it does not consider the use
of docume ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -8507,7 +8530,7 @@ CVE-2019-11710 (Mozilla developers and community members
reported memory safety
- firefox 68.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710
CVE-2019-11709 (Mozilla developers and community members reported memory
safety bugs p ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -10529,8 +10552,8 @@ CVE-2019-10963
RESERVED
CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR
Build 11,1. ...)
NOT-FOR-US: BD Alaris Gateway
-CVE-2019-10961
- RESERVED
+CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and
prior, proces ...)
+ TODO: check
CVE-2019-10960
RESERVED
CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3
MR Build ...)
@@ -10575,8 +10598,8 @@ CVE-2019-10940
RESERVED
CVE-2019-10939
RESERVED
-CVE-2019-10938
- RESERVED
+CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in
communication ...)
+ TODO: check
CVE-2019-10937
RESERVED
CVE-2019-10936
@@ -12490,8 +12513,7 @@ CVE-2019-10178
RESERVED
CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in
the PDF ...)
NOT-FOR-US: Red Hat CloudForms
-CVE-2019-10176
- RESERVED
+CVE-2019-10176 (A flaw was found in OpenShift Container Platform, versions
3.11 and la ...)
NOT-FOR-US: OpenShift
CVE-2019-10175 (A flaw was found in the containerized-data-importer in
virt-cdi-cloner ...)
NOT-FOR-US: KubeVirt
@@ -12505,30 +12527,26 @@ CVE-2019-10173 (It was found that xstream API version
1.4.10 before 1.4.11 intro
NOTE: Regression introduced and present only in 1.4.10.
CVE-2019-10172
RESERVED
-CVE-2019-10171
- RESERVED
+CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base,
versions ...)
- 389-ds-base <not-affected> (Incomplete RHEL backport)
CVE-2019-10170
RESERVED
CVE-2019-10169
RESERVED
-CVE-2019-10168 [arbitrary command execution via
virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs]
- RESERVED
+CVE-2019-10168 (The virConnectBaselineHypervisorCPU() and
virConnectCompareHypervisorC ...)
- libvirt 5.0.0-4
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720118
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bf6c2830b6c338b1f5699b095df36f374777b291
-CVE-2019-10167 [arbitrary command execution via
virConnectGetDomainCapabilities API]
- RESERVED
+CVE-2019-10167 (The virConnectGetDomainCapabilities() libvirt API, versions
4.x.x befo ...)
{DSA-4469-1 DLA-1832-1}
- libvirt 5.0.0-4
NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720117
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26
-CVE-2019-10166 [virDomainManagedSaveDefineXML API exposed to readonly clients]
- RESERVED
+CVE-2019-10166 (It was discovered that libvirtd, versions 4.x.x before 4.10.1
and 5.x. ...)
- libvirt 5.0.0-4
[stretch] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
[jessie] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
@@ -12793,12 +12811,10 @@ CVE-2019-10096
RESERVED
CVE-2019-10095
RESERVED
-CVE-2019-10094 [StackOverflow from Crafted Package/Compressed Files in Apache
Tika's RecursiveParserWrapper]
- RESERVED
+CVE-2019-10094 (A carefully crafted package/compressed file that, when
unzipped/uncomp ...)
- tika <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4
-CVE-2019-10093 [Denial of Service in Apache Tika's 2003ml and 2006ml Parsers]
- RESERVED
+CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or
2006ml file ...)
- tika <unfixed> (bug #933745)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3
CVE-2019-10092
@@ -12809,8 +12825,7 @@ CVE-2019-10090
RESERVED
CVE-2019-10089
RESERVED
-CVE-2019-10088 [OOM from a crafted Zip File in Apache Tika's
RecursiveParserWrapper]
- RESERVED
+CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in
Apache Tik ...)
- tika <unfixed> (bug #933744)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
CVE-2019-10087
@@ -14371,7 +14386,7 @@ CVE-2019-9813 (Incorrect handling of __proto__
mutations may lead to type confus
CVE-2019-9812
RESERVED
CVE-2019-9811 (As part of a winning Pwn2Own entry, a researcher demonstrated a
sandbo ...)
- {DSA-4482-1 DSA-4479-1}
+ {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
- firefox 68.0-1
- firefox-esr 60.8.0esr-1
- thunderbird 1:60.8.0-1
@@ -16193,8 +16208,8 @@ CVE-2019-9143 (An issue was discovered in Exiv2 0.27.
There is infinite recursio
NOTE: https://github.com/Exiv2/exiv2/issues/711
CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before
v3.4.7. XSS ...)
NOT-FOR-US: b3log Symphony (aka Sym)
-CVE-2019-9141
- RESERVED
+CVE-2019-9141 (ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer
contains ...)
+ TODO: check
CVE-2019-9140 (When processing Deeplink scheme, Happypoint mobile app 6.3.19
and earl ...)
TODO: check
CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow
vulnera ...)
@@ -25346,8 +25361,8 @@ CVE-2019-5503
RESERVED
CVE-2019-5502
RESERVED
-CVE-2019-5501
- RESERVED
+CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may
disclose ...)
+ TODO: check
CVE-2019-5500
RESERVED
CVE-2019-5499
@@ -25362,8 +25377,8 @@ CVE-2019-5495 (OnCommand Unified Manager for VMware
vSphere, Linux and Windows p
NOT-FOR-US: OnCommand Unified Manager for VMware vSphere, Linux and
Windows / Netapp
CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped
withou ...)
NOT-FOR-US: OnCommand Unified Manager 7-Mode / Netapp
-CVE-2019-5493
- RESERVED
+CVE-2019-5493 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are
susceptib ...)
+ TODO: check
CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may
disclos ...)
NOT-FOR-US: NetApp HCI Compute Node
CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to
9.3P7 a ...)
@@ -27911,8 +27926,8 @@ CVE-2019-4277
RESERVED
CVE-2019-4276
RESERVED
-CVE-2019-4275
- RESERVED
+CVE-2019-4275 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2
could allo ...)
+ TODO: check
CVE-2019-4274
RESERVED
CVE-2019-4273
@@ -88595,8 +88610,8 @@ CVE-2018-1989
RESERVED
CVE-2018-1988
RESERVED
-CVE-2018-1987
- RESERVED
+CVE-2018-1987 (IBM Spectrum Protect for Enterprise Resource Planning 7.1 and
8.1, if ...)
+ TODO: check
CVE-2018-1986
RESERVED
CVE-2018-1985
@@ -206013,8 +206028,7 @@ CVE-2014-8186
REJECTED
CVE-2014-8185
REJECTED
-CVE-2014-8184 [stack-based buffer overflow in findTable()]
- RESERVED
+CVE-2014-8184 (A vulnerability was found in liblouis, versions 2.5.x before
2.5.4. A ...)
- liblouis 2.6.2-1 (bug #880621)
[jessie] - liblouis 2.5.3-3+deb8u1
[wheezy] - liblouis <not-affected> (Vulnerable code introduced in 2.5.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ad6017ecbc0b338dc53d26e798acda828cf9515
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ad6017ecbc0b338dc53d26e798acda828cf9515
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
