Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f9840d01 by security tracker role at 2019-11-13T08:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,11 @@ +CVE-2019-18931 + RESERVED +CVE-2019-18930 + RESERVED +CVE-2019-18929 + RESERVED +CVE-2019-18928 + RESERVED CVE-2019-18927 RESERVED CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable t ...) @@ -6654,6 +6662,7 @@ CVE-2019-17500 CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...) NOT-FOR-US: Compal CH7465LG devices CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...) + {DLA-1991-1} - libssh2 <unfixed> (bug #943562) NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ @@ -7101,12 +7110,12 @@ CVE-2019-17334 RESERVED CVE-2019-17333 RESERVED -CVE-2019-17332 - RESERVED -CVE-2019-17331 - RESERVED -CVE-2019-17330 - RESERVED +CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO Software In ...) + TODO: check +CVE-2019-17331 (The Data Exchange Web Interface component of TIBCO Software Inc.'s TIB ...) + TODO: check +CVE-2019-17330 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains m ...) + TODO: check CVE-2019-17329 RESERVED CVE-2019-17328 @@ -8113,7 +8122,7 @@ CVE-2019-16900 (Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Add ...) NOT-FOR-US: Advantech CVE-2019-16898 - RESERVED + REJECTED CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security ...) NOT-FOR-US: K7 CVE-2019-16896 @@ -14257,6 +14266,7 @@ CVE-2019-14819 NOT-FOR-US: openshift-ansible CVE-2019-14818 RESERVED + {DSA-4567-1} - dpdk 18.11.4-1 NOTE: http://mails.dpdk.org/archives/announce/2019-November/000293.html NOTE: https://bugs.dpdk.org/show_bug.cgi?id=363 @@ -16136,12 +16146,12 @@ CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafI NOTE: https://github.com/Exiv2/exiv2/issues/952 NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9 NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e -CVE-2019-14367 - RESERVED -CVE-2019-14366 - RESERVED -CVE-2019-14365 - RESERVED +CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An ...) + TODO: check +CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access T ...) + TODO: check +CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access T ...) + TODO: check CVE-2019-14364 (An XSS vulnerability in the "Email Subscribers & Newsletters" plug ...) NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress CVE-2019-14363 (A stack-based buffer overflow in the upnpd binary running on NETGEAR W ...) @@ -25859,6 +25869,7 @@ CVE-2019-11140 (Insufficient session validation in system firmware for Intel(R) NOT-FOR-US: Intel CVE-2019-11139 RESERVED + {DSA-4565-1} - intel-microcode 3.20191112.1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html CVE-2019-11138 @@ -25869,7 +25880,7 @@ CVE-2019-11136 RESERVED CVE-2019-11135 [TSX Asynchronous Abort] RESERVED - {DSA-4565-1 DSA-4564-1} + {DSA-4565-1 DSA-4564-1 DLA-1990-1 DLA-1989-1} - linux 5.3.9-2 - intel-microcode 3.20191112.1 - xen <unfixed> @@ -40084,8 +40095,8 @@ CVE-2019-6190 RESERVED CVE-2019-6189 RESERVED -CVE-2019-6188 - RESERVED +CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) + TODO: check CVE-2019-6187 RESERVED CVE-2019-6186 @@ -40116,12 +40127,12 @@ CVE-2019-6174 RESERVED CVE-2019-6173 RESERVED -CVE-2019-6172 - RESERVED +CVE-2019-6172 (A potential vulnerability in the SMI callback function in some Lenovo ...) + TODO: check CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...) NOT-FOR-US: Lenovo -CVE-2019-6170 - RESERVED +CVE-2019-6170 (A potential vulnerability in some Lenovo ThinkPads may allow an attack ...) + TODO: check CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...) NOT-FOR-US: Lenovo Service Bridge CVE-2019-6168 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...) @@ -41496,8 +41507,8 @@ CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerabilit NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager -CVE-2019-5695 - RESERVED +CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Dr ...) + TODO: check CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) @@ -42508,8 +42519,8 @@ CVE-2019-5248 RESERVED CVE-2019-5247 RESERVED -CVE-2019-5246 - RESERVED +CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...) + TODO: check CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...) NOT-FOR-US: Huawei CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...) @@ -42534,18 +42545,18 @@ CVE-2019-5235 RESERVED CVE-2019-5234 RESERVED -CVE-2019-5233 - RESERVED +CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...) + TODO: check CVE-2019-5232 RESERVED -CVE-2019-5231 - RESERVED -CVE-2019-5230 - RESERVED -CVE-2019-5229 - RESERVED -CVE-2019-5228 - RESERVED +CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E18 ...) + TODO: check +CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte ...) + TODO: check +CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...) + TODO: check +CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone whith V ...) + TODO: check CVE-2019-5227 RESERVED CVE-2019-5226 @@ -42574,8 +42585,8 @@ CVE-2019-5215 (There is a man-in-the-middle (MITM) vulnerability on Huawei P30 s NOT-FOR-US: Huawei CVE-2019-5214 (There is a use after free vulnerability on certain driver component in ...) NOT-FOR-US: Huawei -CVE-2019-5213 - RESERVED +CVE-2019-5213 (Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0. ...) + TODO: check CVE-2019-5212 RESERVED CVE-2019-5211 @@ -57819,12 +57830,12 @@ CVE-2019-0156 RESERVED CVE-2019-0155 RESERVED - {DSA-4564-1} + {DSA-4564-1 DLA-1990-1} - linux 5.3.9-2 [jessie] - linux <not-affected> (Driver doesn't support this hardware) CVE-2019-0154 RESERVED - {DSA-4564-1} + {DSA-4564-1 DLA-1990-1 DLA-1989-1} - linux 5.3.9-2 CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...) NOT-FOR-US: Intel(R) CSME @@ -76583,7 +76594,7 @@ CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versio NOT-FOR-US: Intel CVE-2018-12207 [iTLB Multihit] RESERVED - {DSA-4564-1} + {DSA-4564-1 DLA-1990-1} - linux 5.3.9-2 [jessie] - linux <ignored> (Untrusted guests are no longer supportable) - xen <unfixed> @@ -109135,8 +109146,8 @@ CVE-2017-17226 (The TripAdvisor app with the versions before TAMobileApp-24.6.4 NOT-FOR-US: The TripAdvisor app on Huawei CVE-2017-17225 (The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile ...) NOT-FOR-US: Huawei -CVE-2017-17224 - RESERVED +CVE-2017-17224 (Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0. ...) + TODO: check CVE-2017-17223 (Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V ...) NOT-FOR-US: Huawei CVE-2017-17222 (Import Language Package function in Huawei eSpace 7950 V200R003C30; eS ...) @@ -289199,10 +289210,10 @@ CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in NOTE: Historic webkit/Chromium issues CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...) NOTE: Historic webkit/Chromium issues -CVE-2011-2335 - RESERVED -CVE-2011-2334 - RESERVED +CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...) + TODO: check +CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before ...) + TODO: check CVE-2011-2333 RESERVED CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...) @@ -290598,10 +290609,10 @@ CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as us - chromium-browser 11.0.696.71~r86024-1 [squeeze] - chromium-browser <not-affected> NOTE: http://trac.webkit.org/changeset/86448 -CVE-2011-1803 - RESERVED -CVE-2011-1802 - RESERVED +CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...) + TODO: check +CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...) + TODO: check CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...) - chromium-browser 11.0.696.71~r86024-1 (unimportant) NOTE: http://trac.webkit.org/changeset/85977 @@ -297349,8 +297360,7 @@ CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into proces - mysql-gui-tools <unfixed> (low; bug #605542) [squeeze] - mysql-gui-tools <no-dsa> (Minor issue) [lenny] - mysql-gui-tools <no-dsa> (Minor issue) -CVE-2010-4177 - RESERVED +CVE-2010-4177 (mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+op ...) - mysql-gui-tools <unfixed> (low; bug #605542) [squeeze] - mysql-gui-tools <no-dsa> (Minor issue) [lenny] - mysql-gui-tools <no-dsa> (Minor issue) @@ -298146,8 +298156,7 @@ CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...) {DSA-2126-1} - linux-2.6 2.6.32-27 -CVE-2010-3857 [JBoss BRMS XSS via UUID parameter] - RESERVED +CVE-2010-3857 (JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID paramet ...) - jbossas4 <not-affected> (Vulnerable code not present) NOTE: JBoss 5 only; fixed in 5.1.0 CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...) @@ -298184,8 +298193,7 @@ CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS 1.1 ...) - cvs <not-affected> (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852 -CVE-2010-3844 - RESERVED +CVE-2010-3844 (An unchecked sscanf() call in ettercap 0.7.3 allows an insecure tempor ...) - ettercap 1:0.7.4-1 (unimportant; bug #600130) NOTE: Very far-fetched attack vector CVE-2010-3843 @@ -299332,15 +299340,12 @@ CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in sound/c CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote ...) - abcm2ps 5.9.13-0.1 (low; bug #577014) [lenny] - abcm2ps <no-dsa> (Minor issue) -CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files] - RESERVED +CVE-2010-3440 (babiloo 2.0.9 before 2.0.11 creates temporary files with predictable n ...) - babiloo 2.0.11-1 (low; bug #591995) -CVE-2010-3439 [alien-arena: server dos] - RESERVED +CVE-2010-3439 (It is possible to cause a DoS condition by causing the server to crash ...) - alien-arena 7.33-5 (low; bug #575621) [lenny] - alien-arena 7.0-1+lenny2 -CVE-2010-3438 [Insufficient stripping of CR/LF allows arbitrary IRC command execution] - RESERVED +CVE-2010-3438 (libpoe-component-irc-perl before v6.32 does not remove carriage return ...) - libpoe-component-irc-perl 6.32+dfsg-1 [lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194) CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in dr ...) @@ -299696,8 +299701,7 @@ CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Opensw [lenny] - openswan <not-affected> (Introduced in version 2.6.25) CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...) NOT-FOR-US: Free Simple CMS 1.0 -CVE-2010-3305 [pixel CSRF] - RESERVED +CVE-2010-3305 (Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 cou ...) - pixelpost <removed> (bug #597224) CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...) - dovecot 1.2.13-1 @@ -299713,8 +299717,7 @@ CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia3 [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27) CVE-2010-3300 RESERVED -CVE-2010-3299 [ruby on rails: padding oracle attack] - RESERVED +CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...) - rails <unfixed> (unimportant) NOTE: http://seclists.org/oss-sec/2010/q3/415 NOTE: http://seclists.org/oss-sec/2010/q3/413 @@ -299766,8 +299769,7 @@ CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Altern CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...) - mailscanner <removed> (bug #596397; unimportant) NOTE: or even unimportant, the script is not used by default -CVE-2010-3292 [mailscanner may use spoofed data] - RESERVED +CVE-2010-3292 (The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 down ...) - mailscanner <removed> (bug #596396; low) [squeeze] - mailscanner <no-dsa> (Minor issue) CVE-2010-3278 @@ -300366,8 +300368,7 @@ CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP cli NOT-FOR-US: WinFrigate Frigate 3 FTP CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...) NOT-FOR-US: SoftX FTP Client 3.3 -CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313] - RESERVED +CVE-2010-3095 (mailscanner before 4.79.11-2.1 might allow local users to overwrite ar ...) - mailscanner 4.79.11-2.1 (bug #596403) CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...) {DSA-2113-1} @@ -302067,8 +302068,7 @@ CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...) CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...) - ruby1.8 <not-affected> (Windows-specific) - ruby1.9.1 <not-affected> (Windows-specific) -CVE-2010-2488 [znc null pointer deref] - RESERVED +CVE-2010-2488 (NULL pointer dereference vulnerability in ZNC before 0.092 caused by t ...) {DSA-2069-1} - znc 0.090-2 (bug #584929) CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9840d01c8b95c38830555ef22c358c272e2a6b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9840d01c8b95c38830555ef22c358c272e2a6b8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits