Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd79bff1 by security tracker role at 2019-11-20T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -623,8 +623,8 @@ CVE-2019-18860
RESERVED
CVE-2019-18859
RESERVED
-CVE-2019-18858
- RESERVED
+CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with
CODESYS Con ...)
+ TODO: check
CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and
data val ...)
NOT-FOR-US: darylldoyle svg-sanitizer
CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer
module t ...)
@@ -10583,8 +10583,8 @@ CVE-2019-16201 [Regular Expression Denial of Service
vulnerability of WEBrick's
- jruby <unfixed>
NOTE:
https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
-CVE-2019-16200
- RESERVED
+CVE-2019-16200 (GNU Serveez through 0.2.2 has an Information Leak. An attacker
may sen ...)
+ TODO: check
CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18
allow Remot ...)
NOT-FOR-US: eQ-3 Homematic CCU2
CVE-2019-16198 (KSLabs KSWEB 3.93 allows ../ directory traversal, as
demonstrated by t ...)
@@ -27464,8 +27464,8 @@ CVE-2019-10767
RESERVED
CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2
allow SQL In ...)
TODO: check
-CVE-2019-10765
- RESERVED
+CVE-2019-10765 (iobroker.admin before 3.6.12 allows attacker to include file
contents ...)
+ TODO: check
CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might
be possi ...)
NOT-FOR-US: elliptic-php
CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection.
An attack ...)
@@ -42430,12 +42430,12 @@ CVE-2019-5544
RESERVED
CVE-2019-5543
RESERVED
-CVE-2019-5542
- RESERVED
-CVE-2019-5541
- RESERVED
-CVE-2019-5540
- RESERVED
+CVE-2019-5542 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before
11.5.1 ...)
+ TODO: check
+CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before
11.5.1 ...)
+ TODO: check
+CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before
11.5.1 ...)
+ TODO: check
CVE-2019-5539
RESERVED
CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a
lack o ...)
@@ -44588,8 +44588,8 @@ CVE-2019-4563
RESERVED
CVE-2019-4562
RESERVED
-CVE-2019-4561
- RESERVED
+CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote
attacker to e ...)
+ TODO: check
CVE-2019-4560
RESERVED
CVE-2019-4559
@@ -44650,8 +44650,8 @@ CVE-2019-4532
RESERVED
CVE-2019-4531
RESERVED
-CVE-2019-4530
- RESERVED
+CVE-2019-4530 (IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow
an aut ...)
+ TODO: check
CVE-2019-4529
RESERVED
CVE-2019-4528
@@ -47192,8 +47192,7 @@ CVE-2019-3468
RESERVED
CVE-2019-3467
RESERVED
-CVE-2019-3466
- RESERVED
+CVE-2019-3466 (The pg_ctlcluster script in postgresql-common in versions prior
to 210 ...)
{DSA-4568-1 DLA-1994-1}
- postgresql-common 210
NOTE:
https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c
@@ -81163,7 +81162,8 @@ CVE-2018-10844 (It was found that the GnuTLS
implementation of HMAC-SHA-256 was
NOTE: https://eprint.iacr.org/2018/747
CVE-2018-10843 (source-to-image component of Openshift Container Platform
before versi ...)
NOT-FOR-US: source-to-image in OpenShift
-CVE-2018-10842 (It was found that an authenticated user could manipulate user
session ...)
+CVE-2018-10842
+ REJECTED
NOT-FOR-US: Keycloak
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster
server node ...)
- glusterfs 4.1.2-1 (bug #901968)
@@ -162189,8 +162189,7 @@ CVE-2016-9654
REJECTED
CVE-2016-9653
REJECTED
-CVE-2016-9652
- RESERVED
+CVE-2016-9652 (Unspecified vulnerabilities in Google Chrome before
55.0.2883.75. ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -177646,8 +177645,7 @@ CVE-2016-5195 (Race condition in mm/gup.c in the
Linux kernel 2.x through 4.x be
- linux 4.7.8-1
NOTE:
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
NOTE: Fixed by:
https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
-CVE-2016-5194
- RESERVED
+CVE-2016-5194 (Unspecified vulnerabilities in Google Chrome before
54.0.2840.59. ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -214428,8 +214426,7 @@ CVE-2014-XXXX [more to CVE-2014-6585]
NOTE: icu_4.4.1-8+squeeze3 already has the full patch except for the
changes in source/layout/ContextualSubstSubtables.cpp which are commented out
anyway... and the remaining if test is probably only meaningful when the
backtrackClassArray call is uncommented.
CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Imag ...)
NOT-FOR-US: WordPress plugin image-metadata-cruncher
-CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect
bitwise left shifts]
- RESERVED
+CVE-2015-1607 (kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before
2.0.27, and 2 ...)
[experimental] - gnupg2 2.1.2-1
- gnupg2 2.0.26-5 (bug #778577)
[wheezy] - gnupg2 <no-dsa> (Minor issue)
@@ -214439,8 +214436,7 @@ CVE-2015-1607 [memcpy with overlapping ranges,
resulting from incorrect bitwise
[squeeze] - gnupg <no-dsa> (Too intrusive to backport; minor issue)
NOTE:
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
NOTE:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
-CVE-2015-1606 [use after free resulting from failure to skip invalid packets]
- RESERVED
+CVE-2015-1606 (The keyring DB in GnuPG before 2.1.2 does not properly handle
invalid ...)
{DSA-3184-1 DLA-175-1}
[experimental] - gnupg2 2.1.2-1
- gnupg2 2.0.26-5 (bug #778577)
@@ -264478,16 +264474,13 @@ CVE-2013-0197 (Cross-site scripting (XSS)
vulnerability in the filter_draw_selec
CVE-2013-0196
RESERVED
NOT-FOR-US: OpenShift
-CVE-2013-0195 [Unspecified XSS]
- RESERVED
+CVE-2013-0195 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote
attack ...)
- piwik <itp> (bug #506933)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
-CVE-2013-0194 [Unspecified XSS]
- RESERVED
+CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote
attack ...)
- piwik <itp> (bug #506933)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
-CVE-2013-0193 [Unspecified XSS]
- RESERVED
+CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote
attack ...)
- piwik <itp> (bug #506933)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0192
@@ -265167,8 +265160,7 @@ CVE-2012-6138
REJECTED
CVE-2012-6137 (rhn-migrate-classic-to-rhsm tool in Red Hat
subscription-manager does ...)
NOT-FOR-US: Red Hat subscription-manager
-CVE-2012-6136
- RESERVED
+CVE-2012-6136 (tuned 2.10.0 creates its PID file with insecure permissions
which allo ...)
- tuned <not-affected> (Fixed before initial release to Debian)
CVE-2012-6135 (RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers
to dele ...)
- ruby-passenger <not-affected> (Vulnerable code not present; bug
#702219)
@@ -283131,12 +283123,10 @@ CVE-2011-4457 (OWASP HTML Sanitizer (aka
owasp-java-html-sanitizer) before 88, w
NOT-FOR-US: OWASP HTML Sanitizer
CVE-2011-4456
REJECTED
-CVE-2011-4455
- RESERVED
+CVE-2011-4455 (Multiple cross-site scripting vulnerabilities in Tiki 7.2 and
earlier ...)
- tikiwiki <removed>
NOTE: http://secunia.com/advisories/46740/
-CVE-2011-4454
- RESERVED
+CVE-2011-4454 (Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1
and earl ...)
- tikiwiki <removed>
NOTE: http://secunia.com/advisories/46740/
CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x
before ...)
@@ -293495,8 +293485,7 @@ CVE-2011-1030 (Cross-site scripting (XSS)
vulnerability in the Wikis component i
NOT-FOR-US: IBM
CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team
Concert ...)
NOT-FOR-US: IBM
-CVE-2011-1028
- RESERVED
+CVE-2011-1028 (The $smarty.template variable in Smarty3 allows attackers to
possibly ...)
- smarty3 3.0.8-1
- smarty <removed>
[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
@@ -294919,8 +294908,7 @@ CVE-2011-0530 (Buffer overflow in the mainloop
function in nbd-server.c in the s
{DSA-2183-1}
- nbd 1:2.9.16-8 (bug #611187)
[etch] - nbd <not-affected> (reintroduced in 2.9.0)
-CVE-2011-0529
- RESERVED
+CVE-2011-0529 (Weborf before 0.12.5 is affected by a Denial of Service (DOS)
due to m ...)
- weborf 0.12.5-1
CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to
node r ...)
- puppet 2.6.2-3
@@ -295680,11 +295668,9 @@ CVE-2010-4661 (udisks before 1.0.3 allows a local
user to load arbitrary Linux k
[squeeze] - udisks <no-dsa> (Minor issue)
NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
NOTE: fixed by
http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037
-CVE-2010-4660
- RESERVED
+CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the
way add ...)
- statusnet <itp> (bug #491723)
-CVE-2010-4659
- RESERVED
+CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through
2010 in ...)
- statusnet <itp> (bug #491723)
CVE-2010-4658
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd79bff1c868bce0a42d238378d309287643b90e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd79bff1c868bce0a42d238378d309287643b90e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
