Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9c2bbf9 by security tracker role at 2019-11-28T08:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-19371
+ RESERVED
+CVE-2019-19370
+ RESERVED
+CVE-2019-19369
+ RESERVED
+CVE-2019-19368
+ RESERVED
+CVE-2019-19367 (A cross-site scripting (XSS) vulnerability in
app/fax/fax_files.php in ...)
+ TODO: check
+CVE-2019-19366 (A cross-site scripting (XSS) vulnerability in
app/xml_cdr/xml_cdr_sear ...)
+ TODO: check
+CVE-2019-19365
+ RESERVED
CVE-2020-1764
RESERVED
CVE-2020-1763
@@ -236,10 +250,10 @@ CVE-2019-19321
RESERVED
CVE-2019-19320
RESERVED
-CVE-2019-19319
- RESERVED
-CVE-2019-19318
- RESERVED
+CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a
mount of a c ...)
+ TODO: check
+CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image
twice can c ...)
+ TODO: check
CVE-2019-19317
RESERVED
CVE-2019-19316
@@ -271,6 +285,7 @@ CVE-2019-19309 [Private objects exposed through project
import]
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles
headers, ...)
+ {DSA-4577-1}
- haproxy 2.0.10-1
[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
[jessie] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
@@ -3994,8 +4009,7 @@ CVE-2019-18662 (An issue was discovered in YouPHPTube
through 7.7. User input pa
NOT-FOR-US: YouPHPTube
CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication
bypass by ...)
NOT-FOR-US: Fastweb FASTGate
-CVE-2019-18660 [powerpc: missing Spectre-RSB mitigation]
- RESERVED
+CVE-2019-18660 (The Linux kernel through 5.3.13 on powerpc allows Information
Exposure ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1
CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote
attackers t ...)
@@ -5060,8 +5074,8 @@ CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6.
In legacy mode, messag
[jessie] - haproxy <no-dsa> (Minor issue)
NOTE:
https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
NOTE: https://nathandavison.com/blog/haproxy-http-request-smuggling
-CVE-2019-18276
- RESERVED
+CVE-2019-18276 (An issue was discovered in disable_priv_mode in shell.c in GNU
Bash th ...)
+ TODO: check
CVE-2019-18275
RESERVED
CVE-2019-18274
@@ -5106,8 +5120,8 @@ CVE-2019-18255
RESERVED
CVE-2019-18254
RESERVED
-CVE-2019-18253
- RESERVED
+CVE-2019-18253 (An attacker could use specially crafted paths in a specific
request to ...)
+ TODO: check
CVE-2019-18252
RESERVED
CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron
CX-Supervis ...)
@@ -5118,8 +5132,8 @@ CVE-2019-18249
RESERVED
CVE-2019-18248
RESERVED
-CVE-2019-18247
- RESERVED
+CVE-2019-18247 (An attacker may use a specially crafted message to force
Relion 650 se ...)
+ TODO: check
CVE-2019-18246
RESERVED
CVE-2019-18245
@@ -12708,8 +12722,8 @@ CVE-2019-15707
RESERVED
CVE-2019-15706
RESERVED
-CVE-2019-15705
- RESERVED
+CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN
portal of Fo ...)
+ TODO: check
CVE-2019-15704 (A clear text storage of sensitive information vulnerability in
FortiCl ...)
NOT-FOR-US: Fortinet
CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet
FortiOS 6.2. ...)
@@ -40134,26 +40148,26 @@ CVE-2019-6676
RESERVED
CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client
Certific ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2019-6674
- RESERVED
-CVE-2019-6673
- RESERVED
-CVE-2019-6672
- RESERVED
-CVE-2019-6671
- RESERVED
-CVE-2019-6670
- RESERVED
-CVE-2019-6669
- RESERVED
-CVE-2019-6668
- RESERVED
-CVE-2019-6667
- RESERVED
-CVE-2019-6666
- RESERVED
-CVE-2019-6665
- RESERVED
+CVE-2019-6674 (On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may
crash ...)
+ TODO: check
+CVE-2019-6673 (On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is
config ...)
+ TODO: check
+CVE-2019-6672 (On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and
13.1.0-13.1.3.1, when ...)
+ TODO: check
+CVE-2019-6671 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and
13.1.0-13.1 ...)
+ TODO: check
+CVE-2019-6670 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1,
13.1.0-13.1.3.1 ...)
+ TODO: check
+CVE-2019-6669 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1,
13.1.0-13.1.3.1 ...)
+ TODO: check
+CVE-2019-6668 (The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM
15.0.0-15 ...)
+ TODO: check
+CVE-2019-6667 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4,
13.1.0-13.1 ...)
+ TODO: check
+CVE-2019-6666 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and
13.1.0- ...)
+ TODO: check
+CVE-2019-6665 (On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and
13.1.0- ...)
+ TODO: check
CVE-2019-6664 (On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions,
networ ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6663 (The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1,
12.1.0-12. ...)
@@ -50627,7 +50641,7 @@ CVE-2019-2943 (Vulnerability in the Oracle Data
Integrator product of Oracle Fus
NOT-FOR-US: Oracle
CVE-2019-2942 (Vulnerability in the Oracle Advanced Outbound Telephony product
of Ora ...)
NOT-FOR-US: Oracle
-CVE-2019-2941 (Vulnerability in the Hyperion Enterprise Performance Management
Archit ...)
+CVE-2019-2941 (Vulnerability in the Hyperion Profitability and Cost Management
produc ...)
NOT-FOR-US: Oracle
CVE-2019-2940 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
NOT-FOR-US: Oracle
@@ -83001,6 +83015,7 @@ CVE-2018-10395
CVE-2018-10394
RESERVED
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-b ...)
+ {DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
@@ -83008,6 +83023,7 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in
Xiph.Org libvorbis 1.3.6 has a s
NOTE: Fixed by:
https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
NOTE: Same patch as for CVE-2017-14160
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6
does not va ...)
+ {DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
@@ -122148,6 +122164,7 @@ CVE-2017-14165 (The ReadSUNImage function in
coders/sun.c in GraphicsMagick 1.3.
NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org
libvorbis 1.3.5 ...)
+ {DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once
fixed upstream)
@@ -289240,8 +289257,7 @@ CVE-2011-2718 (Multiple directory traversal
vulnerabilities in the relational sc
- phpmyadmin 4:3.4.3.2-1
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-2717
- RESERVED
+CVE-2011-2717 (The DHCPv6 client (dhcp6c) as used in the dhcpv6 project
through 2011- ...)
NOT-FOR-US: udhcp6c
CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote
DHCP s ...)
- busybox 1:1.20.0-3 (unimportant; bug #635548)
@@ -289753,8 +289769,7 @@ CVE-2011-2525 (The qdisc_notify function in
net/sched/sch_api.c in the Linux ker
CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer
in libso ...)
{DSA-2369-1}
- libsoup2.4 2.34.3-1 (bug #635837)
-CVE-2011-2523
- RESERVED
+CVE-2011-2523 (vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains
a backd ...)
- vsftpd <not-affected> (backdoored version was never in the Debian
archive)
CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Samb ...)
{DSA-2290-1}
@@ -289782,8 +289797,7 @@ CVE-2011-2517 (Multiple buffer overflows in
net/wireless/nl80211.c in the Linux
CVE-2011-2516 (Off-by-one error in the XML signature feature in Apache XML
Security f ...)
{DSA-2277-1}
- xml-security-c 1.6.1-1 (low; bug #632973)
-CVE-2011-2515
- RESERVED
+CVE-2011-2515 (PackageKit 0.6.17 allows installation of unsigned RPM packages
as thou ...)
- packagekit 0.6.17-1
CVE-2011-2514 (The Java Network Launching Protocol (JNLP) implementation in
IcedTea6 ...)
- openjdk-6 6b21~pre1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c2bbf9366a9b151d0486f883174a775b74a67d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c2bbf9366a9b151d0486f883174a775b74a67d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
