Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a23a2bc7 by security tracker role at 2019-12-05T20:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2019-19602 [x86/fpu: Don't cache access to fpu_fpregs_owner_ctx]
+CVE-2019-19608
+ RESERVED
+CVE-2019-19607
+ RESERVED
+CVE-2019-19606
+ RESERVED
+CVE-2019-19605
+ RESERVED
+CVE-2019-19604
+ RESERVED
+CVE-2019-19603
+ RESERVED
+CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l
because of ...)
+ TODO: check
+CVE-2019-19600
+ RESERVED
+CVE-2019-19599
+ RESERVED
+CVE-2019-19602 (fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in
the Linux ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -1040,10 +1058,10 @@ CVE-2019-19597 (D-Link DAP-1860 devices before v1.04b03
Beta allow arbitrary rem
NOT-FOR-US: D-Link
CVE-2019-19596 (GitBook through 2.6.9 allows XSS via a local .md file. ...)
TODO: check
-CVE-2019-19595
- RESERVED
-CVE-2019-19594
- RESERVED
+CVE-2019-19595 (reset/modules/advanced_form_maker_edit/multiupload/upload.php
in the R ...)
+ TODO: check
+CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO
Adobe Stoc ...)
+ TODO: check
CVE-2019-19593
RESERVED
CVE-2019-19592
@@ -1171,10 +1189,10 @@ CVE-2019-19548
RESERVED
CVE-2019-19547
RESERVED
-CVE-2019-19546
- RESERVED
-CVE-2019-19545
- RESERVED
+CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible
to an in ...)
+ TODO: check
+CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible
to a cro ...)
+ TODO: check
CVE-2019-19544
RESERVED
CVE-2019-19542
@@ -1731,8 +1749,8 @@ CVE-2020-1786
RESERVED
CVE-2020-1785
RESERVED
-CVE-2019-19466
- RESERVED
+CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
+ TODO: check
CVE-2019-19465
RESERVED
CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before
9.26.0 fo ...)
@@ -2238,8 +2256,8 @@ CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr
operation, after a mount
- linux <unfixed>
CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image
twice can c ...)
- linux <unfixed>
-CVE-2019-19317
- RESERVED
+CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the
colUsed b ...)
+ TODO: check
CVE-2019-19316 (When using the Azure backend with a shared access signature
(SAS), Ter ...)
NOT-FOR-US: Terraform
CVE-2019-19315
@@ -3098,9 +3116,9 @@ CVE-2019-19010 (Eval injection in the Math plugin of
Limnoria (before 2019.11.09
CVE-2019-19009
RESERVED
CVE-2019-19008
- RESERVED
-CVE-2019-19007
- RESERVED
+ REJECTED
+CVE-2019-19007 (Intelbras IWR 3000N 1.8.7 devices allow disclosure of the
administrato ...)
+ TODO: check
CVE-2019-19006 (Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below,
13.0.197. ...)
NOT-FOR-US: FreePBX
CVE-2019-19005
@@ -6946,8 +6964,8 @@ CVE-2019-18383 (An issue was discovered on TerraMaster
FS-210 4.0.19 devices. On
NOT-FOR-US: TerraMaster
CVE-2019-18382 (An issue was discovered on AVStar PE204 3.10.70 IP camera
devices. A d ...)
NOT-FOR-US: AVStar PE204
-CVE-2019-18381
- RESERVED
+CVE-2019-18381 (Norton Password Manager, prior to 6.6.2.5, may be susceptible
to a cro ...)
+ TODO: check
CVE-2019-18380
RESERVED
CVE-2019-18379
@@ -8396,8 +8414,7 @@ CVE-2019-18182
RESERVED
CVE-2019-18181
RESERVED
-CVE-2019-18180
- RESERVED
+CVE-2019-18180 (Improper Check for filenames with overly long extensions in
PostMaster ...)
- otrs2 <unfixed> (bug #945251)
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -9862,6 +9879,7 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer
overflow in LZ4_write32
NOTE: https://github.com/lz4/lz4/pull/756
NOTE: https://github.com/lz4/lz4/pull/760
CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in
vqa_decode_chunk ...)
+ {DLA-2021-1}
- ffmpeg 7:4.2.1-1
[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x
branch)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
@@ -10179,8 +10197,8 @@ CVE-2019-17439
RESERVED
CVE-2019-17438
RESERVED
-CVE-2019-17437
- RESERVED
+CVE-2019-17437 (An improper authentication check in Palo Alto Networks PAN-OS
may allo ...)
+ TODO: check
CVE-2019-17436 (A Local Privilege Escalation vulnerability exists in
GlobalProtect Age ...)
NOT-FOR-US: GlobalProtect Agent
CVE-2019-17435 (A Local Privilege Escalation vulnerability exists in the
GlobalProtect ...)
@@ -10348,10 +10366,10 @@ CVE-2019-17390
RESERVED
CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute)
mishandles erro ...)
NOT-FOR-US: RIOT RIOT-OS
-CVE-2019-17388
- RESERVED
-CVE-2019-17387
- RESERVED
+CVE-2019-17388 (Weak file permissions applied to the Aviatrix VPN Client
through 2.2.1 ...)
+ TODO: check
+CVE-2019-17387 (An authentication flaw in the AVPNC_RP service in Aviatrix VPN
Client ...)
+ TODO: check
CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in
edsanimat ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...)
@@ -11874,8 +11892,8 @@ CVE-2019-16771
RESERVED
CVE-2019-16770
RESERVED
-CVE-2019-16769
- RESERVED
+CVE-2019-16769 (Affected versions of this package are vulnerable to Cross-site
Scripti ...)
+ TODO: check
CVE-2019-16768
RESERVED
CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the
special ca ...)
@@ -14302,8 +14320,8 @@ CVE-2019-15899
RESERVED
CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the
username o ...)
NOT-FOR-US: Nagios Log Server
-CVE-2019-15897
- RESERVED
+CVE-2019-15897 (beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows
Authentication Byp ...)
+ TODO: check
CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5
for Wor ...)
NOT-FOR-US: LifterLMS plugin for WordPress
CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4
for Wor ...)
@@ -17399,8 +17417,7 @@ CVE-2019-14912 (An issue was discovered in PRiSE adAS
1.7.0. The OPENSSO module
NOT-FOR-US: PRiSE adAS
CVE-2019-14911 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO
module does n ...)
NOT-FOR-US: PRiSE adAS
-CVE-2019-14910
- RESERVED
+CVE-2019-14910 (A vulnerability was found in keycloak 7.x, when keycloak is
configured ...)
NOT-FOR-US: Keycloak
CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user
federation LD ...)
NOT-FOR-US: Keycloak
@@ -19371,6 +19388,7 @@ CVE-2019-14444 (apply_relocations in readelf.c in GNU
Binutils 2.32 contains an
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
NOTE: binutils not covered by security support
CVE-2019-14443 (An issue was discovered in Libav 12.3. Division by zero in
range_decod ...)
+ {DLA-2021-1}
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c1
CVE-2019-14442 (In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an
input file ...)
@@ -29065,8 +29083,7 @@ CVE-2019-11257
RESERVED
CVE-2019-11256
RESERVED
-CVE-2019-11255
- RESERVED
+CVE-2019-11255 (Improper input validation in Kubernetes CSI sidecar containers
for ext ...)
NOT-FOR-US: kubernetes-csi
CVE-2019-11254
RESERVED
@@ -41122,14 +41139,14 @@ CVE-2019-7197 (A stored cross-site scripting (XSS)
vulnerability has been report
TODO: check
CVE-2019-7196
RESERVED
-CVE-2019-7195
- RESERVED
-CVE-2019-7194
- RESERVED
-CVE-2019-7193
- RESERVED
-CVE-2019-7192
- RESERVED
+CVE-2019-7195 (This external control of file name or path vulnerability allows
remote ...)
+ TODO: check
+CVE-2019-7194 (This external control of file name or path vulnerability allows
remote ...)
+ TODO: check
+CVE-2019-7193 (This improper input validation vulnerability allows remote
attackers t ...)
+ TODO: check
+CVE-2019-7192 (This improper access control vulnerability allows remote
attackers to ...)
+ TODO: check
CVE-2019-7191
RESERVED
CVE-2019-7190
@@ -41142,12 +41159,12 @@ CVE-2019-7187
RESERVED
CVE-2019-7186
RESERVED
-CVE-2019-7185
- RESERVED
-CVE-2019-7184
- RESERVED
-CVE-2019-7183
- RESERVED
+CVE-2019-7185 (This cross-site scripting (XSS) vulnerability in Music Station
allows ...)
+ TODO: check
+CVE-2019-7184 (This cross-site scripting (XSS) vulnerability in Video Station
allows ...)
+ TODO: check
+CVE-2019-7183 (This improper link resolution vulnerability allows remote
attackers to ...)
+ TODO: check
CVE-2019-7182
RESERVED
CVE-2019-7181 (Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925
and ea ...)
@@ -46323,8 +46340,8 @@ CVE-2019-5100 (An exploitable integer overflow
vulnerability exists in the BMP h
NOT-FOR-US: LEADTOOLS
CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the
CMP-parsi ...)
NOT-FOR-US: LEADTOOLS
-CVE-2019-5098
- RESERVED
+CVE-2019-5098 (An exploitable out-of-bounds read vulnerability exists in AMD
ATIDXX64 ...)
+ TODO: check
CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of
multi-pa ...)
NOT-FOR-US: GoAhead
CVE-2019-5096 (An exploitable code execution vulnerability exists in the
processing o ...)
@@ -49538,8 +49555,8 @@ CVE-2019-3692
RESERVED
CVE-2019-3691
RESERVED
-CVE-2019-3690
- RESERVED
+CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks
before c ...)
+ TODO: check
CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before
and in ...)
{DLA-1965-1}
- nfs-utils <unfixed> (bug #940848)
@@ -56530,7 +56547,7 @@ CVE-2019-1583 (Escalation of privilege vulnerability in
the Palo Alto Networks T
NOT-FOR-US: Palo Alto Networks
CVE-2019-1582 (Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3
and ea ...)
NOT-FOR-US: PAN-OS
-CVE-2019-1581 (Mitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19
and earl ...)
+CVE-2019-1581 (A remote code execution vulnerability in the PAN-OS SSH device
managem ...)
NOT-FOR-US: PAN-OS
CVE-2019-1580 (Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19
and earl ...)
NOT-FOR-US: PAN-OS
@@ -56684,8 +56701,8 @@ CVE-2018-1002104
RESERVED
CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the
Kubernetes Das ...)
NOT-FOR-US: minikube
-CVE-2018-1002102
- RESERVED
+CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API
server in ...)
+ TODO: check
CVE-2018-19875
RESERVED
CVE-2018-19874
@@ -61829,6 +61846,7 @@ CVE-2018-19134 (In Artifex Ghostscript through 9.25,
the setpattern operator did
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get
everyone's email ...)
NOT-FOR-US: Flarum Core
CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory
access in vc1 ...)
+ {DLA-2021-1}
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
NOTE: Duplicate of CVE-2017-17127
@@ -61838,6 +61856,7 @@ CVE-2018-19129 (In Libav 12.3, a NULL pointer
dereference (RIP points to zero) i
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1138
NOTE: Duplicate of CVE-2019-14441
CVE-2018-19128 (In Libav 12.3, there is a heap-based buffer over-read in
decode_frame ...)
+ {DLA-2021-1}
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1137
CVE-2018-19127 (A code injection vulnerability in /type.php in PHPCMS 2008
allows atta ...)
@@ -88955,6 +88974,7 @@ CVE-2017-18246 (The pcm_encode_frame function in
libavcodec/pcm.c in Libav 12.2
[jessie] - libav <ignored> (Minor issue, oob read, not reproducible
with 11.12, no patch)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1095
CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2
allows rem ...)
+ {DLA-2021-1}
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1094
NOTE: new 2019 PoC crash with non-null, non-asan segfault, 32-bit only
@@ -112891,6 +112911,7 @@ CVE-2017-17128 (The h264_slice_init function in
libavcodec/h264_slice.c in Libav
[jessie] - libav <not-affected> (Unable to reproduce on i386 and amd64
with current version and upstream Git; upstream bug also closed WORKSFORME)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1104
CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav
12.2 all ...)
+ {DLA-2021-1}
- libav <removed>
[wheezy] - libav <ignored> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
@@ -263893,8 +263914,7 @@ CVE-2013-1400
RESERVED
CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in
uTorre ...)
NOT-FOR-US: uTorrent
-CVE-2013-0243 [Basic constraints vulnerability]
- RESERVED
+CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute
vulnera ...)
- haskell-tls-extra 0.4.6.1-1 (bug #698545)
CVE-2013-1399 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the (1) ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
@@ -266958,8 +266978,7 @@ CVE-2013-0328 (Cross-site scripting (XSS)
vulnerability in Jenkins before 1.502
- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0327 (Cross-site request forgery (CSRF) vulnerability in Jenkins
master in J ...)
- jenkins 1.480.3+dfsg-1 (bug #700761)
-CVE-2013-0326 [_base images permissions world readable]
- RESERVED
+CVE-2013-0326 (OpenStack nova base images permissions are world readable ...)
- nova <unfixed> (unimportant)
NOTE: Unfixed upstream, typical installation not multi-user anyway
CVE-2013-0325 (Multiple cross-site scripting (XSS) vulnerabilities in the
Varnish mod ...)
@@ -267075,8 +267094,7 @@ CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x
before 1.1.4, and 1.0.x be
NOT-FOR-US: nori Ruby gem
CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when
communic ...)
NOT-FOR-US: newrelic_rpm Ruby gem
-CVE-2013-0283
- RESERVED
+CVE-2013-0283 (Katello: Username in Notification page has cross site scripting
...)
NOT-FOR-US: Red Hat CloudForms
CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and
earlier, ...)
- keystone 2012.1.1-13 (bug #700947)
@@ -267493,8 +267511,7 @@ CVE-2013-0165
(cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.s
NOT-FOR-US: OpenShift
CVE-2013-0164 (The lockwrap function in
port-proxy/bin/openshift-port-proxy-cfg in Re ...)
NOT-FOR-US: OpenShift
-CVE-2013-0163
- RESERVED
+CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy
connection ...)
NOT-FOR-US: OpenShift haproxy cartridge
CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the
ruby_parser ...)
- ruby-parser 2.3.1-2 (bug #701637)
@@ -281528,14 +281545,12 @@ CVE-2012-1107 (The analyzeCurrent function in
ape/apeproperties.cpp in TagLib 1.
[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1106 (The C handler plug-in in Automatic Bug Reporting Tool (ABRT),
possibly ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2012-1105
- RESERVED
+CVE-2012-1105 (An Information Disclosure vulnerability exists in the Jasig
Project ph ...)
- moodle 2.2.7.dfsg-1 (low; bug #662945)
[squeeze] - moodle <no-dsa> (Minor issue)
- glpi 0.80.7-2 (unimportant; bug #662944)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2012-1104
- RESERVED
+CVE-2012-1104 (A Security Bypass vulnerability exists in the phpCAS 1.2.2
library fro ...)
- moodle 2.2.7.dfsg-1 (low; bug #662945)
[squeeze] - moodle <no-dsa> (Minor issue)
- glpi 0.80.7-2 (unimportant; bug #662944)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a23a2bc7ada75c3f63fc048d39d4558b15ea6688
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a23a2bc7ada75c3f63fc048d39d4558b15ea6688
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
