Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80322c59 by security tracker role at 2019-12-12T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,51 @@
-CVE-2019-19726
+CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS.
...)
+ TODO: check
+CVE-2019-19747
+ RESERVED
+CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a
segmentation fau ...)
+ TODO: check
+CVE-2019-19745
+ RESERVED
+CVE-2019-19744
+ RESERVED
+CVE-2019-19743
+ RESERVED
+CVE-2019-19742
+ RESERVED
+CVE-2019-19741
+ RESERVED
+CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter
CampaignID in Ca ...)
+ TODO: check
+CVE-2019-19739
+ RESERVED
+CVE-2019-19738
+ RESERVED
+CVE-2019-19737
+ RESERVED
+CVE-2019-19736
+ RESERVED
+CVE-2019-19735
+ RESERVED
+CVE-2019-19734
+ RESERVED
+CVE-2019-19733
+ RESERVED
+CVE-2019-19732
+ RESERVED
+CVE-2019-19731
+ RESERVED
+CVE-2019-19730
+ RESERVED
+CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka
bson-objectid) packa ...)
+ TODO: check
+CVE-2019-19728
+ RESERVED
+CVE-2019-19727
RESERVED
+CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion
during a l ...)
+ TODO: check
+CVE-2019-19726 (OpenBSD through 6.6 allows local users to escalate to root
because a c ...)
+ TODO: check
CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst
in sa_co ...)
- sysstat <unfixed>
NOTE: https://github.com/sysstat/sysstat/issues/242
@@ -3540,8 +3586,8 @@ CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an
authenticated user with T
NOT-FOR-US: Octopus Deploy
CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where
SSL offlo ...)
NOT-FOR-US: Octopus Deploy
-CVE-2019-19374
- RESERVED
+CVE-2019-19374 (An issue was discovered in
core/assets/form/form_question_types/form_q ...)
+ TODO: check
CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to
5.5.0.3, 5. ...)
NOT-FOR-US: Squiz Matrix CMS
CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal
vulnera ...)
@@ -4607,7 +4653,7 @@ CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD
6.11 and Stor2RRD 2.61
NOT-FOR-US: Xorux
CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of
showErrorMessag ...)
NOT-FOR-US: KairosDB
-CVE-2019-19039 (__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux
kernel thro ...)
+CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c
in the Li ...)
- linux <unfixed>
CVE-2019-19038
RESERVED
@@ -4788,7 +4834,7 @@ CVE-2019-18962
RESERVED
CVE-2019-18961
RESERVED
-CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...)
+CVE-2019-18960 (Firecracker vsock implementation buffer overflow in versions
0.18.0 an ...)
NOT-FOR-US: AWS Firecracker
CVE-2019-18959
RESERVED
@@ -8851,8 +8897,8 @@ CVE-2019-18247 (An attacker may use a specially crafted
message to force Relion
NOT-FOR-US: Relion
CVE-2019-18246
RESERVED
-CVE-2019-18245
- RESERVED
+CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may
allow an a ...)
+ TODO: check
CVE-2019-18244
RESERVED
CVE-2019-18243
@@ -8877,8 +8923,8 @@ CVE-2019-18234
RESERVED
CVE-2019-18233
RESERVED
-CVE-2019-18232
- RESERVED
+CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to
7.101(only ...)
+ TODO: check
CVE-2019-18231
RESERVED
CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple
versions, ...)
@@ -12605,8 +12651,8 @@ CVE-2019-17089
RESERVED
CVE-2019-17088
RESERVED
-CVE-2019-17087
- RESERVED
+CVE-2019-17087 (Unauthorized file download vulnerability in all supported
versions of ...)
+ TODO: check
CVE-2019-17086
RESERVED
CVE-2019-17085 (XXE attack vulnerability on Micro Focus Operations Agent,
affected ver ...)
@@ -32349,10 +32395,10 @@ CVE-2019-10697
RESERVED
CVE-2019-10696
RESERVED
-CVE-2019-10695
- RESERVED
-CVE-2019-10694
- RESERVED
+CVE-2019-10695 (When using the cd4pe::root_configuration task to configure a
Continuou ...)
+ TODO: check
+CVE-2019-10694 (The express install, which is the suggested way to install
Puppet Ente ...)
+ TODO: check
CVE-2019-10693
RESERVED
CVE-2019-10692 (In the wp-google-maps plugin before 7.11.18 for WordPress,
includes/cl ...)
@@ -43222,8 +43268,8 @@ CVE-2019-7006 (Avaya one-X Communicator uses weak
cryptographic algorithms in th
NOT-FOR-US: Avaya
CVE-2019-7005
RESERVED
-CVE-2019-7004
- RESERVED
+CVE-2019-7004 (A Cross-Site Scripting (XSS) vulnerability in the WebUI
component of I ...)
+ TODO: check
CVE-2019-7003 (A SQL injection vulnerability in the reporting component of
Avaya Cont ...)
NOT-FOR-US: Avaya
CVE-2019-7002
@@ -47876,8 +47922,8 @@ CVE-2019-5156
RESERVED
CVE-2019-5155
RESERVED
-CVE-2019-5154
- RESERVED
+CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the
JPEG2000 pars ...)
+ TODO: check
CVE-2019-5153
RESERVED
CVE-2019-5152
@@ -48001,14 +48047,14 @@ CVE-2019-5094 (An exploitable code execution
vulnerability exists in the quota f
- e2fsprogs 1.45.4-1 (bug #941139)
NOTE:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
-CVE-2019-5093
- RESERVED
-CVE-2019-5092
- RESERVED
-CVE-2019-5091
- RESERVED
-CVE-2019-5090
- RESERVED
+CVE-2019-5093 (An exploitable code execution vulnerability exists in the DICOM
networ ...)
+ TODO: check
+CVE-2019-5092 (An exploitable heap out of bounds write vulnerability exists in
the UI ...)
+ TODO: check
+CVE-2019-5091 (An exploitable denial-of-service vulnerability exists in the
Dicom-pac ...)
+ TODO: check
+CVE-2019-5090 (An exploitable information disclosure vulnerability exists in
the DICO ...)
+ TODO: check
CVE-2019-5089 (An exploitable memory corruption vulnerability exists in
Investintech ...)
NOT-FOR-US: Investintech
CVE-2019-5088 (An exploitable memory corruption vulnerability exists in
Investintech ...)
@@ -48021,8 +48067,8 @@ CVE-2019-5086 (An exploitable integer overflow
vulnerability exists in the flatt
- xcftools <unfixed> (bug #945317)
NOTE: https://github.com/j-jorge/xcftools/issues/12
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
-CVE-2019-5085
- RESERVED
+CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM
packet ...)
+ TODO: check
CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in
the TI ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the
igcore1 ...)
@@ -50312,20 +50358,20 @@ CVE-2019-3991
RESERVED
CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present
in the ...)
NOT-FOR-US: Harbor
-CVE-2019-3989
- RESERVED
-CVE-2019-3988
- RESERVED
-CVE-2019-3987
- RESERVED
-CVE-2019-3986
- RESERVED
-CVE-2019-3985
- RESERVED
+CVE-2019-3989 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
+ TODO: check
+CVE-2019-3988 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
+ TODO: check
+CVE-2019-3987 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
+ TODO: check
+CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
+ TODO: check
+CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
+ TODO: check
CVE-2019-3984
RESERVED
-CVE-2019-3983
- RESERVED
+CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
+ TODO: check
CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a
Denial of Se ...)
NOT-FOR-US: Nessus
CVE-2019-3981
@@ -61632,28 +61678,28 @@ CVE-2019-0407
RESERVED
CVE-2019-0406
RESERVED
-CVE-2019-0405
- RESERVED
-CVE-2019-0404
- RESERVED
-CVE-2019-0403
- RESERVED
-CVE-2019-0402
- RESERVED
+CVE-2019-0405 (SAP Enable Now, before version 1911, leaks information about
the exist ...)
+ TODO: check
+CVE-2019-0404 (SAP Enable Now, before version 1911, leaks information about
network c ...)
+ TODO: check
+CVE-2019-0403 (SAP Enable Now, before version 1911, allows an attacker to
input comma ...)
+ TODO: check
+CVE-2019-0402 (SAP Adaptive Server Enterprise, before versions 15.7 and 16.0,
under c ...)
+ TODO: check
CVE-2019-0401
RESERVED
CVE-2019-0400
RESERVED
-CVE-2019-0399
- RESERVED
-CVE-2019-0398
- RESERVED
+CVE-2019-0399 (SAP Portfolio and Project Management, before versions S4CORE
102, 103, ...)
+ TODO: check
+CVE-2019-0398 (Due to insufficient CSRF protection, SAP BusinessObjects
Business Inte ...)
+ TODO: check
CVE-2019-0397
RESERVED
CVE-2019-0396 (SAP BusinessObjects Business Intelligence Platform (Web
Intelligence H ...)
NOT-FOR-US: SAP
-CVE-2019-0395
- RESERVED
+CVE-2019-0395 (SAP BusinessObjects Business Intelligence Platform (Fiori BI
Launchpad ...)
+ TODO: check
CVE-2019-0394
RESERVED
CVE-2019-0393 (An SQL Injection vulnerability in SAP Quality Management
(corrected in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80322c59997c6db00c8323c54bff3553c0d8421f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80322c59997c6db00c8323c54bff3553c0d8421f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
