Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44b41964 by security tracker role at 2019-12-17T08:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,42 @@
-CVE-2019-19816
+CVE-2019-19833
+ RESERVED
+CVE-2019-19832
+ RESERVED
+CVE-2019-19831
+ RESERVED
+CVE-2019-19829
+ RESERVED
+CVE-2019-19828
+ RESERVED
+CVE-2019-19827
+ RESERVED
+CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for
Drupal make ...)
+ TODO: check
+CVE-2019-19825
+ RESERVED
+CVE-2019-19824
+ RESERVED
+CVE-2019-19823
+ RESERVED
+CVE-2019-19822
+ RESERVED
+CVE-2019-19821
+ RESERVED
+CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the
kyrld.sys dr ...)
+ TODO: check
+CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
12.0.0.1 ...)
+ TODO: check
+CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader
12.0.0.11 ...)
+ TODO: check
+CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader
12.0.0.11 ...)
+ TODO: check
+CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs
filesystem image ...)
- linux <unfixed>
-CVE-2019-19815
+CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem
image c ...)
- linux <unfixed>
-CVE-2019-19814
+CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem
image c ...)
- linux <unfixed>
-CVE-2019-19813
+CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs
filesystem image, ...)
- linux <unfixed>
CVE-2019-19812
RESERVED
@@ -111,7 +143,8 @@ CVE-2019-19772
RESERVED
CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and
may have b ...)
NOT-FOR-US: lodahs malicious package on npm
-CVE-2019-19830 [identified authors can inject content into database]
+CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote
authent ...)
+ {DSA-4583-1}
- spip 3.2.7-1
[stretch] - spip <not-affected> (Vulnerable code not present)
[jessie] - spip <not-affected> (Vulnerable code not present)
@@ -9111,8 +9144,8 @@ CVE-2019-18581
RESERVED
CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1
contains a Jav ...)
NOT-FOR-US: EMC
-CVE-2019-18579
- RESERVED
+CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior
to 1.1. ...)
+ TODO: check
CVE-2019-18578
RESERVED
CVE-2019-18577
@@ -10036,8 +10069,8 @@ CVE-2019-18271
RESERVED
CVE-2019-18270
RESERVED
-CVE-2019-18269
- RESERVED
+CVE-2019-18269 (In Omron PLC CJ series, all versions, and Omron PLC CS series,
all ver ...)
+ TODO: check
CVE-2019-18268
RESERVED
CVE-2019-18267
@@ -10052,12 +10085,12 @@ CVE-2019-18263
RESERVED
CVE-2019-18262
RESERVED
-CVE-2019-18261
- RESERVED
+CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all
version ...)
+ TODO: check
CVE-2019-18260
RESERVED
-CVE-2019-18259
- RESERVED
+CVE-2019-18259 (In Omron PLC CJ series, all versions and Omron PLC CS series,
all vers ...)
+ TODO: check
CVE-2019-18258
RESERVED
CVE-2019-18257
@@ -11210,8 +11243,8 @@ CVE-2020-0001
CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an
arbitrary user' ...)
- guix <itp> (bug #850644)
NOTE: https://issues.guix.gnu.org/issue/37744
-CVE-2019-18191
- RESERVED
+CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep
Security ...)
+ TODO: check
CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a
vulnerab ...)
NOT-FOR-US: Trend Micro
CVE-2019-18189 (A directory traversal vulnerability in Trend Micro Apex One,
OfficeSca ...)
@@ -14724,10 +14757,10 @@ CVE-2019-16781
RESERVED
CVE-2019-16780
RESERVED
-CVE-2019-16779
- RESERVED
-CVE-2019-16778
- RESERVED
+CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition
around pers ...)
+ TODO: check
+CVE-2019-16778 (In TensorFlow before 1.15, a heap buffer overflow in
UnsortedSegmentSu ...)
+ TODO: check
CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an
Arbitrary ...)
- npm <unfixed>
NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
@@ -19941,8 +19974,8 @@ CVE-2019-15013
RESERVED
CVE-2019-15012
RESERVED
-CVE-2019-15011
- RESERVED
+CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links
before versio ...)
+ TODO: check
CVE-2019-15010
RESERVED
CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian
Fisheye and ...)
@@ -21232,28 +21265,27 @@ CVE-2019-14614
RESERVED
CVE-2019-14613
RESERVED
-CVE-2019-14612
- RESERVED
-CVE-2019-14611
- RESERVED
-CVE-2019-14610
- RESERVED
-CVE-2019-14609
- RESERVED
-CVE-2019-14608
- RESERVED
-CVE-2019-14607 [Unexpected Page Fault in Virtualized Environment Advisory]
- RESERVED
+CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow
a privil ...)
+ TODO: check
+CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a
privilege ...)
+ TODO: check
+CVE-2019-14610 (Improper access control in firmware for Intel(R) NUC(R) may
allow an a ...)
+ TODO: check
+CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may
allow a ...)
+ TODO: check
+CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R)
may allow ...)
+ TODO: check
+CVE-2019-14607 (Improper conditions check in multiple Intel® Processors
may allow ...)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
TODO: check, this is likely the issue addressed with
intel-microcode/3.20191115
CVE-2019-14606
RESERVED
-CVE-2019-14605
- RESERVED
-CVE-2019-14604
- RESERVED
-CVE-2019-14603
- RESERVED
+CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS
Platform Di ...)
+ TODO: check
+CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for
Intel(R) Quartu ...)
+ TODO: check
+CVE-2019-14603 (Improper permissions in the installer for the License Server
software ...)
+ TODO: check
CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR
Driver vers ...)
NOT-FOR-US: Nuvoton* CIR Driver
CVE-2019-14601
@@ -21322,8 +21354,8 @@ CVE-2019-14570 (Memory corruption in system firmware
for Intel(R) NUC may allow
NOT-FOR-US: Intel
CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may
allow a pri ...)
NOT-FOR-US: Intel
-CVE-2019-14568
- RESERVED
+CVE-2019-14568 (Improper permissions in the executable for Intel(R) RST before
version ...)
+ TODO: check
CVE-2019-14567
RESERVED
CVE-2019-14566 (Insufficient input validation in Intel(R) SGX SDK multiple
Linux and W ...)
@@ -25615,8 +25647,8 @@ CVE-2019-13535 (In Medtronic Valleylab FT10 Energy
Platform (VLFT10GEN) version
NOT-FOR-US: Medtronic Valleylab FT10 Energy Platform
CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN
Version A, Fi ...)
NOT-FOR-US: Philips
-CVE-2019-13533
- RESERVED
+CVE-2019-13533 (In Omron PLC CJ series, all versions, and Omron PLC CS series,
all ver ...)
+ TODO: check
CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows
an atta ...)
NOT-FOR-US: CODESYS
CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN)
version 2.1.0 ...)
@@ -26554,10 +26586,10 @@ CVE-2019-13184
RESERVED
CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST
endpoints, as ...)
NOT-FOR-US: Flarum
-CVE-2019-13182
- RESERVED
-CVE-2019-13181
- RESERVED
+CVE-2019-13182 (A stored cross-site scripting (XSS) vulnerability exists in
the web UI ...)
+ TODO: check
+CVE-2019-13181 (A CSV injection vulnerability exists in the web UI of
SolarWinds Serv- ...)
+ TODO: check
CVE-2019-13180
RESERVED
CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption
keyfile ...)
@@ -28687,11 +28719,9 @@ CVE-2019-12415 (In Apache POI up to 4.1.0, when using
the tool XSSFExportToXml t
[stretch] - libapache-poi-java <no-dsa> (Minor issue)
[jessie] - libapache-poi-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/10/23/1
-CVE-2019-12414
- RESERVED
+CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view
database nam ...)
NOT-FOR-US: Apache Superset
-CVE-2019-12413
- RESERVED
+CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query
database met ...)
NOT-FOR-US: Apache Superset
CVE-2019-12411
RESERVED
@@ -32236,8 +32266,8 @@ CVE-2019-11167 (Improper file permission in software
installer for Intel(R) Smar
NOT-FOR-US: Intel
CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy
Streaming ...)
NOT-FOR-US: Intel
-CVE-2019-11165
- RESERVED
+CVE-2019-11165 (Improper conditions check in the Linux kernel driver for the
Intel(R) ...)
+ TODO: check
CVE-2019-11164
RESERVED
CVE-2019-11163 (Insufficient access control in a hardware abstraction driver
for Intel ...)
@@ -32252,8 +32282,8 @@ CVE-2019-11159
RESERVED
CVE-2019-11158
RESERVED
-CVE-2019-11157
- RESERVED
+CVE-2019-11157 (Improper conditions check in voltage settings for some
Intel(R) Proces ...)
+ TODO: check
CVE-2019-11156 (Logic errors in Intel(R) PROSet/Wireless WiFi Software before
version ...)
NOT-FOR-US: Intel
CVE-2019-11155 (Improper directory permissions in Intel(R) PROSet/Wireless
WiFi Softwa ...)
@@ -32400,8 +32430,8 @@ CVE-2019-11098
CVE-2019-11097
RESERVED
NOT-FOR-US: Intel
-CVE-2019-11096
- RESERVED
+CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218
Adapter driv ...)
+ TODO: check
CVE-2019-11095 (Insufficient access control in Intel(R) Driver & Support
Assistant ...)
NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R)
NUC Kit ...)
@@ -33312,8 +33342,8 @@ CVE-2019-10775
RESERVED
CVE-2019-10774
RESERVED
-CVE-2019-10773
- RESERVED
+CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can
be abused ...)
+ TODO: check
CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1
using th ...)
TODO: check
CVE-2019-10771 (Characters in the GET url path are not properly escaped and
can be ref ...)
@@ -48928,8 +48958,8 @@ CVE-2019-5261
RESERVED
CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a
denial of s ...)
NOT-FOR-US: Huawei
-CVE-2019-5259
- RESERVED
+CVE-2019-5259 (There is an information leakage vulnerability on some Huawei
products( ...)
+ TODO: check
CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW
Module;NIP6300;NIP6600 ...)
NOT-FOR-US: Huawei
CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW
Module;NIP6300;NIP6600 ...)
@@ -64317,8 +64347,8 @@ CVE-2019-0160 (Buffer overflow in system firmware for
EDK II may allow unauthent
NOTE:
https://github.com/tianocore/edk2/commit/5c0748f43f4e1cc15fdd0be64a764eacd7df92f6
NOTE:
https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
NOTE:
https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
-CVE-2019-0159
- RESERVED
+CVE-2019-0159 (Insufficient memory protection in the Linux Administrative
Tools for I ...)
+ TODO: check
CVE-2019-0158 (Insufficient path checking in the installation package for
Intel(R) Gr ...)
NOT-FOR-US: Intel
CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for
Linux may ...)
@@ -64375,8 +64405,8 @@ CVE-2019-0136 (Insufficient access control in the
Intel(R) PROSet/Wireless WiFi
NOTE:
https://git.kernel.org/linus/588f7d39b3592a36fb7702ae3b8bdd9be4621e2f
CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated
Storage ...)
NOT-FOR-US: Intel
-CVE-2019-0134
- RESERVED
+CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and
Thermal Fram ...)
+ TODO: check
CVE-2019-0133
RESERVED
CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version
3.3.176.13 may ...)
@@ -84352,8 +84382,8 @@ CVE-2018-11753
RESERVED
CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH
session de ...)
NOT-FOR-US: cisco_ios Puppet module
-CVE-2018-11751
- RESERVED
+CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in
the SSL co ...)
+ TODO: check
CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not
validate a ho ...)
NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at
login tim ...)
@@ -99151,8 +99181,8 @@ CVE-2017-18109 (The login resource of CrowdId in
Atlassian Crowd before version
NOT-FOR-US: Atlassian Crowd
CVE-2017-18108 (The administration SMTP configuration resource in Atlassian
Crowd befo ...)
NOT-FOR-US: Atlassian Crowd
-CVE-2017-18107
- RESERVED
+CVE-2017-18107 (Various resources in the Crowd Demo application of Atlassian
Crowd bef ...)
+ TODO: check
CVE-2017-18106 (The identifier_hash for a session token in Atlassian Crowd
before vers ...)
NOT-FOR-US: Atlassian Crowd
CVE-2017-18105 (The console login resource in Atlassian Crowd before version
3.0.2 and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44b41964e5780f088216f9d752d0c59db5e52e7d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44b41964e5780f088216f9d752d0c59db5e52e7d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
