Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9309bf05 by security tracker role at 2019-12-19T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,50 @@
-CVE-2019-19906 [Off by one in _sasl_add_string function]
+CVE-2019-19913
+ RESERVED
+CVE-2019-19912
+ RESERVED
+CVE-2019-19911
+ RESERVED
+CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to
2019-12-13 (1.35 ...)
+ TODO: check
+CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP)
pkp-lib befo ...)
+ TODO: check
+CVE-2019-19908
+ RESERVED
+CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano
Groupware Core ...)
+ TODO: check
+CVE-2019-19904
+ RESERVED
+CVE-2019-19903 (An issue was discovered in Backdrop CMS 1.14.x before 1.14.2.
It doesn ...)
+ TODO: check
+CVE-2019-19902 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5
and 1.14. ...)
+ TODO: check
+CVE-2019-19901 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5
and 1.14. ...)
+ TODO: check
+CVE-2019-19900 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5
and 1.14. ...)
+ TODO: check
+CVE-2019-19899 (Pebble Templates 3.1.2 allows attackers to bypass a protection
mechani ...)
+ TODO: check
+CVE-2019-19898
+ RESERVED
+CVE-2019-19897
+ RESERVED
+CVE-2019-19896
+ RESERVED
+CVE-2019-19895
+ RESERVED
+CVE-2019-19894
+ RESERVED
+CVE-2019-19893
+ RESERVED
+CVE-2019-19892
+ RESERVED
+CVE-2019-19891
+ RESERVED
+CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write
leading ...)
- cyrus-sasl2 <unfixed>
NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
-CVE-2019-19905 [buffer overflow when parsing config files]
+CVE-2019-19905 (NetHack before 3.6.4 is prone to a buffer overflow
vulnerability when ...)
- nethack <unfixed> (low; bug #947005)
[buster] - nethack <no-dsa> (Minor issue)
[stretch] - nethack <no-dsa> (Minor issue)
@@ -807,7 +849,7 @@ CVE-2019-19809
RESERVED
CVE-2019-3467 [kadm5.acl should set proper rights for users]
RESERVED
- {DLA-2041-1}
+ {DSA-4589-1 DLA-2041-1}
- debian-edu-config 2.11.10 (bug #946797)
CVE-2019-19808
RESERVED
@@ -864,8 +906,8 @@ CVE-2019-19790 (Path traversal in RadChart in Telerik UI
for ASP.NET AJAX allows
NOT-FOR-US: Telerik UI for ASP.NET AJAX
CVE-2019-19789
RESERVED
-CVE-2019-19788
- RESERVED
+CVE-2019-19788 (Opera for Android before 54.0.2669.49432 is vulnerable to a
sandboxed ...)
+ TODO: check
CVE-2019-19787 (ATasm 1.06 has a stack-based buffer overflow in the
get_signed_express ...)
NOT-FOR-US: ATasm
CVE-2019-19786 (ATasm 1.06 has a stack-based buffer overflow in the
parse_expr() funct ...)
@@ -2022,8 +2064,7 @@ CVE-2019-19725 (sysstat through 12.2.0 has a double free
in check_file_actlst in
NOTE: https://github.com/sysstat/sysstat/issues/242
NOTE:
https://github.com/sysstat/sysstat/commit/a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed
NOTE: Crash in CLI tool, no security impact
-CVE-2019-19724
- RESERVED
+CVE-2019-19724 (Insecure permissions (777) are set on $HOME/.singularity when
it is ne ...)
- singularity-container 3.5.2+ds1-1
NOTE:
https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
CVE-2019-19723
@@ -6749,14 +6790,14 @@ CVE-2019-18999
RESERVED
CVE-2019-18998
RESERVED
-CVE-2019-18997
- RESERVED
-CVE-2019-18996
- RESERVED
-CVE-2019-18995
- RESERVED
-CVE-2019-18994
- RESERVED
+CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses
the rea ...)
+ TODO: check
+CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel
Builder 600 ve ...)
+ TODO: check
+CVE-2019-18995 (The HMISimulator component of ABB PB610 Panel Builder 600
versions 2.8 ...)
+ TODO: check
+CVE-2019-18994 (Due to a lack of file length check, the HMIStudio component of
ABB PB6 ...)
+ TODO: check
CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name
field to th ...)
NOT-FOR-US: OpenWrt
CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the
cgi-bin/luci/a ...)
@@ -6840,8 +6881,8 @@ CVE-2019-18957 (Microstrategy Library in MicroStrategy
before 2019 before 11.1.3
NOT-FOR-US: Microstrategy Library
CVE-2019-18956 (Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8,
9.8.43 an ...)
TODO: check
-CVE-2019-18955
- RESERVED
+CVE-2019-18955 (The web console in Lansweeper 7.2.105.2 has XSS via the URL
path. Prod ...)
+ TODO: check
CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data.
A malici ...)
NOT-FOR-US: Pomelo
CVE-2019-18953
@@ -7288,8 +7329,8 @@ CVE-2019-18783
RESERVED
CVE-2019-18782
RESERVED
-CVE-2019-18781
- RESERVED
+CVE-2019-18781 (An open redirect vulnerability was discovered in Zoho
ManageEngine ADS ...)
+ TODO: check
CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is
uninitial ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -9840,8 +9881,8 @@ CVE-2019-18617
RESERVED
CVE-2019-18616
RESERVED
-CVE-2019-18615
- RESERVED
+CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2
Train, unde ...)
+ TODO: check
CVE-2019-18614
RESERVED
CVE-2019-18613
@@ -9931,12 +9972,12 @@ CVE-2019-18575 (Dell Command Configure versions prior
to 4.2.1 contain an uncont
NOT-FOR-US: Dell Command Configure
CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8
contain a ...)
NOT-FOR-US: RSA Authentication Manager software
-CVE-2019-18573
- RESERVED
-CVE-2019-18572
- RESERVED
-CVE-2019-18571
- RESERVED
+CVE-2019-18573 (The RSA Identity Governance and Lifecycle and RSA Via
Lifecycle and Go ...)
+ TODO: check
+CVE-2019-18572 (The RSA Identity Governance and Lifecycle and RSA Via
Lifecycle and Go ...)
+ TODO: check
+CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via
Lifecycle and Go ...)
+ TODO: check
CVE-2020-0600
RESERVED
CVE-2020-0599
@@ -10854,8 +10895,8 @@ CVE-2019-18269 (In Omron PLC CJ series, all versions,
and Omron PLC CS series, a
NOT-FOR-US: Omron
CVE-2019-18268
RESERVED
-CVE-2019-18267
- RESERVED
+CVE-2019-18267 (An issue was found in GE S2020/S2020G Fast Switch 61850,
S2020/S2020G ...)
+ TODO: check
CVE-2019-18266
RESERVED
CVE-2019-18265
@@ -12044,8 +12085,8 @@ CVE-2019-18183
RESERVED
CVE-2019-18182
RESERVED
-CVE-2019-18181
- RESERVED
+CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2
Code train ...)
+ TODO: check
CVE-2019-18180 (Improper Check for filenames with overly long extensions in
PostMaster ...)
- otrs2 <unfixed> (bug #945251)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -13134,8 +13175,8 @@ CVE-2019-17635
RESERVED
CVE-2019-17634
RESERVED
-CVE-2019-17633
- RESERVED
+CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both
authentication and T ...)
+ TODO: check
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022,
and 9.4. ...)
- jetty9 <unfixed>
[buster] - jetty9 <no-dsa> (Minor issue)
@@ -13999,8 +14040,8 @@ CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak
Password Recovery Mechanism
NOT-FOR-US: Progress Sitefinity
CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code
2016-06-0 ...)
NOT-FOR-US: Espressif ESP32
-CVE-2019-17390
- RESERVED
+CVE-2019-17390 (An issue was discovered in the Outlook add-in in Pronestor
Planner bef ...)
+ TODO: check
CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute)
mishandles erro ...)
NOT-FOR-US: RIOT RIOT-OS
CVE-2019-17388 (Weak file permissions applied to the Aviatrix VPN Client
through 2.2.1 ...)
@@ -16326,50 +16367,50 @@ CVE-2019-16467
RESERVED
CVE-2019-16466
RESERVED
-CVE-2019-16465
- RESERVED
-CVE-2019-16464
- RESERVED
-CVE-2019-16463
- RESERVED
-CVE-2019-16462
- RESERVED
-CVE-2019-16461
- RESERVED
-CVE-2019-16460
- RESERVED
-CVE-2019-16459
- RESERVED
-CVE-2019-16458
- RESERVED
-CVE-2019-16457
- RESERVED
-CVE-2019-16456
- RESERVED
-CVE-2019-16455
- RESERVED
-CVE-2019-16454
- RESERVED
-CVE-2019-16453
- RESERVED
-CVE-2019-16452
- RESERVED
-CVE-2019-16451
- RESERVED
-CVE-2019-16450
- RESERVED
-CVE-2019-16449
- RESERVED
-CVE-2019-16448
- RESERVED
+CVE-2019-16465 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16464 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16463 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16462 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16461 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16460 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16459 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16458 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16457 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16456 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16455 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16454 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16453 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16452 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16451 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16450 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16449 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16448 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
CVE-2019-16447
RESERVED
-CVE-2019-16446
- RESERVED
-CVE-2019-16445
- RESERVED
-CVE-2019-16444
- RESERVED
+CVE-2019-16446 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16445 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-16444 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
+ TODO: check
CVE-2019-16443
RESERVED
CVE-2019-16442
@@ -18876,16 +18917,16 @@ CVE-2019-15602
RESERVED
CVE-2019-15601
RESERVED
-CVE-2019-15600
- RESERVED
-CVE-2019-15599
- RESERVED
-CVE-2019-15598
- RESERVED
-CVE-2019-15597
- RESERVED
-CVE-2019-15596
- RESERVED
+CVE-2019-15600 (A Path traversal exists in http_server which allows an
attacker to rea ...)
+ TODO: check
+CVE-2019-15599 (A Code Injection exists in tree-kill on Windows which allows a
remote ...)
+ TODO: check
+CVE-2019-15598 (A Code Injection exists in treekill on Windows which allows a
remote c ...)
+ TODO: check
+CVE-2019-15597 (A code injection exists in node-df v0.1.4 that can allow an
attacker t ...)
+ TODO: check
+CVE-2019-15596 (A path traversal in statics-server exists in all version that
allows a ...)
+ TODO: check
CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller
=<3.10.6 th ...)
NOT-FOR-US: UniFi Video Controller
CVE-2019-15594
@@ -18897,12 +18938,12 @@ CVE-2019-15593 (GitLab 12.2.3 contains a security
vulnerability that allows a us
NOTE:
https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b
CVE-2019-15592
RESERVED
-CVE-2019-15591
- RESERVED
+CVE-2019-15591 (An improper access control vulnerability exists in GitLab
<12.3.3 t ...)
+ TODO: check
CVE-2019-15590
RESERVED
-CVE-2019-15589
- RESERVED
+CVE-2019-15589 (An improper access control vulnerability exists in Gitlab
<v12.3.2, ...)
+ TODO: check
CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager
<= 2.1 ...)
NOT-FOR-US: Nexus Repository Manager
CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized
JavaScript may o ...)
@@ -18921,18 +18962,18 @@ CVE-2019-15582
RESERVED
CVE-2019-15581
RESERVED
-CVE-2019-15580
- RESERVED
+CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com
<v12.3.2 ...)
+ TODO: check
CVE-2019-15579
RESERVED
CVE-2019-15578
RESERVED
-CVE-2019-15577
- RESERVED
-CVE-2019-15576
- RESERVED
-CVE-2019-15575
- RESERVED
+CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE
<v12 ...)
+ TODO: check
+CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE
<v12 ...)
+ TODO: check
+CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2,
<v12.2.6, a ...)
+ TODO: check
CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in
account ...)
NOT-FOR-US: Gesior-AAC
CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in
tankyou.php. ...)
@@ -20778,8 +20819,8 @@ CVE-2019-15008 (The /plugins/servlet/branchreview
resource in Atlassian Fisheye
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before
version 4 ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2019-15006
- RESERVED
+CVE-2019-15006 (There was a man-in-the-middle (MITM) vulnerability present in
the Conf ...)
+ TODO: check
CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior
to versio ...)
NOT-FOR-US: Atlassian
CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk
Server and ...)
@@ -30633,8 +30674,8 @@ CVE-2019-11997
RESERVED
CVE-2019-11996 (Potential security vulnerabilities have been identified with
HPE Nimbl ...)
NOT-FOR-US: HPE
-CVE-2019-11995
- RESERVED
+CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could
allow unaut ...)
+ TODO: check
CVE-2019-11994
RESERVED
CVE-2019-11993
@@ -31108,8 +31149,8 @@ CVE-2019-11782
RESERVED
CVE-2019-11781
RESERVED
-CVE-2019-11780
- RESERVED
+CVE-2019-11780 (Improper access control in the computed fields system of the
framework ...)
+ TODO: check
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious
MQTT cli ...)
{DSA-4570-1 DLA-1972-1}
- mosquitto 1.6.6-1 (bug #940654)
@@ -33098,8 +33139,7 @@ CVE-2019-11149
RESERVED
CVE-2019-11148 (Improper permissions in the installer for Intel(R) Remote
Displays SDK ...)
NOT-FOR-US: Intel
-CVE-2019-11147
- RESERVED
+CVE-2019-11147 (Insufficient access control in hardware abstraction driver for
MEInfo ...)
NOT-FOR-US: Intel
CVE-2019-11146 (Improper file verification in Intel® Driver & Support
Assista ...)
NOT-FOR-US: Intel
@@ -33140,11 +33180,9 @@ CVE-2019-11134
RESERVED
CVE-2019-11133 (Improper access control in the Intel(R) Processor Diagnostic
Tool befo ...)
NOT-FOR-US: Intel
-CVE-2019-11132
- RESERVED
+CVE-2019-11132 (Cross site scripting in subsystem in Intel(R) AMT before
versions 11.8 ...)
NOT-FOR-US: Intel
-CVE-2019-11131
- RESERVED
+CVE-2019-11131 (Logic issue in subsystem in Intel(R) AMT before versions
11.8.70, 11.1 ...)
NOT-FOR-US: Intel
CVE-2019-11130
RESERVED
@@ -33186,45 +33224,33 @@ CVE-2019-11112 (Memory corruption in Kernel Mode
Driver in Intel(R) Graphics Dri
TODO: check
CVE-2019-11111 (Pointer corruption in the Unified Shader Compiler in Intel(R)
Graphics ...)
NOT-FOR-US: Intel
-CVE-2019-11110
- RESERVED
+CVE-2019-11110 (Authentication bypass in the subsystem for Intel(R) CSME
before versio ...)
NOT-FOR-US: Intel
-CVE-2019-11109
- RESERVED
+CVE-2019-11109 (Logic issue in the subsystem for Intel(R) SPS before versions
SPS_E5_0 ...)
NOT-FOR-US: Intel
-CVE-2019-11108
- RESERVED
+CVE-2019-11108 (Insufficient input validation in subsystem for Intel(R) CSME
before ve ...)
NOT-FOR-US: Intel
-CVE-2019-11107
- RESERVED
+CVE-2019-11107 (Insufficient input validation in the subsystem for Intel(R)
AMT before ...)
NOT-FOR-US: Intel
-CVE-2019-11106
- RESERVED
+CVE-2019-11106 (Insufficient session validation in the subsystem for Intel(R)
CSME bef ...)
NOT-FOR-US: Intel
-CVE-2019-11105
- RESERVED
+CVE-2019-11105 (Logic issue in subsystem for Intel(R) CSME before versions
12.0.45, 13 ...)
NOT-FOR-US: Intel
-CVE-2019-11104
- RESERVED
+CVE-2019-11104 (Insufficient input validation in MEInfo software for Intel(R)
CSME bef ...)
NOT-FOR-US: Intel
-CVE-2019-11103
- RESERVED
+CVE-2019-11103 (Insufficient input validation in firmware update software for
Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2019-11102
- RESERVED
+CVE-2019-11102 (Insufficient input validation in Intel(R) DAL software for
Intel(R) CS ...)
NOT-FOR-US: Intel
-CVE-2019-11101
- RESERVED
+CVE-2019-11101 (Insufficient input validation in the subsystem for Intel(R)
CSME befor ...)
NOT-FOR-US: Intel
-CVE-2019-11100
- RESERVED
+CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R)
AMT before ...)
NOT-FOR-US: Intel
CVE-2019-11099
RESERVED
CVE-2019-11098
RESERVED
-CVE-2019-11097
- RESERVED
+CVE-2019-11097 (Improper directory permissions in the installer for Intel(R)
Managemen ...)
NOT-FOR-US: Intel
CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218
Adapter driv ...)
TODO: check
@@ -33248,19 +33274,15 @@ CVE-2019-11091 (Microarchitectural Data Sampling
Uncacheable Memory (MDSUM): Unc
NOTE: libvirt support for md-clear CPUID bit:
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
-CVE-2019-11090
- RESERVED
+CVE-2019-11090 (Cryptographic timing conditions in the subsystem for Intel(R)
PTT befo ...)
NOT-FOR-US: Intel
CVE-2019-11089 (Insufficient input validation in Kernel Mode module for
Intel(R) Graph ...)
TODO: check
-CVE-2019-11088
- RESERVED
+CVE-2019-11088 (Insufficient input validation in subsystem in Intel(R) AMT
before vers ...)
NOT-FOR-US: Intel
-CVE-2019-11087
- RESERVED
+CVE-2019-11087 (Insufficient input validation in the subsystem for Intel(R)
CSME befor ...)
NOT-FOR-US: Intel
-CVE-2019-11086
- RESERVED
+CVE-2019-11086 (Insufficient input validation in subsystem for Intel(R) AMT
before ver ...)
NOT-FOR-US: Intel
CVE-2019-11085 (Insufficient input validation in Kernel Mode Driver in
Intel(R) i915 G ...)
- linux 4.19.20-1
@@ -43588,8 +43610,8 @@ CVE-2019-7623
RESERVED
CVE-2019-7622
RESERVED
-CVE-2019-7621
- RESERVED
+CVE-2019-7621 (Kibana versions before 6.8.6 and 7.5.1 contain a cross site
scripting ...)
+ TODO: check
CVE-2019-7620 (Logstash versions before 7.4.1 and 6.8.4 contain a denial of
service f ...)
NOT-FOR-US: Logstash Beats
CVE-2019-7619 (Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a
username ...)
@@ -43964,18 +43986,18 @@ CVE-2019-7489
RESERVED
CVE-2019-7488
RESERVED
-CVE-2019-7487
- RESERVED
-CVE-2019-7486
- RESERVED
-CVE-2019-7485
- RESERVED
-CVE-2019-7484
- RESERVED
-CVE-2019-7483
- RESERVED
-CVE-2019-7482
- RESERVED
+CVE-2019-7487 (Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows
operati ...)
+ TODO: check
+CVE-2019-7486 (Code injection in SonicWall SMA100 allows an authenticated user
to exe ...)
+ TODO: check
+CVE-2019-7485 (Buffer overflow in SonicWall SMA100 allows an authenticated
user to ex ...)
+ TODO: check
+CVE-2019-7484 (Authenticated SQL Injection in SonicWall SMA100 allow user to
gain rea ...)
+ TODO: check
+CVE-2019-7483 (In SonicWall SMA100, an unauthenticated Directory Traversal
vulnerabil ...)
+ TODO: check
+CVE-2019-7482 (Stack-based buffer overflow in SonicWall SMA100 allows an
unauthentica ...)
+ TODO: check
CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to
gain r ...)
TODO: check
CVE-2019-7480
@@ -49141,10 +49163,10 @@ CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection
in the install_pack/index.ph
CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux
kernel throu ...)
{DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux 4.19.37-4
-CVE-2019-5487
- RESERVED
-CVE-2019-5486
- RESERVED
+CVE-2019-5487 (An improper access control vulnerability exists in Gitlab EE
<v12.3 ...)
+ TODO: check
+CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE
<v12.3 ...)
+ TODO: check
CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a
Command Injec ...)
NOT-FOR-US: node gitlabhook
CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability
permitting file ...)
@@ -49205,8 +49227,7 @@ CVE-2019-5470 [Information Disclosure Vulnerability
Feedback]
[experimental] - gitlab 11.11.7+dfsg-1
- gitlab <unfixed> (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
-CVE-2019-5469 [Arbitrary File Upload via Import Project Archive]
- RESERVED
+CVE-2019-5469 (An IDOR vulnerability exists in GitLab <v12.1.2,
<v12.0.4, and & ...)
[experimental] - gitlab 11.11.7+dfsg-1
- gitlab <unfixed> (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
@@ -50067,24 +50088,24 @@ CVE-2019-5083 (An exploitable out-of-bounds write
vulnerability exists in the ig
NOT-FOR-US: Accusoft ImageGear
CVE-2019-5082
RESERVED
-CVE-2019-5081
- RESERVED
-CVE-2019-5080
- RESERVED
-CVE-2019-5079
- RESERVED
-CVE-2019-5078
- RESERVED
-CVE-2019-5077
- RESERVED
+CVE-2019-5081 (An exploitable heap buffer overflow vulnerability exists in the
iochec ...)
+ TODO: check
+CVE-2019-5080 (An exploitable denial-of-service vulnerability exists in the
iocheckd ...)
+ TODO: check
+CVE-2019-5079 (An exploitable heap buffer overflow vulnerability exists in the
iochec ...)
+ TODO: check
+CVE-2019-5078 (An exploitable denial of service vulnerability exists in the
iocheckd ...)
+ TODO: check
+CVE-2019-5077 (An exploitable denial-of-service vulnerability exists in the
iocheckd ...)
+ TODO: check
CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the
igcore1 ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2019-5075
- RESERVED
-CVE-2019-5074
- RESERVED
-CVE-2019-5073
- RESERVED
+CVE-2019-5075 (An exploitable stack buffer overflow vulnerability exists in
the comma ...)
+ TODO: check
+CVE-2019-5074 (An exploitable stack buffer overflow vulnerability exists in
the ioche ...)
+ TODO: check
+CVE-2019-5073 (An exploitable information exposure vulnerability exists in the
iochec ...)
+ TODO: check
CVE-2019-5072 (An exploitable command injection vulnerability exists in the
/goform/W ...)
NOT-FOR-US: Tenda
CVE-2019-5071 (An exploitable command injection vulnerability exists in the
/goform/W ...)
@@ -61545,8 +61566,7 @@ CVE-2019-1389 (A remote code execution vulnerability
exists when Windows Hyper-V
NOT-FOR-US: Microsoft
CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows
Certific ...)
NOT-FOR-US: Microsoft
-CVE-2019-1387
- RESERVED
+CVE-2019-1387 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2,
v2.21.1, v ...)
{DSA-4581-1}
- git 1:2.24.0-2
NOTE:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=a8dee3ca610f5a1d403634492136c887f83b59d2
@@ -65051,19 +65071,15 @@ CVE-2019-0171 (Improper directory permissions in the
installer for Intel(R) Quar
NOT-FOR-US: Intel
CVE-2019-0170 (Buffer overflow in subsystem in Intel(R) DAL before version
12.0.35 ma ...)
NOT-FOR-US: Intel(R) DAL
-CVE-2019-0169
- RESERVED
+CVE-2019-0169 (Heap overflow in subsystem in Intel(R) CSME before versions
11.8.70, 1 ...)
NOT-FOR-US: Intel
-CVE-2019-0168
- RESERVED
+CVE-2019-0168 (Insufficient input validation in the subsystem for Intel(R)
CSME befor ...)
NOT-FOR-US: Intel
CVE-2019-0167
RESERVED
-CVE-2019-0166
- RESERVED
+CVE-2019-0166 (Insufficient input validation in the subsystem for Intel(R) AMT
before ...)
NOT-FOR-US: Intel
-CVE-2019-0165
- RESERVED
+CVE-2019-0165 (Insufficient Input validation in the subsystem for Intel(R)
CSME befor ...)
NOT-FOR-US: Intel
CVE-2019-0164 (Improper permissions in the installer for Intel(R) Turbo Boost
Max Tec ...)
NOT-FOR-US: installer for Intel(R) Turbo Boost Max Technology driver
@@ -65150,8 +65166,7 @@ CVE-2019-0133
RESERVED
CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version
3.3.176.13 may ...)
NOT-FOR-US: Intel Unite(R) Client
-CVE-2019-0131
- RESERVED
+CVE-2019-0131 (Insufficient input validation in subsystem in Intel(R) AMT
before vers ...)
NOT-FOR-US: Intel
CVE-2019-0130 (Reflected XSS in web interface for Intel(R) Accelerated Storage
Manage ...)
NOT-FOR-US: Intel
@@ -152465,6 +152480,7 @@ CVE-2017-6317 (Memory leak in the add_shader_program
function in vrend_renderer.
- virglrenderer 0.6.0-1 (bug #858255)
NOTE:
https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4
(0.6.0)
CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf
allows ...)
+ {DLA-2043-1}
- gdk-pixbuf 2.36.11-2 (low; bug #856448)
[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next
update)
@@ -152472,6 +152488,7 @@ CVE-2017-6314 (The make_available_at_least function
in io-tiff.c in gdk-pixbuf a
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
NOTE: Fixed by:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=1e513abdb55529f888233d3c96b27352d83aad5f
CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c
in gdk-p ...)
+ {DLA-2043-1}
- gdk-pixbuf 2.36.11-2 (low; bug #856445)
[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next
update)
@@ -152480,6 +152497,7 @@ CVE-2017-6313 (Integer underflow in the
load_resources function in io-icns.c in
NOTE: Fixed by:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=210b16399a492d05efb209615a143920b24251f4
NOTE: Tests:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4cc39d479356b6b09e3d62a0f3ab424db6c266d8
CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows
context-dependent at ...)
+ {DLA-2043-1}
- gdk-pixbuf 2.36.11-2 (low; bug #856444)
[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next
update)
@@ -163146,6 +163164,7 @@ CVE-2017-2872 (Insufficient security checks exist in
the recovery procedure used
CVE-2017-2871 (Insufficient security checks exist in the recovery procedure
used by t ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the
tiff_image ...)
+ {DLA-2043-1}
- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
NOTE:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
@@ -180782,6 +180801,7 @@ CVE-2016-6905 (The read_image_tga function in
gd_tga.c in the GD Graphics Librar
NOTE: followed by:
https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
NOTE: http://www.openwall.com/lists/oss-security/2016/07/12/4
CVE-2016-6352 (The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3
allows ...)
+ {DLA-2043-1}
- gdk-pixbuf 2.35.4-1 (bug #832496)
[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed along in a
future DSA)
[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
@@ -252070,7 +252090,7 @@ CVE-2014-0085 (JBoss Fuse did not enable encrypted
passwords by default in its u
NOT-FOR-US: Fuse Fabric
CVE-2014-0084 (Ruby gem openshift-origin-node before 2014-02-14 does not
contain a cr ...)
NOT-FOR-US: rubygem-openshift-origin-node
-CVE-2014-0083 (The Ruby net-ldap gem before 0.16.2 uses a weak salt when
generating S ...)
+CVE-2014-0083 (The Ruby net-ldap gem before 0.11 uses a weak salt when
generating SSH ...)
- ruby-net-ldap <not-affected> (SSHA support not present)
NOTE: SSHA support only from version v0.5.0, see #742706
CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in
Ruby on ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9309bf0594b180d23ee7a02abfdede85d3b5d0d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9309bf0594b180d23ee7a02abfdede85d3b5d0d0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
