[Git][security-tracker-team/security-tracker][master] automatic update

Mon, 23 Dec 2019 12:11:11 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de0dfaa4 by security tracker role at 2019-12-23T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in 
mms/asn1/ber_decode.c ...)
+       TODO: check
 CVE-2019-19943
        RESERVED
 CVE-2019-19942
@@ -964,8 +966,7 @@ CVE-2019-19810
        RESERVED
 CVE-2019-19809
        RESERVED
-CVE-2019-3467 [kadm5.acl should set proper rights for users]
-       RESERVED
+CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of 
configuration fi ...)
        {DSA-4589-1 DLA-2041-1}
        - debian-edu-config 2.11.10 (bug #946797)
 CVE-2019-19808
@@ -5968,8 +5969,7 @@ CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest -  
incomplete fix for TAA
        - linux <not-affected> (Only affects specific distro kernels which do 
not include commit e1d38b63acd8)
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/10/3
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1
-CVE-2019-19337
-       RESERVED
+CVE-2019-19337 (A flaw was found in Red Hat Ceph Storage version 3 in the way 
the Ceph ...)
        - ceph <not-affected> (Only affects Ceph as packaged by Red Hat)
 CVE-2019-19336
        RESERVED
@@ -6488,10 +6488,10 @@ CVE-2019-19153
        RESERVED
 CVE-2019-19152
        RESERVED
-CVE-2019-19151
-       RESERVED
-CVE-2019-19150
-       RESERVED
+CVE-2019-19151 (On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 
13.1.0-13.1.3.2, 12 ...)
+       TODO: check
+CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 
13.1.0-13.1 ...)
+       TODO: check
 CVE-2019-19149
        RESERVED
 CVE-2019-19148
@@ -10733,20 +10733,18 @@ CVE-2019-18393 (PluginServlet.java in Ignite Realtime 
Openfire through 4.4.2 doe
        NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-18392
        RESERVED
-CVE-2019-18391 [heap based buffer overflow in the 
vrend_renderer_transfer_write_iov function]
-       RESERVED
+CVE-2019-18391 (A heap-based buffer overflow in the 
vrend_renderer_transfer_write_iov  ...)
        - virglrenderer 0.8.1-1 (bug #946942)
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
-CVE-2019-18390
-       RESERVED
-CVE-2019-18389 [heap buffer overflow in the vrend_renderer_transfer_write_iov 
function]
-       RESERVED
+CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function 
in vrend ...)
+       TODO: check
+CVE-2019-18389 (A heap-based buffer overflow in the 
vrend_renderer_transfer_write_iov  ...)
        - virglrenderer 0.8.1-1 (bug #946942)
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
-CVE-2019-18388
-       RESERVED
+CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in 
virglrenderer throug ...)
+       TODO: check
 CVE-2019-18387 (Sourcecodester Hotel and Lodge Management System 1.0 is 
vulnerable to  ...)
        NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
 CVE-2019-18386
@@ -11091,8 +11089,8 @@ CVE-2019-18236
        RESERVED
 CVE-2019-18235
        RESERVED
-CVE-2019-18234
-       RESERVED
+CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL 
injection ...)
+       TODO: check
 CVE-2019-18233
        RESERVED
 CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 
7.101(only ...)
@@ -13536,8 +13534,7 @@ CVE-2019-17565
        RESERVED
 CVE-2019-17564
        RESERVED
-CVE-2019-17563 [Session fixation]
-       RESERVED
+CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 
9.0.29,  ...)
        - tomcat9 <unfixed>
        - tomcat8 <removed>
        - tomcat7 <removed>
@@ -29707,8 +29704,7 @@ CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a 
message can be crafted in
        NOTE: https://svn.apache.org/r1866128
 CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the 
components that ...)
        NOT-FOR-US: Apache CFX
-CVE-2019-12418 [local privilege escalation]
-       RESERVED
+CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 
and 7.0. ...)
        - tomcat9 <unfixed>
        - tomcat8 <removed>
        - tomcat7 <removed>
@@ -41815,8 +41811,8 @@ CVE-2019-8465
        RESERVED
 CVE-2019-8464
        RESERVED
-CVE-2019-8463
-       RESERVED
+CVE-2019-8463 (A denial of service vulnerability was reported in Check Point 
Endpoint ...)
+       TODO: check
 CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before 
JHF Tak ...)
        NOT-FOR-US: Check Point R80.30 Security Gateway
 CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before 
versio ...)
@@ -46197,32 +46193,32 @@ CVE-2018-1000997 (A path traversal vulnerability 
exists in the Stapler web frame
        NOT-FOR-US: Jenkins
 CVE-2019-6689 (An issue was discovered in Dillon Kane Tidal Workload 
Automation Agent ...)
        NOT-FOR-US: Dillon Kane Tidal Workload Automation Agent
-CVE-2019-6688
-       RESERVED
-CVE-2019-6687
-       RESERVED
-CVE-2019-6686
-       RESERVED
-CVE-2019-6685
-       RESERVED
-CVE-2019-6684
-       RESERVED
-CVE-2019-6683
-       RESERVED
-CVE-2019-6682
-       RESERVED
-CVE-2019-6681
-       RESERVED
-CVE-2019-6680
-       RESERVED
-CVE-2019-6679
-       RESERVED
-CVE-2019-6678
-       RESERVED
-CVE-2019-6677
-       RESERVED
-CVE-2019-6676
-       RESERVED
+CVE-2019-6688 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 
14.0.0-14.0.1, 13 ...)
+       TODO: check
+CVE-2019-6687 (On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security 
Services pr ...)
+       TODO: check
+CVE-2019-6686 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 
14.0.0-14.0.1, 13.1 ...)
+       TODO: check
+CVE-2019-6685 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 
14.0.0-14.0.1, 13 ...)
+       TODO: check
+CVE-2019-6684 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 
12.1.0- ...)
+       TODO: check
+CVE-2019-6683 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 
13.1.0-13 ...)
+       TODO: check
+CVE-2019-6682 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 
12.1.0- ...)
+       TODO: check
+CVE-2019-6681 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 
14.0.0-14.0.1, 13.1 ...)
+       TODO: check
+CVE-2019-6680 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 
13.1.0 ...)
+       TODO: check
+CVE-2019-6679 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 
14.0.0.5-14.0.1,  ...)
+       TODO: check
+CVE-2019-6678 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 
14.0.0-14.0.1, and  ...)
+       TODO: check
+CVE-2019-6677 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 
13.1.0 ...)
+       TODO: check
+CVE-2019-6676 (On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 
13.1.0-13.1.3.1, TMM m ...)
+       TODO: check
 CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client 
Certific ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2019-6674 (On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may 
crash  ...)
@@ -49845,8 +49841,8 @@ CVE-2019-5278 (There is an out-of-bounds read 
vulnerability in the Advanced Pack
        NOT-FOR-US: Huawei
 CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information 
leak v ...)
        NOT-FOR-US: Huawei
-CVE-2019-5276
-       RESERVED
+CVE-2019-5276 (Huawei smart phones with earlier versions than ELLE-AL00B 
9.1.0.222(C0 ...)
+       TODO: check
 CVE-2019-5275
        RESERVED
 CVE-2019-5274
@@ -49863,12 +49859,12 @@ CVE-2019-5269 (Some Huawei home routers have an 
improper authorization vulnerabi
        NOT-FOR-US: Huawei
 CVE-2019-5268 (Some Huawei home routers have an input validation 
vulnerability. Due t ...)
        NOT-FOR-US: Huawei
-CVE-2019-5267
-       RESERVED
-CVE-2019-5266
-       RESERVED
-CVE-2019-5265
-       RESERVED
+CVE-2019-5267 (Huawei OceanStor SNS3096 V100R002C01 have an information 
disclosure vu ...)
+       TODO: check
+CVE-2019-5266 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone 
has an  ...)
+       TODO: check
+CVE-2019-5265 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone 
has an  ...)
+       TODO: check
 CVE-2019-5264 (There is an information disclosure vulnerability in certain 
Huawei sma ...)
        NOT-FOR-US: Huawei
 CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) 
and ear ...)
@@ -50193,8 +50189,8 @@ CVE-2019-5110 (Exploitable SQL injection 
vulnerabilities exist in the authentica
        NOT-FOR-US: Forma LMS
 CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the 
authenticated  ...)
        NOT-FOR-US: Forma LMS
-CVE-2019-5108
-       RESERVED
+CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the 
Linux ker ...)
+       TODO: check
 CVE-2019-5107
        RESERVED
 CVE-2019-5106
@@ -54099,12 +54095,12 @@ CVE-2019-3433
        RESERVED
 CVE-2019-3432
        RESERVED
-CVE-2019-3431
-       RESERVED
-CVE-2019-3430
-       RESERVED
-CVE-2019-3429
-       RESERVED
+CVE-2019-3431 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP 
product h ...)
+       TODO: check
+CVE-2019-3430 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP 
product h ...)
+       TODO: check
+CVE-2019-3429 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP 
product h ...)
+       TODO: check
 CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted 
by a c ...)
        NOT-FOR-US: ZTE
 CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted 
by a c ...)
@@ -116496,7 +116492,7 @@ CVE-2017-17306 (Some Huawei Smartphones with software 
of VNS-L21AUTC555B141, VNS
        NOT-FOR-US: Huawei
 CVE-2017-17305 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; 
USG2220BSR ...)
        NOT-FOR-US: Huawei
-CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; 
V500R002C00B010; V500R ...)
+CVE-2017-17304 (The CIDAM Protocol on some Huawei Products has multiple input 
validati ...)
        NOT-FOR-US: Huawei
 CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; 
V500R002C0 ...)
        NOT-FOR-US: Huawei
@@ -116764,11 +116760,11 @@ CVE-2017-17172 (Huawei smart phones LYO-L21 with 
software LYO-L21C479B107, LYO-L
        NOT-FOR-US: Huawei
 CVE-2017-17171 (Some Huawei smart phones have the denial of service (DoS) 
vulnerabilit ...)
        NOT-FOR-US: Huawei
-CVE-2017-17170 (The CIDAM Protocol on Huawei DP300 V500R002C00; 
V500R002C00B010; V500R ...)
+CVE-2017-17170 (The CIDAM Protocol on some Huawei Products has multiple input 
validati ...)
        NOT-FOR-US: Huawei
-CVE-2017-17169 (The CIDAM Protocol on Huawei DP300 V500R002C00; 
V500R002C00B010; V500R ...)
+CVE-2017-17169 (The CIDAM Protocol on some Huawei Products has multiple input 
validati ...)
        NOT-FOR-US: Huawei
-CVE-2017-17168 (The CIDAM Protocol on Huawei DP300 V500R002C00; 
V500R002C00B010; V500R ...)
+CVE-2017-17168 (The CIDAM Protocol on some Huawei Products has multiple input 
validati ...)
        NOT-FOR-US: Huawei
 CVE-2017-17167 (Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 
V100R011C ...)
        NOT-FOR-US: Huawei



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de0dfaa410595316848dbfa21b7d39fbb3d0e2d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de0dfaa410595316848dbfa21b7d39fbb3d0e2d5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to