[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 04 Dec 2019 00:11:36 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3c77997f by security tracker role at 2019-12-04T08:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,44 @@
-CVE-2019-19543 [media: serial_ir: Fix use-after-free in serial_ir_init_module]
+CVE-2020-1974
+       RESERVED
+CVE-2020-1973
+       RESERVED
+CVE-2020-1972
+       RESERVED
+CVE-2020-1971
+       RESERVED
+CVE-2020-1970
+       RESERVED
+CVE-2020-1969
+       RESERVED
+CVE-2020-1968
+       RESERVED
+CVE-2020-1967
+       RESERVED
+CVE-2020-1966
+       RESERVED
+CVE-2020-1965
+       RESERVED
+CVE-2019-19550
+       RESERVED
+CVE-2019-19549
+       RESERVED
+CVE-2019-19548
+       RESERVED
+CVE-2019-19547
+       RESERVED
+CVE-2019-19546
+       RESERVED
+CVE-2019-19545
+       RESERVED
+CVE-2019-19544
+       RESERVED
+CVE-2019-19542
+       RESERVED
+CVE-2019-19541
+       RESERVED
+CVE-2019-19540
+       RESERVED
+CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in 
serial_ ...)
        - linux 5.2.6-1
        [buster] - linux 4.19.67-1
        NOTE: 
https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb
@@ -764,8 +804,8 @@ CVE-2019-19384 (A cross-site scripting (XSS) vulnerability 
in app/fax/fax_log_vi
        NOT-FOR-US: FusionPBX
 CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a 
crafted ...)
        TODO: check
-CVE-2019-19382
-       RESERVED
+CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions 
on the  ...)
+       TODO: check
 CVE-2019-19381
        RESERVED
 CVE-2019-19380
@@ -1926,10 +1966,10 @@ CVE-2019-18995
        RESERVED
 CVE-2019-18994
        RESERVED
-CVE-2019-18993
-       RESERVED
-CVE-2019-18992
-       RESERVED
+CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name 
field to th ...)
+       TODO: check
+CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the 
cgi-bin/luci/a ...)
+       TODO: check
 CVE-2019-18991
        RESERVED
 CVE-2019-18990
@@ -5090,8 +5130,8 @@ CVE-2019-18576
        RESERVED
 CVE-2019-18575
        RESERVED
-CVE-2019-18574
-       RESERVED
+CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 
contain a ...)
+       TODO: check
 CVE-2019-18573
        RESERVED
 CVE-2019-18572
@@ -10336,8 +10376,8 @@ CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting 
Address controls a subse
        NOT-FOR-US: IrfanView
 CVE-2019-16886
        RESERVED
-CVE-2019-16885
-       RESERVED
+CVE-2019-16885 (In OkayCMS through 2.3.4, an unauthenticated attacker can 
achieve remo ...)
+       TODO: check
 CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce 
and other ...)
        - runc 1.0.0~rc9+dfsg1-1 (bug #942026)
        - golang-github-opencontainers-selinux <unfixed> (bug #942027)
@@ -21688,8 +21728,7 @@ CVE-2019-13458 (An issue was discovered in Open Ticket 
Request System (OTRS) 7.0
        NOTE: OTRS 5.0: 
https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2
 CVE-2019-13457
        RESERVED
-CVE-2019-13456
-       RESERVED
+CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 
EAP-pwd h ...)
        - freeradius 3.0.17+dfsg-1.1
        [stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by 
default)
        [jessie] - freeradius <not-affected> (Vulnerable code added later)
@@ -31361,8 +31400,8 @@ CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON 
routers with firmware 1.03-002
        NOT-FOR-US: DASAN
 CVE-2019-9973
        RESERVED
-CVE-2019-10013
-       RESERVED
+CVE-2019-10013 (The asn1_signature function in asn1.c in Cameron Hamilton-Rich 
axTLS t ...)
+       TODO: check
 CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows 
remote at ...)
        NOT-FOR-US: Jenzabar
 CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka 
Internet Campu ...)
@@ -33145,8 +33184,8 @@ CVE-2019-9691
        RESERVED
 CVE-2019-9690
        RESERVED
-CVE-2019-9689
-       RESERVED
+CVE-2019-9689 (process_certificate in tls1.c in Cameron Hamilton-Rich axTLS 
through 2 ...)
+       TODO: check
 CVE-2019-9688 (sftnow through 2018-12-29 allows 
index.php?g=Admin&amp;m=User&amp;a=ad ...)
        NOT-FOR-US: sftnow
 CVE-2019-9687 (PoDoFo 0.9.6 has a heap-based buffer overflow in 
PdfString::ConvertUTF ...)
@@ -44979,15 +45018,13 @@ CVE-2019-5166
        RESERVED
 CVE-2019-5165
        RESERVED
-CVE-2019-5164 [shadowsocks-libev TALOS-2019-0958]
-       RESERVED
+CVE-2019-5164 (An exploitable code execution vulnerability exists in the 
ss-manager b ...)
        - shadowsocks-libev 3.3.3+ds-2
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
        NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2537
        NOTE: Mitigation: Using a unix socket with ss-manager via 
--manager-socket.
        NOTE: Exposing ss-manager to pubic is always dangerous.
-CVE-2019-5163
-       RESERVED
+CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the 
UDPRelay  ...)
        - shadowsocks-libev 3.3.3+ds-2
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956
        NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
@@ -45049,10 +45086,10 @@ CVE-2019-5135
        RESERVED
 CVE-2019-5134
        RESERVED
-CVE-2019-5133
-       RESERVED
-CVE-2019-5132
-       RESERVED
+CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
+       TODO: check
+CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
+       TODO: check
 CVE-2019-5131
        RESERVED
 CVE-2019-5130
@@ -45091,14 +45128,14 @@ CVE-2019-5114 (An exploitable SQL injection 
vulnerability exists in the authenti
        NOT-FOR-US: YouPHPTube
 CVE-2019-5113
        RESERVED
-CVE-2019-5112
-       RESERVED
-CVE-2019-5111
-       RESERVED
-CVE-2019-5110
-       RESERVED
-CVE-2019-5109
-       RESERVED
+CVE-2019-5112 (Exploitable SQL injection vulnerability exists in the 
authenticated po ...)
+       TODO: check
+CVE-2019-5111 (Exploitable SQL injection vulnerability exists in the 
authenticated po ...)
+       TODO: check
+CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the 
authenticated p ...)
+       TODO: check
+CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the 
authenticated  ...)
+       TODO: check
 CVE-2019-5108
        RESERVED
 CVE-2019-5107
@@ -45121,10 +45158,10 @@ CVE-2019-5099 (An exploitable integer underflow 
vulnerability exists in the CMP-
        NOT-FOR-US: LEADTOOLS
 CVE-2019-5098
        RESERVED
-CVE-2019-5097
-       RESERVED
-CVE-2019-5096
-       RESERVED
+CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of 
multi-pa ...)
+       TODO: check
+CVE-2019-5096 (An exploitable code execution vulnerability exists in the 
processing o ...)
+       TODO: check
 CVE-2019-5095 (An issue summary information disclosure vulnerability exists in 
Atlass ...)
        NOT-FOR-US: Atlassian
 CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota 
file f ...)
@@ -45156,8 +45193,8 @@ CVE-2019-5085
        RESERVED
 CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in 
the TI ...)
        NOT-FOR-US: LEADTOOLS
-CVE-2019-5083
-       RESERVED
+CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
+       TODO: check
 CVE-2019-5082
        RESERVED
 CVE-2019-5081
@@ -45170,8 +45207,8 @@ CVE-2019-5078
        RESERVED
 CVE-2019-5077
        RESERVED
-CVE-2019-5076
-       RESERVED
+CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
+       TODO: check
 CVE-2019-5075
        RESERVED
 CVE-2019-5074
@@ -48210,10 +48247,10 @@ CVE-2019-3752
        RESERVED
 CVE-2019-3751 (Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 
1.1, 2.0 ...)
        NOT-FOR-US: EMC
-CVE-2019-3750
-       RESERVED
-CVE-2019-3749
-       RESERVED
+CVE-2019-3750 (Dell Command Update versions prior to 3.1 contain an Arbitrary 
File De ...)
+       TODO: check
+CVE-2019-3749 (Dell Command Update versions prior to 3.1 contain an Arbitrary 
File De ...)
+       TODO: check
 CVE-2019-3748
        RESERVED
 CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 
2.3 co ...)
@@ -175781,8 +175818,7 @@ CVE-2016-1000022
        NOTE: https://nodesecurity.io/advisories/106
        NOTE: 
https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc
        NOTE: nodejs not covered by security support
-CVE-2016-1000021
-       RESERVED
+CVE-2016-1000021 (An issue exists in node-cli 0.1.0 through 0.11.3 due to 
predictable te ...)
        - node-cli <removed> (unimportant)
        NOTE: https://nodesecurity.io/advisories/95
        NOTE: nodejs not covered by security support
@@ -178254,8 +178290,7 @@ CVE-2016-1000108
        [jessie] - yaws 1.98-4+deb8u1
        [wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future 
DSA)
        NOTE: 
https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
-CVE-2016-1000104
-       RESERVED
+CVE-2016-1000104 (A security Bypass vulnerability exists in mod_fcgid through 
2016-07-07 ...)
        NOTE: libapache2-mod-fcgid does not set HTTP_PROXY based on Proxy: 
header unless
        NOTE: explicitly configured so and mitigations for Apache in 
CVE-2016-5387 prevent
        NOTE: exploitation anyway
@@ -199226,8 +199261,7 @@ CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and 
earlier do not properly creat
        - kdelibs <removed>
        - arts <removed>
        NOTE: 
https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c
-CVE-2015-7542 [libgwenhywfar uses outdated bundled CA certificates]
-       RESERVED
+CVE-2015-7542 (An issue exists in libgwenhywfar through 4.12.0 due to the 
usage of ou ...)
        {DLA-469-1}
        - libgwenhywfar 4.12.0beta-3 (bug #748955; medium)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503
@@ -241475,8 +241509,7 @@ CVE-2013-7329 (The CGI::Application module before 
4.50_50 and 4.50_51 for Perl,
        [wheezy] - libcgi-application-perl <no-dsa> (Minor issue)
        [squeeze] - libcgi-application-perl <no-dsa> (Minor issue)
        NOTE: suggested fix https://github.com/markstos/CGI--Application/pull/15
-CVE-2013-7325
-       RESERVED
+CVE-2013-7325 (An issue exists in uscan in devscripts before 2.13.19, which 
could let ...)
        {DSA-2836-1}
        - devscripts 2.13.9
        [squeeze] - devscripts <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c77997f5c4f17b82a5b59c54c56851e4ec07434

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c77997f5c4f17b82a5b59c54c56851e4ec07434
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to