Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25c56513 by security tracker role at 2019-02-05T20:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2019-7415
+ RESERVED
+CVE-2019-7414
+ RESERVED
+CVE-2019-7413 (In the Parallax Scroll (aka adamrob-parallax-scroll) plugin
before 2.1 ...)
+ TODO: check
+CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress
mishandles ...)
+ TODO: check
+CVE-2019-7411
+ RESERVED
+CVE-2019-7410
+ RESERVED
+CVE-2019-7409
+ RESERVED
+CVE-2019-7408
+ RESERVED
+CVE-2019-7407
+ RESERVED
+CVE-2019-7406
+ RESERVED
+CVE-2019-7405
+ RESERVED
+CVE-2019-7404
+ RESERVED
+CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote
attackers to ...)
+ TODO: check
+CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in
...)
+ TODO: check
+CVE-2019-7401
+ RESERVED
+CVE-2017-1000000
+ RESERVED
+CVE-2014-1000000
+ RESERVED
CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
NOT-FOR-US: Rukovoditel
CVE-2019-7399
@@ -160,8 +194,8 @@ CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a
Cross Site Scripting (XS
TODO: check
CVE-2017-18362 (ConnectWise ManagedITSync integration through 2017 for Kaseya
VSA is ...)
NOT-FOR-US: ConnectWise ManagedITSync
-CVE-2016-1000282
- RESERVED
+CVE-2016-1000282 (Haraka version 2.8.8 and earlier comes with a plugin for
processing ...)
+ TODO: check
CVE-2016-1000276 (Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries
to load ...)
TODO: check, probably a dupe of CVE-2017-1000010
CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla
3.x) / ...)
@@ -1913,10 +1947,10 @@ CVE-2019-6593
RESERVED
CVE-2019-6592
RESERVED
-CVE-2019-6591
- RESERVED
-CVE-2019-6590
- RESERVED
+CVE-2019-6591 (On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0
to ...)
+ TODO: check
+CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under
certain ...)
+ TODO: check
CVE-2019-6589
RESERVED
CVE-2019-6588
@@ -2025,8 +2059,7 @@ CVE-2019-6537
RESERVED
CVE-2019-6536
RESERVED
-CVE-2019-6535
- RESERVED
+CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081
and ...)
NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs
CVE-2019-6534
RESERVED
@@ -8003,8 +8036,7 @@ CVE-2019-3820
CVE-2019-3819 (A flaw was found in the Linux kernel in the function ...)
- linux <unfixed>
NOTE: Proposed patch:
https://marc.info/?l=linux-input&m=154841031101012&w=2
-CVE-2019-3818
- RESERVED
+CVE-2019-3818 (The kube-rbac-proxy container before version 0.4.1 as used in
Red Hat ...)
NOT-FOR-US: kube-rbac-proxy
CVE-2019-3817
RESERVED
@@ -8020,6 +8052,7 @@ CVE-2019-3815 (A memory leak was discovered in the
backport of fixes for ...)
NOTE: specifically the backport of the fix for CVE-2018-16864.
CVE-2019-3814 [Suitable client certificate can be used to login as other user]
RESERVED
+ {DSA-4385-1}
- dovecot 1:2.3.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2019/02/05/1
CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an ...)
@@ -8863,11 +8896,11 @@ CVE-2019-3465
RESERVED
CVE-2019-3464 [prevent popt to load a ~/.popt configuration file, leading to
arbitrary command execution]
RESERVED
- {DSA-4382-1}
+ {DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
CVE-2019-3463 [reject rsync --daemon and --config command-line options;
arbitrary command execution]
RESERVED
- {DSA-4382-1}
+ {DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP
transport ...)
{DSA-4371-1 DLA-1637-1}
@@ -20219,8 +20252,8 @@ CVE-2018-19031
RESERVED
CVE-2018-19030
RESERVED
-CVE-2018-19029
- RESERVED
+CVE-2018-19029 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an
attacker using ...)
+ TODO: check
CVE-2018-19028
RESERVED
CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions
4.50 and ...)
@@ -20273,40 +20306,40 @@ CVE-2018-19004 (LCDS Laquis SCADA prior to version
4.1.0.4150 allows out of boun
NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions
03.03.28C to ...)
NOT-FOR-US: GE Mark
-CVE-2018-19002
- RESERVED
+CVE-2018-19002 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper
control ...)
+ TODO: check
CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The
software ...)
NOT-FOR-US: Philips HealthSuite Health Android App
-CVE-2018-19000
- RESERVED
+CVE-2018-19000 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an
authentication ...)
+ TODO: check
CVE-2018-18999 (WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on
Windows ...)
NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2018-18998
- RESERVED
+CVE-2018-18998 (LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded
...)
+ TODO: check
CVE-2018-18997 (Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and
GATE-E2 ...)
NOT-FOR-US: ABB GATE-E2
-CVE-2018-18996
- RESERVED
+CVE-2018-18996 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in
user ...)
+ TODO: check
CVE-2018-18995 (Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and
GATE-E2 all ...)
NOT-FOR-US: ABB GATE-E2
CVE-2018-18994
RESERVED
CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been
discovered ...)
NOT-FOR-US: CX-One
-CVE-2018-18992
- RESERVED
+CVE-2018-18992 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in
user ...)
+ TODO: check
CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA
WebServer ...)
NOT-FOR-US: SCADA WebServer
-CVE-2018-18990
- RESERVED
+CVE-2018-18990 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows a
user-supplied ...)
+ TODO: check
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66
and ...)
NOT-FOR-US: CX-One
CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution
of ...)
NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program
populating ...)
NOT-FOR-US: VT-Designer
-CVE-2018-18986
- RESERVED
+CVE-2018-18986 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows the
opening of a ...)
+ TODO: check
CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior
to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2,
all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to
4.6.96.28.4 a cross-site scripting vulnerability has been identified that may
allow a remote attacker to inject code to some web pages affecting
confidentiality. ...)
NOT-FOR-US: Tridium Niagara Enterprise
CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer
29901 ...)
@@ -38918,8 +38951,7 @@ CVE-2018-11805
RESERVED
CVE-2018-11804 (Spark's Apache Maven-based build includes a convenience
script, ...)
NOT-FOR-US: Apache Spark
-CVE-2018-11803
- RESERVED
+CVE-2018-11803 (Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0
and ...)
- subversion 1.10.4-1
[stretch] - subversion <not-affected> (Vulnerable code introduced in
1.10.0)
[jessie] - subversion <not-affected> (Vulnerable code introduced in
1.10.0)
@@ -60743,8 +60775,7 @@ CVE-2018-4058
- coturn 4.5.1.0-1
CVE-2018-4057
RESERVED
-CVE-2018-4056
- RESERVED
+CVE-2018-4056 (An exploitable SQL injection vulnerability exists in the
administrator ...)
{DSA-4373-1}
- coturn 4.5.1.0-1
CVE-2018-4055
@@ -120675,16 +120706,16 @@ CVE-2017-1204 (IBM Tealeaf Customer Experience 8.7,
8.8, and 9.0.2 contains ...)
NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch)
Platform and ...)
NOT-FOR-US: IBM
-CVE-2017-1202
- RESERVED
+CVE-2017-1202 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM)
is ...)
+ TODO: check
CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM)
stores ...)
NOT-FOR-US: IBM
-CVE-2017-1200
- RESERVED
+CVE-2017-1200 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM)
does not ...)
+ TODO: check
CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3,
11.4, ...)
NOT-FOR-US: IBM
-CVE-2017-1198
- RESERVED
+CVE-2017-1198 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM)
stores ...)
+ TODO: check
CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate
account ...)
NOT-FOR-US: IBM
CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not
require ...)
@@ -120725,8 +120756,8 @@ CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79
uses weaker than expected
NOT-FOR-US: IBM
CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is
vulnerable ...)
NOT-FOR-US: IBM
-CVE-2017-1177
- RESERVED
+CVE-2017-1177 (IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive
...)
+ TODO: check
CVE-2017-1176 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a
local user ...)
NOT-FOR-US: IBM
CVE-2017-1175 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to
SQL ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25c56513583e13531a6fba97088ef0401e571428
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25c56513583e13531a6fba97088ef0401e571428
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
