Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
272c820a by security tracker role at 2019-02-14T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,54 @@
-CVE-2019-8337 [result of certificate verification was not properly checked if
default value system for tls_trust_file is used]
+CVE-2019-8336
+ RESERVED
+CVE-2019-8335 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS ...)
+ TODO: check
+CVE-2019-8334 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS ...)
+ TODO: check
+CVE-2019-8333
+ RESERVED
+CVE-2019-8332
+ RESERVED
+CVE-2019-8331
+ RESERVED
+CVE-2019-8330
+ RESERVED
+CVE-2019-8329
+ RESERVED
+CVE-2019-8328
+ RESERVED
+CVE-2019-8327
+ RESERVED
+CVE-2019-8326
+ RESERVED
+CVE-2019-8325
+ RESERVED
+CVE-2019-8324
+ RESERVED
+CVE-2019-8323
+ RESERVED
+CVE-2019-8322
+ RESERVED
+CVE-2019-8321
+ RESERVED
+CVE-2019-8320
+ RESERVED
+CVE-2019-8319 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8318 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8317 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8316 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8315 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8314 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8313 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8312 (An issue was discovered on D-Link DIR-878 devices with firmware
1.12A1. ...)
+ TODO: check
+CVE-2019-8337 (In msmtp 1.8.2, when tls_trust_file has its default
configuration, ...)
- msmtp <unfixed>
NOTE:
https://gitlab.marlam.de/marlam/msmtp/commit/a81d0a5126304f9f8b29a75d058044dc67d07663
CVE-2019-8311
@@ -3740,6 +3790,7 @@ CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL
Injection via the ...)
NOT-FOR-US: phpwind
CVE-2019-6690 [improper input validation in gnupg.GPG.encrypt() and
gnupg.GPG.decrypt()]
RESERVED
+ {DLA-1675-1}
- python-gnupg 0.4.4-1
NOTE:
https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
NOTE:
https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
@@ -3946,8 +3997,8 @@ CVE-2019-6591 (On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0
to 13.1.1.3 and 12.1.0 t
NOT-FOR-US: BIG-IP
CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under
certain ...)
NOT-FOR-US: BIG-IP
-CVE-2019-6589
- RESERVED
+CVE-2019-6589 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7,
and ...)
+ TODO: check
CVE-2019-6588
RESERVED
CVE-2019-6587
@@ -4034,12 +4085,12 @@ CVE-2019-6547
RESERVED
CVE-2019-6546
RESERVED
-CVE-2019-6545
- RESERVED
+CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1
SP3 and ...)
+ TODO: check
CVE-2019-6544
RESERVED
-CVE-2019-6543
- RESERVED
+CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1
SP3 and ...)
+ TODO: check
CVE-2019-6542
RESERVED
CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON
...)
@@ -5630,22 +5681,21 @@ CVE-2019-5918
RESERVED
CVE-2019-5917
RESERVED
-CVE-2019-5916
- RESERVED
-CVE-2019-5915
- RESERVED
-CVE-2019-5914
- RESERVED
-CVE-2019-5913
- RESERVED
-CVE-2019-5912
- RESERVED
-CVE-2019-5911
- RESERVED
-CVE-2019-5910
- RESERVED
-CVE-2019-5909
- RESERVED
+CVE-2019-5916 (Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3
and ...)
+ TODO: check
+CVE-2019-5915 (Open redirect vulnerability in OpenAM (Open Source Edition)
13.0 ...)
+ TODO: check
+CVE-2019-5914 (V20 PRO L-01J software version L01J20c and L01J20d has a NULL
pointer ...)
+ TODO: check
+CVE-2019-5913 (Untrusted search path vulnerability in the installer of
LHMelting ...)
+ TODO: check
+CVE-2019-5912 (Untrusted search path vulnerability in the installer of
UNARJ32.DLL ...)
+ TODO: check
+CVE-2019-5911 (Untrusted search path vulnerability in the installer of
UNLHA32.DLL ...)
+ TODO: check
+CVE-2019-5910 (Directory traversal vulnerability in HOUSE GATE App for iOS
1.7.8 and ...)
+ TODO: check
+CVE-2019-5909 (License Manager Service of YOKOGAWA products (CENTUM VP
(R5.01.00 - ...)
NOT-FOR-US: Yokogawa License Manager Service
CVE-2019-5908
RESERVED
@@ -10207,8 +10257,8 @@ CVE-2019-3784
RESERVED
CVE-2019-3783
RESERVED
-CVE-2019-3782
- RESERVED
+CVE-2019-3782 (Cloud Foundry CredHub CLI, versions prior to 2.2.1,
inadvertently ...)
+ TODO: check
CVE-2019-3781
RESERVED
CVE-2019-3780
@@ -10553,8 +10603,8 @@ CVE-2019-3612
RESERVED
CVE-2019-3611
RESERVED
-CVE-2019-3610
- RESERVED
+CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client
in ...)
+ TODO: check
CVE-2019-3609
RESERVED
CVE-2019-3608
@@ -12346,8 +12396,8 @@ CVE-2018-20255
RESERVED
CVE-2018-20254
RESERVED
-CVE-2018-20253
- RESERVED
+CVE-2018-20253 (In WinRAR versions prior to and including 5.60, There is an
...)
+ TODO: check
CVE-2018-20252 (There is an out-of-bounds writes vulnerability during parsing
of ...)
NOT-FOR-US: WinRAR
CVE-2018-20251 (A validation function (in WinRAR code) is being called before
...)
@@ -12376,10 +12426,10 @@ CVE-2018-20240
RESERVED
CVE-2018-20239
RESERVED
-CVE-2018-20238
- RESERVED
-CVE-2018-20237
- RESERVED
+CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7
and ...)
+ TODO: check
+CVE-2018-20237 (Atlassian Confluence Server and Data Center before version
6.13.1 ...)
+ TODO: check
CVE-2018-20236
RESERVED
CVE-2018-20235
@@ -12388,8 +12438,8 @@ CVE-2018-20234
RESERVED
CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin
Manager ...)
NOT-FOR-US: Atlassian
-CVE-2018-20232
- RESERVED
+CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version
7.6.11 and ...)
+ TODO: check
CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the
two-factor-authentication ...)
NOT-FOR-US: two-factor-authentication plugin for WordPress
CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based
buffer ...)
@@ -12619,8 +12669,8 @@ CVE-2018-20167 (Terminology before 1.3.1 allows Remote
Code Execution because po
NOTE:
https://git.enlightenment.org/apps/terminology.git/commit/?id=1ac204da9148e7bccb1b5f34b523e2094dfc39e2
CVE-2018-20165
RESERVED
-CVE-2018-20164
- RESERVED
+CVE-2018-20164 (An issue was discovered in regex.yaml (aka regexes.yaml) in
UA-Parser ...)
+ TODO: check
CVE-2018-20163
RESERVED
CVE-2018-20162
@@ -22390,8 +22440,8 @@ CVE-2018-19010 (Drager Infinity Delta, Infinity Delta,
all versions, Delta XL, a
NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19009 (Pilz PNOZmulti Configurator prior to version 10.9 allows an
...)
NOT-FOR-US: Pilz PNOZmulti Configurator
-CVE-2018-19008
- RESERVED
+CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions
2.0.7.05 and ...)
+ TODO: check
CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to
1.12.0.25 the ...)
NOT-FOR-US: Geutebrueck cameras
CVE-2018-19006
@@ -29716,10 +29766,10 @@ CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR
(Aterm WF1200CR firmware Ver1.
NOT-FOR-US: Aterm firmware
CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE
3.0.1, ...)
NOT-FOR-US: EC-CUBE
-CVE-2018-16190
- RESERVED
-CVE-2018-16189
- RESERVED
+CVE-2018-16190 (Untrusted search path vulnerability in UNARJ32.DLL for Win32,
...)
+ TODO: check
+CVE-2018-16189 (Untrusted search path vulnerability in Self-Extracting
Archives ...)
+ TODO: check
CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive
Whiteboard D2200 ...)
NOT-FOR-US: RICOH
CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500
V1.3 to ...)
@@ -30791,8 +30841,8 @@ CVE-2018-15783
REJECTED
CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager
versions prior ...)
NOT-FOR-US: RSA
-CVE-2018-15781
- RESERVED
+CVE-2018-15781 (The Dell Wyse Password Encoder in ThinLinux2 versions prior to
...)
+ TODO: check
CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper
access ...)
NOT-FOR-US: RSA Archer
CVE-2018-15779
@@ -36776,10 +36826,10 @@ CVE-2018-13405 (The inode_init_owner function in
fs/inode.c in the Linux kernel
- linux 4.17.6-1
NOTE:
https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
-CVE-2018-13404
- RESERVED
-CVE-2018-13403
- RESERVED
+CVE-2018-13404 (The VerifyPopServerConnection resource in Atlassian Jira
before ...)
+ TODO: check
+CVE-2018-13403 (The two-dimensional filter statistics gadget in Atlassian Jira
before ...)
+ TODO: check
CVE-2018-13402 (Many resources in Atlassian Jira before version 7.6.9, from
version ...)
NOT-FOR-US: Atlassian
CVE-2018-13401 (The XsrfErrorAction resource in Atlassian Jira before version
7.6.9, ...)
@@ -39428,8 +39478,8 @@ CVE-2018-12411 (The administrative daemon (tibdgadmind)
of TIBCO Software Inc.'s
NOT-FOR-US: TIBCO
CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire
Statistics ...)
NOT-FOR-US: TIBCO
-CVE-2018-12409
- RESERVED
+CVE-2018-12409 (The SOAP Admin API component of TIBCO Software Inc.'s TIBCO
Silver ...)
+ TODO: check
CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s
TIBCO ...)
NOT-FOR-US: TIBCO
CVE-2018-12407
@@ -49063,7 +49113,7 @@ CVE-2018-8845 (In Advantech WebAccess versions
V8.2_20170817 and prior, WebAcces
NOT-FOR-US: Advantech
CVE-2018-8844 (Philips e-Alert Unit (non-medical device), Version R2.1 and
prior. The ...)
NOT-FOR-US: Philips
-CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains
a use ...)
+CVE-2018-8843 (Rockwell Automation Arena versions 15.10.00 and prior contains
a use ...)
NOT-FOR-US: Rockwell
CVE-2018-8842 (Philips e-Alert Unit (non-medical device), Version R2.1 and
prior. The ...)
NOT-FOR-US: Philips
@@ -56663,18 +56713,15 @@ CVE-2018-6273
RESERVED
CVE-2018-6272
RESERVED
-CVE-2018-6271
- RESERVED
+CVE-2018-6271 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability
in ...)
NOT-FOR-US: NVIDIA component for Android
CVE-2018-6270
RESERVED
CVE-2018-6269
RESERVED
-CVE-2018-6268
- RESERVED
+CVE-2018-6268 (NVIDIA Tegra library contains a vulnerability in
libnvmmlite_video.so, ...)
NOT-FOR-US: NVIDIA component for Android
-CVE-2018-6267
- RESERVED
+CVE-2018-6267 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability
in ...)
NOT-FOR-US: NVIDIA component for Android
CVE-2018-6266 (NVIDIA GeForce Experience contains a vulnerability in all
versions ...)
NOT-FOR-US: NVIDIA GeForce Experience
@@ -73801,8 +73848,8 @@ CVE-2018-0698 (Cross-site scripting vulnerability in
GROWI v3.2.3 and earlier al
NOT-FOR-US: GROWI
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3
and ...)
NOT-FOR-US: Metabase
-CVE-2018-0696
- RESERVED
+CVE-2018-0696 (OpenAM (Open Source Edition) 13.0 and later does not properly
manage ...)
+ TODO: check
CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN)
Version ...)
NOT-FOR-US: User-friendly SVN
CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute
arbitrary ...)
@@ -81267,7 +81314,7 @@ CVE-2017-15107 (A vulnerability was found in the
implementation of DNSSEC in Dns
CVE-2017-15106
RESERVED
CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...)
- {DLA-1264-1}
+ {DLA-1676-1 DLA-1264-1}
- unbound 1.7.1-1 (bug #887733)
[stretch] - unbound 1.6.0-3+deb9u2
NOTE: https://unbound.net/downloads/CVE-2017-15105.txt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/272c820ac718efcf4139a30f998e8fe566dfe938
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/272c820ac718efcf4139a30f998e8fe566dfe938
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
