Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eabaa114 by security tracker role at 2019-04-17T20:10:32Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-11267
+ RESERVED
+CVE-2019-11266
+ RESERVED
+CVE-2019-11265
+ RESERVED
+CVE-2019-11264
+ RESERVED
+CVE-2019-11263
+ RESERVED
+CVE-2019-11262
+ RESERVED
+CVE-2019-11261
+ RESERVED
+CVE-2019-11260
+ RESERVED
+CVE-2019-11259
+ RESERVED
+CVE-2019-11258
+ RESERVED
+CVE-2019-11257
+ RESERVED
+CVE-2019-11256
+ RESERVED
+CVE-2019-11255
+ RESERVED
+CVE-2019-11254
+ RESERVED
+CVE-2019-11253
+ RESERVED
+CVE-2019-11252
+ RESERVED
+CVE-2019-11251
+ RESERVED
+CVE-2019-11250
+ RESERVED
+CVE-2019-11249
+ RESERVED
+CVE-2019-11248
+ RESERVED
+CVE-2019-11247
+ RESERVED
+CVE-2019-11246
+ RESERVED
+CVE-2019-11245
+ RESERVED
+CVE-2019-11244
+ RESERVED
+CVE-2019-11243
+ RESERVED
CVE-2019-11242
RESERVED
CVE-2019-11241
@@ -667,20 +717,20 @@ CVE-2019-10955
RESERVED
CVE-2019-10954
RESERVED
-CVE-2019-10953
- RESERVED
+CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO -
Programmable ...)
+ TODO: check
CVE-2019-10952
RESERVED
-CVE-2019-10951
- RESERVED
+CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
+ TODO: check
CVE-2019-10950
RESERVED
-CVE-2019-10949
- RESERVED
+CVE-2019-10949 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
+ TODO: check
CVE-2019-10948
RESERVED
-CVE-2019-10947
- RESERVED
+CVE-2019-10947 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
+ TODO: check
CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh
list of ...)
NOT-FOR-US: Joomla!
CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media
Manager com ...)
@@ -1491,12 +1541,12 @@ CVE-2019-10645
RESERVED
CVE-2019-10644 (An issue was discovered in HYBBS 2.2. /?admin/user.html has a
CSRF vul ...)
NOT-FOR-US: HYBBS
-CVE-2019-10643
- RESERVED
-CVE-2019-10642
- RESERVED
-CVE-2019-10641
- RESERVED
+CVE-2019-10643 (Contao 4.7 allows Use of a Key Past its Expiration Date. ...)
+ TODO: check
+CVE-2019-10642 (Contao 4.7 allows CSRF. ...)
+ TODO: check
+CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password
Recovery ...)
+ TODO: check
CVE-2019-10640 [DoS potential for regex in CI/CD refs]
RESERVED
- gitlab <unfixed> (bug #926482)
@@ -3155,8 +3205,8 @@ CVE-2019-9892
RESERVED
CVE-2019-9891
RESERVED
-CVE-2019-9890
- RESERVED
+CVE-2019-9890 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
+ TODO: check
CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the
getSingleIndex funct ...)
NOT-FOR-US: Vanilla Forums
CVE-2019-9888
@@ -4215,8 +4265,8 @@ CVE-2019-9758
RESERVED
CVE-2019-9757
RESERVED
-CVE-2019-9756
- RESERVED
+CVE-2019-9756 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
+ TODO: check
CVE-2019-9755 [heap buffer overflow]
RESERVED
{DSA-4413-1 DLA-1724-1}
@@ -4930,40 +4980,34 @@ CVE-2019-9500 [brcmfmac: assure SSID length from
firmware is limited]
RESERVED
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff (5.1-rc1)
-CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element]
- RESERVED
+CVE-2019-9499 (The implementations of EAP-PWD in wpa_supplicant EAP Peer, when
built ...)
{DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
NOTE: Patches: https://w1.fi/security/2019-4/
-CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element]
- RESERVED
+CVE-2019-9498 (The implementations of EAP-PWD in hostapd EAP Server, when
built again ...)
{DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
NOTE: Patches: https://w1.fi/security/2019-4/
-CVE-2019-9497 [EAP-pwd server not checking for reflection attack]
- RESERVED
+CVE-2019-9497 (The implementations of EAP-PWD in hostapd EAP Server and
wpa_supplican ...)
{DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
NOTE: Patches: https://w1.fi/security/2019-4/
-CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP]
- RESERVED
+CVE-2019-9496 (An invalid authentication sequence could result in the hostapd
process ...)
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
[jessie] - wpa <ignored> (SAE code not enabled for build in jessie)
NOTE:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
NOTE: Patches: https://w1.fi/security/2019-3/
NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
-CVE-2019-9495 [cache attack against EAP-pwd]
- RESERVED
+CVE-2019-9495 (The implementations of EAP-PWD in hostapd and wpa_supplicant
are vulne ...)
{DSA-4430-1}
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
NOTE: Patches: https://w1.fi/security/2019-2/
-CVE-2019-9494 [cache attack against SAE]
- RESERVED
+CVE-2019-9494 (The implementations of SAE in hostapd and wpa_supplicant are
vulnerabl ...)
- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
[jessie] - wpa <ignored> (SAE code not enabled for build in jessie)
@@ -5513,23 +5557,19 @@ CVE-2019-9227 (An issue was discovered in baigo CMS
2.1.1. There is a vulnerabil
NOT-FOR-US: baigo CMS
CVE-2019-9226 (An issue was discovered in baigo CMS 2.1.1. There is a
persistent XSS ...)
NOT-FOR-US: baigo CMS
-CVE-2019-9225 [Issue board name disclosure]
- RESERVED
+CVE-2019-9225 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9224 [Milestone name disclosure]
- RESERVED
+CVE-2019-9224 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9223 [Information disclosure repo existence]
- RESERVED
+CVE-2019-9223 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9222 [Path traversal snippet mover]
- RESERVED
+CVE-2019-9222 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
@@ -5538,20 +5578,17 @@ CVE-2019-9221 [Arbitrary file read via MergeRequestDiff]
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9220 [Issue DoS via Mermaid]
- RESERVED
+CVE-2019-9220 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9219 [Issue board name disclosure]
- RESERVED
+CVE-2019-9219 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9218
RESERVED
-CVE-2019-9217 [NPM automatic package referencer]
- RESERVED
+CVE-2019-9217 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
@@ -5680,47 +5717,39 @@ CVE-2019-9181 (SchoolCMS version 2.3.1 allows file
upload via the logo upload fe
NOT-FOR-US: SchoolCMS
CVE-2019-9180
RESERVED
-CVE-2019-9179 [Private namespace disclosure in email notification when issue
is moved]
- RESERVED
+CVE-2019-9179 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9178 [Private merge request titles in public project information
disclosure]
- RESERVED
+CVE-2019-9178 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9177
RESERVED
-CVE-2019-9176 [CSRF add Kubernetes cluster integration]
- RESERVED
+CVE-2019-9176 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9175 [Burndown chart information disclosure]
- RESERVED
+CVE-2019-9175 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9174 [Blind SSRF in prometheus integration]
- RESERVED
+CVE-2019-9174 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9173
RESERVED
-CVE-2019-9172 [Merge request information disclosure]
- RESERVED
+CVE-2019-9172 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9171 [Milestone name disclosure]
- RESERVED
+CVE-2019-9171 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
-CVE-2019-9170 [IDOR milestone name information disclosure]
- RESERVED
+CVE-2019-9170 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
NOTE:
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
@@ -7517,12 +7546,12 @@ CVE-2019-8457
RESERVED
CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common
conditio ...)
NOT-FOR-US: Check Point
-CVE-2019-8455
- RESERVED
+CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm
up to 1 ...)
+ TODO: check
CVE-2019-8454
RESERVED
-CVE-2019-8453
- RESERVED
+CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062
are ta ...)
+ TODO: check
CVE-2019-8452
RESERVED
CVE-2019-8451
@@ -12018,16 +12047,16 @@ CVE-2019-6581
RESERVED
CVE-2019-6580
RESERVED
-CVE-2019-6579
- RESERVED
+CVE-2019-6579 (A vulnerability has been identified in Spectrum Power™ 4
(with W ...)
+ TODO: check
CVE-2019-6578
RESERVED
CVE-2019-6577
RESERVED
CVE-2019-6576
RESERVED
-CVE-2019-6575
- RESERVED
+CVE-2019-6575 (A vulnerability has been identified in SIMATIC CP443-1 OPC UA
(All ver ...)
+ TODO: check
CVE-2019-6574
RESERVED
CVE-2019-6573
@@ -12036,12 +12065,12 @@ CVE-2019-6572
RESERVED
CVE-2019-6571
RESERVED
-CVE-2019-6570
- RESERVED
+CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
CVE-2019-6569 (A vulnerability has been identified in Scalance X-200 (All
versions), ...)
NOT-FOR-US: Scalance
-CVE-2019-6568
- RESERVED
+CVE-2019-6568 (A vulnerability has been identified in CP1604 (All versions),
CP1616 ( ...)
+ TODO: check
CVE-2019-6567
RESERVED
CVE-2019-6566
@@ -13158,13 +13187,13 @@ CVE-2019-6155
CVE-2019-6154 (A DLL search path vulnerability was reported in Lenovo Bootable
Genera ...)
NOT-FOR-US: Lenovo
CVE-2019-6153
- RESERVED
+ REJECTED
CVE-2019-6152
- RESERVED
+ REJECTED
CVE-2019-6151
- RESERVED
+ REJECTED
CVE-2019-6150
- RESERVED
+ REJECTED
CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo
Dynamic ...)
NOT-FOR-US: Lenovo
CVE-2019-6148
@@ -14448,7 +14477,7 @@ CVE-2019-5675
RESERVED
CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability
when Sh ...)
NOT-FOR-US: NVIDIA GeForce Experience
-CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver
where ...)
+CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver
(on al ...)
NOT-FOR-US: Nvidia Tegra
CVE-2019-5672 (NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux
for Teg ...)
NOT-FOR-US: Nvidia Tegra
@@ -18100,8 +18129,7 @@ CVE-2019-3885
CVE-2019-3884
RESERVED
NOT-FOR-US: atomic-openshift
-CVE-2019-3883 [DoS via hanging secured connections]
- RESERVED
+CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by
workers ...)
- 389-ds-base <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
NOTE: https://pagure.io/389-ds-base/issue/50329
@@ -18446,8 +18474,8 @@ CVE-2019-3800
RESERVED
CVE-2019-3799
RESERVED
-CVE-2019-3798
- RESERVED
+CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to
1.79.0, ...)
+ TODO: check
CVE-2019-3797
RESERVED
CVE-2019-3796
@@ -18625,10 +18653,10 @@ CVE-2019-3711 (RSA Authentication Manager versions
prior to 8.4 P1 contain an In
NOT-FOR-US: RSA
CVE-2019-3710 (Dell Networking OS10 has been updated to address a
vulnerability which ...)
NOT-FOR-US: Dell Networking OS10
-CVE-2019-3709
- RESERVED
-CVE-2019-3708
- RESERVED
+CVE-2019-3709 (IsilonSD Management Server 1.1.0 contains a cross-site
scripting vulne ...)
+ TODO: check
+CVE-2019-3708 (IsilonSD Management Server 1.1.0 contains a cross-site
scripting vulne ...)
+ TODO: check
CVE-2019-3707
RESERVED
CVE-2019-3706
@@ -24303,8 +24331,8 @@ CVE-2019-1986 (In SkSwizzler::onSetSampleX of
SkSwizzler.cpp, there is a possibl
CVE-2019-1985
RESERVED
NOT-FOR-US: Android
-CVE-2018-20028
- RESERVED
+CVE-2018-20028 (Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before
4.6.11 ...)
+ TODO: check
CVE-2018-20027 (The yaml_parse.load method in Pylearn2 allows code injection.
...)
NOT-FOR-US: Pylearn2
CVE-2018-20026 (Improper Communication Address Filtering exists in CODESYS V3
products ...)
@@ -29958,8 +29986,7 @@ CVE-2019-0230
RESERVED
CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC
and cla ...)
- airflow <itp> (bug #819700)
-CVE-2019-0228 [XML External Entity vulnerability]
- RESERVED
+CVE-2019-0228 (Apache PDFBox 2.0.14 does not properly initialize the XML
parser, whic ...)
- libpdfbox2-java <not-affected> (Vulnerable code introduced in 2.0.14)
- libpdfbox-java <not-affected> (Vulnerable code introduced in 2.0.14)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/12/1
@@ -30155,10 +30182,10 @@ CVE-2019-0165
RESERVED
CVE-2019-0164
RESERVED
-CVE-2019-0163
- RESERVED
-CVE-2019-0162
- RESERVED
+CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R)
Broadwel ...)
+ TODO: check
+CVE-2019-0162 (Memory access in virtual memory mapping for some
microprocessors may a ...)
+ TODO: check
CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated
user to ...)
- edk2 0~20180803.dd4cae4d-1 (low)
[stretch] - edk2 <no-dsa> (Minor issue)
@@ -30176,8 +30203,8 @@ CVE-2019-0160 (Buffer overflow in system firmware for
EDK II may allow unauthent
NOTE:
https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
CVE-2019-0159
RESERVED
-CVE-2019-0158
- RESERVED
+CVE-2019-0158 (Insufficient path checking in the installation package for
Intel(R) Gr ...)
+ TODO: check
CVE-2019-0157
RESERVED
CVE-2019-0156
@@ -33459,8 +33486,8 @@ CVE-2018-18096 (Improper memory handling in Intel
QuickAssist Technology for Lin
NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-18095
RESERVED
-CVE-2018-18094
- RESERVED
+CVE-2018-18094 (Improper directory permissions in installer for Intel(R) Media
SDK bef ...)
+ TODO: check
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune
Amplifier 2 ...)
NOT-FOR-US: Intel VTune Amplifier
CVE-2018-18092
@@ -37376,59 +37403,59 @@ CVE-2018-16586 (In Open Ticket Request System (OTRS)
4.0.x before 4.0.32, 5.0.x
NOTE: OTRS 5:
https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7
NOTE: OTRS 4:
https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302
CVE-2018-16584
- RESERVED
+ REJECTED
CVE-2018-16583
- RESERVED
+ REJECTED
CVE-2018-16582
- RESERVED
+ REJECTED
CVE-2018-16581
- RESERVED
+ REJECTED
CVE-2018-16580
- RESERVED
+ REJECTED
CVE-2018-16579
- RESERVED
+ REJECTED
CVE-2018-16578
- RESERVED
+ REJECTED
CVE-2018-16577
- RESERVED
+ REJECTED
CVE-2018-16576
- RESERVED
+ REJECTED
CVE-2018-16575
- RESERVED
+ REJECTED
CVE-2018-16574
- RESERVED
+ REJECTED
CVE-2018-16573
- RESERVED
+ REJECTED
CVE-2018-16572
- RESERVED
+ REJECTED
CVE-2018-16571
- RESERVED
+ REJECTED
CVE-2018-16570
- RESERVED
+ REJECTED
CVE-2018-16569
- RESERVED
+ REJECTED
CVE-2018-16568
- RESERVED
+ REJECTED
CVE-2018-16567
- RESERVED
+ REJECTED
CVE-2018-16566
- RESERVED
+ REJECTED
CVE-2018-16565
- RESERVED
+ REJECTED
CVE-2018-16564
- RESERVED
+ REJECTED
CVE-2018-16563 (A vulnerability has been identified in Firmware variant IEC
61850 for ...)
NOT-FOR-US: Siemens
CVE-2018-16562
- RESERVED
-CVE-2018-16561
- RESERVED
+ REJECTED
+CVE-2018-16561 (A vulnerability has been identified in SIMATIC S7-300 CPUs
(All versio ...)
+ TODO: check
CVE-2018-16560
- RESERVED
-CVE-2018-16559
- RESERVED
-CVE-2018-16558
- RESERVED
+ REJECTED
+CVE-2018-16559 (A vulnerability has been identified in SIMATIC S7-1500 CPU
(All versio ...)
+ TODO: check
+CVE-2018-16558 (A vulnerability has been identified in SIMATIC S7-1500 CPU
(All versio ...)
+ TODO: check
CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl.
F) V6 and ...)
NOT-FOR-US: Siemens
CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl.
F) V6 and ...)
@@ -44576,7 +44603,7 @@ CVE-2018-13818 (** DISPUTED ** Twig before 2.4.4 allows
Server-Side Template Inj
NOTE: it is the repsonsibility of the web applications using Twig to
properly wrap
NOTE: input to it.
CVE-2018-13817
- RESERVED
+ REJECTED
CVE-2018-13816 (A vulnerability has been identified in TIM 1531 IRC (All
version < ...)
NOT-FOR-US: Siemens TIM 1531 IRC Modules
CVE-2018-13815 (A vulnerability has been identified in SIMATIC S7-1200 (All
versions), ...)
@@ -44589,12 +44616,12 @@ CVE-2018-13812 (A vulnerability has been identified
in SIMATIC HMI Comfort Panel
NOT-FOR-US: Siemens
CVE-2018-13811 (A vulnerability has been identified in SIMATIC STEP 7 (TIA
Portal) (Al ...)
NOT-FOR-US: Siemens
-CVE-2018-13810
- RESERVED
-CVE-2018-13809
- RESERVED
-CVE-2018-13808
- RESERVED
+CVE-2018-13810 (A vulnerability has been identified in CP 1604 (All versions
< V2.8 ...)
+ TODO: check
+CVE-2018-13809 (A vulnerability has been identified in CP 1604 (All versions
< V2.8 ...)
+ TODO: check
+CVE-2018-13808 (A vulnerability has been identified in CP 1604 (All versions
< V2.8 ...)
+ TODO: check
CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad
Designer (All ...)
@@ -44604,7 +44631,7 @@ CVE-2018-13805 (A vulnerability has been identified in
SIMATIC ET 200SP Open Con
CVE-2018-13804 (A vulnerability has been identified in SIMATIC IT LMS (All
versions), ...)
NOT-FOR-US: Siemens
CVE-2018-13803
- RESERVED
+ REJECTED
CVE-2018-13802 (A vulnerability has been identified in ROX II (All versions
< V2.12 ...)
NOT-FOR-US: Siemens / ROX II
CVE-2018-13801 (A vulnerability has been identified in ROX II (All versions
< V2.12 ...)
@@ -45533,8 +45560,8 @@ CVE-2018-13380
RESERVED
CVE-2018-13379
RESERVED
-CVE-2018-13378
- RESERVED
+CVE-2018-13378 (An information disclosure vulnerability in Fortinet FortiSIEM
5.2.0 an ...)
+ TODO: check
CVE-2018-13377
RESERVED
CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS
5.6.1 t ...)
@@ -52221,8 +52248,8 @@ CVE-2018-10961
RESERVED
CVE-2018-10960
RESERVED
-CVE-2018-10959
- RESERVED
+CVE-2018-10959 (Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1
has an Un ...)
+ TODO: check
CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a
SIGABRT d ...)
{DSA-4238-1 DLA-1551-1 DLA-1402-1}
- exiv2 0.25-4
@@ -61976,8 +62003,8 @@ CVE-2018-7342
RESERVED
CVE-2018-7341
RESERVED
-CVE-2018-7340
- RESERVED
+CVE-2018-7340 (Duo Network Gateway 1.2.9 and earlier may incorrectly utilize
the resu ...)
+ TODO: check
CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0
mishandles Ent ...)
- mp4v2 <removed> (low; bug #893544)
[stretch] - mp4v2 <no-dsa> (Minor issue)
@@ -69922,7 +69949,7 @@ CVE-2018-4859 (A vulnerability has been identified in
SCALANCE M875 (All version
CVE-2018-4858 (A vulnerability has been identified in IEC 61850 system
configurator ( ...)
NOT-FOR-US: IEC
CVE-2018-4857
- RESERVED
+ REJECTED
CVE-2018-4856 (A vulnerability has been identified in SICLOCK TC100 (All
versions) an ...)
NOT-FOR-US: SICLOCK TC100
CVE-2018-4855 (A vulnerability has been identified in SICLOCK TC100 (All
versions) an ...)
@@ -71825,14 +71852,14 @@ CVE-2018-4009 (An exploitable privilege escalation
vulnerability exists in the S
NOT-FOR-US: Shimo VPN
CVE-2018-4008 (An exploitable privilege escalation vulnerability exists in the
Shimo ...)
NOT-FOR-US: Shimo VPN
-CVE-2018-4007
- RESERVED
-CVE-2018-4006
- RESERVED
-CVE-2018-4005
- RESERVED
-CVE-2018-4004
- RESERVED
+CVE-2018-4007 (An exploitable privilege escalation vulnerability exists in the
Shimo ...)
+ TODO: check
+CVE-2018-4006 (An exploitable privilege escalation vulnerability exists in the
Shimo ...)
+ TODO: check
+CVE-2018-4005 (An exploitable privilege escalation vulnerability exists in the
Shimo ...)
+ TODO: check
+CVE-2018-4004 (An exploitable privilege escalation vulnerability exists in the
Shimo ...)
+ TODO: check
CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the
mdnscap binar ...)
NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4002
@@ -101294,30 +101321,26 @@ CVE-2017-11432
RESERVED
CVE-2017-11431
RESERVED
-CVE-2017-11430
- RESERVED
+CVE-2017-11430 (OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly
utilize the ...)
- ruby-omniauth-saml <not-affected> (The actual vulnerability is in
ruby-saml, which is used by the Debian package)
NOTE: The change in 1.10.0 simply bumps the version requirement
NOTE: https://github.com/omniauth/omniauth-saml/issues/156
NOTE: https://github.com/omniauth/omniauth-saml/pull/157
NOTE:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
NOTE: https://www.kb.cert.org/vuls/id/475445
-CVE-2017-11429
- RESERVED
+CVE-2017-11429 (Clever saml2-js 2.0 and earlier may incorrectly utilize the
results of ...)
NOT-FOR-US: Clever saml2-js
NOTE:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
NOTE: https://nodesecurity.io/advisories/567
NOTE: https://www.kb.cert.org/vuls/id/475445
-CVE-2017-11428
- RESERVED
+CVE-2017-11428 (OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize
the resul ...)
- ruby-saml 1.7.2-1 (bug #892865)
[stretch] - ruby-saml <no-dsa> (Minor issue)
NOTE: fixed in 1.7.0
NOTE:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
NOTE: https://www.kb.cert.org/vuls/id/475445
NOTE:
https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
-CVE-2017-11427
- RESERVED
+CVE-2017-11427 (OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize
the resu ...)
NOT-FOR-US: OneLogin python-saml
NOTE:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
NOTE: https://www.kb.cert.org/vuls/id/475445
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eabaa1149e934b60fe274e046d8576678e2729ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eabaa1149e934b60fe274e046d8576678e2729ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
