Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49f6c52d by security tracker role at 2019-05-01T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-11644
+ RESERVED
+CVE-2019-11643
+ RESERVED
+CVE-2019-11642
+ RESERVED
+CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid
fingerpri ...)
+ TODO: check
+CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a
heap-based buf ...)
+ TODO: check
+CVE-2019-11639 (An issue was discovered in GNU recutils 1.8. There is a
stack-based bu ...)
+ TODO: check
+CVE-2019-11638 (An issue was discovered in GNU recutils 1.8. There is a NULL
pointer d ...)
+ TODO: check
+CVE-2019-11637 (An issue was discovered in GNU recutils 1.8. There is a NULL
pointer d ...)
+ TODO: check
+CVE-2019-11636 (Zcash 2.x allows an inexpensive approach to "fill all
transactions of ...)
+ TODO: check
+CVE-2019-11635
+ RESERVED
+CVE-2019-11634
+ RESERVED
+CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by
attackers becaus ...)
+ TODO: check
+CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0
through 2019. ...)
+ TODO: check
+CVE-2015-9287
+ RESERVED
CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated administrators to
execute arb ...)
- moodle <removed>
CVE-2019-11630
@@ -91,6 +119,7 @@ CVE-2018-20824
CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before
0.7.3 ha ...)
NOT-FOR-US: NodeBB
CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1
contains an un ...)
+ {DLA-1773-1}
- signing-party 2.10-1 (bug #928256)
[stretch] - signing-party <no-dsa> (Will be fixed via point release)
NOTE:
https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
@@ -1632,12 +1661,12 @@ CVE-2019-10956
RESERVED
CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A,
All Versi ...)
NOT-FOR-US: Rockwell Automation
-CVE-2019-10954
- RESERVED
+CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a
denial-of-servi ...)
+ TODO: check
CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO -
Programmable ...)
NOT-FOR-US: Programmable Logic Controllers of various vendors
-CVE-2019-10952
- RESERVED
+CVE-2019-10952 (An attacker could send a crafted HTTP/HTTPS request to render
the web ...)
+ TODO: check
CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
NOT-FOR-US: Delta Electronics
CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions
CR-IR 357 F ...)
@@ -13055,8 +13084,8 @@ CVE-2019-6564
RESERVED
CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with
an MD5 ...)
NOT-FOR-US: Moxa
-CVE-2019-6562
- RESERVED
+CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the
softwa ...)
+ TODO: check
CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and
EDS, wh ...)
NOT-FOR-US: Moxa
CVE-2019-6560
@@ -18358,8 +18387,8 @@ CVE-2019-4260
RESERVED
CVE-2019-4259
RESERVED
-CVE-2019-4258
- RESERVED
+CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard
Edition is vu ...)
+ TODO: check
CVE-2019-4257
RESERVED
CVE-2019-4256
@@ -19542,7 +19571,7 @@ CVE-2019-3793 (Pivotal Apps Manager Release, versions
665.0.x prior to 665.0.28,
CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is
vulnerable to ...)
NOT-FOR-US: Pivotal
CVE-2019-3791
- RESERVED
+ REJECTED
CVE-2019-3790
RESERVED
CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0,
contains ...)
@@ -32727,7 +32756,7 @@ CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1
tissot_sprout:8.1.0/OPM1
NOT-FOR-US: Xiaomi Mi A1 devices
CVE-2018-18697
RESERVED
-CVE-2018-18696 (main.aspx in Microstrategy Analytics 10.4.0026.0049 and
earlier has CS ...)
+CVE-2018-18696 (** DISPUTED ** main.aspx in Microstrategy Analytics
10.4.0026.0049 and ...)
NOT-FOR-US: Microstrategy Analytics
CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow
with Extend ...)
NOT-FOR-US: M2SOFT Report Designer Viewer
@@ -35675,7 +35704,7 @@ CVE-2018-17608 (Foxit PhantomPDF and Reader before 9.3
allow remote attackers to
CVE-2018-17607 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers
to execu ...)
NOT-FOR-US: Foxit
CVE-2018-17606
- RESERVED
+ REJECTED
CVE-2018-17605 (An issue was discovered in the Asset Pipeline plugin before
3.0.4 for ...)
NOT-FOR-US: Grails plugin
CVE-2018-17604
@@ -78926,8 +78955,8 @@ CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could
allow an authenticated us
NOT-FOR-US: IBM
CVE-2018-1934
RESERVED
-CVE-2018-1933
- RESERVED
+CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to
cross-site s ...)
+ TODO: check
CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a
vulnerability ...)
NOT-FOR-US: IBM
CVE-2018-1931
@@ -79576,8 +79605,8 @@ CVE-2018-1610 (IBM Rational DOORS Next Generation 5.0
through 5.0.2 and 6.0 thro
NOT-FOR-US: IBM
CVE-2018-1609
RESERVED
-CVE-2018-1608
- RESERVED
+CVE-2018-1608 (IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6
uses weak ...)
+ TODO: check
CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and
6.0 th ...)
NOT-FOR-US: IBM
CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative
Lifecycle Mana ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/49f6c52de9f61ee685316981c614c93b6fe47c48
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/49f6c52de9f61ee685316981c614c93b6fe47c48
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
