Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc0fdecf by security tracker role at 2019-05-15T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-12102
+ RESERVED
+CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles
certain ...)
+ TODO: check
+CVE-2019-12100
+ RESERVED
+CVE-2019-12099 (In PHP-Fusion 9.03.00, edit_profile.php allows remote
authenticated us ...)
+ TODO: check
+CVE-2019-12098
+ RESERVED
+CVE-2019-12097
+ RESERVED
+CVE-2019-12096
+ RESERVED
+CVE-2019-12095
+ RESERVED
+CVE-2019-12094
+ RESERVED
CVE-2019-12093
RESERVED
CVE-2019-12092
@@ -405,6 +423,7 @@ CVE-2019-11891
RESERVED
CVE-2019-12046 [lemonldap-ng tokens allows anonymous session when stored in
session DB]
RESERVED
+ {DSA-4446-1}
- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
CVE-2019-11890
@@ -534,6 +553,7 @@ CVE-2019-11833
CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote
code execut ...)
NOT-FOR-US: Typo3
CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x
before 2.1 ...)
+ {DSA-4445-1}
- drupal7 <removed> (bug #928688)
NOTE: https://www.drupal.org/SA-CORE-2019-007
CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka
phar-stream-wrap ...)
@@ -1600,8 +1620,8 @@ CVE-2019-11399
RESERVED
CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS
2019.2 a ...)
NOT-FOR-US: UliCMS
-CVE-2019-11397
- RESERVED
+CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application
Builder 4.5M. ...)
+ TODO: check
CVE-2019-11396
RESERVED
CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers
to execu ...)
@@ -1770,8 +1790,8 @@ CVE-2019-11330
RESERVED
CVE-2019-11329
RESERVED
-CVE-2019-11328
- RESERVED
+CVE-2019-11328 (An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a
malicious ...)
+ TODO: check
CVE-2019-11327
RESERVED
CVE-2019-11326
@@ -2052,12 +2072,12 @@ CVE-2019-11208
RESERVED
CVE-2019-11207
RESERVED
-CVE-2019-11206
- RESERVED
-CVE-2019-11205
- RESERVED
-CVE-2019-11204
- RESERVED
+CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
+ TODO: check
+CVE-2019-11205 (The web server component of TIBCO Software Inc.'s TIBCO
Spotfire Analy ...)
+ TODO: check
+CVE-2019-11204 (The web interface component of TIBCO Software Inc.'s TIBCO
Spotfire St ...)
+ TODO: check
CVE-2019-11203 (The workspace client, openspace client, app development
client, and RE ...)
NOT-FOR-US: TIBCO
CVE-2019-11202
@@ -2287,6 +2307,7 @@ CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
RESERVED
+ {DSA-4444-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
@@ -2712,24 +2733,24 @@ CVE-2019-10926
RESERVED
CVE-2019-10925
RESERVED
-CVE-2019-10924
- RESERVED
+CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All
version ...)
+ TODO: check
CVE-2019-10923
RESERVED
-CVE-2019-10922
- RESERVED
-CVE-2019-10921
- RESERVED
-CVE-2019-10920
- RESERVED
-CVE-2019-10919
- RESERVED
-CVE-2019-10918
- RESERVED
-CVE-2019-10917
- RESERVED
-CVE-2019-10916
- RESERVED
+CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
+ TODO: check
+CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All
versions). Unenc ...)
+ TODO: check
+CVE-2019-10920 (A vulnerability has been identified in LOGO!8 BM (All
versions). Proje ...)
+ TODO: check
+CVE-2019-10919 (A vulnerability has been identified in LOGO!8 BM (All
versions). Attac ...)
+ TODO: check
+CVE-2019-10918 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
+ TODO: check
+CVE-2019-10917 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
+ TODO: check
+CVE-2019-10916 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
+ TODO: check
CVE-2019-10915
RESERVED
CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside
Secure T ...)
@@ -14124,20 +14145,20 @@ CVE-2019-6580
RESERVED
CVE-2019-6579 (A vulnerability has been identified in Spectrum Power 4 (with
Web Offi ...)
NOT-FOR-US: Spectrum Power
-CVE-2019-6578
- RESERVED
-CVE-2019-6577
- RESERVED
-CVE-2019-6576
- RESERVED
+CVE-2019-6578 (A vulnerability has been identified in SINAMICS PERFECT HARMONY
GH180 ...)
+ TODO: check
+CVE-2019-6577 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
+ TODO: check
+CVE-2019-6576 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
+ TODO: check
CVE-2019-6575 (A vulnerability has been identified in SIMATIC CP443-1 OPC UA
(All ver ...)
NOT-FOR-US: Siemens
-CVE-2019-6574
- RESERVED
+CVE-2019-6574 (A vulnerability has been identified in SINAMICS PERFECT HARMONY
GH180 ...)
+ TODO: check
CVE-2019-6573
RESERVED
-CVE-2019-6572
- RESERVED
+CVE-2019-6572 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
+ TODO: check
CVE-2019-6571
RESERVED
CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
@@ -21140,8 +21161,8 @@ CVE-2019-3570
RESERVED
CVE-2019-3569
RESERVED
-CVE-2019-3568
- RESERVED
+CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed
remote ...)
+ TODO: check
CVE-2019-3567
RESERVED
CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would
potentially allo ...)
@@ -31194,14 +31215,14 @@ CVE-2019-0303
RESERVED
CVE-2019-0302
RESERVED
-CVE-2019-0301
- RESERVED
+CVE-2019-0301 (Under certain conditions, it is possible to request the
modification o ...)
+ TODO: check
CVE-2019-0300
RESERVED
CVE-2019-0299
RESERVED
-CVE-2019-0298
- RESERVED
+CVE-2019-0298 (SAP E-Commerce (Business-to-Consumer) application does not
sufficientl ...)
+ TODO: check
CVE-2019-0297
RESERVED
CVE-2019-0296
@@ -31210,20 +31231,20 @@ CVE-2019-0295
RESERVED
CVE-2019-0294
RESERVED
-CVE-2019-0293
- RESERVED
+CVE-2019-0293 (Read of RFC destination does not always perform necessary
authorizatio ...)
+ TODO: check
CVE-2019-0292
RESERVED
-CVE-2019-0291
- RESERVED
+CVE-2019-0291 (Under certain conditions Solution Manager, version 7.2, allows
an atta ...)
+ TODO: check
CVE-2019-0290
RESERVED
-CVE-2019-0289
- RESERVED
+CVE-2019-0289 (Under certain conditions SAP BusinessObjects Business
Intelligence pla ...)
+ TODO: check
CVE-2019-0288
RESERVED
-CVE-2019-0287
- RESERVED
+CVE-2019-0287 (Under certain conditions SAP BusinessObjects Business
Intelligence pla ...)
+ TODO: check
CVE-2019-0286
RESERVED
CVE-2019-0285 (The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual
Studio ( ...)
@@ -31236,8 +31257,8 @@ CVE-2019-0282 (Several web pages in SAP NetWeaver
Process Integration (Runtime W
NOT-FOR-US: SAP
CVE-2019-0281
RESERVED
-CVE-2019-0280
- RESERVED
+CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04,
6.05, 6. ...)
+ TODO: check
CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST,
INST_CREATE_TCPIP ...)
NOT-FOR-US: SAP
CVE-2019-0278 (Under certain conditions the Monitoring Servlet of the SAP
NetWeaver P ...)
@@ -39385,8 +39406,8 @@ CVE-2018-16658 (An issue was discovered in the Linux
kernel before 4.18.6. An in
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
-CVE-2018-16656
- RESERVED
+CVE-2018-16656 (DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and
6002i devic ...)
+ TODO: check
CVE-2018-16655 (Gxlcms 1.0 has XSS via the PATH_INFO to
gx/lib/ThinkPHP/Tpl/ThinkExcep ...)
NOT-FOR-US: Gxlcms
CVE-2018-16654 (Zurmo 3.2.4 Stable allows XSS via
app/index.php/accounts/default/detai ...)
@@ -43886,8 +43907,8 @@ CVE-2018-14841
RESERVED
CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it
does not ...)
NOT-FOR-US: Subrion CMS
-CVE-2018-14839
- RESERVED
+CVE-2018-14839 (LG N1A1 NAS 3718.510 is affected by: Remote Command Execution.
The imp ...)
+ TODO: check
CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content
parameter. ...)
NOT-FOR-US: rejucms
CVE-2018-14837 (Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated
by a ?/a ...)
@@ -51193,6 +51214,7 @@ CVE-2018-12131 (Permissions in the driver pack
installers for Intel NVMe before
NOT-FOR-US: Intel
CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
RESERVED
+ {DSA-4444-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
@@ -51205,6 +51227,7 @@ CVE-2018-12128
RESERVED
CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
RESERVED
+ {DSA-4444-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
@@ -51213,6 +51236,7 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port
Data Sampling]
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
+ {DSA-4444-1}
- intel-microcode <unfixed>
- linux 4.19.37-2
- xen <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc0fdecff8378e7e565ce7f617483d580ce6c339
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc0fdecff8378e7e565ce7f617483d580ce6c339
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
