Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac1598e6 by security tracker role at 2019-10-10T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2019-17487
+ RESERVED
+CVE-2019-17486
+ RESERVED
+CVE-2019-17485
+ RESERVED
+CVE-2019-17484
+ RESERVED
+CVE-2019-17483
+ RESERVED
+CVE-2019-17482
+ RESERVED
+CVE-2019-17481
+ RESERVED
+CVE-2019-17480
+ RESERVED
+CVE-2019-17479
+ RESERVED
+CVE-2019-17478
+ RESERVED
+CVE-2019-17477
+ RESERVED
+CVE-2019-17476
+ RESERVED
+CVE-2019-17475
+ RESERVED
+CVE-2019-17474
+ RESERVED
+CVE-2019-17473
+ RESERVED
+CVE-2019-17472
+ RESERVED
+CVE-2019-17471
+ RESERVED
+CVE-2019-17470
+ RESERVED
+CVE-2019-17469
+ RESERVED
+CVE-2019-17468
+ RESERVED
+CVE-2019-17467
+ RESERVED
+CVE-2019-17466
+ RESERVED
+CVE-2019-17465
+ RESERVED
+CVE-2019-17464
+ RESERVED
+CVE-2019-17463
+ RESERVED
+CVE-2019-17462
+ RESERVED
+CVE-2019-17461
+ RESERVED
+CVE-2019-17460
+ RESERVED
+CVE-2019-17459
+ RESERVED
+CVE-2019-17458
+ RESERVED
+CVE-2019-17457
+ RESERVED
+CVE-2019-17456
+ RESERVED
+CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for
tSmbNtlmAuthRequ ...)
+ TODO: check
+CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in
AP4_Descriptor::GetTa ...)
+ TODO: check
+CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in
AP4_DescriptorListWri ...)
+ TODO: check
+CVE-2019-17452 (Bento4 1.5.1.0 has a NULL pointer dereference in
AP4_DescriptorListIns ...)
+ TODO: check
+CVE-2019-17451 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
+ TODO: check
+CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File
Descriptor (BFD) ...)
+ TODO: check
+CVE-2019-17449 (Avira Software Updater before 2.0.6.21094 allows a DLL
side-loading at ...)
+ TODO: check
+CVE-2019-17448
+ RESERVED
+CVE-2019-17447
+ RESERVED
+CVE-2019-17446
+ RESERVED
+CVE-2019-17445
+ RESERVED
+CVE-2019-17444
+ RESERVED
+CVE-2019-17443
+ RESERVED
+CVE-2019-17442
+ RESERVED
+CVE-2019-17441
+ RESERVED
+CVE-2019-17440
+ RESERVED
+CVE-2019-17439
+ RESERVED
+CVE-2019-17438
+ RESERVED
+CVE-2019-17437
+ RESERVED
+CVE-2019-17436
+ RESERVED
+CVE-2019-17435
+ RESERVED
+CVE-2019-17434 (LavaLite through 5.7 has XSS via a crafted account name that
is mishan ...)
+ TODO: check
+CVE-2019-17433 (z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the
Roles s ...)
+ TODO: check
+CVE-2019-17432 (An issue was discovered in fastadmin 1.0.0.20190705_beta.
There is a p ...)
+ TODO: check
+CVE-2019-17431 (An issue was discovered in fastadmin 1.0.0.20190705_beta.
There is a p ...)
+ TODO: check
+CVE-2019-17430 (EyouCms through 2019-07-11 has XSS related to the login.php
web_record ...)
+ TODO: check
+CVE-2019-17429 (Adhouma CMS through 2019-10-09 has SQL Injection via the
post.php p_id ...)
+ TODO: check
+CVE-2015-9480 (The RobotCPA plugin 5 for WordPress has directory traversal via
the f. ...)
+ TODO: check
+CVE-2015-9479 (The ACF-Frontend-Display plugin through 2015-07-03 for
WordPress has a ...)
+ TODO: check
+CVE-2015-9478 (prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. ...)
+ TODO: check
+CVE-2015-9477 (The Vernissage theme 1.2.8 for WordPress has insufficient
restrictions ...)
+ TODO: check
+CVE-2015-9476 (The Teardrop theme 1.8.1 for WordPress has insufficient
restrictions o ...)
+ TODO: check
+CVE-2015-9475 (The Pont theme 1.5 for WordPress has insufficient restrictions
on opti ...)
+ TODO: check
+CVE-2015-9474 (The Simpolio theme 1.3.2 for WordPress has insufficient
restrictions o ...)
+ TODO: check
+CVE-2015-9473 (The estrutura-basica theme through 2015-09-13 for WordPress has
direct ...)
+ TODO: check
+CVE-2015-9472 (The incoming-links plugin before 0.9.10b for WordPress has
referrers.p ...)
+ TODO: check
+CVE-2015-9471 (The dzs-zoomsounds plugin through 2.0 for WordPress has
admin/upload.p ...)
+ TODO: check
+CVE-2015-9470 (The history-collection plugin through 1.1.1 for WordPress has
director ...)
+ TODO: check
+CVE-2015-9469 (The content-grabber plugin 1.0 for WordPress has XSS via
obj_field_nam ...)
+ TODO: check
+CVE-2015-9468 (The broken-link-manager plugin 0.4.5 for WordPress has XSS via
the pag ...)
+ TODO: check
+CVE-2015-9467 (The broken-link-manager plugin before 0.5.0 for WordPress has
wpslDelU ...)
+ TODO: check
+CVE-2015-9466 (The wti-like-post plugin before 1.4.3 for WordPress has
WtiLikePostPro ...)
+ TODO: check
+CVE-2015-9465 (The yet-another-stars-rating plugin before 0.9.1 for WordPress
has yas ...)
+ TODO: check
+CVE-2015-9464 (The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for
WordPr ...)
+ TODO: check
+CVE-2015-9463 (The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress
has di ...)
+ TODO: check
+CVE-2015-9462 (The awesome-filterable-portfolio plugin before 1.9 for
WordPress has a ...)
+ TODO: check
+CVE-2015-9461 (The awesome-filterable-portfolio plugin before 1.9 for
WordPress has a ...)
+ TODO: check
+CVE-2015-9460 (The booking-system plugin before 2.1 for WordPress has
DOPBSPBackEndTr ...)
+ TODO: check
+CVE-2015-9459 (The searchterms-tagging-2 plugin through 1.535 for WordPress
has XSS v ...)
+ TODO: check
+CVE-2015-9458 (The searchterms-tagging-2 plugin through 1.535 for WordPress
has SQL i ...)
+ TODO: check
+CVE-2015-9457 (The pretty-link plugin before 1.6.8 for WordPress has
PrliLinksControl ...)
+ TODO: check
CVE-2019-17428
RESERVED
CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent
XSS exists ...)
@@ -59,7 +225,7 @@ CVE-2019-17403
RESERVED
CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in
Exiv2::getULong in ...)
TODO: check
-CVE-2019-17401 (libyal liblnk 20191006 has a heap-based buffer over-read in
the networ ...)
+CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer
over-rea ...)
- liblnk <unfixed> (low)
[buster] - liblnk <no-dsa> (Minor issue)
[jessie] - liblnk <no-dsa> (Minor issue)
@@ -207,8 +373,8 @@ CVE-2019-17322
RESERVED
CVE-2019-17321
RESERVED
-CVE-2019-17320
- RESERVED
+CVE-2019-17320 (NetSarang XFTP Client 6.0149 and earlier version contains a
buffer ove ...)
+ TODO: check
CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL
injection in the ...)
NOT-FOR-US: SugarCRM
CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL
injection in the ...)
@@ -325,7 +491,7 @@ CVE-2019-17266 (libsoup from versions 2.65.1 until 2.68.1
have a heap-based buff
NOTE: https://gitlab.gnome.org/GNOME/libsoup/issues/173 (private)
CVE-2019-17265
RESERVED
-CVE-2019-17264 (In libyal liblnk before 20191006,
liblnk_location_information_read_dat ...)
+CVE-2019-17264 (** DISPUTED ** In libyal liblnk before 20191006,
liblnk_location_infor ...)
- liblnk <unfixed> (low)
[buster] - liblnk <no-dsa> (Minor issue)
[stretch] - liblnk <no-dsa> (Minor issue)
@@ -740,12 +906,12 @@ CVE-2019-17074 (An issue was discovered in XunRuiCMS
4.3.1. There is a stored XS
NOT-FOR-US: XunRuiCMS
CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to
delete ar ...)
NOT-FOR-US: emlog
-CVE-2019-17072
- RESERVED
-CVE-2019-17071
- RESERVED
-CVE-2019-17070
- RESERVED
+CVE-2019-17072 (The new-contact-form-widget (aka Contact Form Widget - Contact
Query, ...)
+ TODO: check
+CVE-2019-17071 (The client-dash (aka Client Dash) plugin 2.1.4 for WordPress
allows XS ...)
+ TODO: check
+CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin
1.0.5 for ...)
+ TODO: check
CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a
denial o ...)
- putty 0.73-1 (unimportant)
NOTE:
https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
@@ -3021,7 +3187,7 @@ CVE-2019-16230 (drivers/gpu/drm/radeon/radeon_display.c
in the Linux kernel 5.2.
NOTE: https://lkml.org/lkml/2019/9/9/487
NOTE: Requires memory allocation failure during device probe, so
unlikely to
NOTE: be exploitable, and then it's only a local DoS.
-CVE-2019-16229 (drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel
5.2.14 ...)
+CVE-2019-16229 (** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in
the Linux ...)
- linux <unfixed> (unimportant)
NOTE: https://lkml.org/lkml/2019/9/9/487
NOTE: Requires memory allocation failure during device probe, so
unlikely to
@@ -7229,8 +7395,8 @@ CVE-2019-14811 (A flaw was found in, ghostscript versions
prior to 9.28, in the
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated
starting
NOTE: from
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
-CVE-2019-14810
- RESERVED
+CVE-2019-14810 (A vulnerability has been found in the implementation of the
Label Dist ...)
+ TODO: check
CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8
mishandles malfo ...)
{DSA-4503-1}
- golang-1.13 1.13~beta1-3 (bug #934954)
@@ -7332,6 +7498,7 @@ CVE-2019-14775
RESERVED
CVE-2019-12625 [clamav zip DoS]
RESERVED
+ {DLA-1953-1}
- clamav 0.101.4+dfsg-1 (bug #934359)
[buster] - clamav 0.101.4+dfsg-0+deb10u1
[stretch] - clamav 0.101.4+dfsg-0+deb9u1
@@ -10145,8 +10312,8 @@ CVE-2019-13931
RESERVED
CVE-2019-13930
RESERVED
-CVE-2019-13929
- RESERVED
+CVE-2019-13929 (A vulnerability has been identified in SIMATIC IT UADM (All
versions & ...)
+ TODO: check
CVE-2019-13928
RESERVED
CVE-2019-13927
@@ -10161,8 +10328,8 @@ CVE-2019-13923 (A vulnerability has been identified in
IE/WSN-PA Link WirelessHA
NOT-FOR-US: Siemens
CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
NOT-FOR-US: Siemens
-CVE-2019-13921
- RESERVED
+CVE-2019-13921 (A vulnerability has been identified in SIMATIC WinAC RTX (F)
2010 (All ...)
+ TODO: check
CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
NOT-FOR-US: Siemens
CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
@@ -13825,7 +13992,7 @@ CVE-2019-12902 (Pydio Cells before 1.5.0 does
incomplete cleanup of a user's dat
CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements,
allowing ...)
NOT-FOR-US: Pydio Cells (relates to Pydio product)
CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bo ...)
- {DLA-1833-1}
+ {DLA-1953-1 DLA-1833-1}
- bzip2 1.0.6-9.1 (bug #930886)
[stretch] - bzip2 <no-dsa> (Not exploitable; potential dangerous parts
already guarded)
- clamav 0.101.4+dfsg-1 (bug #934359)
@@ -17551,8 +17718,8 @@ CVE-2019-11528
RESERVED
CVE-2019-11527
RESERVED
-CVE-2019-11526
- RESERVED
+CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A
maintenance sc ...)
+ TODO: check
CVE-2019-11525
RESERVED
CVE-2019-11524
@@ -19109,8 +19276,8 @@ CVE-2019-10938 (A vulnerability has been identified in
Ethernet plug-in communic
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5
devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All
version ...)
NOT-FOR-US: SIMATIC TDC CP51M1
-CVE-2019-10936
- RESERVED
+CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation
Kits for ...)
+ TODO: check
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
NOT-FOR-US: Siemens
CVE-2019-10934
@@ -19135,8 +19302,8 @@ CVE-2019-10925 (A vulnerability has been identified in
SIMATIC Ident MV420 famil
NOT-FOR-US: Siemens
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All
version ...)
NOT-FOR-US: Siemens
-CVE-2019-10923
- RESERVED
+CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions
< V2.8) ...)
+ TODO: check
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
NOT-FOR-US: Siemens
CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All
versions). Unenc ...)
@@ -34299,8 +34466,8 @@ CVE-2019-5537
RESERVED
CVE-2019-5536
RESERVED
-CVE-2019-5535
- RESERVED
+CVE-2019-5535 (VMware Workstation and Fusion contain a network
denial-of-service vuln ...)
+ TODO: check
CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5
U3 and ...)
NOT-FOR-US: VMware
CVE-2019-5533
@@ -34315,8 +34482,8 @@ CVE-2019-5529
RESERVED
CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service
vulnerability i ...)
NOT-FOR-US: VMware
-CVE-2019-5527
- RESERVED
+CVE-2019-5527 (ESXi, Workstation, Fusion, VMRC and Horizon Client contain a
use-after ...)
+ TODO: check
CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL
hijacking issue ...)
NOT-FOR-US: VMware
CVE-2019-5525 (VMware Workstation (15.x before 15.1.0) contains a
use-after-free vuln ...)
@@ -37032,8 +37199,8 @@ CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1
Backup-Archive Client is vul
NOT-FOR-US: IBM
CVE-2019-4266
RESERVED
-CVE-2019-4265
- RESERVED
+CVE-2019-4265 (IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not
have devic ...)
+ TODO: check
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to
obtain sen ...)
NOT-FOR-US: IBM
CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file
inclusion, all ...)
@@ -46650,52 +46817,52 @@ CVE-2019-1380
RESERVED
CVE-2019-1379
RESERVED
-CVE-2019-1378
- RESERVED
+CVE-2019-1378 (An elevation of privilege vulnerability exists in Windows 10
Update As ...)
+ TODO: check
CVE-2019-1377
RESERVED
-CVE-2019-1376
- RESERVED
-CVE-2019-1375
- RESERVED
+CVE-2019-1376 (An information disclosure vulnerability exists in Microsoft SQL
Server ...)
+ TODO: check
+CVE-2019-1375 (A cross site scripting vulnerability exists when Microsoft
Dynamics 36 ...)
+ TODO: check
CVE-2019-1374
RESERVED
CVE-2019-1373
RESERVED
-CVE-2019-1372
- RESERVED
-CVE-2019-1371
- RESERVED
+CVE-2019-1372 (An remote code execution vulnerability exists when Azure App
Service/ ...)
+ TODO: check
+CVE-2019-1371 (A remote code execution vulnerability exists when Internet
Explorer im ...)
+ TODO: check
CVE-2019-1370
RESERVED
-CVE-2019-1369
- RESERVED
-CVE-2019-1368
- RESERVED
+CVE-2019-1369 (An information disclosure vulnerability exists when affected
Open Encl ...)
+ TODO: check
+CVE-2019-1368 (A security feature bypass exists when Windows Secure Boot
improperly r ...)
+ TODO: check
CVE-2019-1367 (A remote code execution vulnerability exists in the way that
the scrip ...)
NOT-FOR-US: Microsoft
-CVE-2019-1366
- RESERVED
-CVE-2019-1365
- RESERVED
-CVE-2019-1364
- RESERVED
-CVE-2019-1363
- RESERVED
-CVE-2019-1362
- RESERVED
-CVE-2019-1361
- RESERVED
+CVE-2019-1366 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
+CVE-2019-1365 (An elevation of privilege vulnerability exists when Microsoft
IIS Serv ...)
+ TODO: check
+CVE-2019-1364 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1363 (An information disclosure vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2019-1362 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1361 (An information disclosure vulnerability exists in the way that
Microso ...)
+ TODO: check
CVE-2019-1360
RESERVED
-CVE-2019-1359
- RESERVED
-CVE-2019-1358
- RESERVED
-CVE-2019-1357
- RESERVED
-CVE-2019-1356
- RESERVED
+CVE-2019-1359 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
+ TODO: check
+CVE-2019-1358 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
+ TODO: check
+CVE-2019-1357 (A spoofing vulnerability exists when Microsoft Browsers
improperly han ...)
+ TODO: check
+CVE-2019-1356 (An information disclosure vulnerability exists when Microsoft
Edge bas ...)
+ TODO: check
CVE-2019-1355
RESERVED
CVE-2019-1354
@@ -46712,88 +46879,88 @@ CVE-2019-1349
RESERVED
CVE-2019-1348
RESERVED
-CVE-2019-1347
- RESERVED
-CVE-2019-1346
- RESERVED
-CVE-2019-1345
- RESERVED
-CVE-2019-1344
- RESERVED
-CVE-2019-1343
- RESERVED
-CVE-2019-1342
- RESERVED
-CVE-2019-1341
- RESERVED
-CVE-2019-1340
- RESERVED
-CVE-2019-1339
- RESERVED
-CVE-2019-1338
- RESERVED
-CVE-2019-1337
- RESERVED
-CVE-2019-1336
- RESERVED
-CVE-2019-1335
- RESERVED
-CVE-2019-1334
- RESERVED
-CVE-2019-1333
- RESERVED
+CVE-2019-1347 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
+CVE-2019-1346 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
+CVE-2019-1345 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-1344 (An information disclosure vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2019-1343 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
+CVE-2019-1342 (An elevation of privilege vulnerability exists when Windows
Error Repo ...)
+ TODO: check
+CVE-2019-1341 (An elevation of privilege vulnerability exists when umpo.dll of
the Po ...)
+ TODO: check
+CVE-2019-1340 (An elevation of privilege vulnerability exists in Windows AppX
Deploym ...)
+ TODO: check
+CVE-2019-1339 (An elevation of privilege vulnerability exists when Windows
Error Repo ...)
+ TODO: check
+CVE-2019-1338 (A security feature bypass vulnerability exists in Microsoft
Windows wh ...)
+ TODO: check
+CVE-2019-1337 (An information disclosure vulnerability exists when Windows
Update Cli ...)
+ TODO: check
+CVE-2019-1336 (An elevation of privilege vulnerability exists in the Microsoft
Window ...)
+ TODO: check
+CVE-2019-1335 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
+CVE-2019-1334 (An information disclosure vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-1333 (A remote code execution vulnerability exists in the Windows
Remote Des ...)
+ TODO: check
CVE-2019-1332
RESERVED
-CVE-2019-1331
- RESERVED
-CVE-2019-1330
- RESERVED
-CVE-2019-1329
- RESERVED
-CVE-2019-1328
- RESERVED
-CVE-2019-1327
- RESERVED
-CVE-2019-1326
- RESERVED
-CVE-2019-1325
- RESERVED
+CVE-2019-1331 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
+CVE-2019-1330 (An elevation of privilege vulnerability exists in Microsoft
SharePoint ...)
+ TODO: check
+CVE-2019-1329 (An elevation of privilege vulnerability exists when Microsoft
SharePoi ...)
+ TODO: check
+CVE-2019-1328 (A spoofing vulnerability exists when Microsoft SharePoint
Server does ...)
+ TODO: check
+CVE-2019-1327 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
+CVE-2019-1326 (A denial of service vulnerability exists in Remote Desktop
Protocol (R ...)
+ TODO: check
+CVE-2019-1325 (An elevation of privilege vulnerability exists in the Windows
redirect ...)
+ TODO: check
CVE-2019-1324
RESERVED
-CVE-2019-1323
- RESERVED
-CVE-2019-1322
- RESERVED
-CVE-2019-1321
- RESERVED
-CVE-2019-1320
- RESERVED
-CVE-2019-1319
- RESERVED
-CVE-2019-1318
- RESERVED
-CVE-2019-1317
- RESERVED
-CVE-2019-1316
- RESERVED
-CVE-2019-1315
- RESERVED
-CVE-2019-1314
- RESERVED
-CVE-2019-1313
- RESERVED
+CVE-2019-1323 (An elevation of privilege vulnerability exists in the Microsoft
Window ...)
+ TODO: check
+CVE-2019-1322 (An elevation of privilege vulnerability exists when Windows
improperly ...)
+ TODO: check
+CVE-2019-1321 (An elevation of privilege vulnerability exists when Windows
CloudStore ...)
+ TODO: check
+CVE-2019-1320 (An elevation of privilege vulnerability exists when Windows
improperly ...)
+ TODO: check
+CVE-2019-1319 (An elevation of privilege vulnerability exists in Windows Error
Report ...)
+ TODO: check
+CVE-2019-1318 (A spoofing vulnerability exists when Transport Layer Security
(TLS) ac ...)
+ TODO: check
+CVE-2019-1317 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
+CVE-2019-1316 (An elevation of privilege vulnerability exists in Microsoft
Windows Se ...)
+ TODO: check
+CVE-2019-1315 (An elevation of privilege vulnerability exists when Windows
Error Repo ...)
+ TODO: check
+CVE-2019-1314 (A security feature bypass vulnerability exists in Windows 10
Mobile wh ...)
+ TODO: check
+CVE-2019-1313 (An information disclosure vulnerability exists in Microsoft SQL
Server ...)
+ TODO: check
CVE-2019-1312
RESERVED
-CVE-2019-1311
- RESERVED
+CVE-2019-1311 (A remote code execution vulnerability exists when the Windows
Imaging ...)
+ TODO: check
CVE-2019-1310
RESERVED
CVE-2019-1309
RESERVED
-CVE-2019-1308
- RESERVED
-CVE-2019-1307
- RESERVED
+CVE-2019-1308 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
+CVE-2019-1307 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
CVE-2019-1306 (A remote code execution vulnerability exists when Azure DevOps
Server ...)
NOT-FOR-US: Microsoft
CVE-2019-1305 (A Cross-site Scripting (XSS) vulnerability exists when Team
Foundation ...)
@@ -46928,10 +47095,10 @@ CVE-2019-1241 (A remote code execution vulnerability
exists when the Windows Jet
NOT-FOR-US: Microsoft
CVE-2019-1240 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
NOT-FOR-US: Microsoft
-CVE-2019-1239
- RESERVED
-CVE-2019-1238
- RESERVED
+CVE-2019-1239 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2019-1238 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
CVE-2019-1237 (A remote code execution vulnerability exists in the way that
the Chakr ...)
NOT-FOR-US: Microsoft
CVE-2019-1236 (A remote code execution vulnerability exists in the way that
the VBScr ...)
@@ -46946,8 +47113,8 @@ CVE-2019-1232 (An elevation of privilege vulnerability
exists when the Diagnosti
NOT-FOR-US: Microsoft
CVE-2019-1231 (An information disclosure vulnerability exists in the way Rome
SDK han ...)
NOT-FOR-US: Microsoft
-CVE-2019-1230
- RESERVED
+CVE-2019-1230 (An information disclosure vulnerability exists when the Windows
Hyper- ...)
+ TODO: check
CVE-2019-1229 (An elevation of privilege vulnerability exists in Dynamics
On-Premise ...)
NOT-FOR-US: Microsoft
CVE-2019-1228 (An information disclosure vulnerability exists when the Windows
kernel ...)
@@ -47074,8 +47241,8 @@ CVE-2019-1168 (An elevation of privilege exists in the
p2pimsvc service where an
NOT-FOR-US: Microsoft
CVE-2019-1167 (A security feature bypass vulnerability exists in Windows
Defender App ...)
NOT-FOR-US: Microsoft
-CVE-2019-1166
- RESERVED
+CVE-2019-1166 (A tampering vulnerability exists in Microsoft Windows when a
man-in-th ...)
+ TODO: check
CVE-2019-1165
RESERVED
CVE-2019-1164 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
@@ -47268,8 +47435,8 @@ CVE-2019-1072 (A remote code execution vulnerability
exists when Azure DevOps Se
NOT-FOR-US: Microsoft
CVE-2019-1071 (An information disclosure vulnerability exists when the Windows
kernel ...)
NOT-FOR-US: Microsoft
-CVE-2019-1070
- RESERVED
+CVE-2019-1070 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
CVE-2019-1069 (An elevation of privilege vulnerability exists in the way the
Task Sch ...)
NOT-FOR-US: Microsoft
CVE-2019-1068 (A remote code execution vulnerability exists in Microsoft SQL
Server w ...)
@@ -47288,8 +47455,8 @@ CVE-2019-1062 (A remote code execution vulnerability
exists in the way that the
NOT-FOR-US: Microsoft
CVE-2019-1061
RESERVED
-CVE-2019-1060
- RESERVED
+CVE-2019-1060 (A remote code execution vulnerability exists when the Microsoft
XML Co ...)
+ TODO: check
CVE-2019-1059 (A remote code execution vulnerability exists in the way that
the scrip ...)
NOT-FOR-US: Microsoft
CVE-2019-1058
@@ -48204,8 +48371,8 @@ CVE-2019-0610 (A remote code execution vulnerability
exists in the way that the
NOT-FOR-US: Microsoft
CVE-2019-0609 (A remote code execution vulnerability exists in the way the
scripting ...)
NOT-FOR-US: Microsoft
-CVE-2019-0608
- RESERVED
+CVE-2019-0608 (A spoofing vulnerability exists when Microsoft Browsers does
not prope ...)
+ TODO: check
CVE-2019-0607 (A remote code execution vulnerability exists in the way that
the scrip ...)
NOT-FOR-US: Microsoft
CVE-2019-0606 (A remote code execution vulnerability exists when Internet
Explorer im ...)
@@ -50019,6 +50186,7 @@ CVE-2019-0195 (Manipulating classpath asset file URLs,
an attacker could guess t
CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel
2.21.0 ...)
NOT-FOR-US: Apache Camel
CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular
module ...)
+ {DLA-1954-1}
- lucene-solr 3.6.2+dfsg-22 (low)
NOTE: https://issues.apache.org/jira/browse/SOLR-13669
NOTE: upstream recommends everybody upgrade or rework their
configuration
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac1598e69d7a37bfdecd0384a709b92021039df6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac1598e69d7a37bfdecd0384a709b92021039df6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
