[Git][security-tracker-team/security-tracker][master] new crypto++ issue
Moritz Muehlenhoff
jmm at debian.org
Fri Aug 9 17:06:03 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
958e5828 by Moritz Muehlenhoff at 2019-08-09T16:05:09Z
new crypto++ issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1736,7 +1736,7 @@ CVE-2019-14320
CVE-2019-14319
RESERVED
CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA sig ...)
- TODO: check
+ - libcrypto++ <unfixed> (low)
CVE-2019-14317
RESERVED
CVE-2019-14316
@@ -1857,7 +1857,7 @@ CVE-2019-1020018 (Discourse before v2.4.0.beta2 lacks a confirmation screen when
CVE-2019-1020017 (Discourse before v2.4.0.beta2 lacks a confirmation screen when logging ...)
NOT-FOR-US: Discourse
CVE-2019-1020016 (ASH-AIO before 2.0.0.3 allows an open redirect. ...)
- TODO: check
+ NOT-FOR-US: ASH-AIO
CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishand ...)
NOT-FOR-US: graphql-engine (aka Hasura GraphQL Engine)
CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...)
@@ -1865,13 +1865,13 @@ CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in th
[buster] - golang-github-docker-docker-credential-helpers <no-dsa> (Minor issue, can be fixed in point release)
NOTE: https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...)
- TODO: check
+ NOT-FOR-US: parse-server
CVE-2019-1020012 (parse-server before 3.4.1 allows DoS after any POST to a volatile clas ...)
- TODO: check
+ NOT-FOR-US: parse-server
CVE-2019-1020011 (SmokeDetector intentionally does automatic deployments of updated copi ...)
NOT-FOR-US: SmokeDetector
CVE-2019-1020010 (Misskey before 10.102.4 allows hijacking a user's token. ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2019-1020009 (Fleet before 2.1.2 allows exposure of SMTP credentials. ...)
TODO: check
CVE-2019-1020008 (stacktable.js before 1.0.4 allows XSS. ...)
@@ -5470,7 +5470,7 @@ CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 throug
CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...)
NOT-FOR-US: django-rest-registration
CVE-2019-13176 (An issue was discovered in the 3CX Phone system (web) management conso ...)
- TODO: check
+ NOT-FOR-US: 3CX Phone system
CVE-2019-13175 (Read the Docs before 3.5.1 has an Open Redirect if certain user-define ...)
NOT-FOR-US: Read the Docs
CVE-2019-13174
@@ -10514,7 +10514,7 @@ CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsuppor
CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-11270 (Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability wh ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
NOT-FOR-US: Spring Security OAuth
CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
@@ -10688,7 +10688,7 @@ CVE-2019-11210
CVE-2019-11209
RESERVED
CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11207
RESERVED
CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
@@ -12748,51 +12748,51 @@ CVE-2019-10391
CVE-2019-10390
RESERVED
CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise Appstore Pub ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution Enterpr ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10387 (A missing permission check in Jenkins XL TestView Plugin 1.2.0 and ear ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestView Plug ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10384
RESERVED
CVE-2019-10383
RESERVED
CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10380 (Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10379 (Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier sto ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10378 (Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypte ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10377 (A missing permission check in Jenkins Avatar Plugin 1.2 and earlier al ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10376 (A reflected cross-site scripting vulnerability in Jenkins Wall Display ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10375 (An arbitrary file read vulnerability in Jenkins File System SCM Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10374 (A stored cross-site scripting vulnerability in Jenkins PegDown Formatt ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10373 (A stored cross-site scripting vulnerability in Jenkins Build Pipeline ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10372 (An open redirect vulnerability in Jenkins Gitlab Authentication Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10371 (A session fixation vulnerability in Jenkins Gitlab Authentication Plug ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10370 (Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally co ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10369 (A missing permission check in Jenkins JClouds Plugin 2.14 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10368 (A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2 ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10367 (Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as C ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...)
NOT-FOR-US: Jenkins Skytap Cloud CI Plugin
CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...)
@@ -25775,23 +25775,23 @@ CVE-2019-5689
CVE-2019-5688
RESERVED
CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5686 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5685 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5684 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5683 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5682 (NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Shield
CVE-2019-5681 (NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Shield
CVE-2019-5680 (In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra boot ...)
NOT-FOR-US: NVIDIA
CVE-2019-5679 (NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader con ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Shield
CVE-2019-5678 (NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerabil ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...)
@@ -26630,7 +26630,7 @@ CVE-2019-5303
CVE-2019-5302
RESERVED
CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E1 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)
NOT-FOR-US: Huawei
CVE-2019-5299
@@ -26754,13 +26754,13 @@ CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei PCManager
CVE-2019-5240
RESERVED
CVE-2019-5239 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5238 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5237 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5236 (Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5235
RESERVED
CVE-2019-5234
@@ -29997,7 +29997,7 @@ CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 2.1.
CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-3800 (CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes t ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...)
NOT-FOR-US: Spring Cloud Config
CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, ...)
@@ -36177,13 +36177,13 @@ CVE-2019-1975
CVE-2019-1974
RESERVED
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1972 (A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVI ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1971 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1969
RESERVED
CVE-2019-1968
@@ -36201,41 +36201,41 @@ CVE-2019-1963
CVE-2019-1962
RESERVED
CVE-2019-1961 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1960 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1959 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1958 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1957 (A vulnerability in the web interface of Cisco IoT Field Network Direct ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1956 (A vulnerability in the web-based interface of the Cisco SPA112 2-Port ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1955 (A vulnerability in the Sender Policy Framework (SPF) functionality of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1954 (A vulnerability in the web-based management interface of Cisco Webex M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1953 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1950
RESERVED
CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1948
RESERVED
CVE-2019-1947
RESERVED
CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1945 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1944 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1943 (A vulnerability in the web interface of Cisco Small Business 200, 300, ...)
NOT-FOR-US: Cisco
CVE-2019-1942 (A vulnerability in the sponsor portal web interface for Cisco Identity ...)
@@ -36255,7 +36255,7 @@ CVE-2019-1936
CVE-2019-1935
RESERVED
CVE-2019-1934 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1933 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
NOT-FOR-US: Cisco
CVE-2019-1932 (A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoin ...)
@@ -36265,17 +36265,17 @@ CVE-2019-1931 (Multiple vulnerabilities in the RSS dashboard in the web-based ma
CVE-2019-1930 (Multiple vulnerabilities in the RSS dashboard in the web-based managem ...)
NOT-FOR-US: Cisco
CVE-2019-1929 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1928 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1927 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1926 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1925 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1924 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1923 (A vulnerability in Cisco Small Business SPA500 Series IP Phones could ...)
NOT-FOR-US: Cisco
CVE-2019-1922 (A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 ...)
@@ -36287,7 +36287,7 @@ CVE-2019-1920 (A vulnerability in the 802.11r Fast Transition (FT) implementatio
CVE-2019-1919 (A vulnerability in the Cisco FindIT Network Management Software virtua ...)
NOT-FOR-US: Cisco
CVE-2019-1918 (A vulnerability in the implementation of Intermediate System&ndash ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1917 (A vulnerability in the REST API interface of Cisco Vision Dynamic Sign ...)
NOT-FOR-US: Cisco
CVE-2019-1916
@@ -36303,7 +36303,7 @@ CVE-2019-1912 (A vulnerability in the web management interface of Cisco Small Bu
CVE-2019-1911 (A vulnerability in the CLI of Cisco Unified Communications Domain Mana ...)
NOT-FOR-US: Cisco
CVE-2019-1910 (A vulnerability in the implementation of the Intermediate System&n ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1909 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
NOT-FOR-US: Cisco
CVE-2019-1908
@@ -36333,7 +36333,7 @@ CVE-2019-1897 (A vulnerability in the web-based management interface of Cisco RV
CVE-2019-1896
RESERVED
CVE-2019-1895 (A vulnerability in the Virtual Network Computing (VNC) console impleme ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1894 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
NOT-FOR-US: Cisco
CVE-2019-1893 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
@@ -37283,7 +37283,7 @@ CVE-2018-19856 (GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x b
NOTE: https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/54857
CVE-2018-19855 (UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to t ...)
- TODO: check
+ NOT-FOR-US: UiPath Orchestrator
CVE-2018-19854 (An issue was discovered in the Linux kernel before 4.19.3. crypto_repo ...)
- linux 4.18.20-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -159570,7 +159570,7 @@ CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to caus
CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualizat ...)
NOT-FOR-US: ovirt-engine
CVE-2016-5431 (The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: jose-php
CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php ...)
NOT-FOR-US: jose-php
CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for HMAC c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/958e5828535c41d8433d5ec48a9c2e3465471673
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/958e5828535c41d8433d5ec48a9c2e3465471673
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/99ab87b6/attachment.html>
More information about the debian-security-tracker-commits
mailing list