[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 5 20:10:39 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25c56513 by security tracker role at 2019-02-05T20:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2019-7415
+ RESERVED
+CVE-2019-7414
+ RESERVED
+CVE-2019-7413 (In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 ...)
+ TODO: check
+CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles ...)
+ TODO: check
+CVE-2019-7411
+ RESERVED
+CVE-2019-7410
+ RESERVED
+CVE-2019-7409
+ RESERVED
+CVE-2019-7408
+ RESERVED
+CVE-2019-7407
+ RESERVED
+CVE-2019-7406
+ RESERVED
+CVE-2019-7405
+ RESERVED
+CVE-2019-7404
+ RESERVED
+CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attackers to ...)
+ TODO: check
+CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in ...)
+ TODO: check
+CVE-2019-7401
+ RESERVED
+CVE-2017-1000000
+ RESERVED
+CVE-2014-1000000
+ RESERVED
CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
NOT-FOR-US: Rukovoditel
CVE-2019-7399
@@ -160,8 +194,8 @@ CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XS
TODO: check
CVE-2017-18362 (ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is ...)
NOT-FOR-US: ConnectWise ManagedITSync
-CVE-2016-1000282
- RESERVED
+CVE-2016-1000282 (Haraka version 2.8.8 and earlier comes with a plugin for processing ...)
+ TODO: check
CVE-2016-1000276 (Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load ...)
TODO: check, probably a dupe of CVE-2017-1000010
CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / ...)
@@ -1913,10 +1947,10 @@ CVE-2019-6593
RESERVED
CVE-2019-6592
RESERVED
-CVE-2019-6591
- RESERVED
-CVE-2019-6590
- RESERVED
+CVE-2019-6591 (On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to ...)
+ TODO: check
+CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain ...)
+ TODO: check
CVE-2019-6589
RESERVED
CVE-2019-6588
@@ -2025,8 +2059,7 @@ CVE-2019-6537
RESERVED
CVE-2019-6536
RESERVED
-CVE-2019-6535
- RESERVED
+CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and ...)
NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs
CVE-2019-6534
RESERVED
@@ -8003,8 +8036,7 @@ CVE-2019-3820
CVE-2019-3819 (A flaw was found in the Linux kernel in the function ...)
- linux <unfixed>
NOTE: Proposed patch: https://marc.info/?l=linux-input&m=154841031101012&w=2
-CVE-2019-3818
- RESERVED
+CVE-2019-3818 (The kube-rbac-proxy container before version 0.4.1 as used in Red Hat ...)
NOT-FOR-US: kube-rbac-proxy
CVE-2019-3817
RESERVED
@@ -8020,6 +8052,7 @@ CVE-2019-3815 (A memory leak was discovered in the backport of fixes for ...)
NOTE: specifically the backport of the fix for CVE-2018-16864.
CVE-2019-3814 [Suitable client certificate can be used to login as other user]
RESERVED
+ {DSA-4385-1}
- dovecot 1:2.3.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2019/02/05/1
CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an ...)
@@ -8863,11 +8896,11 @@ CVE-2019-3465
RESERVED
CVE-2019-3464 [prevent popt to load a ~/.popt configuration file, leading to arbitrary command execution]
RESERVED
- {DSA-4382-1}
+ {DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
CVE-2019-3463 [reject rsync --daemon and --config command-line options; arbitrary command execution]
RESERVED
- {DSA-4382-1}
+ {DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport ...)
{DSA-4371-1 DLA-1637-1}
@@ -20219,8 +20252,8 @@ CVE-2018-19031
RESERVED
CVE-2018-19030
RESERVED
-CVE-2018-19029
- RESERVED
+CVE-2018-19029 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using ...)
+ TODO: check
CVE-2018-19028
RESERVED
CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions 4.50 and ...)
@@ -20273,40 +20306,40 @@ CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of boun
NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to ...)
NOT-FOR-US: GE Mark
-CVE-2018-19002
- RESERVED
+CVE-2018-19002 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control ...)
+ TODO: check
CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The software ...)
NOT-FOR-US: Philips HealthSuite Health Android App
-CVE-2018-19000
- RESERVED
+CVE-2018-19000 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication ...)
+ TODO: check
CVE-2018-18999 (WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows ...)
NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2018-18998
- RESERVED
+CVE-2018-18998 (LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded ...)
+ TODO: check
CVE-2018-18997 (Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 ...)
NOT-FOR-US: ABB GATE-E2
-CVE-2018-18996
- RESERVED
+CVE-2018-18996 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user ...)
+ TODO: check
CVE-2018-18995 (Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all ...)
NOT-FOR-US: ABB GATE-E2
CVE-2018-18994
RESERVED
CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discovered ...)
NOT-FOR-US: CX-One
-CVE-2018-18992
- RESERVED
+CVE-2018-18992 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user ...)
+ TODO: check
CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer ...)
NOT-FOR-US: SCADA WebServer
-CVE-2018-18990
- RESERVED
+CVE-2018-18990 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied ...)
+ TODO: check
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
NOT-FOR-US: CX-One
CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of ...)
NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...)
NOT-FOR-US: VT-Designer
-CVE-2018-18986
- RESERVED
+CVE-2018-18986 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a ...)
+ TODO: check
CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. ...)
NOT-FOR-US: Tridium Niagara Enterprise
CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 ...)
@@ -38918,8 +38951,7 @@ CVE-2018-11805
RESERVED
CVE-2018-11804 (Spark's Apache Maven-based build includes a convenience script, ...)
NOT-FOR-US: Apache Spark
-CVE-2018-11803
- RESERVED
+CVE-2018-11803 (Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and ...)
- subversion 1.10.4-1
[stretch] - subversion <not-affected> (Vulnerable code introduced in 1.10.0)
[jessie] - subversion <not-affected> (Vulnerable code introduced in 1.10.0)
@@ -60743,8 +60775,7 @@ CVE-2018-4058
- coturn 4.5.1.0-1
CVE-2018-4057
RESERVED
-CVE-2018-4056
- RESERVED
+CVE-2018-4056 (An exploitable SQL injection vulnerability exists in the administrator ...)
{DSA-4373-1}
- coturn 4.5.1.0-1
CVE-2018-4055
@@ -120675,16 +120706,16 @@ CVE-2017-1204 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains ...)
NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and ...)
NOT-FOR-US: IBM
-CVE-2017-1202
- RESERVED
+CVE-2017-1202 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is ...)
+ TODO: check
CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores ...)
NOT-FOR-US: IBM
-CVE-2017-1200
- RESERVED
+CVE-2017-1200 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not ...)
+ TODO: check
CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, ...)
NOT-FOR-US: IBM
-CVE-2017-1198
- RESERVED
+CVE-2017-1198 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores ...)
+ TODO: check
CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account ...)
NOT-FOR-US: IBM
CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require ...)
@@ -120725,8 +120756,8 @@ CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected
NOT-FOR-US: IBM
CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2017-1177
- RESERVED
+CVE-2017-1177 (IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive ...)
+ TODO: check
CVE-2017-1176 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user ...)
NOT-FOR-US: IBM
CVE-2017-1175 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25c56513583e13531a6fba97088ef0401e571428
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25c56513583e13531a6fba97088ef0401e571428
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190205/65743d93/attachment.html>
More information about the debian-security-tracker-commits
mailing list