[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 14 20:10:29 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
272c820a by security tracker role at 2019-02-14T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,54 @@
-CVE-2019-8337 [result of certificate verification was not properly checked if default value system for tls_trust_file is used]
+CVE-2019-8336
+ RESERVED
+CVE-2019-8335 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS ...)
+ TODO: check
+CVE-2019-8334 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS ...)
+ TODO: check
+CVE-2019-8333
+ RESERVED
+CVE-2019-8332
+ RESERVED
+CVE-2019-8331
+ RESERVED
+CVE-2019-8330
+ RESERVED
+CVE-2019-8329
+ RESERVED
+CVE-2019-8328
+ RESERVED
+CVE-2019-8327
+ RESERVED
+CVE-2019-8326
+ RESERVED
+CVE-2019-8325
+ RESERVED
+CVE-2019-8324
+ RESERVED
+CVE-2019-8323
+ RESERVED
+CVE-2019-8322
+ RESERVED
+CVE-2019-8321
+ RESERVED
+CVE-2019-8320
+ RESERVED
+CVE-2019-8319 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8318 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8317 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8316 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8315 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8314 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8313 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8312 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. ...)
+ TODO: check
+CVE-2019-8337 (In msmtp 1.8.2, when tls_trust_file has its default configuration, ...)
- msmtp <unfixed>
NOTE: https://gitlab.marlam.de/marlam/msmtp/commit/a81d0a5126304f9f8b29a75d058044dc67d07663
CVE-2019-8311
@@ -3740,6 +3790,7 @@ CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the ...)
NOT-FOR-US: phpwind
CVE-2019-6690 [improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt()]
RESERVED
+ {DLA-1675-1}
- python-gnupg 0.4.4-1
NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
@@ -3946,8 +3997,8 @@ CVE-2019-6591 (On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 t
NOT-FOR-US: BIG-IP
CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain ...)
NOT-FOR-US: BIG-IP
-CVE-2019-6589
- RESERVED
+CVE-2019-6589 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and ...)
+ TODO: check
CVE-2019-6588
RESERVED
CVE-2019-6587
@@ -4034,12 +4085,12 @@ CVE-2019-6547
RESERVED
CVE-2019-6546
RESERVED
-CVE-2019-6545
- RESERVED
+CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and ...)
+ TODO: check
CVE-2019-6544
RESERVED
-CVE-2019-6543
- RESERVED
+CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and ...)
+ TODO: check
CVE-2019-6542
RESERVED
CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON ...)
@@ -5630,22 +5681,21 @@ CVE-2019-5918
RESERVED
CVE-2019-5917
RESERVED
-CVE-2019-5916
- RESERVED
-CVE-2019-5915
- RESERVED
-CVE-2019-5914
- RESERVED
-CVE-2019-5913
- RESERVED
-CVE-2019-5912
- RESERVED
-CVE-2019-5911
- RESERVED
-CVE-2019-5910
- RESERVED
-CVE-2019-5909
- RESERVED
+CVE-2019-5916 (Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and ...)
+ TODO: check
+CVE-2019-5915 (Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 ...)
+ TODO: check
+CVE-2019-5914 (V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer ...)
+ TODO: check
+CVE-2019-5913 (Untrusted search path vulnerability in the installer of LHMelting ...)
+ TODO: check
+CVE-2019-5912 (Untrusted search path vulnerability in the installer of UNARJ32.DLL ...)
+ TODO: check
+CVE-2019-5911 (Untrusted search path vulnerability in the installer of UNLHA32.DLL ...)
+ TODO: check
+CVE-2019-5910 (Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and ...)
+ TODO: check
+CVE-2019-5909 (License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - ...)
NOT-FOR-US: Yokogawa License Manager Service
CVE-2019-5908
RESERVED
@@ -10207,8 +10257,8 @@ CVE-2019-3784
RESERVED
CVE-2019-3783
RESERVED
-CVE-2019-3782
- RESERVED
+CVE-2019-3782 (Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently ...)
+ TODO: check
CVE-2019-3781
RESERVED
CVE-2019-3780
@@ -10553,8 +10603,8 @@ CVE-2019-3612
RESERVED
CVE-2019-3611
RESERVED
-CVE-2019-3610
- RESERVED
+CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in ...)
+ TODO: check
CVE-2019-3609
RESERVED
CVE-2019-3608
@@ -12346,8 +12396,8 @@ CVE-2018-20255
RESERVED
CVE-2018-20254
RESERVED
-CVE-2018-20253
- RESERVED
+CVE-2018-20253 (In WinRAR versions prior to and including 5.60, There is an ...)
+ TODO: check
CVE-2018-20252 (There is an out-of-bounds writes vulnerability during parsing of ...)
NOT-FOR-US: WinRAR
CVE-2018-20251 (A validation function (in WinRAR code) is being called before ...)
@@ -12376,10 +12426,10 @@ CVE-2018-20240
RESERVED
CVE-2018-20239
RESERVED
-CVE-2018-20238
- RESERVED
-CVE-2018-20237
- RESERVED
+CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and ...)
+ TODO: check
+CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 ...)
+ TODO: check
CVE-2018-20236
RESERVED
CVE-2018-20235
@@ -12388,8 +12438,8 @@ CVE-2018-20234
RESERVED
CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...)
NOT-FOR-US: Atlassian
-CVE-2018-20232
- RESERVED
+CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version 7.6.11 and ...)
+ TODO: check
CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication ...)
NOT-FOR-US: two-factor-authentication plugin for WordPress
CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buffer ...)
@@ -12619,8 +12669,8 @@ CVE-2018-20167 (Terminology before 1.3.1 allows Remote Code Execution because po
NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=1ac204da9148e7bccb1b5f34b523e2094dfc39e2
CVE-2018-20165
RESERVED
-CVE-2018-20164
- RESERVED
+CVE-2018-20164 (An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser ...)
+ TODO: check
CVE-2018-20163
RESERVED
CVE-2018-20162
@@ -22390,8 +22440,8 @@ CVE-2018-19010 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, a
NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19009 (Pilz PNOZmulti Configurator prior to version 10.9 allows an ...)
NOT-FOR-US: Pilz PNOZmulti Configurator
-CVE-2018-19008
- RESERVED
+CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and ...)
+ TODO: check
CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the ...)
NOT-FOR-US: Geutebrueck cameras
CVE-2018-19006
@@ -29716,10 +29766,10 @@ CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.
NOT-FOR-US: Aterm firmware
CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, ...)
NOT-FOR-US: EC-CUBE
-CVE-2018-16190
- RESERVED
-CVE-2018-16189
- RESERVED
+CVE-2018-16190 (Untrusted search path vulnerability in UNARJ32.DLL for Win32, ...)
+ TODO: check
+CVE-2018-16189 (Untrusted search path vulnerability in Self-Extracting Archives ...)
+ TODO: check
CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 ...)
NOT-FOR-US: RICOH
CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to ...)
@@ -30791,8 +30841,8 @@ CVE-2018-15783
REJECTED
CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...)
NOT-FOR-US: RSA
-CVE-2018-15781
- RESERVED
+CVE-2018-15781 (The Dell Wyse Password Encoder in ThinLinux2 versions prior to ...)
+ TODO: check
CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access ...)
NOT-FOR-US: RSA Archer
CVE-2018-15779
@@ -36776,10 +36826,10 @@ CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel
- linux 4.17.6-1
NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
-CVE-2018-13404
- RESERVED
-CVE-2018-13403
- RESERVED
+CVE-2018-13404 (The VerifyPopServerConnection resource in Atlassian Jira before ...)
+ TODO: check
+CVE-2018-13403 (The two-dimensional filter statistics gadget in Atlassian Jira before ...)
+ TODO: check
CVE-2018-13402 (Many resources in Atlassian Jira before version 7.6.9, from version ...)
NOT-FOR-US: Atlassian
CVE-2018-13401 (The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, ...)
@@ -39428,8 +39478,8 @@ CVE-2018-12411 (The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s
NOT-FOR-US: TIBCO
CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire Statistics ...)
NOT-FOR-US: TIBCO
-CVE-2018-12409
- RESERVED
+CVE-2018-12409 (The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver ...)
+ TODO: check
CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ...)
NOT-FOR-US: TIBCO
CVE-2018-12407
@@ -49063,7 +49113,7 @@ CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAcces
NOT-FOR-US: Advantech
CVE-2018-8844 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
NOT-FOR-US: Philips
-CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains a use ...)
+CVE-2018-8843 (Rockwell Automation Arena versions 15.10.00 and prior contains a use ...)
NOT-FOR-US: Rockwell
CVE-2018-8842 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
NOT-FOR-US: Philips
@@ -56663,18 +56713,15 @@ CVE-2018-6273
RESERVED
CVE-2018-6272
RESERVED
-CVE-2018-6271
- RESERVED
+CVE-2018-6271 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in ...)
NOT-FOR-US: NVIDIA component for Android
CVE-2018-6270
RESERVED
CVE-2018-6269
RESERVED
-CVE-2018-6268
- RESERVED
+CVE-2018-6268 (NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, ...)
NOT-FOR-US: NVIDIA component for Android
-CVE-2018-6267
- RESERVED
+CVE-2018-6267 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in ...)
NOT-FOR-US: NVIDIA component for Android
CVE-2018-6266 (NVIDIA GeForce Experience contains a vulnerability in all versions ...)
NOT-FOR-US: NVIDIA GeForce Experience
@@ -73801,8 +73848,8 @@ CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier al
NOT-FOR-US: GROWI
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and ...)
NOT-FOR-US: Metabase
-CVE-2018-0696
- RESERVED
+CVE-2018-0696 (OpenAM (Open Source Edition) 13.0 and later does not properly manage ...)
+ TODO: check
CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) Version ...)
NOT-FOR-US: User-friendly SVN
CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary ...)
@@ -81267,7 +81314,7 @@ CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dns
CVE-2017-15106
RESERVED
CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...)
- {DLA-1264-1}
+ {DLA-1676-1 DLA-1264-1}
- unbound 1.7.1-1 (bug #887733)
[stretch] - unbound 1.6.0-3+deb9u2
NOTE: https://unbound.net/downloads/CVE-2017-15105.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/272c820ac718efcf4139a30f998e8fe566dfe938
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/272c820ac718efcf4139a30f998e8fe566dfe938
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190214/ce9b2008/attachment.html>
More information about the debian-security-tracker-commits
mailing list