[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 1 21:10:29 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49f6c52d by security tracker role at 2019-05-01T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-11644
+	RESERVED
+CVE-2019-11643
+	RESERVED
+CVE-2019-11642
+	RESERVED
+CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerpri ...)
+	TODO: check
+CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...)
+	TODO: check
+CVE-2019-11639 (An issue was discovered in GNU recutils 1.8. There is a stack-based bu ...)
+	TODO: check
+CVE-2019-11638 (An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...)
+	TODO: check
+CVE-2019-11637 (An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...)
+	TODO: check
+CVE-2019-11636 (Zcash 2.x allows an inexpensive approach to "fill all transactions of  ...)
+	TODO: check
+CVE-2019-11635
+	RESERVED
+CVE-2019-11634
+	RESERVED
+CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers becaus ...)
+	TODO: check
+CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...)
+	TODO: check
+CVE-2015-9287
+	RESERVED
 CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated administrators to execute arb ...)
 	- moodle <removed>
 CVE-2019-11630
@@ -91,6 +119,7 @@ CVE-2018-20824
 CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 ha ...)
 	NOT-FOR-US: NodeBB
 CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an un ...)
+	{DLA-1773-1}
 	- signing-party 2.10-1 (bug #928256)
 	[stretch] - signing-party <no-dsa> (Will be fixed via point release)
 	NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
@@ -1632,12 +1661,12 @@ CVE-2019-10956
 	RESERVED
 CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...)
 	NOT-FOR-US: Rockwell Automation
-CVE-2019-10954
-	RESERVED
+CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...)
+	TODO: check
 CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable ...)
 	NOT-FOR-US: Programmable Logic Controllers of various vendors
-CVE-2019-10952
-	RESERVED
+CVE-2019-10952 (An attacker could send a crafted HTTP/HTTPS request to render the web  ...)
+	TODO: check
 CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
@@ -13055,8 +13084,8 @@ CVE-2019-6564
 	RESERVED
 CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5  ...)
 	NOT-FOR-US: Moxa
-CVE-2019-6562
-	RESERVED
+CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the softwa ...)
+	TODO: check
 CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and EDS, wh ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6560
@@ -18358,8 +18387,8 @@ CVE-2019-4260
 	RESERVED
 CVE-2019-4259
 	RESERVED
-CVE-2019-4258
-	RESERVED
+CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...)
+	TODO: check
 CVE-2019-4257
 	RESERVED
 CVE-2019-4256
@@ -19542,7 +19571,7 @@ CVE-2019-3793 (Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28,
 CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerable to ...)
 	NOT-FOR-US: Pivotal
 CVE-2019-3791
-	RESERVED
+	REJECTED
 CVE-2019-3790
 	RESERVED
 CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0, contains ...)
@@ -32727,7 +32756,7 @@ CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1
 	NOT-FOR-US: Xiaomi Mi A1 devices
 CVE-2018-18697
 	RESERVED
-CVE-2018-18696 (main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CS ...)
+CVE-2018-18696 (** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and ...)
 	NOT-FOR-US: Microstrategy Analytics
 CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extend ...)
 	NOT-FOR-US: M2SOFT Report Designer Viewer
@@ -35675,7 +35704,7 @@ CVE-2018-17608 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to
 CVE-2018-17607 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
 	NOT-FOR-US: Foxit
 CVE-2018-17606
-	RESERVED
+	REJECTED
 CVE-2018-17605 (An issue was discovered in the Asset Pipeline plugin before 3.0.4 for  ...)
 	NOT-FOR-US: Grails plugin
 CVE-2018-17604
@@ -78926,8 +78955,8 @@ CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated us
 	NOT-FOR-US: IBM
 CVE-2018-1934
 	RESERVED
-CVE-2018-1933
-	RESERVED
+CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site s ...)
+	TODO: check
 CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability ...)
 	NOT-FOR-US: IBM
 CVE-2018-1931
@@ -79576,8 +79605,8 @@ CVE-2018-1610 (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 thro
 	NOT-FOR-US: IBM
 CVE-2018-1609
 	RESERVED
-CVE-2018-1608
-	RESERVED
+CVE-2018-1608 (IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weak ...)
+	TODO: check
 CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
 	NOT-FOR-US: IBM
 CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle Mana ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49f6c52de9f61ee685316981c614c93b6fe47c48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49f6c52de9f61ee685316981c614c93b6fe47c48
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190501/31a86c6b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list