Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
975f7f56 by security tracker role at 2019-11-12T20:10:38Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2019-18927
+ RESERVED
+CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is
vulnerable t ...)
+ TODO: check
+CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be
accessed a ...)
+ TODO: check
+CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory
traversal. By ...)
+ TODO: check
+CVE-2019-18923
+ RESERVED
+CVE-2019-18922
+ RESERVED
+CVE-2019-18921
+ RESERVED
+CVE-2019-18920
+ RESERVED
+CVE-2019-18919
+ RESERVED
+CVE-2019-18918
+ RESERVED
+CVE-2019-18917
+ RESERVED
+CVE-2019-18916
+ RESERVED
+CVE-2019-18915
+ RESERVED
+CVE-2019-18914
+ RESERVED
+CVE-2019-18913
+ RESERVED
+CVE-2019-18912
+ RESERVED
+CVE-2019-18911
+ RESERVED
+CVE-2019-18910
+ RESERVED
+CVE-2019-18909
+ RESERVED
+CVE-2019-18908
+ RESERVED
+CVE-2019-18907
+ RESERVED
+CVE-2019-18906
+ RESERVED
+CVE-2019-18905
+ RESERVED
+CVE-2019-18904
+ RESERVED
+CVE-2019-18903
+ RESERVED
+CVE-2019-18902
+ RESERVED
+CVE-2019-18901
+ RESERVED
+CVE-2019-18900
+ RESERVED
+CVE-2019-18899
+ RESERVED
+CVE-2019-18898
+ RESERVED
+CVE-2019-18897
+ RESERVED
+CVE-2019-18896
+ RESERVED
+CVE-2019-18895
+ RESERVED
+CVE-2019-18894
+ RESERVED
+CVE-2019-18893
+ RESERVED
CVE-2019-18892
RESERVED
CVE-2019-18891
@@ -90,8 +160,8 @@ CVE-2019-18850
CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the
victim' ...)
- tnef <unfixed>
NOTE: https://github.com/verdammelt/tnef/pull/40
-CVE-2019-18848
- RESERVED
+CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count
during ...)
+ TODO: check
CVE-2019-18847
RESERVED
CVE-2019-18846
@@ -118,7 +188,7 @@ CVE-2019-18838
RESERVED
CVE-2019-18837
RESERVED
-CVE-2019-18836 (Envoy before 1.12.1 allows a remote denial of service because
of resou ...)
+CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of
resource loo ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on
some fede ...)
- matrix-synapse 1.5.0-1 (bug #944355)
@@ -158,8 +228,8 @@ CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode
Write AV starting at
NOT-FOR-US: Eximious Logo Designer
CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets
within packag ...)
NOT-FOR-US: strapi CMS
-CVE-2019-18817
- RESERVED
+CVE-2019-18817 (Istio 1.3.x before 1.3.5 allows Denial of Service because
continue_on_ ...)
+ TODO: check
CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1
allows pos ...)
NOT-FOR-US: PopojiCMS
CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
@@ -2696,14 +2766,14 @@ CVE-2019-18660
RESERVED
CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote
attackers t ...)
NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol
-CVE-2019-18658
- RESERVED
+CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a
chart as ...)
+ TODO: check
CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via
the url ...)
NOT-FOR-US: ClickHouse
CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because
bundles/AdminBu ...)
NOT-FOR-US: Pimcore
-CVE-2019-18655
- RESERVED
+CVE-2019-18655 (File Sharing Wizard version 1.5.0 build 2008 is affected by a
Structur ...)
+ TODO: check
CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus
(Internet S ...)
NOT-FOR-US: AVG
CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus
(Free, In ...)
@@ -6973,10 +7043,10 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the
der_decode_utf8_string functi
NOTE: https://github.com/libtom/libtomcrypt/pull/508
CVE-2019-17361
RESERVED
-CVE-2019-17360
- RESERVED
-CVE-2018-21026
- RESERVED
+CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before
8.7.0-00 a ...)
+ TODO: check
+CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before
8.6.5-00 a ...)
+ TODO: check
CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63
can trigge ...)
- bouncycastle <not-affected> (Vulnerable code introduced n 1.63)
NOTE: Introduced only in 1.63, fixed in 1.64.
@@ -7216,14 +7286,14 @@ CVE-2019-17239
(includes/settings/class-alg-download-plugins-settings.php in the
NOT-FOR-US: Wordpress plugin
CVE-2019-17238
RESERVED
-CVE-2019-17237
- RESERVED
-CVE-2019-17236
- RESERVED
-CVE-2019-17235
- RESERVED
-CVE-2019-17234
- RESERVED
+CVE-2019-17237 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
+ TODO: check
+CVE-2019-17236 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
+ TODO: check
+CVE-2019-17235 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
+ TODO: check
+CVE-2019-17234 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
+ TODO: check
CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin
through 1.8. ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin
through 1.8. ...)
@@ -11002,8 +11072,8 @@ CVE-2019-15817 (The easy-property-listings plugin
before 3.4 for WordPress has X
NOT-FOR-US: easy-property-listings plugin for WordPress
CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress
has no pro ...)
NOT-FOR-US: wp-private-content-plus plugin for WordPress
-CVE-2019-15815
- RESERVED
+CVE-2019-15815 (ZyXEL P-1302-T10D v3 devices with firmware version
2.00(ABBX.3) and ea ...)
+ TODO: check
CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could
allow auth ...)
NOT-FOR-US: Sentrifugo
CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in
Sentrifugo ...)
@@ -17920,7 +17990,7 @@ CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when
a project is opened or r
- ghidra <itp> (bug #923851)
CVE-2019-13624 (In ONOS 1.15.0,
apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...)
NOT-FOR-US: ONOS
-CVE-2019-13623 (In NSA Ghidra through 9.0.4, path traversal can occur in
RestoreTask.j ...)
+CVE-2019-13623 (In NSA Ghidra before 9.1, path traversal can occur in
RestoreTask.java ...)
- ghidra <itp> (bug #923851)
CVE-2019-13622
RESERVED
@@ -21433,10 +21503,10 @@ CVE-2019-12722
RESERVED
CVE-2019-12721
RESERVED
-CVE-2019-12720
- RESERVED
-CVE-2019-12719
- RESERVED
+CVE-2019-12720 (AUO SunVeillance Monitoring System before v1.1.9e is
vulnerable to mvc ...)
+ TODO: check
+CVE-2019-12719 (An issue was discovered in Picture_Manage_mvc.aspx in AUO
SunVeillance ...)
+ TODO: check
CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small
Business Sma ...)
NOT-FOR-US: Cisco
CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization
manager ...)
@@ -25773,6 +25843,7 @@ CVE-2019-11136
RESERVED
CVE-2019-11135 [TSX Asynchronous Abort]
RESERVED
+ {DSA-4565-1 DSA-4564-1}
- linux <unfixed>
- intel-microcode <unfixed>
- xen <unfixed>
@@ -33188,30 +33259,35 @@ CVE-2019-8824
RESERVED
CVE-2019-8823
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8822
RESERVED
+ {DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8821
RESERVED
+ {DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8820
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8819
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -33222,28 +33298,34 @@ CVE-2019-8817
RESERVED
CVE-2019-8816
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8815
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8814
RESERVED
+ {DSA-4563-1}
CVE-2019-8813
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8812
RESERVED
+ {DSA-4563-1}
CVE-2019-8811
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -33254,6 +33336,7 @@ CVE-2019-8809
RESERVED
CVE-2019-8808
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -33308,12 +33391,14 @@ CVE-2019-8784
RESERVED
CVE-2019-8783
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8782
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -33364,18 +33449,21 @@ CVE-2019-8767
RESERVED
CVE-2019-8766
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8765
RESERVED
+ {DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8764
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -33427,6 +33515,7 @@ CVE-2019-8744
RESERVED
CVE-2019-8743
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -33520,6 +33609,7 @@ CVE-2019-8711
RESERVED
CVE-2019-8710
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -43678,8 +43768,8 @@ CVE-2019-4654
RESERVED
CVE-2019-4653
RESERVED
-CVE-2019-4652
- RESERVED
+CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure
file per ...)
+ TODO: check
CVE-2019-4651
RESERVED
CVE-2019-4650
@@ -54050,10 +54140,10 @@ CVE-2019-1459
RESERVED
CVE-2019-1458
RESERVED
-CVE-2019-1457
- RESERVED
-CVE-2019-1456
- RESERVED
+CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft
Office sof ...)
+ TODO: check
+CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft
Windows when ...)
+ TODO: check
CVE-2019-1455
RESERVED
CVE-2019-1454
@@ -54066,148 +54156,148 @@ CVE-2019-1451
RESERVED
CVE-2019-1450
RESERVED
-CVE-2019-1449
- RESERVED
-CVE-2019-1448
- RESERVED
-CVE-2019-1447
- RESERVED
-CVE-2019-1446
- RESERVED
-CVE-2019-1445
- RESERVED
+CVE-2019-1449 (A security feature bypass vulnerability exists in the way that
Office ...)
+ TODO: check
+CVE-2019-1448 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
+CVE-2019-1447 (A spoofing vulnerability exists when Office Online does not
validate o ...)
+ TODO: check
+CVE-2019-1446 (An information disclosure vulnerability exists when Microsoft
Excel im ...)
+ TODO: check
+CVE-2019-1445 (A spoofing vulnerability exists when Office Online does not
validate o ...)
+ TODO: check
CVE-2019-1444
RESERVED
-CVE-2019-1443
- RESERVED
-CVE-2019-1442
- RESERVED
-CVE-2019-1441
- RESERVED
-CVE-2019-1440
- RESERVED
-CVE-2019-1439
- RESERVED
-CVE-2019-1438
- RESERVED
-CVE-2019-1437
- RESERVED
-CVE-2019-1436
- RESERVED
-CVE-2019-1435
- RESERVED
-CVE-2019-1434
- RESERVED
-CVE-2019-1433
- RESERVED
-CVE-2019-1432
- RESERVED
+CVE-2019-1443 (An information disclosure vulnerability exists in Microsoft
SharePoint ...)
+ TODO: check
+CVE-2019-1442 (A security feature bypass vulnerability exists when Microsoft
Office d ...)
+ TODO: check
+CVE-2019-1441 (A remote code execution vulnerability exists when the Windows
font lib ...)
+ TODO: check
+CVE-2019-1440 (An information disclosure vulnerability exists when the win32k
compone ...)
+ TODO: check
+CVE-2019-1439 (An information disclosure vulnerability exists when the Windows
GDI co ...)
+ TODO: check
+CVE-2019-1438 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
+ TODO: check
+CVE-2019-1437 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
+ TODO: check
+CVE-2019-1436 (An information disclosure vulnerability exists when the win32k
compone ...)
+ TODO: check
+CVE-2019-1435 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
+ TODO: check
+CVE-2019-1434 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1433 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
+ TODO: check
+CVE-2019-1432 (An information disclosure vulnerability exists when DirectWrite
improp ...)
+ TODO: check
CVE-2019-1431
RESERVED
-CVE-2019-1430
- RESERVED
-CVE-2019-1429
- RESERVED
-CVE-2019-1428
- RESERVED
-CVE-2019-1427
- RESERVED
-CVE-2019-1426
- RESERVED
-CVE-2019-1425
- RESERVED
-CVE-2019-1424
- RESERVED
-CVE-2019-1423
- RESERVED
-CVE-2019-1422
- RESERVED
+CVE-2019-1430 (A remote code execution vulnerability exists when Windows Media
Founda ...)
+ TODO: check
+CVE-2019-1429 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-1428 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-1427 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-1426 (A remote code execution vulnerability exists in the way that
the scrip ...)
+ TODO: check
+CVE-2019-1425 (An elevation of privilege vulnerability exists when Visual
Studio fail ...)
+ TODO: check
+CVE-2019-1424 (A security feature bypass vulnerability exists when Windows
Netlogon i ...)
+ TODO: check
+CVE-2019-1423 (An elevation of privilege vulnerability exists in the way that
the Sta ...)
+ TODO: check
+CVE-2019-1422 (An elevation of privilege vulnerability exists in the way that
the iph ...)
+ TODO: check
CVE-2019-1421
RESERVED
-CVE-2019-1420
- RESERVED
-CVE-2019-1419
- RESERVED
-CVE-2019-1418
- RESERVED
-CVE-2019-1417
- RESERVED
-CVE-2019-1416
- RESERVED
-CVE-2019-1415
- RESERVED
+CVE-2019-1420 (An elevation of privilege vulnerability exists in the way that
the dss ...)
+ TODO: check
+CVE-2019-1419 (A remote code execution vulnerability exists in Microsoft
Windows when ...)
+ TODO: check
+CVE-2019-1418 (An information vulnerability exists when Windows Modules
Installer Ser ...)
+ TODO: check
+CVE-2019-1417 (An elevation of privilege vulnerability exists when the Windows
Data S ...)
+ TODO: check
+CVE-2019-1416 (An elevation of privilege vulnerability exists due to a race
condition ...)
+ TODO: check
+CVE-2019-1415 (An elevation of privilege vulnerability exists in Windows
Installer be ...)
+ TODO: check
CVE-2019-1414
RESERVED
-CVE-2019-1413
- RESERVED
-CVE-2019-1412
- RESERVED
-CVE-2019-1411
- RESERVED
+CVE-2019-1413 (A security feature bypass vulnerability exists when Microsoft
Edge imp ...)
+ TODO: check
+CVE-2019-1412 (An information disclosure vulnerability exists in Windows Adobe
Type M ...)
+ TODO: check
+CVE-2019-1411 (An information disclosure vulnerability exists when DirectWrite
improp ...)
+ TODO: check
CVE-2019-1410
RESERVED
-CVE-2019-1409
- RESERVED
-CVE-2019-1408
- RESERVED
-CVE-2019-1407
- RESERVED
-CVE-2019-1406
- RESERVED
-CVE-2019-1405
- RESERVED
+CVE-2019-1409 (An information disclosure vulnerability exists when the Windows
Remote ...)
+ TODO: check
+CVE-2019-1408 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1407 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
+ TODO: check
+CVE-2019-1406 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
+ TODO: check
+CVE-2019-1405 (An elevation of privilege vulnerability exists when the Windows
Univer ...)
+ TODO: check
CVE-2019-1404
RESERVED
CVE-2019-1403
RESERVED
-CVE-2019-1402
- RESERVED
+CVE-2019-1402 (An information disclosure vulnerability exists in Microsoft
Office sof ...)
+ TODO: check
CVE-2019-1401
RESERVED
CVE-2019-1400
RESERVED
-CVE-2019-1399
- RESERVED
-CVE-2019-1398
- RESERVED
-CVE-2019-1397
- RESERVED
-CVE-2019-1396
- RESERVED
-CVE-2019-1395
- RESERVED
-CVE-2019-1394
- RESERVED
-CVE-2019-1393
- RESERVED
-CVE-2019-1392
- RESERVED
-CVE-2019-1391
- RESERVED
-CVE-2019-1390
- RESERVED
-CVE-2019-1389
- RESERVED
-CVE-2019-1388
- RESERVED
+CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V
on a h ...)
+ TODO: check
+CVE-2019-1398 (A remote code execution vulnerability exists when Windows
Hyper-V on a ...)
+ TODO: check
+CVE-2019-1397 (A remote code execution vulnerability exists when Windows
Hyper-V on a ...)
+ TODO: check
+CVE-2019-1396 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1395 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1394 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1393 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2019-1392 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2019-1391 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
+CVE-2019-1390 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2019-1389 (A remote code execution vulnerability exists when Windows
Hyper-V on a ...)
+ TODO: check
+CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows
Certific ...)
+ TODO: check
CVE-2019-1387
RESERVED
CVE-2019-1386
RESERVED
-CVE-2019-1385
- RESERVED
-CVE-2019-1384
- RESERVED
-CVE-2019-1383
- RESERVED
-CVE-2019-1382
- RESERVED
-CVE-2019-1381
- RESERVED
-CVE-2019-1380
- RESERVED
-CVE-2019-1379
- RESERVED
+CVE-2019-1385 (An elevation of privilege vulnerability exists when the Windows
AppX D ...)
+ TODO: check
+CVE-2019-1384 (A security feature bypass vulnerability exists where a NETLOGON
messag ...)
+ TODO: check
+CVE-2019-1383 (An elevation of privilege vulnerability exists when the Windows
Data S ...)
+ TODO: check
+CVE-2019-1382 (An elevation of privilege vulnerability exists when ActiveX
Installer ...)
+ TODO: check
+CVE-2019-1381 (An information disclosure vulnerability exists when the Windows
Servic ...)
+ TODO: check
+CVE-2019-1380 (A local elevation of privilege vulnerability exists in how
splwow64.ex ...)
+ TODO: check
+CVE-2019-1379 (An elevation of privilege vulnerability exists when the Windows
Data S ...)
+ TODO: check
CVE-2019-1378 (An elevation of privilege vulnerability exists in Windows 10
Update As ...)
NOT-FOR-US: Microsoft
CVE-2019-1377
@@ -54216,16 +54306,16 @@ CVE-2019-1376 (An information disclosure
vulnerability exists in Microsoft SQL S
NOT-FOR-US: Microsoft
CVE-2019-1375 (A cross site scripting vulnerability exists when Microsoft
Dynamics 36 ...)
NOT-FOR-US: Microsoft
-CVE-2019-1374
- RESERVED
-CVE-2019-1373
- RESERVED
+CVE-2019-1374 (An information disclosure vulnerability exists in the way
Windows Erro ...)
+ TODO: check
+CVE-2019-1373 (A remote code execution vulnerability exists in Microsoft
Exchange thr ...)
+ TODO: check
CVE-2019-1372 (An remote code execution vulnerability exists when Azure App
Service/ ...)
NOT-FOR-US: Microsoft
CVE-2019-1371 (A remote code execution vulnerability exists when Internet
Explorer im ...)
NOT-FOR-US: Microsoft
-CVE-2019-1370
- RESERVED
+CVE-2019-1370 (An information disclosure vulnerability exists when affected
Open Encl ...)
+ TODO: check
CVE-2019-1369 (An information disclosure vulnerability exists when affected
Open Encl ...)
NOT-FOR-US: Microsoft
CVE-2019-1368 (A security feature bypass exists when Windows Secure Boot
improperly r ...)
@@ -54316,8 +54406,8 @@ CVE-2019-1326 (A denial of service vulnerability exists
in Remote Desktop Protoc
NOT-FOR-US: Microsoft
CVE-2019-1325 (An elevation of privilege vulnerability exists in the Windows
redirect ...)
NOT-FOR-US: Microsoft
-CVE-2019-1324
- RESERVED
+CVE-2019-1324 (An information disclosure vulnerability exists when the Windows
TCP/IP ...)
+ TODO: check
CVE-2019-1323 (An elevation of privilege vulnerability exists in the Microsoft
Window ...)
NOT-FOR-US: Microsoft
CVE-2019-1322 (An elevation of privilege vulnerability exists when Windows
improperly ...)
@@ -54344,10 +54434,10 @@ CVE-2019-1312
RESERVED
CVE-2019-1311 (A remote code execution vulnerability exists when the Windows
Imaging ...)
NOT-FOR-US: Microsoft
-CVE-2019-1310
- RESERVED
-CVE-2019-1309
- RESERVED
+CVE-2019-1310 (A denial of service vulnerability exists when Microsoft Hyper-V
Networ ...)
+ TODO: check
+CVE-2019-1309 (A denial of service vulnerability exists when Microsoft Hyper-V
Networ ...)
+ TODO: check
CVE-2019-1308 (A remote code execution vulnerability exists in the way that
the Chakr ...)
NOT-FOR-US: Microsoft
CVE-2019-1307 (A remote code execution vulnerability exists in the way that
the Chakr ...)
@@ -54496,8 +54586,8 @@ CVE-2019-1236 (A remote code execution vulnerability
exists in the way that the
NOT-FOR-US: Microsoft
CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text
Service ...)
NOT-FOR-US: Microsoft
-CVE-2019-1234
- RESERVED
+CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to
validate cer ...)
+ TODO: check
CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange
Server ...)
NOT-FOR-US: Microsoft
CVE-2019-1232 (An elevation of privilege vulnerability exists when the
Diagnostics Hu ...)
@@ -55536,12 +55626,12 @@ CVE-2019-0723 (A denial of service vulnerability
exists when Microsoft Hyper-V N
NOT-FOR-US: Microsoft
CVE-2019-0722 (A remote code execution vulnerability exists when Windows
Hyper-V on a ...)
NOT-FOR-US: Microsoft
-CVE-2019-0721
- RESERVED
+CVE-2019-0721 (A remote code execution vulnerability exists when Windows
Hyper-V Netw ...)
+ TODO: check
CVE-2019-0720 (A remote code execution vulnerability exists when Windows
Hyper-V Netw ...)
NOT-FOR-US: Microsoft
-CVE-2019-0719
- RESERVED
+CVE-2019-0719 (A remote code execution vulnerability exists when Windows
Hyper-V Netw ...)
+ TODO: check
CVE-2019-0718 (A denial of service vulnerability exists when Microsoft Hyper-V
Networ ...)
NOT-FOR-US: Microsoft
CVE-2019-0717 (A denial of service vulnerability exists when Microsoft Hyper-V
Networ ...)
@@ -55554,8 +55644,8 @@ CVE-2019-0714 (A denial of service vulnerability exists
when Microsoft Hyper-V N
NOT-FOR-US: Microsoft
CVE-2019-0713 (A denial of service vulnerability exists when Microsoft Hyper-V
on a h ...)
NOT-FOR-US: Microsoft
-CVE-2019-0712
- RESERVED
+CVE-2019-0712 (A denial of service vulnerability exists when Microsoft Hyper-V
Networ ...)
+ TODO: check
CVE-2019-0711 (A denial of service vulnerability exists when Microsoft Hyper-V
on a h ...)
NOT-FOR-US: Microsoft
CVE-2019-0710 (A denial of service vulnerability exists when Microsoft Hyper-V
on a h ...)
@@ -57700,10 +57790,12 @@ CVE-2019-0156
RESERVED
CVE-2019-0155
RESERVED
+ {DSA-4564-1}
- linux <unfixed>
[jessie] - linux <not-affected> (Driver doesn't support this hardware)
CVE-2019-0154
RESERVED
+ {DSA-4564-1}
- linux <unfixed>
CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through
12.0.34 m ...)
NOT-FOR-US: Intel(R) CSME
@@ -58953,8 +59045,8 @@ CVE-2018-18820 (A buffer overflow was discovered in the
URL-authentication backe
NOTE: Fixed by:
https://gitlab.xiph.org/xiph/icecast-server/commit/b21a7283bd1598c5af0bbb250a041ba8198f98f2
NOTE: Additional issue fixed with
https://gitlab.xiph.org/xiph/icecast-server/commit/03ea74c04a5966114c2fe66e4e6892d11a68181e
NOTE: https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
-CVE-2018-18819
- RESERVED
+CVE-2018-18819 (A vulnerability in the web conference chat component of
MiCollab, vers ...)
+ TODO: check
CVE-2018-18818
RESERVED
CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with
Leostream Conn ...)
@@ -76460,6 +76552,7 @@ CVE-2018-12208 (Buffer overflow in HECI subsystem in
Intel(R) CSME before versio
NOT-FOR-US: Intel
CVE-2018-12207 [iTLB Multihit]
RESERVED
+ {DSA-4564-1}
- linux <unfixed>
[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
- xen <unfixed>
@@ -226747,8 +226840,7 @@ CVE-2014-7144 (OpenStack keystonemiddleware (formerly
python-keystoneclient) 0.x
- python-keystonemiddleware 1.0.0-3 (bug #762748)
- python-keystoneclient 1:0.10.1-2 (bug #762749)
[wheezy] - python-keystoneclient <no-dsa> (Minor issue)
-CVE-2014-7143 [twisted: trustRoot not respected in HTTP client]
- RESERVED
+CVE-2014-7143 (Python Twisted 14.0 trustRoot is not respected in HTTP client
...)
- twisted 14.0.2-1 (bug #761983)
[wheezy] - twisted <not-affected> (Only affects 14.0 series)
[squeeze] - twisted <not-affected> (Only affects 14.0 series)
@@ -234198,8 +234290,7 @@ CVE-2014-3600 (XML external entity (XXE)
vulnerability in Apache ActiveMQ 5.x be
- activemq 5.6.0+dfsg1-4 (low; bug #777196)
[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
-CVE-2014-3599
- RESERVED
+CVE-2014-3599 (HornetQ REST is vulnerable to XML External Entity due to
insecure conf ...)
NOT-FOR-US: HornetQ
CVE-2014-3598 (The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows
remote atta ...)
- pillow 2.5.3-1
@@ -240640,8 +240731,7 @@ CVE-2012-6620 (Multiple cross-site scripting (XSS)
vulnerabilities in the (1) ta
- kronolith2 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
NOTE: fixed upstream in 3.0.17
-CVE-2011-5271 [configure creates temp files insecurely]
- RESERVED
+CVE-2011-5271 (Pacemaker before 1.1.6 configure script creates temporary files
insecu ...)
- pacemaker 1.1.6-1 (unimportant; bug #633964)
NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834
NOTE: Only exploitable at build time
@@ -276923,8 +277013,7 @@ CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS
before 2.12.17 and 3.x bef
{DSA-2441-1}
- gnutls26 2.12.18-1 (high)
- gnutls28 3.0.17-2 (high)
-CVE-2012-1572
- RESERVED
+CVE-2012-1572 (OpenStack Keystone: extremely long passwords can crash Keystone
by exh ...)
- keystone 2012.1~rc2-1
CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a
denial ...)
{DSA-2422-1}
@@ -277995,8 +278084,7 @@ CVE-2012-1111 (lightdm before 1.0.9 does not properly
close file descriptors bef
- lightdm 1.0.9-1 (bug #658678)
CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano
1.22 and ...)
NOT-FOR-US: etano not in Debian
-CVE-2012-1109
- RESERVED
+CVE-2012-1109 (mwlib 0.13 through 0.13.4 has a denial of service vulnerability
when p ...)
NOT-FOR-US: mwlib not in Debian
CVE-2012-1108 (The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and
earlier al ...)
- taglib 1.7.1-1 (low; bug #662705)
@@ -285150,8 +285238,7 @@ CVE-2011-3619 (The apparmor_setprocattr function in
security/apparmor/lsm.c in t
- linux-2.6 3.0.0-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2011-3618 [atop insecure tempfile handling]
- RESERVED
+CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling
...)
- atop 1.23-1.1 (low; bug #622794)
[lenny] - atop 1.23-1+lenny1 (bug #622794)
[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
@@ -285933,8 +286020,7 @@ CVE-2011-3372 (imap/nntpd.c in the NNTP server
(nntpd) for Cyrus IMAPd 2.4.x bef
[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in
include/functio ...)
NOT-FOR-US: PunBB
-CVE-2011-3370
- RESERVED
+CVE-2011-3370 (statusnet before 0.9.9 has XSS ...)
- statusnet <itp> (bug #491723)
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe
before 0. ...)
- etherape 0.9.12-1 (low; bug #645324)
@@ -287299,11 +287385,9 @@ CVE-2011-2938 (Multiple cross-site scripting (XSS)
vulnerabilities in filter_api
CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages
functional ...)
- roundcube 0.5.4+dfsg-1 (low; bug #641996)
[squeeze] - roundcube <no-dsa> (Minor issue)
-CVE-2011-2936
- RESERVED
+CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...)
- elgg <itp> (bug #526197)
-CVE-2011-2935
- RESERVED
+CVE-2011-2935 (Elgg through 1.7.10 has XSS ...)
- elgg <itp> (bug #526197)
CVE-2011-2934
RESERVED
@@ -287417,8 +287501,7 @@ CVE-2011-2898 (net/packet/af_packet.c in the Linux
kernel before 2.6.39.3 does n
{DSA-2389-1}
- linux-2.6 3.0.0-1
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
-CVE-2011-2897
- RESERVED
+CVE-2011-2897 (gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when
initiali ...)
- gdk-pixbuf <not-affected> (This only applies to the old standalone
copy shipped until Lenny)
CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c
in the ...)
{DSA-2426-1 DSA-2354-1}
@@ -299461,8 +299544,7 @@ CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec
scripts in Shrew Soft IKE 2.
CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the
LD_LIBRARY_PATH, ...)
- hipo <removed> (bug #598291)
[lenny] - hipo <no-dsa> (Minor issue)
-CVE-2010-3359 [gargoyle: insecure library loading]
- RESERVED
+CVE-2010-3359 (If LD_LIBRARY_PATH is undefined in gargoyle-free before
2009-08-25, th ...)
- gargoyle-free 2009-08-25-2
NOTE:
http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory
name in th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/975f7f5678a0aba93b032e694e4a3e15ad7471bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/975f7f5678a0aba93b032e694e4a3e15ad7471bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
