[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Apr 3 09:10:23 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70155b7f by security tracker role at 2019-04-03T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-10722
+	RESERVED
+CVE-2019-10721
+	RESERVED
+CVE-2019-10720
+	RESERVED
+CVE-2019-10719
+	RESERVED
+CVE-2019-10718
+	RESERVED
+CVE-2019-10717
+	RESERVED
+CVE-2019-10716
+	RESERVED
+CVE-2019-10715
+	RESERVED
+CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32  ...)
+	TODO: check
+CVE-2019-10713
+	RESERVED
+CVE-2019-10712
+	RESERVED
+CVE-2019-10711
+	RESERVED
+CVE-2019-10710
+	RESERVED
+CVE-2019-10709
+	RESERVED
 CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike i ...)
 	NOT-FOR-US: S-CMS PHP
 CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. ...)
@@ -68,8 +96,8 @@ CVE-2019-10675
 	REJECTED
 CVE-2019-10674
 	RESERVED
-CVE-2019-10673
-	RESERVED
+CVE-2019-10673 (A CSRF vulnerability in a logged-in user's profile edit form in the Ul ...)
+	TODO: check
 CVE-2019-10671
 	RESERVED
 CVE-2019-10670
@@ -10627,8 +10655,8 @@ CVE-2019-6533 (Registers used to store Modbus values can be read and written fro
 	NOT-FOR-US: PR100088 Modbus
 CVE-2019-6532
 	RESERVED
-CVE-2019-6531
-	RESERVED
+CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request from the  ...)
+	TODO: check
 CVE-2019-6530
 	RESERVED
 CVE-2019-6529
@@ -10678,8 +10706,8 @@ CVE-2019-6508 (An issue was discovered in creditease-sec insight through 2018-09
 	NOT-FOR-US: creditease-sec
 CVE-2019-6507 (An issue was discovered in creditease-sec insight through 2018-09-11.  ...)
 	NOT-FOR-US: creditease-sec
-CVE-2019-6506
-	RESERVED
+CVE-2019-6506 (SalesAgility SuiteCRM 7.11.0 allows SQL Injection. ...)
+	TODO: check
 CVE-2019-6505
 	RESERVED
 CVE-2019-6504 (Insufficient output sanitization in the Automic Web Interface (AWI), i ...)
@@ -11734,7 +11762,7 @@ CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of t
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed
-CVE-2019-6129 (png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as ...)
+CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a  ...)
 	- libpng1.6 <unfixed> (unimportant)
 	- libpng <removed> (unimportant)
 	NOTE: https://github.com/glennrp/libpng/issues/269
@@ -31961,8 +31989,8 @@ CVE-2018-18037
 	RESERVED
 CVE-2018-18036
 	RESERVED
-CVE-2018-18035
-	RESERVED
+CVE-2018-18035 (A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 cou ...)
+	TODO: check
 CVE-2018-18034
 	RESERVED
 CVE-2018-18033
@@ -116353,12 +116381,12 @@ CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-T
 	NOT-FOR-US: BLF-Tech LLC VisualView HMI
 CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2. ...)
 	NOT-FOR-US: Ecava IntegraXor
-CVE-2017-6049
-	RESERVED
+CVE-2017-6049 (Detcon Sitewatch Gateway, all versions without cellular, an attacker c ...)
+	TODO: check
 CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet Data L ...)
 	NOT-FOR-US: Satel Iberia SenNet Data Logger and Electricity Meters
-CVE-2017-6047
-	RESERVED
+CVE-2017-6047 (Detcon Sitewatch Gateway, all versions without cellular, Passwords are ...)
+	TODO: check
 CVE-2017-6046 (An Insufficiently Protected Credentials issue was discovered in Sierra ...)
 	NOT-FOR-US: Sierra Wireless AirLink Raven
 CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral VTScada Vers ...)
@@ -126818,14 +126846,14 @@ CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All
 	NOT-FOR-US: Siemens
 CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...)
 	NOT-FOR-US: Siemens
-CVE-2017-2679
-	RESERVED
-CVE-2017-2678
-	RESERVED
-CVE-2017-2677
-	RESERVED
-CVE-2017-2676
-	RESERVED
+CVE-2017-2679 (Reason: The CNA or individual who requested this candidate did not ass ...)
+	TODO: check
+CVE-2017-2678 (Reason: The CNA or individual who requested this candidate did not ass ...)
+	TODO: check
+CVE-2017-2677 (Reason: The CNA or individual who requested this candidate did not ass ...)
+	TODO: check
+CVE-2017-2676 (Reason: The CNA or individual who requested this candidate did not ass ...)
+	TODO: check
 CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privilege  ...)
 	NOT-FOR-US: Little Snitch
 CVE-2017-2674 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored X ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70155b7f4c2603ba7aee307ce2cb4524eae31abd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70155b7f4c2603ba7aee307ce2cb4524eae31abd
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190403/7015002a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list