[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Aug 15 21:10:44 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b95a0f9f by security tracker role at 2019-08-15T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2019-15082
+	RESERVED
+CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
+	TODO: check
+CVE-2019-15080
+	RESERVED
+CVE-2019-15079
+	RESERVED
+CVE-2019-15078
+	RESERVED
+CVE-2019-15077
+	RESERVED
+CVE-2019-15076
+	RESERVED
+CVE-2019-15075
+	RESERVED
+CVE-2019-15074
+	RESERVED
+CVE-2019-15073
+	RESERVED
+CVE-2019-15072
+	RESERVED
+CVE-2019-15071
+	RESERVED
+CVE-2019-15070
+	RESERVED
+CVE-2019-15069
+	RESERVED
+CVE-2019-15068
+	RESERVED
+CVE-2019-15067
+	RESERVED
+CVE-2019-15066
+	RESERVED
+CVE-2019-15065
+	RESERVED
+CVE-2019-15064
+	RESERVED
+CVE-2017-18525
+	RESERVED
+CVE-2017-18524
+	RESERVED
+CVE-2017-18523
+	RESERVED
+CVE-2017-18522
+	RESERVED
+CVE-2017-18521
+	RESERVED
+CVE-2017-18520
+	RESERVED
+CVE-2017-18519
+	RESERVED
+CVE-2017-18518
+	RESERVED
+CVE-2017-18517
+	RESERVED
+CVE-2017-18516
+	RESERVED
+CVE-2016-10893
+	RESERVED
+CVE-2016-10892
+	RESERVED
+CVE-2016-10891
+	RESERVED
+CVE-2016-10890
+	RESERVED
+CVE-2015-9319
+	RESERVED
+CVE-2015-9318
+	RESERVED
+CVE-2015-9317
+	RESERVED
 CVE-2019-XXXX [division by zero in the query planner]
 	- sqlite3 3.29.0-2
 	NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
@@ -739,8 +811,8 @@ CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate
 	NOT-FOR-US: Jitbit Helpdesk
 CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress  ...)
 	NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
-CVE-2019-14800
-	RESERVED
+CVE-2019-14800 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress  ...)
+	TODO: check
 CVE-2019-14799 (The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress  ...)
 	NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
 CVE-2019-14798 (The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authent ...)
@@ -749,8 +821,8 @@ CVE-2019-14797 (The 10Web Photo Gallery plugin before 1.5.23 for WordPress has a
 	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
 CVE-2019-14796 (The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products  ...)
 	NOT-FOR-US: mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin for WordPress
-CVE-2019-14795
-	RESERVED
+CVE-2019-14795 (The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress h ...)
+	TODO: check
 CVE-2019-14794 (The Meta Box plugin before 4.16.2 for WordPress mishandles the uploadi ...)
 	NOT-FOR-US: Meta Box plugin for WordPress
 CVE-2019-14793 (The Meta Box plugin before 4.16.3 for WordPress allows file deletion v ...)
@@ -759,20 +831,20 @@ CVE-2019-14792 (The WP Google Maps plugin before 7.11.35 for WordPress allows XS
 	NOT-FOR-US: WP Google Maps plugin for WordPress
 CVE-2019-14791 (The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XS ...)
 	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
-CVE-2019-14790
-	RESERVED
-CVE-2019-14789
-	RESERVED
-CVE-2019-14788
-	RESERVED
+CVE-2019-14790 (The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS ...)
+	TODO: check
+CVE-2019-14789 (The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin ...)
+	TODO: check
+CVE-2019-14788 (wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribu ...)
+	TODO: check
 CVE-2019-14787 (The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XS ...)
 	NOT-FOR-US: Tribulant Newsletters plugin for WordPress
-CVE-2019-14786
-	RESERVED
+CVE-2019-14786 (The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users t ...)
+	TODO: check
 CVE-2019-14785 (The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress h ...)
 	NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress
-CVE-2019-14784
-	RESERVED
+CVE-2019-14784 (The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress h ...)
+	TODO: check
 CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
 	NOT-FOR-US: Samsung
 CVE-2019-14782
@@ -840,8 +912,8 @@ CVE-2019-14757
 	RESERVED
 CVE-2019-14756
 	RESERVED
-CVE-2019-14755
-	RESERVED
+CVE-2019-14755 (The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows U ...)
+	TODO: check
 CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
 	NOT-FOR-US: Open-School
 CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows X ...)
@@ -1409,8 +1481,8 @@ CVE-2019-14520
 	RESERVED
 CVE-2019-14519
 	RESERVED
-CVE-2019-14518
-	RESERVED
+CVE-2019-14518 (** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and ne ...)
+	TODO: check
 CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javascript: string. ...)
 	NOT-FOR-US: pandao Editor.md
 CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...)
@@ -2221,8 +2293,8 @@ CVE-2019-14424
 	RESERVED
 CVE-2019-14423
 	RESERVED
-CVE-2019-14422
-	RESERVED
+CVE-2019-14422 (An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI han ...)
+	TODO: check
 CVE-2019-14421
 	RESERVED
 CVE-2019-14420
@@ -5238,8 +5310,8 @@ CVE-2019-13580
 	RESERVED
 CVE-2019-13579
 	RESERVED
-CVE-2019-13578
-	RESERVED
+CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give plugin ...)
+	TODO: check
 CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...)
 	NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator
 CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
@@ -5380,20 +5452,20 @@ CVE-2019-13518
 	RESERVED
 CVE-2019-13517
 	RESERVED
-CVE-2019-13516
-	RESERVED
-CVE-2019-13515
-	RESERVED
-CVE-2019-13514
-	RESERVED
-CVE-2019-13513
-	RESERVED
-CVE-2019-13512
-	RESERVED
-CVE-2019-13511
-	RESERVED
-CVE-2019-13510
-	RESERVED
+CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...)
+	TODO: check
+CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive in ...)
+	TODO: check
+CVE-2019-13514 (In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior,  ...)
+	TODO: check
+CVE-2019-13513 (In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior,  ...)
+	TODO: check
+CVE-2019-13512 (Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out- ...)
+	TODO: check
+CVE-2019-13511 (Rockwell Automation Arena Simulation Software versions 16.00.00 and ea ...)
+	TODO: check
+CVE-2019-13510 (Rockwell Automation Arena Simulation Software versions 16.00.00 and ea ...)
+	TODO: check
 CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06. ...)
 	- docker.io 18.09.1+dfsg1-8 (bug #932673)
 	[buster] - docker.io <no-dsa> (Minor issue)
@@ -5713,8 +5785,7 @@ CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with a
 	NOT-FOR-US: AVTECH Room Alert
 CVE-2019-13378
 	RESERVED
-CVE-2019-13377 [Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves]
-	RESERVED
+CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2 ...)
 	- wpa 2:2.9-1 (bug #934180)
 	[stretch] - wpa <not-affected> (Introduced in 2.5)
 	[jessie] - wpa <not-affected> (Introduced in 2.5)
@@ -6132,20 +6203,20 @@ CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6
 	[buster] - libonig <no-dsa> (Minor issue)
 	[stretch] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
-CVE-2019-13223
-	RESERVED
-CVE-2019-13222
-	RESERVED
-CVE-2019-13221
-	RESERVED
-CVE-2019-13220
-	RESERVED
-CVE-2019-13219
-	RESERVED
-CVE-2019-13218
-	RESERVED
-CVE-2019-13217
-	RESERVED
+CVE-2019-13223 (A reachable assertion in the lookup1_values function in stb_vorbis thr ...)
+	TODO: check
+CVE-2019-13222 (An out-of-bounds read of a global buffer in the draw_line function in  ...)
+	TODO: check
+CVE-2019-13221 (A stack buffer overflow in the compute_codewords function in stb_vorbi ...)
+	TODO: check
+CVE-2019-13220 (Use of uninitialized stack variables in the start_decoder function in  ...)
+	TODO: check
+CVE-2019-13219 (A NULL pointer dereference in the get_window function in stb_vorbis th ...)
+	TODO: check
+CVE-2019-13218 (Division by zero in the predict_point function in stb_vorbis through 2 ...)
+	TODO: check
+CVE-2019-13217 (A heap buffer overflow in the start_decoder function in stb_vorbis thr ...)
+	TODO: check
 CVE-2019-13216
 	RESERVED
 CVE-2019-13215
@@ -7155,8 +7226,7 @@ CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1, X
 	[jessie] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/pull/1147
 	NOTE: https://twistedmatrix.com/trac/ticket/9561
-CVE-2019-12854 [denial of service in cachemgr.cgi]
-	RESERVED
+CVE-2019-12854 (Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4. ...)
 	- squid 4.8-1
 	- squid3 <not-affected> (Vulnerable code not present; Vulnerable code only in 4.x series)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
@@ -7271,8 +7341,8 @@ CVE-2019-12811
 	RESERVED
 CVE-2019-12810
 	RESERVED
-CVE-2019-12809
-	RESERVED
+CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...)
+	TODO: check
 CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...)
 	NOT-FOR-US: ALTOOLS update service
 CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...)
@@ -11527,8 +11597,7 @@ CVE-2019-11190 (The Linux kernel before 4.8 allows local users to bypass ASLR on
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
 CVE-2019-11188
 	RESERVED
-CVE-2019-11187 [Perform stricter check on LDAP success/failure]
-	RESERVED
+CVE-2019-11187 (Incorrect Access Control in the LDAP class of GONICUS GOsa through 201 ...)
 	{DLA-1876-1 DLA-1875-1}
 	- fusiondirectory 1.2.3-5
 	[buster] - fusiondirectory <no-dsa> (Minor issue)
@@ -11901,7 +11970,7 @@ CVE-2019-11039 (Function iconv_mime_decode_headers() in PHP versions 7.1.x below
 	- php5 <removed>
 	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
-CVE-2019-11038 (When using gdImageCreateFromXbm() function of PHP gd extension in PHP  ...)
+CVE-2019-11038 (When using the gdImageCreateFromXbm() function in the GD Graphics Libr ...)
 	{DLA-1817-1}
 	- libgd2 2.2.5-5.2 (low; bug #929821)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -14261,8 +14330,7 @@ CVE-2019-10141 (A vulnerability was found in openstack-ironic-inspector all vers
 	[stretch] - ironic-inspector <no-dsa> (Minor issue)
 	NOTE: https://review.opendev.org/#/c/660234/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1711722
-CVE-2019-10140
-	RESERVED
+CVE-2019-10140 (A vulnerability was found in Linux kernel's, versions up to 3.10, impl ...)
 	- linux <not-affected> (Vulnerability introduce in Red Hat specific backport)
 CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ans ...)
 	NOT-FOR-US: cockpit-ovirt
@@ -15819,10 +15887,13 @@ CVE-2019-9853
 	RESERVED
 CVE-2019-9852
 	RESERVED
+	{DSA-4501-1}
 CVE-2019-9851
 	RESERVED
+	{DSA-4501-1}
 CVE-2019-9850
 	RESERVED
+	{DSA-4501-1}
 CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from location ...)
 	{DSA-4483-1}
 	[experimental] - libreoffice 1:6.3.0~beta2-1
@@ -18265,14 +18336,14 @@ CVE-2019-9015 (A Path Traversal vulnerability was discovered in MOPCMS through 2
 	NOT-FOR-US: MOPCMS
 CVE-2019-9014
 	RESERVED
-CVE-2019-9013
-	RESERVED
-CVE-2019-9012
-	RESERVED
+CVE-2019-9013 (An issue was discovered in 3S-Smart CODESYS V3 products. The applicati ...)
+	TODO: check
+CVE-2019-9012 (An issue was discovered in 3S-Smart CODESYS V3 products. A crafted com ...)
+	TODO: check
 CVE-2019-9011
 	RESERVED
-CVE-2019-9010
-	RESERVED
+CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS G ...)
+	TODO: check
 CVE-2019-9009
 	RESERVED
 CVE-2019-9008
@@ -30290,8 +30361,8 @@ CVE-2019-3976
 	RESERVED
 CVE-2019-3975
 	RESERVED
-CVE-2019-3974
-	RESERVED
+CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to contain an ...)
+	TODO: check
 CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Deni ...)
 	NOT-FOR-US: Comodo Antivirus
 CVE-2019-3972 (Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Deni ...)
@@ -31811,10 +31882,10 @@ CVE-2019-3420
 	RESERVED
 CVE-2019-3419
 	RESERVED
-CVE-2019-3418
-	RESERVED
-CVE-2019-3417
-	RESERVED
+CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
+	TODO: check
+CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
+	TODO: check
 CVE-2019-3416
 	RESERVED
 CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
@@ -34623,7 +34694,7 @@ CVE-2019-2818 (Vulnerability in the Java SE component of Oracle Java SE (subcomp
 CVE-2019-2817 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2816 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
-	{DSA-4486-1 DSA-4485-1}
+	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
 	- openjdk-12 12.0.2+9-1
 	- openjdk-11 11.0.4+11-1
 	- openjdk-8 8u222-b10-1
@@ -34733,7 +34804,7 @@ CVE-2019-2771 (Vulnerability in the BI Publisher (formerly XML Publisher) compon
 CVE-2019-2770 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2769 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
-	{DSA-4486-1 DSA-4485-1}
+	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
 	- openjdk-12 12.0.2+9-1
 	- openjdk-11 11.0.4+11-1
 	- openjdk-8 8u222-b10-1
@@ -34754,7 +34825,7 @@ CVE-2019-2764 (Vulnerability in the Oracle Outside In Technology component of Or
 CVE-2019-2763 (Vulnerability in the Oracle Hospitality Gift and Loyalty component of  ...)
 	NOT-FOR-US: Oracle
 CVE-2019-2762 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
-	{DSA-4486-1 DSA-4485-1}
+	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
 	- openjdk-12 12.0.2+9-1
 	- openjdk-11 11.0.4+11-1
 	- openjdk-8 8u222-b10-1
@@ -34797,7 +34868,7 @@ CVE-2019-2747 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
 CVE-2019-2746 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2745 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
-	{DSA-4486-1 DSA-4485-1}
+	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
 	- openjdk-11 11.0.4+11-1
 	- openjdk-8 8u222-b10-1
 	- openjdk-7 <removed>
@@ -46833,8 +46904,8 @@ CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
 	NOT-FOR-US: MDaemon Webmail
 CVE-2018-17791
 	RESERVED
-CVE-2018-17790
-	RESERVED
+CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
+	TODO: check
 CVE-2018-17789
 	RESERVED
 CVE-2018-17788
@@ -54710,16 +54781,16 @@ CVE-2018-14674
 	RESERVED
 CVE-2018-14673
 	RESERVED
-CVE-2018-14672
-	RESERVED
-CVE-2018-14671
-	RESERVED
-CVE-2018-14670
-	RESERVED
-CVE-2018-14669
-	RESERVED
-CVE-2018-14668
-	RESERVED
+CVE-2018-14672 (In ClickHouse before 18.12.13, functions for loading CatBoost models a ...)
+	TODO: check
+CVE-2018-14671 (In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary share ...)
+	TODO: check
+CVE-2018-14670 (Incorrect configuration in deb package in ClickHouse before 1.1.54131  ...)
+	TODO: check
+CVE-2018-14669 (ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL ...)
+	TODO: check
+CVE-2018-14668 (In ClickHouse before 1.1.54388, "remote" table function allowed arbitr ...)
+	TODO: check
 CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
 	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904802)
@@ -56741,8 +56812,8 @@ CVE-2018-14010 (OS command injection in the guest Wi-Fi settings feature in /cgi
 	NOT-FOR-US: Xiaomi
 CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different vulnera ...)
 	NOT-FOR-US: Codiad
-CVE-2018-14008
-	RESERVED
+CVE-2018-14008 (Arista EOS through 4.21.0F allows a crash because 802.1x authenticatio ...)
+	TODO: check
 CVE-2018-14007 (Citrix XenServer 7.1 and newer allows Directory Traversal. ...)
 	NOT-FOR-US: xapi
 CVE-2018-14006 (An integer overflow vulnerability exists in the function multipleTrans ...)
@@ -61036,8 +61107,8 @@ CVE-2018-12358 (Service workers can use redirection to avoid the tainting of cro
 CVE-2018-12423 (In Synapse before 0.31.2, unauthorised users can hijack rooms when the ...)
 	- matrix-synapse 0.31.2+dfsg-1 (bug #901549)
 	NOTE: https://github.com/matrix-org/synapse/pull/3397
-CVE-2018-12357
-	RESERVED
+CVE-2018-12357 (Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. ...)
+	TODO: check
 CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple Passwor ...)
 	- password-store 1.7.2-1 (bug #901574)
 	[stretch] - password-store <not-affected> (Signature verification support added in 1.7)
@@ -61687,8 +61758,8 @@ CVE-2018-12103 (An issue was discovered on D-Link DIR-890L with firmware 1.21B02
 	NOT-FOR-US: D-Link
 CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function md_process_l ...)
 	NOT-FOR-US: md4c
-CVE-2018-12101
-	RESERVED
+CVE-2018-12101 (CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Res ...)
+	TODO: check
 CVE-2018-12100 (Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS i ...)
 	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. ...)
@@ -105429,8 +105500,8 @@ CVE-2017-14234
 	RESERVED
 CVE-2017-14233
 	RESERVED
-CVE-2017-14232
-	RESERVED
+CVE-2017-14232 (The read_chunk function in flif-dec.cpp in Free Lossless Image Format  ...)
+	TODO: check
 CVE-2017-14231 (GeniXCMS before 1.1.0 allows remote attackers to cause a denial of ser ...)
 	NOT-FOR-US: GenixCMS
 CVE-2017-14230 (In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP befo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b95a0f9f9da235deb33ceff6bdd5f4fd34c2047b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b95a0f9f9da235deb33ceff6bdd5f4fd34c2047b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190815/a589cc76/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list