[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81af9ff9 by security tracker role at 2019-02-04T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2019-7355
+	RESERVED
+CVE-2019-7354
+	RESERVED
+CVE-2019-7353
+	RESERVED
+CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7351 (Log Injection exists in ZoneMinder through 1.32.3, as an attacker can ...)
+	TODO: check
+CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an attacker ...)
+	TODO: check
+CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7348 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7347 (A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ...)
+	TODO: check
+CVE-2019-7346 (A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a ...)
+	TODO: check
+CVE-2019-7345 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7344 (Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker ...)
+	TODO: check
+CVE-2019-7343 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7342 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
+	TODO: check
+CVE-2019-7341 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7340 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
+	TODO: check
+CVE-2019-7339 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
+	TODO: check
+CVE-2019-7338 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an ...)
+	TODO: check
+CVE-2019-7337 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7336 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7335 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an ...)
+	TODO: check
+CVE-2019-7334 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7333 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7332 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7328 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7327 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7326 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through ...)
+	TODO: check
+CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...)
+	TODO: check
+CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...)
+	TODO: check
+CVE-2019-7322
+	RESERVED
+CVE-2019-7321
+	RESERVED
+CVE-2019-7320
+	RESERVED
+CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF ...)
+	TODO: check
 CVE-2019-7319
 	RESERVED
 CVE-2019-7318
@@ -7747,8 +7821,7 @@ CVE-2019-3815 (A memory leak was discovered in the backport of fixes for ...)
 	NOTE: specifically the backport of the fix for CVE-2018-16864.
 CVE-2019-3814
 	RESERVED
-CVE-2019-3813 [Off-by-one error in array access in spice/server/memslot.c]
-	RESERVED
+CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an ...)
 	{DSA-4375-1 DLA-1649-1}
 	- spice 0.14.0-1.3 (bug #920762)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2
@@ -8600,8 +8673,7 @@ CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport
 	- apt 1.8.0~alpha3.1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353
 	NOTE: https://justi.cz/security/2019/01/22/apt-rce.html
-CVE-2019-3461
-	RESERVED
+CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a ...)
 	{DSA-4365-1 DLA-1640-1}
 	- tmpreaper 1.6.14 (bug #918956)
 CVE-2019-3460 [Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp]
@@ -38779,8 +38851,7 @@ CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/4
 	NOTE: When fixing this issue the fix needs to be made complete to not open
 	NOTE: CVE-2018-11796. The full fix is only in 1.19.1 onwards.
-CVE-2018-11760
-	RESERVED
+CVE-2018-11760 (When using PySpark , it's possible for a different local user to ...)
 	NOT-FOR-US: Apache Spark
 CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised the ...)
 	{DSA-4357-1 DLA-1609-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81af9ff99adf9801610036f89364452760f1cd5c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81af9ff99adf9801610036f89364452760f1cd5c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190204/25bd6d3d/attachment.html>