[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Feb 18 08:10:26 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cffd0b8d by security tracker role at 2019-02-18T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2019-8441
+	RESERVED
+CVE-2019-8440
+	RESERVED
+CVE-2019-8439
+	RESERVED
+CVE-2019-8438
+	RESERVED
+CVE-2019-8437
+	RESERVED
+CVE-2019-8436 (imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] ...)
+	TODO: check
+CVE-2019-8435 (admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. ...)
+	TODO: check
+CVE-2019-8434 (In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. ...)
+	TODO: check
+CVE-2019-8433 (JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the ...)
+	TODO: check
+CVE-2019-8432 (In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. ...)
+	TODO: check
+CVE-2019-8431
+	RESERVED
+CVE-2019-8430
+	RESERVED
+CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php ...)
+	TODO: check
+CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the ...)
+	TODO: check
+CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before 1.32.3 ...)
+	TODO: check
+CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...)
+	TODO: check
+CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in the ...)
+	TODO: check
+CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort ...)
+	TODO: check
+CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the ...)
+	TODO: check
+CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the ...)
+	TODO: check
+CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS through ...)
+	TODO: check
+CVE-2019-8420
+	RESERVED
+CVE-2019-8419 (VNote 2.2 has XSS via a new text note. ...)
+	TODO: check
+CVE-2019-8418 (SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. ...)
+	TODO: check
+CVE-2019-8417
+	RESERVED
+CVE-2019-8416
+	RESERVED
+CVE-2019-8415
+	RESERVED
+CVE-2019-8414
+	RESERVED
+CVE-2013-7469
+	RESERVED
 CVE-2019-8413 (On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer ...)
 	NOT-FOR-US: Xiaomi
 CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or ...)
@@ -1577,6 +1635,7 @@ CVE-2019-7664 (In elfutils 0.175, a negative-sized memcpy is attempted in elf_cv
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24084
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32
 CVE-2019-7663 (An Invalid Address dereference was discovered in ...)
+	{DLA-1680-1}
 	- tiff 4.0.10-4
 	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>
@@ -1617,8 +1676,8 @@ CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 h
 	- rdflib 4.2.2-2 (bug #921751)
 	NOTE: Debian specific issue as respective scripts are overwritten in Debian
 	NOTE: packaging as wrappers invoking python -m.
-CVE-2019-7649
-	RESERVED
+CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies ...)
+	TODO: check
 CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in Hotels_Server ...)
 	NOT-FOR-US: Hotels_Server
 CVE-2019-7647
@@ -2258,7 +2317,7 @@ CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack a
 CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...)
 	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453
-CVE-2019-7397 (In ImageMagick before 7.0.8-25, several memory leaks exist in ...)
+CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, ...)
 	- imagemagick <unfixed> (unimportant)
 	- graphicsmagick 1.4~hg15896-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82
@@ -22185,6 +22244,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...)
 CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function ...)
 	NOTE: Duplicate of CVE-2018-10754
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the ...)
+	{DLA-1680-1}
 	- tiff 4.0.10-4 (bug #913675)
 	[stretch] - tiff <postponed> (Minor issue, revisit when fixed upstream)
 	- tiff3 <removed>
@@ -27841,6 +27901,7 @@ CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS ...)
 CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS ...)
 	NOT-FOR-US: RICOH
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
+	{DLA-1680-1}
 	- tiff 4.0.10-4 (bug #908778)
 	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd0b8d08b4e91d0edea4e043fa21d24b9886ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd0b8d08b4e91d0edea4e043fa21d24b9886ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190218/eb412c89/attachment.html>

More information about the debian-security-tracker-commits mailing list