[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 10 21:10:33 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
addd20ea by security tracker role at 2019-07-10T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2019-13482
+ RESERVED
+CVE-2019-13481
+ RESERVED
+CVE-2019-13480
+ RESERVED
+CVE-2019-13479
+ RESERVED
+CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...)
+ TODO: check
CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-13477
@@ -167,8 +177,8 @@ CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to ex
NOT-FOR-US: Dynacolor
CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker ...)
NOT-FOR-US: osTicket
-CVE-2019-13396
- RESERVED
+CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local File Inc ...)
+ TODO: check
CVE-2019-13395
RESERVED
CVE-2019-13394
@@ -458,14 +468,14 @@ CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be triggered
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
NOT-FOR-US: TRENDnet
-CVE-2019-13279
- RESERVED
-CVE-2019-13278
- RESERVED
+CVE-2019-13279 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
+ TODO: check
+CVE-2019-13278 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
+ TODO: check
CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows a ...)
NOT-FOR-US: TRENDnet TEW-827DRU
-CVE-2019-13276
- RESERVED
+CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
+ TODO: check
CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before ...)
NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress
CVE-2019-13274
@@ -537,8 +547,8 @@ CVE-2019-13242 (IrfanView 4.52 has a User Mode Write AV starting at image0040000
CVE-2019-13241 (FlightCrew v0.9.2 and older are vulnerable to a directory traversal, a ...)
- flightcrew <unfixed>
NOTE: https://github.com/Sigil-Ebook/flightcrew/issues/52
-CVE-2019-13240
- RESERVED
+CVE-2019-13240 (An issue was discovered in GLPI before 9.4.1. After a successful passw ...)
+ TODO: check
CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb
@@ -579,10 +589,10 @@ CVE-2019-13233 (In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, th
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
NOTE: Fixed by: https://git.kernel.org/linus/de9f869616dd95e95c00bdd6b0fcd3421e8a4323
-CVE-2019-13225
- RESERVED
-CVE-2019-13224
- RESERVED
+CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9 ...)
+ TODO: check
+CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...)
+ TODO: check
CVE-2019-13223
RESERVED
CVE-2019-13222
@@ -806,8 +816,7 @@ CVE-2019-13133 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in t
- imagemagick <not-affected> (Only affects Imagemagick 7)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1600
-CVE-2019-13132 [denial of service via stack overflow]
- RESERVED
+CVE-2019-13132 (In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4. ...)
{DSA-4477-1 DLA-1849-1}
- zeromq3 4.3.1-5
NOTE: https://github.com/zeromq/libzmq/issues/3558
@@ -829,8 +838,8 @@ CVE-2019-13124
RESERVED
CVE-2019-13123
RESERVED
-CVE-2019-13122
- RESERVED
+CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the template tag ...)
+ TODO: check
CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
RESERVED
[experimental] - gitlab 11.10.8+dfsg-1
@@ -984,8 +993,8 @@ CVE-2018-20848 (Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.p
CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allow ...)
- zoneminder <unfixed>
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
-CVE-2019-13071
- RESERVED
+CVE-2019-13071 (CSRF in the Agent/Center component of CyberPower PowerPanel Business E ...)
+ TODO: check
CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...)
NOT-FOR-US: CyberPower PowerPanel Business Edition
CVE-2019-13069
@@ -1260,6 +1269,7 @@ CVE-2019-12967
CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution during a J ...)
NOT-FOR-US: FeHelper
CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...)
+ {DLA-1851-1}
- openjpeg2 <unfixed> (bug #931294)
NOTE: https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
NOTE: https://github.com/uclouvain/openjpeg/issues/431
@@ -1912,10 +1922,10 @@ CVE-2019-12726
RESERVED
CVE-2019-12725
RESERVED
-CVE-2019-12724
- RESERVED
-CVE-2019-12723
- RESERVED
+CVE-2019-12724 (An issue was discovered in the Teclib News plugin through 1.5.2 for GL ...)
+ TODO: check
+CVE-2019-12723 (An issue was discovered in the Teclib Fields plugin through 1.9.2 for ...)
+ TODO: check
CVE-2019-12722
RESERVED
CVE-2019-12721
@@ -2454,56 +2464,47 @@ CVE-2019-12476 (An authentication bypass vulnerability in the password reset fun
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-12475
RESERVED
-CVE-2019-12474
- RESERVED
+CVE-2019-12474 (Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Pri ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T212118
-CVE-2019-12473
- RESERVED
+CVE-2019-12473 (Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing inv ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T204729
-CVE-2019-12472
- RESERVED
+CVE-2019-12472 (An Incorrect Access Control vulnerability was found in Wikimedia Media ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T199540
-CVE-2019-12471
- RESERVED
+CVE-2019-12471 (Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaSc ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T207603
-CVE-2019-12470
- RESERVED
+CVE-2019-12470 (Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppr ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T222038
-CVE-2019-12469
- RESERVED
+CVE-2019-12469 (MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed user ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T222036
-CVE-2019-12468
- RESERVED
+CVE-2019-12468 (An Incorrect Access Control vulnerability was found in Wikimedia Media ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T197279
-CVE-2019-12467
- RESERVED
+CVE-2019-12467 (MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T209794
-CVE-2019-12466
- RESERVED
+CVE-2019-12466 (Wikimedia MediaWiki through 1.32.1 allows CSRF. ...)
{DSA-4460-1}
- mediawiki 1:1.31.2-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
@@ -4632,8 +4633,8 @@ CVE-2019-11652
RESERVED
CVE-2019-11651
RESERVED
-CVE-2019-11650
- RESERVED
+CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...)
+ TODO: check
CVE-2019-11649 (Cross-Site Scripting vulnerability in Micro Focus Fortify Software Sec ...)
NOT-FOR-US: Micro Focus Fortify software security center server
CVE-2019-11648 (An information leakage exists in Micro Focus NetIQ Self Service Passwo ...)
@@ -6433,8 +6434,8 @@ CVE-2019-10968
RESERVED
CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based ...)
NOT-FOR-US: Emerson
-CVE-2019-10966
- RESERVED
+CVE-2019-10966 (In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exis ...)
+ TODO: check
CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based b ...)
NOT-FOR-US: Emerson
CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, ...)
@@ -7307,8 +7308,8 @@ CVE-2019-10654 (The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as us
- lrzip <unfixed> (unimportant)
NOTE: https://github.com/ckolivas/lrzip/issues/108
NOTE: Crash in CLI tool, no security impact
-CVE-2019-10653
- RESERVED
+CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL injection vulne ...)
+ TODO: check
CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...)
NOT-FOR-US: flatCore
CVE-2019-10651
@@ -8322,6 +8323,7 @@ CVE-2019-10193 [Stack buffer overflow]
NOTE: https://github.com/antirez/redis/commit/12b5ff109508c2a192f700c7738da7e7f09670f1 (5.0.4)
CVE-2019-10192 [Heap buffer overflow]
RESERVED
+ {DLA-1850-1}
- redis 5:5.0.4-1 (bug #931625)
NOTE: https://github.com/antirez/redis/issues/6215 (upstream announcement)
NOTE: https://github.com/antirez/redis/commit/e216ceaf0e099536fe3658a29dcb725d812364e0
@@ -8588,14 +8590,14 @@ CVE-2019-10124
REJECTED
CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which ...)
NOT-FOR-US: Advanced InfoData Systems (AIS)
-CVE-2019-10122
- RESERVED
-CVE-2019-10121
- RESERVED
-CVE-2019-10120
- RESERVED
-CVE-2019-10119
- RESERVED
+CVE-2019-10122 (eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43 ...)
+ TODO: check
+CVE-2019-10121 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...)
+ TODO: check
+CVE-2019-10120 (On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3 ...)
+ TODO: check
+CVE-2019-10119 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...)
+ TODO: check
CVE-2019-10118 (Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and ...)
NOT-FOR-US: Snipe-IT
CVE-2019-10117 (An Open Redirect issue was discovered in GitLab Community and Enterpri ...)
@@ -9005,7 +9007,7 @@ CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
NOT-FOR-US: Western Digital
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
- {DLA-1834-1}
+ {DLA-1852-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
- python3.6 <removed>
- python3.5 <removed>
@@ -21673,10 +21675,10 @@ CVE-2019-5223
RESERVED
CVE-2019-5222
RESERVED
-CVE-2019-5221
- RESERVED
-CVE-2019-5220
- RESERVED
+CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software ...)
+ TODO: check
+CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...)
+ TODO: check
CVE-2019-5219 (There is a double free vulnerability on certain drivers of Huawei Mate ...)
NOT-FOR-US: Huawei
CVE-2019-5218
@@ -31166,8 +31168,8 @@ CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Pr
NOT-FOR-US: Cisco
CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco Prime S ...)
NOT-FOR-US: Cisco
-CVE-2019-1873
- RESERVED
+CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive Securit ...)
+ TODO: check
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication Server (VCS) ...)
NOT-FOR-US: Cisco
CVE-2019-1871
@@ -34863,68 +34865,52 @@ CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Di
CVE-2018-19585 (GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19584
- RESERVED
+CVE-2018-19584 (GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 ...)
- gitlab <not-affected> (Specific to Enterprise edition)
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19583
- RESERVED
+CVE-2018-19583 (GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19582
- RESERVED
+CVE-2018-19582 (GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affe ...)
- gitlab <not-affected> (Specific to Enterprise edition)
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19581
- RESERVED
+CVE-2018-19581 (GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, ...)
- gitlab <not-affected> (Specific to Enterprise edition)
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19580
- RESERVED
+CVE-2018-19580 (All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not sen ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19579
- RESERVED
+CVE-2018-19579 (GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability ...)
- gitlab <not-affected> (Specific to Enterprise edition)
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19578
- RESERVED
+CVE-2018-19578 (GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure ob ...)
- gitlab <not-affected> (Specific to Enterprise edition)
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19577
- RESERVED
+CVE-2018-19577 (Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19576
- RESERVED
+CVE-2018-19576 (GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19575
- RESERVED
+CVE-2018-19575 (GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11. ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19574
- RESERVED
+CVE-2018-19574 (GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19573
- RESERVED
+CVE-2018-19573 (GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11. ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19572
- RESERVED
+CVE-2018-19572 (GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-c ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19571
- RESERVED
+CVE-2018-19571 (GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11. ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19570
- RESERVED
+CVE-2018-19570 (GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19569
- RESERVED
+CVE-2018-19569 (GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19568 (A floating point exception in kodak_radc_load_raw in dcraw through 9.2 ...)
@@ -35361,24 +35347,24 @@ CVE-2019-0328
RESERVED
CVE-2019-0327
RESERVED
-CVE-2019-0326
- RESERVED
-CVE-2019-0325
- RESERVED
+CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Ent ...)
+ TODO: check
+CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary author ...)
+ TODO: check
CVE-2019-0324
RESERVED
CVE-2019-0323
RESERVED
-CVE-2019-0322
- RESERVED
-CVE-2019-0321
- RESERVED
+CVE-2019-0322 (SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, ...)
+ TODO: check
+CVE-2019-0321 (ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, d ...)
+ TODO: check
CVE-2019-0320
RESERVED
-CVE-2019-0319
- RESERVED
-CVE-2019-0318
- RESERVED
+CVE-2019-0319 (The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker ...)
+ TODO: check
+CVE-2019-0318 (Under certain conditions SAP NetWeaver Application Server for Java (St ...)
+ TODO: check
CVE-2019-0317
RESERVED
CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITO ...)
@@ -35451,8 +35437,8 @@ CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in vers
NOT-FOR-US: SAP
CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...)
NOT-FOR-US: SAP
-CVE-2019-0281
- RESERVED
+CVE-2019-0281 (SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 ...)
+ TODO: check
CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6. ...)
NOT-FOR-US: SAP
CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...)
@@ -35714,20 +35700,16 @@ CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/f
[stretch] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
NOTE: https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d
-CVE-2018-19496
- RESERVED
+CVE-2018-19496 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19495
- RESERVED
+CVE-2018-19495 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19494
- RESERVED
+CVE-2018-19494 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
-CVE-2018-19493
- RESERVED
+CVE-2018-19493 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab 11.3.11+dfsg-1
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19492 (An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allo ...)
@@ -42264,8 +42246,8 @@ CVE-2018-17149
RESERVED
CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to credential di ...)
NOT-FOR-US: Nagios XI
-CVE-2018-17147
- RESERVED
+CVE-2018-17147 (Nagios XI before 5.5.4 has XSS in the auto login admin management page ...)
+ TODO: check
CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 ...)
NOT-FOR-US: Nagios XI
CVE-2018-17145
@@ -48168,8 +48150,8 @@ CVE-2018-14833 (Intuit Lacerte 2017 has Incorrect Access Control. ...)
NOT-FOR-US: Intuit
CVE-2018-14832
RESERVED
-CVE-2018-14831
- RESERVED
+CVE-2018-14831 (An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote a ...)
+ TODO: check
CVE-2018-14830
RESERVED
CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vu ...)
@@ -49155,8 +49137,7 @@ CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221
NOTE: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/db7a4be592328af06d776ce3bab24b8c6de5be20
-CVE-2018-14550 [stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token()]
- RESERVED
+CVE-2018-14550 (An issue has been found in third-party PNM decoding associated with li ...)
[experimental] - libpng1.6 1.6.37-1~exp1
- libpng1.6 1.6.37-1 (unimportant)
- libpng <removed> (unimportant)
@@ -49304,12 +49285,12 @@ CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJ
NOTE: https://github.com/mozilla/mozjpeg/issues/299
CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
NOT-FOR-US: Tenda D152 ADSL routers
-CVE-2018-14496
- RESERVED
-CVE-2018-14495
- RESERVED
-CVE-2018-14494
- RESERVED
+CVE-2018-14496 (Vivotek FD8136 devices allow remote memory corruption and remote code ...)
+ TODO: check
+CVE-2018-14495 (Vivotek FD8136 devices allow Remote Command Injection, aka "another co ...)
+ TODO: check
+CVE-2018-14494 (Vivotek FD8136 devices allow Remote Command Injection, related to Busy ...)
+ TODO: check
CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Au ...)
NOT-FOR-US: Open-Audit Community
CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, ...)
@@ -53925,20 +53906,20 @@ CVE-2018-12630 (NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the se
NOT-FOR-US: NEWMARK (aka New Mark) NMCMS 2.1
CVE-2018-12629
RESERVED
-CVE-2018-12628
- RESERVED
-CVE-2018-12627
- RESERVED
-CVE-2018-12626
- RESERVED
-CVE-2018-12625
- RESERVED
+CVE-2018-12628 (An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users. ...)
+ TODO: check
+CVE-2018-12627 (An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via ...)
+ TODO: check
+CVE-2018-12626 (An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS vi ...)
+ TODO: check
+CVE-2018-12625 (An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS ...)
+ TODO: check
CVE-2018-12624 (An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XS ...)
NOT-FOR-US: Eventum
-CVE-2018-12623
- RESERVED
-CVE-2018-12622
- RESERVED
+CVE-2018-12623 (An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS vi ...)
+ TODO: check
+CVE-2018-12622 (An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has X ...)
+ TODO: check
CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Op ...)
NOT-FOR-US: Eventum
CVE-2018-12620
@@ -56562,8 +56543,8 @@ CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/im
NOT-FOR-US: Pluck CMS
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or ...)
NOT-FOR-US: Ximdex
-CVE-2018-11734
- RESERVED
+CVE-2018-11734 (In e107 v2.1.7, output without filtering results in XSS. ...)
+ TODO: check
CVE-2018-11733
RESERVED
CVE-2018-11732
@@ -60091,8 +60072,8 @@ CVE-2018-10533
RESERVED
CVE-2018-10532 (An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 dev ...)
NOT-FOR-US: EE 4GEE HH70VB-2BE8GB3s
-CVE-2018-10531
- RESERVED
+CVE-2018-10531 (An issue was discovered in the America's Army Proving Grounds platform ...)
+ TODO: check
CVE-2018-10530
RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...)
@@ -104221,8 +104202,8 @@ CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f2c26fa4db84e92d754c7f8b269db2883cf7f32c
CVE-2017-12653 (360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escal ...)
NOT-FOR-US: 360 Total Security
-CVE-2017-12652
- RESERVED
+CVE-2017-12652 (libpng before 1.6.32 does not properly check the length of chunks agai ...)
+ TODO: check
CVE-2017-12651 (Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelis ...)
NOT-FOR-US: Loginizer plugin for WordPress
CVE-2017-12650 (SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPres ...)
@@ -121240,8 +121221,8 @@ CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
NOT-FOR-US: Starscream
CVE-2017-7190
RESERVED
-CVE-2017-7189
- RESERVED
+CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsocko ...)
+ TODO: check
CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a b ...)
NOT-FOR-US: Zurmo
CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)
@@ -124125,8 +124106,8 @@ CVE-2017-6219
RESERVED
CVE-2017-6218
RESERVED
-CVE-2017-6217
- RESERVED
+CVE-2017-6217 (paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XS ...)
+ TODO: check
CVE-2017-6216 (novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a ref ...)
NOT-FOR-US: novaksolutions/infusionsoft-php-sdk
CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the sampl ...)
@@ -142579,6 +142560,7 @@ CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of con
NOTE: https://github.com/uclouvain/openjpeg/issues/856
NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cp ...)
+ {DLA-1851-1}
- openjpeg2 2.1.2-1.2 (bug #844551)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/addd20ea595eb169c0b765adffb3fd346416de66
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/addd20ea595eb169c0b765adffb3fd346416de66
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190710/14a665be/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list