[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 17 21:10:50 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff16a559 by security tracker role at 2019-06-17T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -133,8 +133,8 @@ CVE-2019-12802 (In radare2 through 3.5.1, the rcc_context function of libr/egg/e
[stretch] - radare2 <no-dsa> (Minor issue)
[jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/issues/14296
-CVE-2019-12801
- RESERVED
+CVE-2019-12801 (out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new ...)
+ TODO: check
CVE-2019-12800
RESERVED
CVE-2019-12819 (An issue was discovered in the Linux kernel before 5.0. The function _ ...)
@@ -196,8 +196,8 @@ CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer over-read
[stretch] - radare2 <no-dsa> (Minor issue)
[jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/issues/14211
-CVE-2019-12789
- RESERVED
+CVE-2019-12789 (An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, ...)
+ TODO: check
CVE-2019-12788 (An issue was discovered in Photodex ProShow Producer v9.0.3797 (an app ...)
NOT-FOR-US: Photodex ProShow Producer
CVE-2019-12787 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...)
@@ -708,10 +708,10 @@ CVE-2019-12552
RESERVED
CVE-2019-12551
RESERVED
-CVE-2019-12550
- RESERVED
-CVE-2019-12549
- RESERVED
+CVE-2019-12550 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...)
+ TODO: check
+CVE-2019-12549 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...)
+ TODO: check
CVE-2019-12548 (Bludit before 3.9.0 allows remote code execution for an authenticated ...)
NOT-FOR-US: bludit
CVE-2019-12547
@@ -814,8 +814,7 @@ CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing
NOT-FOR-US: Xiaomi M365 scooter
CVE-2019-12498
RESERVED
-CVE-2019-12497 [OSA-2019-09]
- RESERVED
+CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -871,8 +870,8 @@ CVE-2019-12478
RESERVED
CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
NOT-FOR-US: Supra Smart Cloud TV
-CVE-2019-12476
- RESERVED
+CVE-2019-12476 (An authentication bypass vulnerability in the password reset functiona ...)
+ TODO: check
CVE-2019-12475
RESERVED
CVE-2019-12474
@@ -1483,8 +1482,7 @@ CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via th
NOT-FOR-US: IdentityServer
CVE-2019-12249
RESERVED
-CVE-2019-12248 [OSA-2019-08]
- RESERVED
+CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -1700,8 +1698,8 @@ CVE-2019-12183
RESERVED
CVE-2019-12182
RESERVED
-CVE-2019-12181
- RESERVED
+CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
+ TODO: check
CVE-2019-12180
RESERVED
CVE-2019-12179
@@ -2344,6 +2342,7 @@ CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.
CVE-2019-11885 (eyeDisk implements the unlock feature by sending a cleartext password. ...)
NOT-FOR-US: eyeDisk
CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Li ...)
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
CVE-2019-11883
@@ -2455,6 +2454,7 @@ CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00
- cjson 1.7.10-1.1 (bug #928726)
NOTE: https://github.com/DaveGamble/cJSON/issues/337
CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out ...)
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64
CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...)
@@ -2500,6 +2500,7 @@ CVE-2019-11813 (An issue was discovered in app/View/Elements/Events/View/value_f
CVE-2019-11812 (A persistent XSS issue was discovered in app/View/Helper/CommandHelper ...)
NOT-FOR-US: MISP
CVE-2019-11815 (An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the L ...)
+ {DSA-4465-1 DLA-1824-1}
- linux 4.19.37-1 (bug #928989)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63
@@ -2509,6 +2510,7 @@ CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4. There
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/401e7e88d4ef80188ffa07095ac00456f901b8c4
CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL point ...)
+ {DLA-1823-1}
- linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE: Fixed by: https://git.kernel.org/linus/bcf3b67d16a4c8ffae0aa79de5853435e683945c
@@ -3082,7 +3084,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains
[stretch] - signing-party <no-dsa> (Will be fixed via point release)
NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...)
- {DLA-1799-1}
+ {DSA-4465-1 DLA-1824-1 DLA-1799-1}
- linux 4.19.37-1
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
@@ -3382,7 +3384,7 @@ CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount refere
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
NOTE: https://lwn.net/Articles/786044/
CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in t ...)
- {DLA-1799-1}
+ {DSA-4465-1 DLA-1824-1 DLA-1799-1}
- linux 4.19.37-1
NOTE: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting
@@ -3402,12 +3404,15 @@ CVE-2019-11480
RESERVED
CVE-2019-11479
RESERVED
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
CVE-2019-11478
RESERVED
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
CVE-2019-11477
RESERVED
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
CVE-2019-11476
RESERVED
@@ -3610,14 +3615,14 @@ CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixe
NOT-FOR-US: MuJS
CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC controll ...)
NOT-FOR-US: OpenPLC
-CVE-2019-11410
- RESERVED
-CVE-2019-11409
- RESERVED
-CVE-2019-11408
- RESERVED
-CVE-2019-11407
- RESERVED
+CVE-2019-11410 (app/backup/index.php in the Backup Module in FreePBX 4.4.3 suffers fro ...)
+ TODO: check
+CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FreePBX 4. ...)
+ TODO: check
+CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel module i ...)
+ TODO: check
+CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in FreeP ...)
+ TODO: check
CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, o ...)
NOT-FOR-US: Subrion CMS
CVE-2019-11405 (OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses ...)
@@ -4148,7 +4153,7 @@ CVE-2019-11192
RESERVED
CVE-2019-11189
RESERVED
-CVE-2019-11191 (The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and i ...)
+CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...)
- linux <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
CVE-2019-11190 (The Linux kernel before 4.8 allows local users to bypass ASLR on setui ...)
@@ -4666,8 +4671,8 @@ CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based bu
NOT-FOR-US: D-Link
CVE-2019-10998
RESERVED
-CVE-2019-10997
- RESERVED
+CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
+ TODO: check
CVE-2019-10996
RESERVED
CVE-2019-10995
@@ -5527,7 +5532,7 @@ CVE-2019-10690
RESERVED
CVE-2019-10689
RESERVED
-CVE-2019-10688 (VVX products using UCS software version 5.8.0 and earlier with Better ...)
+CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2 ...)
NOT-FOR-US: VVX products using UCS
CVE-2019-10687
RESERVED
@@ -6807,6 +6812,7 @@ CVE-2019-10127
- postgresql-11 <not-affected> (Windows-specific)
NOTE: https://www.postgresql.org/about/news/1939/
CVE-2019-10126 (A flaw was found in the Linux kernel. A heap based buffer overflow in ...)
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de
CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php query s ...)
@@ -9255,7 +9261,7 @@ CVE-2019-9504
RESERVED
CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
RESERVED
- {DLA-1799-1}
+ {DSA-4465-1 DLA-1824-1 DLA-1799-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
CVE-2019-9502
@@ -9264,6 +9270,7 @@ CVE-2019-9501
RESERVED
CVE-2019-9500 [brcmfmac: assure SSID length from firmware is limited]
RESERVED
+ {DSA-4465-1 DLA-1824-1}
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff (5.1-rc1)
@@ -12229,8 +12236,7 @@ CVE-2019-8327
RESERVED
CVE-2019-8326
RESERVED
-CVE-2019-8325 [Escape sequence injection vulnerability in errors]
- RESERVED
+CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
{DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
@@ -12240,8 +12246,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability in errors]
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
-CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
- RESERVED
+CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...)
{DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
@@ -12251,8 +12256,7 @@ CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
-CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
- RESERVED
+CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...)
{DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
@@ -12262,8 +12266,7 @@ CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
-CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
- RESERVED
+CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...)
{DSA-4433-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
@@ -12273,8 +12276,7 @@ CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
-CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
- RESERVED
+CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
{DSA-4433-1 DLA-1796-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
@@ -13924,8 +13926,8 @@ CVE-2019-7581 (The parseSWF_ACTIONRECORD function in util/parser.c in libming th
NOTE: https://github.com/libming/libming/issues/173
CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP c ...)
NOT-FOR-US: ThinkCMF
-CVE-2019-7579
- RESERVED
+CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...)
+ TODO: check
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
@@ -14753,8 +14755,8 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free bec
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317
CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The us ...)
NOT-FOR-US: CSS-TRICKS Chat2
-CVE-2019-7315
- RESERVED
+CVE-2019-7315 (Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices ...)
+ TODO: check
CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the termination o ...)
{DSA-4408-1 DLA-1690-1}
[experimental] - liblivemedia 2019.02.03-1
@@ -15142,8 +15144,8 @@ CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory
NOT-FOR-US: idreamsoft iCMS
CVE-2019-7159
RESERVED
-CVE-2019-7158
- RESERVED
+CVE-2019-7158 (OX App Suite 7.10.0 and earlier has Incorrect Access Control. ...)
+ TODO: check
CVE-2019-7157
RESERVED
CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows divi ...)
@@ -17147,16 +17149,16 @@ CVE-2019-6329
RESERVED
CVE-2019-6328
RESERVED
-CVE-2019-6327
- RESERVED
-CVE-2019-6326
- RESERVED
-CVE-2019-6325
- RESERVED
-CVE-2019-6324
- RESERVED
-CVE-2019-6323
- RESERVED
+CVE-2019-6327 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
+ TODO: check
+CVE-2019-6326 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
+ TODO: check
+CVE-2019-6325 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
+ TODO: check
+CVE-2019-6324 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
+ TODO: check
+CVE-2019-6323 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
+ TODO: check
CVE-2019-6322 (HP has identified a security vulnerability with some versions of Works ...)
NOT-FOR-US: HP
CVE-2019-6321 (HP has identified a security vulnerability with some versions of Works ...)
@@ -19329,6 +19331,7 @@ CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the Ne
CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac= ...)
NOT-FOR-US: EARCLINK ESPCMS-P8
CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux kernel throu ...)
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
CVE-2019-5487
RESERVED
@@ -22016,16 +22019,16 @@ CVE-2019-4179
RESERVED
CVE-2019-4178 (IBM Cognos Analytics 11 could allow a remote attacker to traverse dire ...)
NOT-FOR-US: IBM
-CVE-2019-4177
- RESERVED
-CVE-2019-4176
- RESERVED
+CVE-2019-4177 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...)
+ TODO: check
+CVE-2019-4176 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...)
+ TODO: check
CVE-2019-4175
RESERVED
-CVE-2019-4174
- RESERVED
-CVE-2019-4173
- RESERVED
+CVE-2019-4174 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...)
+ TODO: check
+CVE-2019-4173 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...)
+ TODO: check
CVE-2019-4172
RESERVED
CVE-2019-4171
@@ -22098,8 +22101,8 @@ CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 cou
NOT-FOR-US: IBM
CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulne ...)
NOT-FOR-US: IBM
-CVE-2019-4136
- RESERVED
+CVE-2019-4136 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vu ...)
+ TODO: check
CVE-2019-4135
RESERVED
CVE-2019-4134
@@ -22164,8 +22167,8 @@ CVE-2019-4105
RESERVED
CVE-2019-4104
RESERVED
-CVE-2019-4103
- RESERVED
+CVE-2019-4103 (IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command ...)
+ TODO: check
CVE-2019-4102
RESERVED
CVE-2019-4101
@@ -22802,6 +22805,7 @@ CVE-2019-3848 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5
CVE-2019-3847 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...)
- moodle <removed>
CVE-2019-3846 (A flaw that allowed an attacker to corrupt memory and possibly escalat ...)
+ {DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-wireless/20190529125220.17066-1-tiwai@suse.de/
CVE-2019-3845 (A lack of access control was found in the message queues maintained by ...)
@@ -24469,16 +24473,16 @@ CVE-2018-20474
RESERVED
CVE-2018-20473
RESERVED
-CVE-2018-20472
- RESERVED
+CVE-2018-20472 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The ...)
+ TODO: check
CVE-2018-20471
RESERVED
-CVE-2018-20470
- RESERVED
-CVE-2018-20469
- RESERVED
-CVE-2018-20468
- RESERVED
+CVE-2018-20470 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A di ...)
+ TODO: check
+CVE-2018-20469 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A pa ...)
+ TODO: check
+CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A we ...)
+ TODO: check
CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...)
- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
[stretch] - imagemagick <ignored> (Minor issue)
@@ -58971,8 +58975,8 @@ CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 15
NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a ...)
NOT-FOR-US: SolarWinds Serv-U
-CVE-2018-10239
- RESERVED
+CVE-2018-10239 (A privilege escalation vulnerability in the "support access" feature o ...)
+ TODO: check
CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in B ...)
NOT-FOR-US: skarg BACnet Protocol Stack
CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before 2 ...)
@@ -82757,8 +82761,8 @@ CVE-2018-1847
RESERVED
CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 t ...)
NOT-FOR-US: IBM
-CVE-2018-1845
- RESERVED
+CVE-2018-1845 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
+ TODO: check
CVE-2018-1844 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML Ext ...)
NOT-FOR-US: IBM
CVE-2018-1843 (The Identity and Access Management (IAM) services (IBM Cloud Private 3 ...)
@@ -111955,26 +111959,26 @@ CVE-2017-9392
RESERVED
CVE-2017-9391
RESERVED
-CVE-2017-9390
- RESERVED
+CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
CVE-2017-9389
RESERVED
-CVE-2017-9388
- RESERVED
+CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
CVE-2017-9387
RESERVED
CVE-2017-9386
RESERVED
CVE-2017-9385
RESERVED
-CVE-2017-9384
- RESERVED
+CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
CVE-2017-9383
RESERVED
CVE-2017-9382
RESERVED
-CVE-2017-9381
- RESERVED
+CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
+ TODO: check
CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of ...)
NOT-FOR-US: OpenEMR
CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear p ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff16a5597f6dbdad48deeff2321a1e7018bb0880
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff16a5597f6dbdad48deeff2321a1e7018bb0880
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190617/9bcc8c0e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list