[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon May 13 21:10:29 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d2b5063 by security tracker role at 2019-05-13T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,389 @@
+CVE-2019-12083 (The Rust Programming Language Standard Library 1.34.x before 1.34.2 co ...)
+ TODO: check
+CVE-2019-12082
+ RESERVED
+CVE-2019-12081
+ RESERVED
+CVE-2019-12080
+ RESERVED
+CVE-2019-12079
+ RESERVED
+CVE-2019-12078
+ RESERVED
+CVE-2019-12077
+ RESERVED
+CVE-2019-12076
+ RESERVED
+CVE-2019-12075
+ RESERVED
+CVE-2019-12074
+ RESERVED
+CVE-2019-12073
+ RESERVED
+CVE-2019-12072
+ RESERVED
+CVE-2019-12071
+ RESERVED
+CVE-2019-12070
+ RESERVED
+CVE-2019-12069
+ RESERVED
+CVE-2019-12068
+ RESERVED
+CVE-2019-12067
+ RESERVED
+CVE-2019-12066
+ RESERVED
+CVE-2019-12065
+ RESERVED
+CVE-2019-12064
+ RESERVED
+CVE-2019-12063
+ RESERVED
+CVE-2019-12062
+ RESERVED
+CVE-2019-12061
+ RESERVED
+CVE-2019-12060
+ RESERVED
+CVE-2019-12059
+ RESERVED
+CVE-2019-12058
+ RESERVED
+CVE-2019-12057
+ RESERVED
+CVE-2019-12056
+ RESERVED
+CVE-2019-12055
+ RESERVED
+CVE-2019-12054
+ RESERVED
+CVE-2019-12053
+ RESERVED
+CVE-2019-12052
+ RESERVED
+CVE-2019-12051
+ RESERVED
+CVE-2019-12050
+ RESERVED
+CVE-2019-12049
+ RESERVED
+CVE-2019-12048
+ RESERVED
+CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module ...)
+ TODO: check
+CVE-2019-12045
+ RESERVED
+CVE-2019-12044
+ RESERVED
+CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...)
+ TODO: check
+CVE-2019-12042
+ RESERVED
+CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...)
+ TODO: check
+CVE-2019-12040
+ RESERVED
+CVE-2019-12039
+ RESERVED
+CVE-2019-12038
+ RESERVED
+CVE-2019-12037
+ RESERVED
+CVE-2019-12036
+ RESERVED
+CVE-2019-12035
+ RESERVED
+CVE-2019-12034
+ RESERVED
+CVE-2019-12033
+ RESERVED
+CVE-2019-12032
+ RESERVED
+CVE-2019-12031
+ RESERVED
+CVE-2019-12030
+ RESERVED
+CVE-2019-12029
+ RESERVED
+CVE-2019-12028
+ RESERVED
+CVE-2019-12027
+ RESERVED
+CVE-2019-12026
+ RESERVED
+CVE-2019-12025
+ RESERVED
+CVE-2019-12024
+ RESERVED
+CVE-2019-12023
+ RESERVED
+CVE-2019-12022
+ RESERVED
+CVE-2019-12021
+ RESERVED
+CVE-2019-12020
+ RESERVED
+CVE-2019-12019
+ RESERVED
+CVE-2019-12018
+ RESERVED
+CVE-2019-12017
+ RESERVED
+CVE-2019-12016
+ RESERVED
+CVE-2019-12015
+ RESERVED
+CVE-2019-12014
+ RESERVED
+CVE-2019-12013
+ RESERVED
+CVE-2019-12012
+ RESERVED
+CVE-2019-12011
+ RESERVED
+CVE-2019-12010
+ RESERVED
+CVE-2019-12009
+ RESERVED
+CVE-2019-12008
+ RESERVED
+CVE-2019-12007
+ RESERVED
+CVE-2019-12006
+ RESERVED
+CVE-2019-12005
+ RESERVED
+CVE-2019-12004
+ RESERVED
+CVE-2019-12003
+ RESERVED
+CVE-2019-12002
+ RESERVED
+CVE-2019-12001
+ RESERVED
+CVE-2019-12000
+ RESERVED
+CVE-2019-11999
+ RESERVED
+CVE-2019-11998
+ RESERVED
+CVE-2019-11997
+ RESERVED
+CVE-2019-11996
+ RESERVED
+CVE-2019-11995
+ RESERVED
+CVE-2019-11994
+ RESERVED
+CVE-2019-11993
+ RESERVED
+CVE-2019-11992
+ RESERVED
+CVE-2019-11991
+ RESERVED
+CVE-2019-11990
+ RESERVED
+CVE-2019-11989
+ RESERVED
+CVE-2019-11988
+ RESERVED
+CVE-2019-11987
+ RESERVED
+CVE-2019-11986
+ RESERVED
+CVE-2019-11985
+ RESERVED
+CVE-2019-11984
+ RESERVED
+CVE-2019-11983
+ RESERVED
+CVE-2019-11982
+ RESERVED
+CVE-2019-11981
+ RESERVED
+CVE-2019-11980
+ RESERVED
+CVE-2019-11979
+ RESERVED
+CVE-2019-11978
+ RESERVED
+CVE-2019-11977
+ RESERVED
+CVE-2019-11976
+ RESERVED
+CVE-2019-11975
+ RESERVED
+CVE-2019-11974
+ RESERVED
+CVE-2019-11973
+ RESERVED
+CVE-2019-11972
+ RESERVED
+CVE-2019-11971
+ RESERVED
+CVE-2019-11970
+ RESERVED
+CVE-2019-11969
+ RESERVED
+CVE-2019-11968
+ RESERVED
+CVE-2019-11967
+ RESERVED
+CVE-2019-11966
+ RESERVED
+CVE-2019-11965
+ RESERVED
+CVE-2019-11964
+ RESERVED
+CVE-2019-11963
+ RESERVED
+CVE-2019-11962
+ RESERVED
+CVE-2019-11961
+ RESERVED
+CVE-2019-11960
+ RESERVED
+CVE-2019-11959
+ RESERVED
+CVE-2019-11958
+ RESERVED
+CVE-2019-11957
+ RESERVED
+CVE-2019-11956
+ RESERVED
+CVE-2019-11955
+ RESERVED
+CVE-2019-11954
+ RESERVED
+CVE-2019-11953
+ RESERVED
+CVE-2019-11952
+ RESERVED
+CVE-2019-11951
+ RESERVED
+CVE-2019-11950
+ RESERVED
+CVE-2019-11949
+ RESERVED
+CVE-2019-11948
+ RESERVED
+CVE-2019-11947
+ RESERVED
+CVE-2019-11946
+ RESERVED
+CVE-2019-11945
+ RESERVED
+CVE-2019-11944
+ RESERVED
+CVE-2019-11943
+ RESERVED
+CVE-2019-11942
+ RESERVED
+CVE-2019-11941
+ RESERVED
+CVE-2019-11940
+ RESERVED
+CVE-2019-11939
+ RESERVED
+CVE-2019-11938
+ RESERVED
+CVE-2019-11937
+ RESERVED
+CVE-2019-11936
+ RESERVED
+CVE-2019-11935
+ RESERVED
+CVE-2019-11934
+ RESERVED
+CVE-2019-11933
+ RESERVED
+CVE-2019-11932
+ RESERVED
+CVE-2019-11931
+ RESERVED
+CVE-2019-11930
+ RESERVED
+CVE-2019-11929
+ RESERVED
+CVE-2019-11928
+ RESERVED
+CVE-2019-11927
+ RESERVED
+CVE-2019-11926
+ RESERVED
+CVE-2019-11925
+ RESERVED
+CVE-2019-11924
+ RESERVED
+CVE-2019-11923
+ RESERVED
+CVE-2019-11922
+ RESERVED
+CVE-2019-11921
+ RESERVED
+CVE-2019-11920
+ RESERVED
+CVE-2019-11919
+ RESERVED
+CVE-2019-11918
+ RESERVED
+CVE-2019-11917
+ RESERVED
+CVE-2019-11916
+ RESERVED
+CVE-2019-11915
+ RESERVED
+CVE-2019-11914
+ RESERVED
+CVE-2019-11913
+ RESERVED
+CVE-2019-11912
+ RESERVED
+CVE-2019-11911
+ RESERVED
+CVE-2019-11910
+ RESERVED
+CVE-2019-11909
+ RESERVED
+CVE-2019-11908
+ RESERVED
+CVE-2019-11907
+ RESERVED
+CVE-2019-11906
+ RESERVED
+CVE-2019-11905
+ RESERVED
+CVE-2019-11904
+ RESERVED
+CVE-2019-11903
+ RESERVED
+CVE-2019-11902
+ RESERVED
+CVE-2019-11901
+ RESERVED
+CVE-2019-11900
+ RESERVED
+CVE-2019-11899
+ RESERVED
+CVE-2019-11898
+ RESERVED
+CVE-2019-11897
+ RESERVED
+CVE-2019-11896
+ RESERVED
+CVE-2019-11895
+ RESERVED
+CVE-2019-11894
+ RESERVED
+CVE-2019-11893
+ RESERVED
+CVE-2019-11892
+ RESERVED
+CVE-2019-11891
+ RESERVED
CVE-2019-12046 [lemonldap-ng tokens allows anonymous session when stored in session DB]
+ RESERVED
- lemonldap-ng <unfixed> (bug #928944)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
CVE-2019-11890
@@ -446,8 +831,8 @@ CVE-2019-11682 (A buffer overflow in the SMTP response service in MailCarrier 2.
NOT-FOR-US: MailCarrier
CVE-2019-11681
RESERVED
-CVE-2019-11680
- RESERVED
+CVE-2019-11680 (KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a ...)
+ TODO: check
CVE-2019-11679
RESERVED
CVE-2019-11678 (The "default reports" feature in Zoho ManageEngine Firewall Analyzer b ...)
@@ -564,8 +949,8 @@ CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers
NOT-FOR-US: HoneyPress
CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...)
NOT-FOR-US: Octopus Deploy
-CVE-2015-9287
- RESERVED
+CVE-2015-9287 (Directory Traversal was discovered in University of Cambridge mod_ucam ...)
+ TODO: check
CVE-2019-11631
REJECTED
CVE-2019-11630
@@ -668,6 +1053,7 @@ CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 do
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
+ {DLA-1785-1}
- imagemagick <unfixed> (bug #928206)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540
@@ -676,6 +1062,7 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540#issuecomment-491504100
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
+ {DLA-1785-1}
- imagemagick <unfixed> (bug #928207)
[stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
@@ -1126,8 +1513,8 @@ CVE-2019-11431
RESERVED
CVE-2019-11430
RESERVED
-CVE-2019-11429
- RESERVED
+CVE-2019-11429 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
+ TODO: check
CVE-2019-11428 (I, Librarian 4.10 has XSS via the export.php export_files parameter. ...)
- i-librarian <itp> (bug #649291)
CVE-2019-11427 (An XSS issue was discovered in app/search/search.app.php in idreamsoft ...)
@@ -3086,7 +3473,7 @@ CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows re
CVE-2019-10651
RESERVED
CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in ...)
- {DSA-4436-1}
+ {DSA-4436-1 DLA-1785-1}
- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #926091)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1532
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4800ae0dabdb3012f82820af946060c3ca9fdb87
@@ -4443,8 +4830,8 @@ CVE-2019-10052
RESERVED
CVE-2019-10051
RESERVED
-CVE-2019-10050
- RESERVED
+CVE-2019-10050 (A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4 ...)
+ TODO: check
CVE-2019-10049
RESERVED
CVE-2019-10048
@@ -4636,7 +5023,7 @@ CVE-2019-9958
CVE-2019-9957
RESERVED
CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in ...)
- {DSA-4436-1}
+ {DSA-4436-1 DLA-1785-1}
- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #925395)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1523
NOTE: https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979
@@ -5991,10 +6378,10 @@ CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allo
NOT-FOR-US: Shanda MapleStory Online
CVE-2019-9728
RESERVED
-CVE-2019-9727
- RESERVED
-CVE-2019-9726
- RESERVED
+CVE-2019-9727 (Unauthenticated password hash disclosure in the User.getUserPWD method ...)
+ TODO: check
+CVE-2019-9726 (Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3. ...)
+ TODO: check
CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devi ...)
NOT-FOR-US: Korenix JetPort devices
CVE-2019-9724 (aquaverde Aquarius CMS through 4.3.5 allows Information Exposure throu ...)
@@ -9427,8 +9814,8 @@ CVE-2019-8352
RESERVED
CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certif ...)
NOT-FOR-US: Heimdal Thor Agent
-CVE-2019-8350
- RESERVED
+CVE-2019-8350 (The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed i ...)
+ TODO: check
CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 all ...)
NOT-FOR-US: HTMLy
CVE-2019-8348
@@ -9445,8 +9832,8 @@ CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in
- nasm <unfixed> (unimportant; bug #922433)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556
NOTE: Crash in CLI tool, no security impact
-CVE-2019-8342
- RESERVED
+CVE-2019-8342 (A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0. ...)
+ TODO: check
CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function is pr ...)
- jinja2 <unfixed> (unimportant)
NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution
@@ -10861,8 +11248,8 @@ CVE-2019-7692 (install/install.php in CIM 0.9.3 allows remote attackers to execu
NOT-FOR-US: CIM
CVE-2019-7691
RESERVED
-CVE-2019-7690
- RESERVED
+CVE-2019-7690 (In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH privat ...)
+ TODO: check
CVE-2019-7689
RESERVED
CVE-2019-7688
@@ -11650,12 +12037,12 @@ CVE-2019-7413 (In the Parallax Scroll (aka adamrob-parallax-scroll) plugin befor
NOT-FOR-US: Wordpress plugin
CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles san ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-7411
- RESERVED
+CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
+ TODO: check
CVE-2019-7410
RESERVED
-CVE-2019-7409
- RESERVED
+CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
+ TODO: check
CVE-2019-7408
RESERVED
CVE-2019-7407
@@ -11664,8 +12051,8 @@ CVE-2019-7406
RESERVED
CVE-2019-7405
RESERVED
-CVE-2019-7404
- RESERVED
+CVE-2019-7404 (An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 rout ...)
+ TODO: check
CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attackers t ...)
NOT-FOR-US: PHPMyWind
CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in includ ...)
@@ -11764,9 +12151,9 @@ CVE-2019-7362
RESERVED
CVE-2019-7361 (An attacker may convince a victim to open a malicious action micro (.a ...)
NOT-FOR-US: Autodesk
-CVE-2019-7360 (An exploitable heap overflow vulnerability in the DXF-parsing function ...)
+CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing functio ...)
NOT-FOR-US: Autodesk
-CVE-2019-7359 (An exploitable heap overflow vulnerability in the DXF-parsing function ...)
+CVE-2019-7359 (An exploitable heap overflow vulnerability in the AcCellMargin handlin ...)
NOT-FOR-US: Autodesk
CVE-2019-7358 (An exploitable heap overflow vulnerability in the DXF-parsing function ...)
NOT-FOR-US: Autodesk
@@ -12228,10 +12615,10 @@ CVE-2019-7220
RESERVED
CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa ...)
- zarafa <itp> (bug #658433)
-CVE-2019-7218
- RESERVED
-CVE-2019-7217
- RESERVED
+CVE-2019-7218 (Citrix ShareFile through 19.1 allows a downgrade from two-factor authe ...)
+ TODO: check
+CVE-2019-7217 (Citrix ShareFile through 19.1 allows User Enumeration. It is possible ...)
+ TODO: check
CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi ...)
NOT-FOR-US: FileChucker
CVE-2019-7215
@@ -19056,8 +19443,8 @@ CVE-2019-4261
RESERVED
CVE-2019-4260
RESERVED
-CVE-2019-4259
- RESERVED
+CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...)
+ TODO: check
CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...)
NOT-FOR-US: IBM
CVE-2019-4257
@@ -20427,8 +20814,8 @@ CVE-2019-3704 (VNX Control Station in Dell EMC VNX2 OE for File versions prior t
NOT-FOR-US: EMC
CVE-2019-3703
RESERVED
-CVE-2019-3702
- RESERVED
+CVE-2019-3702 (A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon ...)
+ TODO: check
CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...)
{DLA-1771-1 DLA-1731-1}
- linux 4.19.20-1 (unimportant)
@@ -20467,8 +20854,8 @@ CVE-2019-3686
RESERVED
CVE-2019-3685
RESERVED
-CVE-2019-3684
- RESERVED
+CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...)
+ TODO: check
CVE-2019-3683
RESERVED
CVE-2019-3682
@@ -26192,16 +26579,16 @@ CVE-2018-19992 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.
NOTE: https://github.com/Dolibarr/dolibarr/commit/0f06e39d23636bd1e4039ac61a743c79725c798b
CVE-2018-19991 (VeryNginx 0.3.3 allows remote attackers to bypass the Web Application ...)
NOT-FOR-US: VeryNginx
-CVE-2018-19990
- RESERVED
-CVE-2018-19989
- RESERVED
-CVE-2018-19988
- RESERVED
-CVE-2018-19987
- RESERVED
-CVE-2018-19986
- RESERVED
+CVE-2018-19990 (In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vuln ...)
+ TODO: check
+CVE-2018-19989 (In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerab ...)
+ TODO: check
+CVE-2018-19988 (In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable ...)
+ TODO: check
+CVE-2018-19987 (D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2 ...)
+ TODO: check
+CVE-2018-19986 (In the /HNAP1/SetRouterSettings message, the RemotePort parameter is v ...)
+ TODO: check
CVE-2018-19985 (The function hso_get_config_data in drivers/net/usb/hso.c in the Linux ...)
{DLA-1771-1 DLA-1731-1}
- linux 4.19.13-1
@@ -32657,8 +33044,8 @@ CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_ali
[stretch] - lighttpd <no-dsa> (Minor issue)
[jessie] - lighttpd <no-dsa> (Minor issue)
NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
-CVE-2018-19048
- RESERVED
+CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute within ...)
+ TODO: check
CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application th ...)
NOT-FOR-US: mPDF
CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when writing da ...)
@@ -32690,8 +33077,8 @@ CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenti
NOTE: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
CVE-2018-19038
RESERVED
-CVE-2018-19037
- RESERVED
+CVE-2018-19037 (On Virgin Media wireless router 3.0 hub devices, the web interface is ...)
+ TODO: check
CVE-2018-19036 (An issue was discovered in several Bosch IP cameras for firmware versi ...)
NOT-FOR-US: Bosch
CVE-2018-19035
@@ -32967,8 +33354,8 @@ CVE-2018-18914
RESERVED
CVE-2018-18913 (Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacki ...)
NOT-FOR-US: Opera
-CVE-2018-18912
- RESERVED
+CVE-2018-18912 (An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A s ...)
+ TODO: check
CVE-2018-18911
RESERVED
CVE-2018-18910
@@ -33056,8 +33443,8 @@ CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe
{DLA-1628-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/184
-CVE-2018-18872
- RESERVED
+CVE-2018-18872 (The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stor ...)
+ TODO: check
CVE-2018-18871 (Missing password verification in the web interface on Gigaset Maxwell ...)
NOT-FOR-US: Gigaset
CVE-2018-18870
@@ -33827,8 +34214,8 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due
[stretch] - linux 4.9.80-1
[jessie] - linux 3.16.56-1
NOTE: Fixed by: https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6
-CVE-2018-18558
- RESERVED
+CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 ...)
+ TODO: check
CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into ...)
{DSA-4349-1 DLA-1557-1}
- tiff 4.0.9+git181026-1 (bug #911635)
@@ -33914,8 +34301,8 @@ CVE-2018-18526
RESERVED
CVE-2018-18525
RESERVED
-CVE-2018-18524
- RESERVED
+CVE-2018-18524 (Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulner ...)
+ TODO: check
CVE-2018-18523
RESERVED
CVE-2018-18522
@@ -34122,7 +34509,7 @@ CVE-2018-18468
RESERVED
CVE-2018-18467 (An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is p ...)
NOT-FOR-US: Daniel Gultsch Conversations
-CVE-2018-18466 (An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in ...)
+CVE-2018-18466 (** DISPUTED ** An issue was discovered in SecurEnvoy SecurAccess 9.3.5 ...)
NOT-FOR-US: SecurEnvoy SecurAccess
CVE-2018-18465
RESERVED
@@ -39025,8 +39412,8 @@ CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak vulnerability in the funct
NOTE: https://github.com/ImageMagick/ImageMagick/commit/76efa969342568841ecf320b5a041685a6d24e0b
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3449a06f0122d4d9e68b4739417a3eaad0b24265
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1201
-CVE-2018-16639
- RESERVED
+CVE-2018-16639 (Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter duri ...)
+ TODO: check
CVE-2018-16638 (Evolution CMS 1.4.x allows XSS via the manager/ search parameter. ...)
NOT-FOR-US: Evolution CMS
CVE-2018-16637 (Evolution CMS 1.4.x allows XSS via the page weblink title parameter to ...)
@@ -39051,14 +39438,14 @@ CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
NOT-FOR-US: Kirby
CVE-2018-16627 (panel/login in Kirby v2.5.12 allows Host header injection via the "for ...)
NOT-FOR-US: Kirby
-CVE-2018-16626
- RESERVED
-CVE-2018-16625
- RESERVED
-CVE-2018-16624
- RESERVED
-CVE-2018-16623
- RESERVED
+CVE-2018-16626 (index.php/Admin/Classes in Typesetter 5.1 allows XSS via the descripti ...)
+ TODO: check
+CVE-2018-16625 (index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file ...)
+ TODO: check
+CVE-2018-16624 (panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a n ...)
+ TODO: check
+CVE-2018-16623 (Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the ...)
+ TODO: check
CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in /api/content/ad ...)
NOT-FOR-US: DoraCMS
CVE-2018-16621 (Sonatype Nexus Repository Manager before 3.14 allows Java Expression L ...)
@@ -40122,7 +40509,7 @@ CVE-2018-16212
RESERVED
CVE-2018-16211
RESERVED
-CVE-2018-16210 (WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and be ...)
+CVE-2018-16210 (WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01 ...)
NOT-FOR-US: WAGO
CVE-2018-16209
RESERVED
@@ -41932,8 +42319,8 @@ CVE-2018-15532 (SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows
NOT-FOR-US: Synaptics Touchpad drivers
CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javam ...)
NOT-FOR-US: JavaMelody
-CVE-2018-15530
- RESERVED
+CVE-2018-15530 (Cross-site scripting (XSS) in the web interface of the Xerox ColorQube ...)
+ TODO: check
CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny "Monito ...)
NOT-FOR-US: Mutiny appliance
CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
@@ -42800,8 +43187,8 @@ CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not
NOTE: http://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4)
CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article& ...)
NOT-FOR-US: ThinkSAAS
-CVE-2018-15128
- RESERVED
+CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, H ...)
+ TODO: check
CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerabilit ...)
{DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
@@ -43814,16 +44201,16 @@ CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SE
NOT-FOR-US: SEOmatic plugin for Craft CMS
CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the smart contra ...)
NOT-FOR-US: smart contract implementations for Cryptogs
-CVE-2018-14714
- RESERVED
-CVE-2018-14713
- RESERVED
-CVE-2018-14712
- RESERVED
-CVE-2018-14711
- RESERVED
-CVE-2018-14710
- RESERVED
+CVE-2018-14714 (System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0 ...)
+ TODO: check
+CVE-2018-14713 (Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3. ...)
+ TODO: check
+CVE-2018-14712 (Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50 ...)
+ TODO: check
+CVE-2018-14711 (Missing cross-site request forgery protection in appGet.cgi on ASUS RT ...)
+ TODO: check
+CVE-2018-14710 (Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.3 ...)
+ TODO: check
CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS version ...)
NOT-FOR-US: Dashboard API on Drobo 5N2 NAS
CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on Drobo 5N ...)
@@ -50349,26 +50736,26 @@ CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.
NOT-FOR-US: ASUSTOR ADM
CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 all ...)
NOT-FOR-US: ASUSTOR ADM
-CVE-2018-12304
- RESERVED
-CVE-2018-12303
- RESERVED
-CVE-2018-12302
- RESERVED
-CVE-2018-12301
- RESERVED
-CVE-2018-12300
- RESERVED
-CVE-2018-12299
- RESERVED
-CVE-2018-12298
- RESERVED
-CVE-2018-12297
- RESERVED
-CVE-2018-12296
- RESERVED
-CVE-2018-12295
- RESERVED
+CVE-2018-12304 (Cross-site scripting in Application Manager in Seagate NAS OS version ...)
+ TODO: check
+CVE-2018-12303 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
+ TODO: check
+CVE-2018-12302 (Missing HTTPOnly flag on session cookies in the Seagate NAS OS version ...)
+ TODO: check
+CVE-2018-12301 (Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 ...)
+ TODO: check
+CVE-2018-12300 (Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.1 ...)
+ TODO: check
+CVE-2018-12299 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
+ TODO: check
+CVE-2018-12298 (Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows a ...)
+ TODO: check
+CVE-2018-12297 (Cross-site scripting in API error pages in Seagate NAS OS version 4.3. ...)
+ TODO: check
+CVE-2018-12296 (Insufficient access control in /api/external/7.0/system.System.get_inf ...)
+ TODO: check
+CVE-2018-12295 (SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3. ...)
+ TODO: check
CVE-2018-12294 (WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as ...)
- webkit2gtk 2.20.2-1 (unimportant)
NOTE: Not covered by security support
@@ -53306,7 +53693,7 @@ CVE-2018-11233 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2
CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Swi ...)
NOT-FOR-US: Kubernetes CRI-O
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
- {DLA-1381-1}
+ {DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
@@ -53319,7 +53706,7 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-af
NOTE: https://github.com/ImageMagick/ImageMagick/issues/918
NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038
CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
- {DLA-1381-1}
+ {DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
@@ -71652,7 +72039,7 @@ CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scrip
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
- {DLA-1229-1}
+ {DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
@@ -73555,20 +73942,20 @@ CVE-2018-4031
RESERVED
CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function of the ...)
NOT-FOR-US: CUJO Smart Firewall
-CVE-2018-4029
- RESERVED
-CVE-2018-4028
- RESERVED
-CVE-2018-4027
- RESERVED
-CVE-2018-4026
- RESERVED
-CVE-2018-4025
- RESERVED
-CVE-2018-4024
- RESERVED
-CVE-2018-4023
- RESERVED
+CVE-2018-4029 (An exploitable code execution vulnerability exists in the HTTP request ...)
+ TODO: check
+CVE-2018-4028 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
+ TODO: check
+CVE-2018-4027 (An exploitable denial-of-service vulnerability exists in the XML_Uploa ...)
+ TODO: check
+CVE-2018-4026 (An exploitable denial-of-service vulnerability exists in the XML_GetSc ...)
+ TODO: check
+CVE-2018-4025 (An exploitable denial-of-service vulnerability exists in the XML_GetRa ...)
+ TODO: check
+CVE-2018-4024 (An exploitable denial-of-service vulnerability exists in the thumbnail ...)
+ TODO: check
+CVE-2018-4023 (An exploitable code execution vulnerability exists in the XML_UploadFi ...)
+ TODO: check
CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v2 ...)
- mkvtoolnix 28.2.0-1
[stretch] - mkvtoolnix <not-affected> (Vulnerable code introduced later)
@@ -73581,16 +73968,16 @@ CVE-2018-4020 (An exploitable command injection vulnerability exists in the way
NOT-FOR-US: pfSense
CVE-2018-4019 (An exploitable command injection vulnerability exists in the way Netga ...)
NOT-FOR-US: pfSense
-CVE-2018-4018
- RESERVED
-CVE-2018-4017
- RESERVED
-CVE-2018-4016
- RESERVED
+CVE-2018-4018 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
+ TODO: check
+CVE-2018-4017 (An exploitable vulnerability exists in the Wi-Fi Access Point feature ...)
+ TODO: check
+CVE-2018-4016 (An exploitable code execution vulnerability exists in the URL-parsing ...)
+ TODO: check
CVE-2018-4015 (An exploitable vulnerability exists in the HTTP client functionality o ...)
NOT-FOR-US: Webroot BrightCloud SDK
-CVE-2018-4014
- RESERVED
+CVE-2018-4014 (An exploitable code execution vulnerability exists in Wi-Fi Command 99 ...)
+ TODO: check
CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP packet- ...)
{DSA-4343-1 DLA-1582-1}
- liblivemedia 2018.10.17-1
@@ -74138,7 +74525,7 @@ CVE-2017-1000449
CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a di ...)
NOT-FOR-US: Structured Data Linter
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer d ...)
- {DLA-1229-1}
+ {DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
@@ -75023,7 +75410,7 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
- {DLA-1227-1}
+ {DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
@@ -80830,7 +81217,7 @@ CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37
CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
NOT-FOR-US: Panda Global Protection
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in t ...)
- {DLA-1227-1}
+ {DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
@@ -91259,7 +91646,7 @@ CVE-2017-15283
CVE-2017-15282
RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...)
- {DLA-1139-1}
+ {DLA-1785-1 DLA-1139-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
@@ -92224,7 +92611,7 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a ma
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
@@ -92238,6 +92625,7 @@ CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
NOTE: emf.c not compiled under Debian
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
+ {DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
[stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -93055,7 +93443,7 @@ CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQ
CVE-2017-14742
RESERVED
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
@@ -93064,7 +93452,7 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick
CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remo ...)
NOT-FOR-US: GeniXCMS
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
@@ -93436,6 +93824,7 @@ CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxL
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
NOT-FOR-US: CyberLink LabelPrint
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
+ {DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
[stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -93444,12 +93833,14 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
+ {DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
[stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
+ {DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
[stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -93685,6 +94076,7 @@ CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...)
+ {DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
[stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -93775,7 +94167,7 @@ CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline p
CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
@@ -94144,7 +94536,7 @@ CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injec
CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
@@ -94273,7 +94665,7 @@ CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in Rea
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
@@ -94534,7 +94926,7 @@ CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in
CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Fir ...)
NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
@@ -94747,26 +95139,26 @@ CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from s
CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...)
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
@@ -95186,7 +95578,7 @@ CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 be
- libidn <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
@@ -95877,7 +96269,7 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageM
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
@@ -97464,7 +97856,7 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
@@ -98839,7 +99231,7 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.
NOTE: https://github.com/ImageMagick/ImageMagick/issues/663
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
@@ -99376,21 +99768,21 @@ CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides
NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...)
- {DLA-1131-1}
+ {DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
@@ -99443,7 +99835,7 @@ CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional dat
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
@@ -99774,7 +100166,7 @@ CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 inter
NOTE: https://github.com/rsyslog/rsyslog/pull/1565
NOTE: The zmq3 input and output modules are not enabled and built in Debian
CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4019-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/535
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add
@@ -99841,7 +100233,7 @@ CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b
CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
@@ -100186,7 +100578,7 @@ CVE-2017-12437
CVE-2017-12436
RESERVED
CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
@@ -100199,7 +100591,7 @@ CVE-2017-12433 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620
CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4019-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870491)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/536
@@ -100996,7 +101388,7 @@ CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was f
[wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
@@ -101891,13 +102283,13 @@ CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOn
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG fi ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4019-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
@@ -102021,14 +102413,14 @@ CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through
NOTE: https://github.com/ImageMagick/ImageMagick/issues/624
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
@@ -102236,7 +102628,7 @@ CVE-2017-11669 (An out-of-bounds read flaw related to the assess_packet function
CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function in ea ...)
NOT-FOR-US: eapmd5pass
CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...)
- {DSA-4019-1}
+ {DSA-4019-1 DLA-1785-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869830)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/501
@@ -102437,7 +102829,7 @@ CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1081-1}
+ {DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
@@ -102747,7 +103139,7 @@ CVE-2017-11538 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f
NOTE: Introduced after: https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697
CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4019-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869712)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/560
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd
@@ -102846,7 +103238,7 @@ CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for
[wheezy] - tor <not-affected> (aa-exec in jessie is located in /usr/sbin/)
NOTE: https://twitter.com/pissquark/status/888142796414226432
CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9 ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4019-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #869210)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/591
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
@@ -103008,7 +103400,7 @@ CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in Image
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has a ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4019-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #868950)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/537
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8
@@ -108672,7 +109064,7 @@ CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the
NOTE: https://github.com/ImageMagick/ImageMagick/issues/491
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the func ...)
- {DSA-4019-1 DLA-1000-1}
+ {DSA-4019-1 DLA-1785-1 DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/500
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
@@ -205419,8 +205811,7 @@ CVE-2014-4704
RESERVED
CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...)
NOT-FOR-US: Trimble SketchUp
-CVE-2012-6652
- RESERVED
+CVE-2012-6652 (Directory traversal vulnerability in pageflipbook.php script from inde ...)
NOT-FOR-US: WordPress plugin wppageflip
CVE-2012-6651 (Multiple directory traversal vulnerabilities in the Vitamin plugin bef ...)
NOT-FOR-US: WordPress plugin vitamin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d2b506332b8aeaf23e629f8e411c9a1e6709583
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d2b506332b8aeaf23e629f8e411c9a1e6709583
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190513/79d0c692/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list