[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 23 09:10:25 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f6dc995 by security tracker role at 2019-05-23T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-12294
+ RESERVED
+CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...)
+ TODO: check
+CVE-2019-12292
+ RESERVED
+CVE-2019-12291
+ RESERVED
+CVE-2019-12290
+ RESERVED
+CVE-2019-12289
+ RESERVED
+CVE-2019-12288
+ RESERVED
CVE-2019-12287
RESERVED
CVE-2019-12286
@@ -1594,6 +1608,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains
[stretch] - signing-party <no-dsa> (Will be fixed via point release)
NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...)
+ {DLA-1799-1}
- linux 4.19.37-1
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
@@ -1891,6 +1906,7 @@ CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount refere
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
NOTE: https://lwn.net/Articles/786044/
CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in t ...)
+ {DLA-1799-1}
- linux 4.19.37-1
NOTE: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting
@@ -2299,6 +2315,7 @@ CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmp
NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
+ {DSA-4449-1}
- ffmpeg 7:4.1.3-1
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
@@ -2640,6 +2657,7 @@ CVE-2019-11191 (The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled
- linux <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
CVE-2019-11190 (The Linux kernel before 4.8 allows local users to bypass ASLR on setui ...)
+ {DLA-1799-1}
- linux 4.8.5-1
NOTE: https://git.kernel.org/linus/9f834ec18defc369d73ccf9e87a2790bfa05bf46 (4.8-rc5)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
@@ -2839,7 +2857,7 @@ CVE-2019-11092
RESERVED
CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
@@ -7053,6 +7071,7 @@ CVE-2019-9720
CVE-2019-9719
RESERVED
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...)
+ {DSA-4449-1}
- ffmpeg 7:4.1.3-1 (low; bug #926666)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
- libav <undetermined>
@@ -7641,6 +7660,7 @@ CVE-2019-9504
RESERVED
CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
RESERVED
+ {DLA-1799-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
CVE-2019-9502
@@ -14265,38 +14285,38 @@ CVE-2019-6823
RESERVED
CVE-2019-6822
RESERVED
-CVE-2019-6821
- RESERVED
-CVE-2019-6820
- RESERVED
-CVE-2019-6819
- RESERVED
+CVE-2019-6821 (CWE-330: Use of Insufficiently Random Values vulnerability, which coul ...)
+ TODO: check
+CVE-2019-6820 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
+CVE-2019-6819 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
CVE-2019-6818
RESERVED
CVE-2019-6817
RESERVED
-CVE-2019-6816
- RESERVED
-CVE-2019-6815
- RESERVED
-CVE-2019-6814
- RESERVED
+CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code Injection vul ...)
+ TODO: check
+CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, Privil ...)
+ TODO: check
+CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the NET55X ...)
+ TODO: check
CVE-2019-6813
RESERVED
-CVE-2019-6812
- RESERVED
+CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR ...)
+ TODO: check
CVE-2019-6811
RESERVED
CVE-2019-6810
RESERVED
CVE-2019-6809
RESERVED
-CVE-2019-6808
- RESERVED
-CVE-2019-6807
- RESERVED
-CVE-2019-6806
- RESERVED
+CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all version ...)
+ TODO: check
+CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2019-6806 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
+ TODO: check
CVE-2019-6805 (SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi ...)
NOT-FOR-US: S-CMS
CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck Community ...)
@@ -16017,7 +16037,7 @@ CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in h
CVE-2019-6134
RESERVED
CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...)
- {DLA-1644-1}
+ {DLA-1799-1 DLA-1644-1}
- linux 4.19.16-1
[stretch] - linux 4.9.161-1
- policykit-1 0.105-25 (bug #918985)
@@ -20932,6 +20952,7 @@ CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to use
NOTE: https://www.mercurial-scm.org/repo/hg/rev/31286c9282df
NOTE: https://www.mercurial-scm.org/repo/hg/rev/83377b4b4ae0
CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to leak s ...)
+ {DLA-1799-1}
- linux 4.6.1-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
NOTE: Fixed by: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
@@ -21008,6 +21029,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by wor
NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...)
+ {DLA-1799-1}
- linux 4.19.37-1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
@@ -22180,13 +22202,13 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when do
{DSA-4365-1 DLA-1640-1}
- tmpreaper 1.6.14 (bug #918956)
CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...)
- {DLA-1771-1}
+ {DLA-1799-1 DLA-1771-1}
- linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/
NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...)
- {DLA-1771-1}
+ {DLA-1799-1 DLA-1771-1}
- linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
@@ -27094,6 +27116,7 @@ CVE-2019-2025 [binder: fix race that allows malicious free of live buffer]
NOTE: Fixed by: https://git.kernel.org/linus/7bada55ab50697861eee6bb7d60b41e68a961a9c (4.20-rc5)
CVE-2019-2024 [media: em28xx: Fix use-after-free when disconnecting]
RESERVED
+ {DLA-1799-1}
- linux 4.16.5-1
[stretch] - linux 4.9.144-1
NOTE: Fixed by: https://git.kernel.org/linus/910b0797fa9e8af09c44a3fa36cb310ba7a7218d (4.16-rc1)
@@ -42324,6 +42347,7 @@ CVE-2018-15824
CVE-2018-15823
RESERVED
CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in FFmpeg throug ...)
+ {DSA-4449-1}
- ffmpeg 7:4.0.3-1 (low)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
- libav <undetermined>
@@ -45561,6 +45585,7 @@ CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e
CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...)
+ {DSA-4449-1}
- ffmpeg 7:4.0.2-1
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
@@ -51935,7 +51960,7 @@ CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe before
NOT-FOR-US: Intel
CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
@@ -51951,7 +51976,7 @@ CVE-2018-12128
RESERVED
CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
@@ -51963,7 +51988,7 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
- {DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
+ {DSA-4447-1 DSA-4444-1 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
@@ -63346,42 +63371,42 @@ CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx V
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
-CVE-2018-7857
- RESERVED
-CVE-2018-7856
- RESERVED
-CVE-2018-7855
- RESERVED
-CVE-2018-7854
- RESERVED
-CVE-2018-7853
- RESERVED
-CVE-2018-7852
- RESERVED
-CVE-2018-7851
- RESERVED
-CVE-2018-7850
- RESERVED
-CVE-2018-7849
- RESERVED
-CVE-2018-7848
- RESERVED
-CVE-2018-7847
- RESERVED
-CVE-2018-7846
- RESERVED
-CVE-2018-7845
- RESERVED
-CVE-2018-7844
- RESERVED
-CVE-2018-7843
- RESERVED
-CVE-2018-7842
- RESERVED
-CVE-2018-7841
- RESERVED
-CVE-2018-7840
- RESERVED
+CVE-2018-7857 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2018-7856 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2018-7855 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...)
+ TODO: check
+CVE-2018-7854 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...)
+ TODO: check
+CVE-2018-7853 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2018-7852 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2018-7851 (CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmw ...)
+ TODO: check
+CVE-2018-7850 (A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnera ...)
+ TODO: check
+CVE-2018-7849 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2018-7848 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
+ TODO: check
+CVE-2018-7847 (A CWE-284: Improper Access Control vulnerability exists in all version ...)
+ TODO: check
+CVE-2018-7846 (A CWE-501: Trust Boundary Violation vulnerability on connection to the ...)
+ TODO: check
+CVE-2018-7845 (A CWE-125: Out-of-bounds Read vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2018-7844 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
+ TODO: check
+CVE-2018-7843 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
+ TODO: check
+CVE-2018-7842 (A CWE-290: Authentication Bypass by Spoofing vulnerability exists in a ...)
+ TODO: check
+CVE-2018-7841 (A SQL Injection (CWE-89) vulnerability exists in U.motion Builder soft ...)
+ TODO: check
+CVE-2018-7840 (A Uncontrolled Search Path Element (CWE-427) vulnerability exists in V ...)
+ TODO: check
CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3 ...)
NOT-FOR-US: Schneider
CVE-2018-7838
@@ -63392,8 +63417,8 @@ CVE-2018-7836 (An unrestricted Upload of File with Dangerous Type vulnerability
NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7835 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
NOT-FOR-US: IIoT Monitor (Schneider Electric)
-CVE-2018-7834
- RESERVED
+CVE-2018-7834 (A CWE-79 Cross-Site Scripting vulnerability exists in all versions of ...)
+ TODO: check
CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7832 (An Improper Input Validation vulnerability exists in Pro-Face GP-Pro E ...)
@@ -63402,24 +63427,24 @@ CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web P
NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7830 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Respo ...)
NOT-FOR-US: Modicon (Schneider Electric)
-CVE-2018-7829
- RESERVED
-CVE-2018-7828
- RESERVED
-CVE-2018-7827
- RESERVED
-CVE-2018-7826
- RESERVED
-CVE-2018-7825
- RESERVED
-CVE-2018-7824
- RESERVED
-CVE-2018-7823
- RESERVED
-CVE-2018-7822
- RESERVED
-CVE-2018-7821
- RESERVED
+CVE-2018-7829 (An Improper Neutralization of Special Elements in Query vulnerability ...)
+ TODO: check
+CVE-2018-7828 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Ge ...)
+ TODO: check
+CVE-2018-7827 (A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelc ...)
+ TODO: check
+CVE-2018-7826 (A Command Injection vulnerability exists in the web-based GUI of the 1 ...)
+ TODO: check
+CVE-2018-7825 (A Command Injection vulnerability exists in the web-based GUI of the 1 ...)
+ TODO: check
+CVE-2018-7824 (An Externally Controlled Reference to a Resource (CWE-610) vulnerabili ...)
+ TODO: check
+CVE-2018-7823 (A Environment (CWE-2) vulnerability exists in SoMachine Basic, all ver ...)
+ TODO: check
+CVE-2018-7822 (An Incorrect Default Permissions (CWE-276) vulnerability exists in SoM ...)
+ TODO: check
+CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic, all ve ...)
+ TODO: check
CVE-2018-7820
RESERVED
CVE-2018-7819
@@ -63428,8 +63453,8 @@ CVE-2018-7818
RESERVED
CVE-2018-7817 (A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 a ...)
NOT-FOR-US: Zolio
-CVE-2018-7816
- RESERVED
+CVE-2018-7816 (A Permissions, Privileges, and Access Control vulnerability exists in ...)
+ TODO: check
CVE-2018-7815 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schnei ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7814 (A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Euroth ...)
@@ -63454,8 +63479,8 @@ CVE-2018-7805
RESERVED
CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the embedd ...)
NOT-FOR-US: Schneider Electric
-CVE-2018-7803
- RESERVED
+CVE-2018-7803 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...)
+ TODO: check
CVE-2018-7802 (A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 a ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7801 (A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 ...)
@@ -63484,8 +63509,8 @@ CVE-2018-7790 (An Information Management Error vulnerability exists in Schneider
NOT-FOR-US: Schneider
CVE-2018-7789 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Schneider
-CVE-2018-7788
- RESERVED
+CVE-2018-7788 (A CWE-255 Credentials Management vulnerability exists in Modicon Quant ...)
+ TODO: check
CVE-2018-7787 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
NOT-FOR-US: Schneider
CVE-2018-7786 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
@@ -65575,8 +65600,8 @@ CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11
NOT-FOR-US: Twonky Server
CVE-2018-7202 (An issue was discovered in ProjectSend before r1053. XSS exists in the ...)
TODO: check
-CVE-2018-7201
- RESERVED
+CVE-2018-7201 (CSV Injection was discovered in ProjectSend before r1053, affecting vi ...)
+ TODO: check
CVE-2018-7200
RESERVED
CVE-2018-7199
@@ -69606,6 +69631,7 @@ CVE-2018-5996 (Insufficient exception handling in the method NCompress::NRar3::C
[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995 (The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel ...)
+ {DLA-1799-1}
- linux 4.15.4-1
[stretch] - linux <ignored> (kernel log restricted to root by default)
CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via th ...)
@@ -113536,10 +113562,10 @@ CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows
{DSA-3863-1 DLA-960-1}
- imagemagick 8:6.9.7.4+dfsg-7 (bug #862572)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/444
-CVE-2017-8341
- RESERVED
-CVE-2017-8340
- RESERVED
+CVE-2017-8341 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...)
+ TODO: check
+CVE-2017-8340 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...)
+ TODO: check
CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a ...)
NOT-FOR-US: Panda Free Antivirus
CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthentica ...)
@@ -118485,8 +118511,8 @@ CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id paramete
NOT-FOR-US: BigTree CMS
CVE-2017-6913 (Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail b ...)
NOT-FOR-US: Open-Xchange
-CVE-2017-6912
- RESERVED
+CVE-2017-6912 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...)
+ TODO: check
CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...)
NOT-FOR-US: USB Pratirodh
CVE-2017-6910 (The HTTP and WebSocket engine components in the server in Kaazing Gate ...)
@@ -121187,8 +121213,8 @@ CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a
NOTE: master: https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
NOTE: stable-2.0: https://github.com/lxc/lxc/commit/d512bd5efb0e407eba350c4e649c464a65b712a3
NOTE: stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec
-CVE-2017-5984
- RESERVED
+CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a h ...)
+ TODO: check
CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...)
NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
@@ -121671,8 +121697,8 @@ CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service i
NOT-FOR-US: Unisys
CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...)
NOT-FOR-US: Unisys ClearPath
-CVE-2017-5871
- RESERVED
+CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: ...)
+ TODO: check
CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...)
NOT-FOR-US: ViMbAdmin
CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...)
@@ -121685,10 +121711,10 @@ CVE-2017-5866 (The autocomplete feature in the E-Mail share dialog in ownCloud S
- owncloud <removed>
CVE-2017-5865 (The password reset functionality in ownCloud Server before 8.1.11, 8.2 ...)
- owncloud <removed>
-CVE-2017-5864
- RESERVED
-CVE-2017-5863
- RESERVED
+CVE-2017-5864 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...)
+ TODO: check
+CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...)
+ TODO: check
CVE-2017-5862
RESERVED
CVE-2017-5861
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f6dc99505049da89bb61287984c374e7ce771de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f6dc99505049da89bb61287984c374e7ce771de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190523/a97b6c98/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list