[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 23 21:10:28 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8373080c by security tracker role at 2019-05-23T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,30 @@
-CVE-2019-12295 [dissection engine crash]
+CVE-2019-12308
+	RESERVED
+CVE-2019-12307
+	RESERVED
+CVE-2019-12306
+	RESERVED
+CVE-2019-12305
+	RESERVED
+CVE-2019-12304
+	RESERVED
+CVE-2019-12303
+	RESERVED
+CVE-2019-12302
+	RESERVED
+CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffer ...)
+	TODO: check
+CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted au ...)
+	TODO: check
+CVE-2019-12299
+	RESERVED
+CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
+	TODO: check
+CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...)
+	TODO: check
+CVE-2019-12296
+	RESERVED
+CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the  ...)
 	- wireshark <unfixed> (bug #929446)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
@@ -15,10 +41,10 @@ CVE-2019-12291
 	RESERVED
 CVE-2019-12290
 	RESERVED
-CVE-2019-12289
-	RESERVED
-CVE-2019-12288
-	RESERVED
+CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...)
+	TODO: check
+CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WI ...)
+	TODO: check
 CVE-2019-12287
 	RESERVED
 CVE-2019-12286
@@ -51,8 +77,8 @@ CVE-2019-12274
 	RESERVED
 CVE-2019-12273
 	RESERVED
-CVE-2019-12272
-	RESERVED
+CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
+	TODO: check
 CVE-2019-12271
 	RESERVED
 CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...)
@@ -585,8 +611,8 @@ CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x befo
 	NOT-FOR-US: Citrix NetScaler Gateway
 CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...)
 	NOT-FOR-US: remarkable
-CVE-2019-12042
-	RESERVED
+CVE-2019-12042 (Insecure permissions of the section object Global\PandaDevicesAgentSha ...)
+	TODO: check
 CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...)
 	NOT-FOR-US: remarkable
 CVE-2019-12040
@@ -932,8 +958,8 @@ CVE-2019-11875
 	RESERVED
 CVE-2019-11874
 	RESERVED
-CVE-2019-11873
-	RESERVED
+CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...)
+	TODO: check
 CVE-2019-11872
 	RESERVED
 CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for  ...)
@@ -1313,7 +1339,7 @@ CVE-2019-11699
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
 CVE-2019-11698
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -1346,7 +1372,7 @@ CVE-2019-11694
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
 CVE-2019-11693
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -1356,7 +1382,7 @@ CVE-2019-11693
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
 CVE-2019-11692
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -1366,7 +1392,7 @@ CVE-2019-11692
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
 CVE-2019-11691
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -3192,8 +3218,8 @@ CVE-2019-10979
 	RESERVED
 CVE-2019-10978
 	RESERVED
-CVE-2019-10977
-	RESERVED
+CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
+	TODO: check
 CVE-2019-10976
 	RESERVED
 CVE-2019-10975
@@ -3514,8 +3540,8 @@ CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja
 	NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...)
 	NOT-FOR-US: Pimcore
-CVE-2019-10866
-	RESERVED
+CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's possible to ...)
+	TODO: check
 CVE-2019-10865
 	RESERVED
 CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...)
@@ -3538,20 +3564,20 @@ CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur via
 	- jupyter-notebook <not-affected> (Incomplete fix for CVE-2019-10255 not applied)
 	NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
 	NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
-CVE-2019-10855
-	RESERVED
-CVE-2019-10854
-	RESERVED
-CVE-2019-10853
-	RESERVED
-CVE-2019-10852
-	RESERVED
-CVE-2019-10851
-	RESERVED
-CVE-2019-10850
-	RESERVED
-CVE-2019-10849
-	RESERVED
+CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 ...)
+	TODO: check
+CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection. ...)
+	TODO: check
+CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...)
+	TODO: check
+CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via th ...)
+	TODO: check
+CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...)
+	TODO: check
+CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...)
+	TODO: check
+CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / ...)
+	TODO: check
 CVE-2019-10848
 	RESERVED
 CVE-2019-10847
@@ -5655,8 +5681,8 @@ CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
 	NOT-FOR-US: Western Digital
 CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
 	NOT-FOR-US: Western Digital
-CVE-2019-9949
-	RESERVED
+CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
+	TODO: check
 CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
 	- python2.7 2.7.16-2
 	NOTE: https://bugs.python.org/issue35907
@@ -6687,7 +6713,7 @@ CVE-2019-9821
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
 CVE-2019-9820
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -6697,7 +6723,7 @@ CVE-2019-9820
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
 CVE-2019-9819
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -6715,7 +6741,7 @@ CVE-2019-9818
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
 CVE-2019-9817
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -6725,7 +6751,7 @@ CVE-2019-9817
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
 CVE-2019-9816
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -6795,7 +6821,7 @@ CVE-2019-9801 (Firefox will accept any registered Program ID as an external prot
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
 CVE-2019-9800
 	RESERVED
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
@@ -6810,7 +6836,7 @@ CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB,
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
 CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...)
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	- firefox 66.0-1
 	- firefox-esr 60.7.0esr-1
 	- thunderbird 1:60.7.0-1
@@ -10596,7 +10622,7 @@ CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function
 	NOTE: No real security impact and upstream indicates the CVE is invalid
 CVE-2019-8340
 	RESERVED
-CVE-2019-8339 (An issue was discovered in Sysdig through 0.24.2, as used in Falco thr ...)
+CVE-2019-8339 (An issue was discovered in Falco through 0.14.0. A missing indicator f ...)
 	- sysdig <unfixed>
 CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP Plugin, vers ...)
 	NOT-FOR-US: Airmail
@@ -13110,7 +13136,7 @@ CVE-2019-7319
 CVE-2019-7318
 	RESERVED
 CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free because  ...)
-	{DSA-4448-1 DSA-4435-1}
+	{DSA-4448-1 DSA-4435-1 DLA-1800-1}
 	- libpng1.6 1.6.36-4 (bug #921355)
 	[experimental] - firefox 67.0-1
 	- firefox <unfixed>
@@ -13591,94 +13617,91 @@ CVE-2019-7140 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201
 	NOT-FOR-US: Adobe
 CVE-2019-7139 (An unauthenticated user can execute arbitrary code through an SQL inje ...)
 	NOT-FOR-US: Magento
-CVE-2019-7138
-	RESERVED
-CVE-2019-7137
-	RESERVED
-CVE-2019-7136
-	RESERVED
-CVE-2019-7135
-	RESERVED
-CVE-2019-7134
-	RESERVED
-CVE-2019-7133
-	RESERVED
-CVE-2019-7132
-	RESERVED
+CVE-2019-7138 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+	TODO: check
+CVE-2019-7137 (Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. ...)
+	TODO: check
+CVE-2019-7136 (Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. S ...)
+	TODO: check
+CVE-2019-7135 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+	TODO: check
+CVE-2019-7134 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+	TODO: check
+CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+	TODO: check
+CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...)
+	TODO: check
 CVE-2019-7131
 	RESERVED
-CVE-2019-7130
-	RESERVED
+CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...)
+	TODO: check
 CVE-2019-7129
 	RESERVED
-CVE-2019-7128
-	RESERVED
-CVE-2019-7127
-	RESERVED
+CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
 CVE-2019-7126
 	RESERVED
-CVE-2019-7125
-	RESERVED
+CVE-2019-7125 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
 	NOT-FOR-US: Adobe
-CVE-2019-7124
-	RESERVED
-CVE-2019-7123
-	RESERVED
-CVE-2019-7122
-	RESERVED
-CVE-2019-7121
-	RESERVED
-CVE-2019-7120
-	RESERVED
-CVE-2019-7119
-	RESERVED
-CVE-2019-7118
-	RESERVED
-CVE-2019-7117
-	RESERVED
-CVE-2019-7116
-	RESERVED
-CVE-2019-7115
-	RESERVED
-CVE-2019-7114
-	RESERVED
-CVE-2019-7113
-	RESERVED
-CVE-2019-7112
-	RESERVED
-CVE-2019-7111
-	RESERVED
-CVE-2019-7110
-	RESERVED
-CVE-2019-7109
-	RESERVED
-CVE-2019-7108
-	RESERVED
+CVE-2019-7124 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7123 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7122 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7121 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7120 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7119 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7118 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7117 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7116 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7115 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7114 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7113 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7112 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7111 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7110 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7109 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
+CVE-2019-7108 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2019-7107
-	RESERVED
-CVE-2019-7106
-	RESERVED
-CVE-2019-7105
-	RESERVED
-CVE-2019-7104
-	RESERVED
-CVE-2019-7103
-	RESERVED
-CVE-2019-7102
-	RESERVED
-CVE-2019-7101
-	RESERVED
-CVE-2019-7100
-	RESERVED
-CVE-2019-7099
-	RESERVED
-CVE-2019-7098
-	RESERVED
-CVE-2019-7097
-	RESERVED
-CVE-2019-7096
-	RESERVED
+CVE-2019-7107 (Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink proc ...)
+	TODO: check
+CVE-2019-7106 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...)
+	TODO: check
+CVE-2019-7105 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...)
+	TODO: check
+CVE-2019-7104 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+	TODO: check
+CVE-2019-7103 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+	TODO: check
+CVE-2019-7102 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+	TODO: check
+CVE-2019-7101 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+	TODO: check
+CVE-2019-7100 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+	TODO: check
+CVE-2019-7099 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+	TODO: check
+CVE-2019-7098 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+	TODO: check
+CVE-2019-7097 (Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol  ...)
+	TODO: check
+CVE-2019-7096 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2019-7095
 	RESERVED
@@ -13695,8 +13718,8 @@ CVE-2019-7090
 	NOT-FOR-US: Adobe
 CVE-2019-7089
 	RESERVED
-CVE-2019-7088
-	RESERVED
+CVE-2019-7088 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
 CVE-2019-7087
 	RESERVED
 CVE-2019-7086
@@ -13749,8 +13772,8 @@ CVE-2019-7063
 	RESERVED
 CVE-2019-7062
 	RESERVED
-CVE-2019-7061
-	RESERVED
+CVE-2019-7061 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+	TODO: check
 CVE-2019-7060
 	RESERVED
 CVE-2019-7059
@@ -16835,7 +16858,7 @@ CVE-2019-5799
 	- chromium 73.0.3683.75-1
 CVE-2019-5798
 	RESERVED
-	{DSA-4448-1 DSA-4421-1}
+	{DSA-4448-1 DSA-4421-1 DLA-1800-1}
 	- chromium 73.0.3683.75-1
 	- firefox-esr 60.7.0esr-1
 	- thunderbird 1:60.7.0-1
@@ -20588,8 +20611,8 @@ CVE-2019-4080 (IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and
 	NOT-FOR-US: IBM
 CVE-2019-4079
 	RESERVED
-CVE-2019-4078
-	RESERVED
+CVE-2019-4078 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...)
+	TODO: check
 CVE-2019-4077 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
 	NOT-FOR-US: IBM
 CVE-2019-4076 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
@@ -20666,8 +20689,8 @@ CVE-2019-4041
 	RESERVED
 CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerab ...)
 	NOT-FOR-US: IBM
-CVE-2019-4039
-	RESERVED
+CVE-2019-4039 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...)
+	TODO: check
 CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to c ...)
 	NOT-FOR-US: IBM
 CVE-2019-4037
@@ -32993,8 +33016,7 @@ CVE-2019-0203
 	RESERVED
 CVE-2019-0202
 	RESERVED
-CVE-2019-0201 [Information disclosure vulnerability]
-	RESERVED
+CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...)
 	- zookeeper <unfixed> (bug #929283)
 	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392
 	NOTE: Patch (3.4 branch): https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1
@@ -35149,7 +35171,7 @@ CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound n
 	- thunderbird 1:60.5.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
 CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of  ...)
-	{DSA-4448-1}
+	{DSA-4448-1 DLA-1800-1}
 	- firefox 65.0.1-1
 	- firefox-esr 60.7.0esr-1
 	- thunderbird 1:60.7.0-1
@@ -42730,8 +42752,8 @@ CVE-2018-15666
 	RESERVED
 CVE-2018-15665
 	RESERVED
-CVE-2018-15664
-	RESERVED
+CVE-2018-15664 (In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker ...)
+	TODO: check
 CVE-2018-15663
 	RESERVED
 CVE-2018-15662
@@ -85446,10 +85468,10 @@ CVE-2017-17063
 	RESERVED
 CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...)
 	NOT-FOR-US: Open-Xchange
-CVE-2017-17061
-	RESERVED
-CVE-2017-17060
-	RESERVED
+CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross  ...)
+	TODO: check
+CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecu ...)
+	TODO: check
 CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb post ...)
 	NOT-FOR-US: WordPress plugin wp-thumb-post
 CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to differe ...)
@@ -91417,8 +91439,8 @@ CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all cur
 	NOT-FOR-US: HTTPd server in Asus asuswrt
 CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd serv ...)
 	NOT-FOR-US: HTTPd server in Asus asuswrt
-CVE-2017-15652
-	RESERVED
+CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The impac ...)
+	TODO: check
 CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...)
 	NOT-FOR-US: PRTG Network Monitor
 CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local  ...)
@@ -93384,10 +93406,10 @@ CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRI
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
 CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including v1.4, not  ...)
 	NOT-FOR-US: ARM Trusted Firmware
-CVE-2017-15030
-	RESERVED
-CVE-2017-15029
-	RESERVED
+CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
+	TODO: check
+CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
+	TODO: check
 CVE-2017-15028
 	RESERVED
 CVE-2017-15027
@@ -97599,10 +97621,10 @@ CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any f
 	NOT-FOR-US: BlackCat CMS
 CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswere ...)
 	NOT-FOR-US: NexusPHP
-CVE-2017-13668
-	RESERVED
-CVE-2017-13667
-	RESERVED
+CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross  ...)
+	TODO: check
+CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
+	TODO: check
 CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...)
 	- x265 <not-affected> (Affected code is not enabled)
 CVE-2017-13665
@@ -103208,12 +103230,12 @@ CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libe
 	- expat <not-affected> (Windows specfic issue)
 CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) bef ...)
 	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
-CVE-2017-11740
-	RESERVED
-CVE-2017-11739
-	RESERVED
-CVE-2017-11738
-	RESERVED
+CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the adminis ...)
+	TODO: check
+CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...)
+	TODO: check
+CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid'  ...)
+	TODO: check
 CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...)
 	- rspamd 1.7.6-1
 	[jessie] - rspamd <not-affected> (Vulnerable code not present)
@@ -103892,16 +103914,16 @@ CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code ex
 	NOT-FOR-US: D-Link
 CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegur ...)
 	NOT-FOR-US: MT4 SenhaSegura
-CVE-2017-11561
-	RESERVED
-CVE-2017-11560
-	RESERVED
-CVE-2017-11559
-	RESERVED
+CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authen ...)
+	TODO: check
+CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding ...)
+	TODO: check
+CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiK ...)
+	TODO: check
 CVE-2017-11558
 	RESERVED
-CVE-2017-11557
-	RESERVED
+CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications Manager 12.3 ...)
+	TODO: check
 CVE-2017-11556 (There is a stack consumption vulnerability in the Parser::advanceToNex ...)
 	- libsass <unfixed> (bug #870182)
 	[stretch] - libsass <no-dsa> (Minor issue)
@@ -104500,8 +104522,7 @@ CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-0
 	NOT-FOR-US: shoco
 CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...)
 	NOT-FOR-US: Codiad
-CVE-2017-11365 [Empty passwords validation issue]
-	RESERVED
+CVE-2017-11365 (Certain Symfony products are affected by: Incorrect Access Control. Th ...)
 	- symfony <not-affected> (introduced in versions that were never packaged in Debian)
 	NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
 CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's own ...)
@@ -124134,14 +124155,14 @@ CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1
 	NOT-FOR-US: Joomla extension
 CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...)
 	NOT-FOR-US: Joomla extension
-CVE-2017-5213
-	RESERVED
-CVE-2017-5212
-	RESERVED
-CVE-2017-5211
-	RESERVED
-CVE-2017-5210
-	RESERVED
+CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...)
+	TODO: check
+CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access  ...)
+	TODO: check
+CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...)
+	TODO: check
+CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Infor ...)
+	TODO: check
 CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist thr ...)
 	{DLA-811-1}
 	- libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196)
@@ -128022,8 +128043,8 @@ CVE-2016-9971
 	RESERVED
 CVE-2016-9970
 	RESERVED
-CVE-2016-9969
-	RESERVED
+CVE-2016-9969 (In libwebp 0.5.1, there is a double free bug in libwebpmux. ...)
+	TODO: check
 CVE-2016-9968
 	RESERVED
 CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the Teleco ...)
@@ -139650,16 +139671,16 @@ CVE-2016-8903 (SQL injection vulnerability in the "Site Browser > Templates p
 	NOT-FOR-US: dotCMS
 CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in dotCMS ...)
 	NOT-FOR-US: dotCMS
-CVE-2016-8901
-	RESERVED
+CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability in /ht ...)
+	TODO: check
 CVE-2016-8900
 	RESERVED
-CVE-2016-8899
-	RESERVED
+CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
+	TODO: check
 CVE-2016-8898
 	RESERVED
-CVE-2016-8897
-	RESERVED
+CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability  ...)
+	TODO: check
 CVE-2016-8896
 	RESERVED
 CVE-2016-8895
@@ -145013,8 +145034,7 @@ CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13
 	{DSA-3700-1 DLA-781-1}
 	- asterisk 1:13.11.2~dfsg-1 (bug #838832)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
-CVE-2016-7550 [AST-2016-006]
-	RESERVED
+CVE-2016-7550 (asterisk 13.10.0 is affected by: denial of service issues in asterisk. ...)
 	- asterisk 1:13.11.2~dfsg-1 (bug #838833)
 	[jessie] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
 	[wheezy] - asterisk <not-affected> (Issue introduced in 13.10.0 release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8373080c513b590a7bc3deefa9caf1ea486b250d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8373080c513b590a7bc3deefa9caf1ea486b250d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190523/287835fe/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list