[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 23 21:10:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8373080c by security tracker role at 2019-05-23T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,30 @@
-CVE-2019-12295 [dissection engine crash]
+CVE-2019-12308
+ RESERVED
+CVE-2019-12307
+ RESERVED
+CVE-2019-12306
+ RESERVED
+CVE-2019-12305
+ RESERVED
+CVE-2019-12304
+ RESERVED
+CVE-2019-12303
+ RESERVED
+CVE-2019-12302
+ RESERVED
+CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffer ...)
+ TODO: check
+CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted au ...)
+ TODO: check
+CVE-2019-12299
+ RESERVED
+CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
+ TODO: check
+CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...)
+ TODO: check
+CVE-2019-12296
+ RESERVED
+CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...)
- wireshark <unfixed> (bug #929446)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
@@ -15,10 +41,10 @@ CVE-2019-12291
RESERVED
CVE-2019-12290
RESERVED
-CVE-2019-12289
- RESERVED
-CVE-2019-12288
- RESERVED
+CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...)
+ TODO: check
+CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WI ...)
+ TODO: check
CVE-2019-12287
RESERVED
CVE-2019-12286
@@ -51,8 +77,8 @@ CVE-2019-12274
RESERVED
CVE-2019-12273
RESERVED
-CVE-2019-12272
- RESERVED
+CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
+ TODO: check
CVE-2019-12271
RESERVED
CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...)
@@ -585,8 +611,8 @@ CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x befo
NOT-FOR-US: Citrix NetScaler Gateway
CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...)
NOT-FOR-US: remarkable
-CVE-2019-12042
- RESERVED
+CVE-2019-12042 (Insecure permissions of the section object Global\PandaDevicesAgentSha ...)
+ TODO: check
CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...)
NOT-FOR-US: remarkable
CVE-2019-12040
@@ -932,8 +958,8 @@ CVE-2019-11875
RESERVED
CVE-2019-11874
RESERVED
-CVE-2019-11873
- RESERVED
+CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...)
+ TODO: check
CVE-2019-11872
RESERVED
CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...)
@@ -1313,7 +1339,7 @@ CVE-2019-11699
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1346,7 +1372,7 @@ CVE-2019-11694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
CVE-2019-11693
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1356,7 +1382,7 @@ CVE-2019-11693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
CVE-2019-11692
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1366,7 +1392,7 @@ CVE-2019-11692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
CVE-2019-11691
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -3192,8 +3218,8 @@ CVE-2019-10979
RESERVED
CVE-2019-10978
RESERVED
-CVE-2019-10977
- RESERVED
+CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
+ TODO: check
CVE-2019-10976
RESERVED
CVE-2019-10975
@@ -3514,8 +3540,8 @@ CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja
NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...)
NOT-FOR-US: Pimcore
-CVE-2019-10866
- RESERVED
+CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's possible to ...)
+ TODO: check
CVE-2019-10865
RESERVED
CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...)
@@ -3538,20 +3564,20 @@ CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur via
- jupyter-notebook <not-affected> (Incomplete fix for CVE-2019-10255 not applied)
NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
-CVE-2019-10855
- RESERVED
-CVE-2019-10854
- RESERVED
-CVE-2019-10853
- RESERVED
-CVE-2019-10852
- RESERVED
-CVE-2019-10851
- RESERVED
-CVE-2019-10850
- RESERVED
-CVE-2019-10849
- RESERVED
+CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 ...)
+ TODO: check
+CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection. ...)
+ TODO: check
+CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...)
+ TODO: check
+CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via th ...)
+ TODO: check
+CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...)
+ TODO: check
+CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...)
+ TODO: check
+CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / ...)
+ TODO: check
CVE-2019-10848
RESERVED
CVE-2019-10847
@@ -5655,8 +5681,8 @@ CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
NOT-FOR-US: Western Digital
CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
NOT-FOR-US: Western Digital
-CVE-2019-9949
- RESERVED
+CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
+ TODO: check
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
- python2.7 2.7.16-2
NOTE: https://bugs.python.org/issue35907
@@ -6687,7 +6713,7 @@ CVE-2019-9821
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
CVE-2019-9820
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6697,7 +6723,7 @@ CVE-2019-9820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
CVE-2019-9819
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6715,7 +6741,7 @@ CVE-2019-9818
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
CVE-2019-9817
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6725,7 +6751,7 @@ CVE-2019-9817
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
CVE-2019-9816
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6795,7 +6821,7 @@ CVE-2019-9801 (Firefox will accept any registered Program ID as an external prot
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
CVE-2019-9800
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6810,7 +6836,7 @@ CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB,
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...)
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
- firefox 66.0-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -10596,7 +10622,7 @@ CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function
NOTE: No real security impact and upstream indicates the CVE is invalid
CVE-2019-8340
RESERVED
-CVE-2019-8339 (An issue was discovered in Sysdig through 0.24.2, as used in Falco thr ...)
+CVE-2019-8339 (An issue was discovered in Falco through 0.14.0. A missing indicator f ...)
- sysdig <unfixed>
CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP Plugin, vers ...)
NOT-FOR-US: Airmail
@@ -13110,7 +13136,7 @@ CVE-2019-7319
CVE-2019-7318
RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free because ...)
- {DSA-4448-1 DSA-4435-1}
+ {DSA-4448-1 DSA-4435-1 DLA-1800-1}
- libpng1.6 1.6.36-4 (bug #921355)
[experimental] - firefox 67.0-1
- firefox <unfixed>
@@ -13591,94 +13617,91 @@ CVE-2019-7140 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201
NOT-FOR-US: Adobe
CVE-2019-7139 (An unauthenticated user can execute arbitrary code through an SQL inje ...)
NOT-FOR-US: Magento
-CVE-2019-7138
- RESERVED
-CVE-2019-7137
- RESERVED
-CVE-2019-7136
- RESERVED
-CVE-2019-7135
- RESERVED
-CVE-2019-7134
- RESERVED
-CVE-2019-7133
- RESERVED
-CVE-2019-7132
- RESERVED
+CVE-2019-7138 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+ TODO: check
+CVE-2019-7137 (Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. ...)
+ TODO: check
+CVE-2019-7136 (Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. S ...)
+ TODO: check
+CVE-2019-7135 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+ TODO: check
+CVE-2019-7134 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+ TODO: check
+CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
+ TODO: check
+CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...)
+ TODO: check
CVE-2019-7131
RESERVED
-CVE-2019-7130
- RESERVED
+CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...)
+ TODO: check
CVE-2019-7129
RESERVED
-CVE-2019-7128
- RESERVED
-CVE-2019-7127
- RESERVED
+CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
CVE-2019-7126
RESERVED
-CVE-2019-7125
- RESERVED
+CVE-2019-7125 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7124
- RESERVED
-CVE-2019-7123
- RESERVED
-CVE-2019-7122
- RESERVED
-CVE-2019-7121
- RESERVED
-CVE-2019-7120
- RESERVED
-CVE-2019-7119
- RESERVED
-CVE-2019-7118
- RESERVED
-CVE-2019-7117
- RESERVED
-CVE-2019-7116
- RESERVED
-CVE-2019-7115
- RESERVED
-CVE-2019-7114
- RESERVED
-CVE-2019-7113
- RESERVED
-CVE-2019-7112
- RESERVED
-CVE-2019-7111
- RESERVED
-CVE-2019-7110
- RESERVED
-CVE-2019-7109
- RESERVED
-CVE-2019-7108
- RESERVED
+CVE-2019-7124 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7123 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7122 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7121 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7120 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7119 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7118 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7117 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7116 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7115 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7114 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7113 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7112 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7111 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7110 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7109 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
+CVE-2019-7108 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2019-7107
- RESERVED
-CVE-2019-7106
- RESERVED
-CVE-2019-7105
- RESERVED
-CVE-2019-7104
- RESERVED
-CVE-2019-7103
- RESERVED
-CVE-2019-7102
- RESERVED
-CVE-2019-7101
- RESERVED
-CVE-2019-7100
- RESERVED
-CVE-2019-7099
- RESERVED
-CVE-2019-7098
- RESERVED
-CVE-2019-7097
- RESERVED
-CVE-2019-7096
- RESERVED
+CVE-2019-7107 (Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink proc ...)
+ TODO: check
+CVE-2019-7106 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...)
+ TODO: check
+CVE-2019-7105 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...)
+ TODO: check
+CVE-2019-7104 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+ TODO: check
+CVE-2019-7103 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+ TODO: check
+CVE-2019-7102 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+ TODO: check
+CVE-2019-7101 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+ TODO: check
+CVE-2019-7100 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+ TODO: check
+CVE-2019-7099 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+ TODO: check
+CVE-2019-7098 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
+ TODO: check
+CVE-2019-7097 (Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol ...)
+ TODO: check
+CVE-2019-7096 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...)
NOT-FOR-US: Adobe Flash Player
CVE-2019-7095
RESERVED
@@ -13695,8 +13718,8 @@ CVE-2019-7090
NOT-FOR-US: Adobe
CVE-2019-7089
RESERVED
-CVE-2019-7088
- RESERVED
+CVE-2019-7088 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
CVE-2019-7087
RESERVED
CVE-2019-7086
@@ -13749,8 +13772,8 @@ CVE-2019-7063
RESERVED
CVE-2019-7062
RESERVED
-CVE-2019-7061
- RESERVED
+CVE-2019-7061 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
+ TODO: check
CVE-2019-7060
RESERVED
CVE-2019-7059
@@ -16835,7 +16858,7 @@ CVE-2019-5799
- chromium 73.0.3683.75-1
CVE-2019-5798
RESERVED
- {DSA-4448-1 DSA-4421-1}
+ {DSA-4448-1 DSA-4421-1 DLA-1800-1}
- chromium 73.0.3683.75-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -20588,8 +20611,8 @@ CVE-2019-4080 (IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and
NOT-FOR-US: IBM
CVE-2019-4079
RESERVED
-CVE-2019-4078
- RESERVED
+CVE-2019-4078 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...)
+ TODO: check
CVE-2019-4077 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
NOT-FOR-US: IBM
CVE-2019-4076 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
@@ -20666,8 +20689,8 @@ CVE-2019-4041
RESERVED
CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerab ...)
NOT-FOR-US: IBM
-CVE-2019-4039
- RESERVED
+CVE-2019-4039 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...)
+ TODO: check
CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to c ...)
NOT-FOR-US: IBM
CVE-2019-4037
@@ -32993,8 +33016,7 @@ CVE-2019-0203
RESERVED
CVE-2019-0202
RESERVED
-CVE-2019-0201 [Information disclosure vulnerability]
- RESERVED
+CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...)
- zookeeper <unfixed> (bug #929283)
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392
NOTE: Patch (3.4 branch): https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1
@@ -35149,7 +35171,7 @@ CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound n
- thunderbird 1:60.5.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of ...)
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
- firefox 65.0.1-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -42730,8 +42752,8 @@ CVE-2018-15666
RESERVED
CVE-2018-15665
RESERVED
-CVE-2018-15664
- RESERVED
+CVE-2018-15664 (In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker ...)
+ TODO: check
CVE-2018-15663
RESERVED
CVE-2018-15662
@@ -85446,10 +85468,10 @@ CVE-2017-17063
RESERVED
CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...)
NOT-FOR-US: Open-Xchange
-CVE-2017-17061
- RESERVED
-CVE-2017-17060
- RESERVED
+CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
+ TODO: check
+CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecu ...)
+ TODO: check
CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb post ...)
NOT-FOR-US: WordPress plugin wp-thumb-post
CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to differe ...)
@@ -91417,8 +91439,8 @@ CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all cur
NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd serv ...)
NOT-FOR-US: HTTPd server in Asus asuswrt
-CVE-2017-15652
- RESERVED
+CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The impac ...)
+ TODO: check
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...)
@@ -93384,10 +93406,10 @@ CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRI
NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including v1.4, not ...)
NOT-FOR-US: ARM Trusted Firmware
-CVE-2017-15030
- RESERVED
-CVE-2017-15029
- RESERVED
+CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
+ TODO: check
+CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
+ TODO: check
CVE-2017-15028
RESERVED
CVE-2017-15027
@@ -97599,10 +97621,10 @@ CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any f
NOT-FOR-US: BlackCat CMS
CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswere ...)
NOT-FOR-US: NexusPHP
-CVE-2017-13668
- RESERVED
-CVE-2017-13667
- RESERVED
+CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
+ TODO: check
+CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
+ TODO: check
CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...)
- x265 <not-affected> (Affected code is not enabled)
CVE-2017-13665
@@ -103208,12 +103230,12 @@ CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libe
- expat <not-affected> (Windows specfic issue)
CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) bef ...)
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
-CVE-2017-11740
- RESERVED
-CVE-2017-11739
- RESERVED
-CVE-2017-11738
- RESERVED
+CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the adminis ...)
+ TODO: check
+CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...)
+ TODO: check
+CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' ...)
+ TODO: check
CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...)
- rspamd 1.7.6-1
[jessie] - rspamd <not-affected> (Vulnerable code not present)
@@ -103892,16 +103914,16 @@ CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code ex
NOT-FOR-US: D-Link
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegur ...)
NOT-FOR-US: MT4 SenhaSegura
-CVE-2017-11561
- RESERVED
-CVE-2017-11560
- RESERVED
-CVE-2017-11559
- RESERVED
+CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authen ...)
+ TODO: check
+CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding ...)
+ TODO: check
+CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiK ...)
+ TODO: check
CVE-2017-11558
RESERVED
-CVE-2017-11557
- RESERVED
+CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications Manager 12.3 ...)
+ TODO: check
CVE-2017-11556 (There is a stack consumption vulnerability in the Parser::advanceToNex ...)
- libsass <unfixed> (bug #870182)
[stretch] - libsass <no-dsa> (Minor issue)
@@ -104500,8 +104522,7 @@ CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-0
NOT-FOR-US: shoco
CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...)
NOT-FOR-US: Codiad
-CVE-2017-11365 [Empty passwords validation issue]
- RESERVED
+CVE-2017-11365 (Certain Symfony products are affected by: Incorrect Access Control. Th ...)
- symfony <not-affected> (introduced in versions that were never packaged in Debian)
NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's own ...)
@@ -124134,14 +124155,14 @@ CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1
NOT-FOR-US: Joomla extension
CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...)
NOT-FOR-US: Joomla extension
-CVE-2017-5213
- RESERVED
-CVE-2017-5212
- RESERVED
-CVE-2017-5211
- RESERVED
-CVE-2017-5210
- RESERVED
+CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...)
+ TODO: check
+CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access ...)
+ TODO: check
+CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...)
+ TODO: check
+CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Infor ...)
+ TODO: check
CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist thr ...)
{DLA-811-1}
- libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196)
@@ -128022,8 +128043,8 @@ CVE-2016-9971
RESERVED
CVE-2016-9970
RESERVED
-CVE-2016-9969
- RESERVED
+CVE-2016-9969 (In libwebp 0.5.1, there is a double free bug in libwebpmux. ...)
+ TODO: check
CVE-2016-9968
RESERVED
CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the Teleco ...)
@@ -139650,16 +139671,16 @@ CVE-2016-8903 (SQL injection vulnerability in the "Site Browser > Templates p
NOT-FOR-US: dotCMS
CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in dotCMS ...)
NOT-FOR-US: dotCMS
-CVE-2016-8901
- RESERVED
+CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability in /ht ...)
+ TODO: check
CVE-2016-8900
RESERVED
-CVE-2016-8899
- RESERVED
+CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
+ TODO: check
CVE-2016-8898
RESERVED
-CVE-2016-8897
- RESERVED
+CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability ...)
+ TODO: check
CVE-2016-8896
RESERVED
CVE-2016-8895
@@ -145013,8 +145034,7 @@ CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13
{DSA-3700-1 DLA-781-1}
- asterisk 1:13.11.2~dfsg-1 (bug #838832)
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
-CVE-2016-7550 [AST-2016-006]
- RESERVED
+CVE-2016-7550 (asterisk 13.10.0 is affected by: denial of service issues in asterisk. ...)
- asterisk 1:13.11.2~dfsg-1 (bug #838833)
[jessie] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
[wheezy] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8373080c513b590a7bc3deefa9caf1ea486b250d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8373080c513b590a7bc3deefa9caf1ea486b250d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190523/287835fe/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list