[Git][security-tracker-team/security-tracker][master] imagemagick n/a
Moritz Muehlenhoff
jmm at debian.org
Thu Nov 14 11:40:38 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1adf6b6f by Moritz Muehlenhoff at 2019-11-14T11:40:16Z
imagemagick n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -225,9 +225,8 @@ CVE-2019-18855 (A Denial Of Service vulnerability exists in the safe-svg (aka Sa
CVE-2019-18854 (A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG ...)
NOT-FOR-US: safe-svg (aka Safe SVG) plugin for WordPress
CVE-2019-18853 (ImageMagick before 7.0.9-0 allows remote attackers to cause a denial o ...)
- - imagemagick <undetermined>
+ - imagemagick <not-affected> (Only affects Imagemagick 7.x)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ec9c8944af2bfc65c697ca44f93a727a99b405f1
- TODO: check if affects as well ImageMagick6
CVE-2019-18852 (Certain D-Link devices have a hardcoded Alphanetworks user account wit ...)
NOT-FOR-US: D-Link
CVE-2019-18851
@@ -8372,7 +8371,7 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe
CVE-2019-16864
RESERVED
CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...)
- TODO: check
+ NOT-FOR-US: STMicroelectronics
CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)
NOT-FOR-US: OpenEMR
CVE-2019-16861
@@ -19294,7 +19293,7 @@ CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there
CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...)
NOT-FOR-US: WebAccess
CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2019-13554
RESERVED
CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
@@ -43125,7 +43124,7 @@ CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the Java
CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint document conv ...)
NOT-FOR-US: Rainbow PDF Office Server Document Converter
CVE-2019-5029 (An exploitable command injection vulnerability exists in the Config ed ...)
- TODO: check
+ NOT-FOR-US: Exhibitor Web UI
CVE-2019-5028
REJECTED
CVE-2019-5027
@@ -46195,13 +46194,13 @@ CVE-2019-3665
CVE-2019-3664
RESERVED
CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3662 (Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Adva ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3660 (Improper Neutralization of HTTP requests in McAfee Advanced Threat Def ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3659
RESERVED
CVE-2019-3658
@@ -46219,11 +46218,11 @@ CVE-2019-3653 (Improper access control vulnerability in Configuration tool in Mc
CVE-2019-3652 (Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Securit ...)
NOT-FOR-US: McAfee Endpoint Security (ENS)
CVE-2019-3651 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3650 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3649 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows client i ...)
NOT-FOR-US: McAfee Total Protection
CVE-2019-3647
@@ -46241,7 +46240,7 @@ CVE-2019-3642
CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE server in ...)
NOT-FOR-US: McAfee
CVE-2019-3640 (Unprotected Transport of Credentials in ePO extension in McAfee Data L ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...)
NOT-FOR-US: McAfee
CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators web con ...)
@@ -46814,7 +46813,7 @@ CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab r
CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
NOT-FOR-US: ZTE
CVE-2019-3420 (The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...)
NOT-FOR-US: ZTE
CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
@@ -254275,7 +254274,7 @@ CVE-2013-3518
CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR35 ...)
NOT-FOR-US: NETGEAR
CVE-2013-3516 (NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely o ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2. ...)
NOT-FOR-US: OpenX
CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 re ...)
@@ -254588,9 +254587,9 @@ CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x befo
- request-tracker3.8 <removed>
- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3367 (Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2013-3366 (Undocumented TELNET service in TRENDnet TEW-812DRU when a web page nam ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to execut ...)
NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3364
@@ -255187,7 +255186,7 @@ CVE-2013-3099
CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...)
NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...)
- TODO: check
+ NOT-FOR-US: Verizon
CVE-2013-3096
RESERVED
CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
@@ -267475,7 +267474,7 @@ CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util
CVE-2012-5194
RESERVED
CVE-2012-5193 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 ...)
- TODO: check
+ NOT-FOR-US: Bitweaver
CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bitweave ...)
NOT-FOR-US: Bitweaver
CVE-2012-5191
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1adf6b6fa8819642bb3ad736f73f1c0dca757476
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1adf6b6fa8819642bb3ad736f73f1c0dca757476
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191114/83765707/attachment.html>
More information about the debian-security-tracker-commits
mailing list