[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 26 09:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49e27066 by security tracker role at 2019-10-26T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-18465
+ RESERVED
+CVE-2019-18464
+ RESERVED
+CVE-2019-18463
+ RESERVED
+CVE-2019-18462
+ RESERVED
+CVE-2019-18461
+ RESERVED
+CVE-2019-18460
+ RESERVED
+CVE-2019-18459
+ RESERVED
+CVE-2019-18458
+ RESERVED
+CVE-2019-18457
+ RESERVED
+CVE-2019-18456
+ RESERVED
+CVE-2019-18455
+ RESERVED
+CVE-2019-18454
+ RESERVED
+CVE-2019-18453
+ RESERVED
+CVE-2019-18452
+ RESERVED
+CVE-2019-18451
+ RESERVED
+CVE-2019-18450
+ RESERVED
+CVE-2019-18449
+ RESERVED
+CVE-2019-18448
+ RESERVED
+CVE-2019-18447
+ RESERVED
+CVE-2019-18446
+ RESERVED
CVE-2019-18445
RESERVED
CVE-2019-18444
@@ -473,14 +513,14 @@ CVE-2019-18223
RESERVED
CVE-2019-18222
RESERVED
-CVE-2019-18221
- RESERVED
+CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...)
+ TODO: check
CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...)
NOT-FOR-US: Sitemagic CMS
CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...)
NOT-FOR-US: Sitemagic CMS
CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
- {DLA-1969-1}
+ {DSA-4550-1 DLA-1969-1}
- file 1:5.37-6 (bug #942830)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
@@ -2771,6 +2811,7 @@ CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using use
NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...)
+ {DSA-4551-1}
- golang-1.13 1.13.3-1 (bug #942628)
- golang-1.12 1.12.12-1 (bug #942629)
- golang-1.11 <removed>
@@ -115078,8 +115119,8 @@ CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME eleme
NOT-FOR-US: UEditor
CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL inje ...)
NOT-FOR-US: Faleemi FSC-880 00.01.01.0048P2 devices
-CVE-2017-14742
- RESERVED
+CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...)
+ TODO: check
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...)
{DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49e27066acdb71dd250a2a955ab0d84e199cdf21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49e27066acdb71dd250a2a955ab0d84e199cdf21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191026/48b1a70b/attachment.html>
More information about the debian-security-tracker-commits
mailing list