Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7233c51d by security tracker role at 2019-01-25T08:10:14Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck
Community ...)
+ TODO: check
+CVE-2019-6803 (typora through 0.9.9.20.3 beta has XSS, with resultant remote
command ...)
+ TODO: check
+CVE-2019-6802 (CRLF Injection in pypiserver 1.2.5 and below allows attackers
to set ...)
+ TODO: check
+CVE-2019-6801
+ RESERVED
+CVE-2019-6800
+ RESERVED
+CVE-2019-6799
+ RESERVED
+CVE-2019-6798
+ RESERVED
+CVE-2019-6797
+ RESERVED
+CVE-2019-6796
+ RESERVED
+CVE-2019-6795
+ RESERVED
+CVE-2019-6794
+ RESERVED
+CVE-2019-6793
+ RESERVED
+CVE-2019-6792
+ RESERVED
+CVE-2019-6791
+ RESERVED
+CVE-2019-6790
+ RESERVED
+CVE-2019-6789
+ RESERVED
+CVE-2019-6788
+ RESERVED
+CVE-2019-6787
+ RESERVED
+CVE-2019-6786
+ RESERVED
+CVE-2019-6785
+ RESERVED
+CVE-2019-6784
+ RESERVED
+CVE-2019-6783
+ RESERVED
+CVE-2019-6782
+ RESERVED
+CVE-2019-6781
+ RESERVED
+CVE-2019-6780 (The Wise Chat plugin before 2.7 for WordPress mishandles
external links ...)
+ TODO: check
+CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows
remote ...)
+ TODO: check
CVE-2019-6779 (Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or
delete ...)
NOT-FOR-US: Cscms
CVE-2019-6778 [slirp: heap buffer overflow in tcp_emu()]
@@ -12198,6 +12250,7 @@ CVE-2018-20005 (An issue has been found in Mini-XML
(aka mxml) 2.12. It is a ...
[jessie] - mxml <ignored> (Minor issue)
NOTE: https://github.com/michaelrsweet/mxml/issues/234
CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a
...)
+ {DLA-1641-1}
- mxml 2.12-2 (low; bug #918007)
[stretch] - mxml <no-dsa> (Minor issue)
NOTE: https://github.com/michaelrsweet/mxml/issues/233
@@ -18677,8 +18730,8 @@ CVE-2018-18983 (VT-Designer Version 2.1.7.31 is
vulnerable by the program readin
NOT-FOR-US: VT-Designer
CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application
allows ...)
NOT-FOR-US: NUUO CMS
-CVE-2018-18981
- RESERVED
+CVE-2018-18981 (In Rockwell Automation FactoryTalk Services Platform 2.90 and
earlier, ...)
+ TODO: check
CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before
0.8.0 ...)
{DLA-1584-1}
- ruby-i18n 0.7.0-3 (bug #913093)
@@ -20235,8 +20288,8 @@ CVE-2018-18365
RESERVED
CVE-2018-18364
RESERVED
-CVE-2018-18363
- RESERVED
+CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a
bypass ...)
+ TODO: check
CVE-2018-18362 (Norton Password Manager for Android (formerly Norton Identity
Safe) ...)
NOT-FOR-US: Norton Password Manager for Android
CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. ...)
@@ -26084,8 +26137,8 @@ CVE-2018-16100
RESERVED
CVE-2018-16099
RESERVED
-CVE-2018-16098
- RESERVED
+CVE-2018-16098 (In some Lenovo ThinkPads, an unquoted search path
vulnerability was ...)
+ TODO: check
CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft
System ...)
NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the
SMM web ...)
@@ -36129,8 +36182,8 @@ CVE-2018-12239 (Norton prior to 22.15; Symantec
Endpoint Protection (SEP) prior
NOT-FOR-US: Norton
CVE-2018-12238 (Norton prior to 22.15; Symantec Endpoint Protection (SEP)
prior to ...)
NOT-FOR-US: Norton
-CVE-2018-12237
- RESERVED
+CVE-2018-12237 (The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2
prior to ...)
+ TODO: check
CVE-2018-12236
RESERVED
CVE-2018-12235
@@ -55264,8 +55317,8 @@ CVE-2018-5499
RESERVED
CVE-2018-5498
RESERVED
-CVE-2018-5497
- RESERVED
+CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5
are ...)
+ TODO: check
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are
...)
NOT-FOR-US: Data ONTAP
CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a
vulnerability ...)
@@ -138571,11 +138624,13 @@ CVE-2016-4547 (Samsung devices with Android
KK(4.4), L(5.0/5.1), or M(6.0) allow
CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local
users ...)
NOT-FOR-US: Samsung Android component
CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and
possibly ...)
+ {DLA-1641-1}
- mxml 2.9-1 (bug #825855)
[wheezy] - mxml <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
NOTE:
https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7,
and ...)
+ {DLA-1641-1}
- mxml 2.9-2 (bug #825855)
[wheezy] - mxml <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7233c51d95bd9a55af19e3749fe75190f7044614
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7233c51d95bd9a55af19e3749fe75190f7044614
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
