Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81af9ff9 by security tracker role at 2019-02-04T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2019-7355
+ RESERVED
+CVE-2019-7354
+ RESERVED
+CVE-2019-7353
+ RESERVED
+CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7351 (Log Injection exists in ZoneMinder through 1.32.3, as an
attacker can ...)
+ TODO: check
+CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an
attacker ...)
+ TODO: check
+CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7348 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7347 (A Time-of-check Time-of-use (TOCTOU) Race Condition exists in
...)
+ TODO: check
+CVE-2019-7346 (A CSRF check issue exists in ZoneMinder through 1.32.3 as
whenever a ...)
+ TODO: check
+CVE-2019-7345 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7344 (Reflected XSS exists in ZoneMinder through 1.32.3, allowing an
attacker ...)
+ TODO: check
+CVE-2019-7343 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7342 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through
1.32.3, ...)
+ TODO: check
+CVE-2019-7341 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7340 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through
1.32.3, ...)
+ TODO: check
+CVE-2019-7339 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through
1.32.3, ...)
+ TODO: check
+CVE-2019-7338 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing
an ...)
+ TODO: check
+CVE-2019-7337 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7336 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7335 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing
an ...)
+ TODO: check
+CVE-2019-7334 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7333 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7332 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7328 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7327 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7326 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder
through ...)
+ TODO: check
+CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in
pagination ...)
+ TODO: check
+CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0
does not ...)
+ TODO: check
+CVE-2019-7322
+ RESERVED
+CVE-2019-7321
+ RESERVED
+CVE-2019-7320
+ RESERVED
+CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a
crafted PDF ...)
+ TODO: check
CVE-2019-7319
RESERVED
CVE-2019-7318
@@ -7747,8 +7821,7 @@ CVE-2019-3815 (A memory leak was discovered in the
backport of fixes for ...)
NOTE: specifically the backport of the fix for CVE-2018-16864.
CVE-2019-3814
RESERVED
-CVE-2019-3813 [Off-by-one error in array access in spice/server/memslot.c]
- RESERVED
+CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an ...)
{DSA-4375-1 DLA-1649-1}
- spice 0.14.0-1.3 (bug #920762)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2
@@ -8600,8 +8673,7 @@ CVE-2019-3462 (Incorrect sanitation of the 302 redirect
field in HTTP transport
- apt 1.8.0~alpha3.1
NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353
NOTE: https://justi.cz/security/2019/01/22/apt-rce.html
-CVE-2019-3461
- RESERVED
+CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when
doing a ...)
{DSA-4365-1 DLA-1640-1}
- tmpreaper 1.6.14 (bug #918956)
CVE-2019-3460 [Heap data infoleak in multiple locations including
functionl2cap_parse_conf_rsp]
@@ -38779,8 +38851,7 @@ CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML
parsers were not configured
NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/4
NOTE: When fixing this issue the fix needs to be made complete to not
open
NOTE: CVE-2018-11796. The full fix is only in 1.19.1 onwards.
-CVE-2018-11760
- RESERVED
+CVE-2018-11760 (When using PySpark , it's possible for a different local user
to ...)
NOT-FOR-US: Apache Spark
CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised
the ...)
{DSA-4357-1 DLA-1609-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/81af9ff99adf9801610036f89364452760f1cd5c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/81af9ff99adf9801610036f89364452760f1cd5c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
