Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5af40f2a by security tracker role at 2019-03-27T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,233 @@
+CVE-2019-10239
+ RESERVED
+CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via
the file ...)
+ TODO: check
+CVE-2019-10237 (S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin
user via th ...)
+ TODO: check
+CVE-2019-10236
+ RESERVED
+CVE-2019-10235
+ RESERVED
+CVE-2019-10234
+ RESERVED
+CVE-2019-10233 (Teclib GLPI before 9.4.1.1 is affected by a timing attack
associated w ...)
+ TODO: check
+CVE-2019-10232 (Teclib GLPI through 9.3.3 has SQL injection via the "cycle"
parameter ...)
+ TODO: check
+CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling
vulnerab ...)
+ TODO: check
+CVE-2019-10230
+ RESERVED
+CVE-2019-10229
+ RESERVED
+CVE-2019-10228
+ RESERVED
+CVE-2019-10227
+ RESERVED
+CVE-2019-10226
+ RESERVED
+CVE-2019-10225
+ RESERVED
+CVE-2019-10224
+ RESERVED
+CVE-2019-10223
+ RESERVED
+CVE-2019-10222
+ RESERVED
+CVE-2019-10221
+ RESERVED
+CVE-2019-10220
+ RESERVED
+CVE-2019-10219
+ RESERVED
+CVE-2019-10218
+ RESERVED
+CVE-2019-10217
+ RESERVED
+CVE-2019-10216
+ RESERVED
+CVE-2019-10215
+ RESERVED
+CVE-2019-10214
+ RESERVED
+CVE-2019-10213
+ RESERVED
+CVE-2019-10212
+ RESERVED
+CVE-2019-10211
+ RESERVED
+CVE-2019-10210
+ RESERVED
+CVE-2019-10209
+ RESERVED
+CVE-2019-10208
+ RESERVED
+CVE-2019-10207
+ RESERVED
+CVE-2019-10206
+ RESERVED
+CVE-2019-10205
+ RESERVED
+CVE-2019-10204
+ RESERVED
+CVE-2019-10203
+ RESERVED
+CVE-2019-10202
+ RESERVED
+CVE-2019-10201
+ RESERVED
+CVE-2019-10200
+ RESERVED
+CVE-2019-10199
+ RESERVED
+CVE-2019-10198
+ RESERVED
+CVE-2019-10197
+ RESERVED
+CVE-2019-10196
+ RESERVED
+CVE-2019-10195
+ RESERVED
+CVE-2019-10194
+ RESERVED
+CVE-2019-10193
+ RESERVED
+CVE-2019-10192
+ RESERVED
+CVE-2019-10191
+ RESERVED
+CVE-2019-10190
+ RESERVED
+CVE-2019-10189
+ RESERVED
+CVE-2019-10188
+ RESERVED
+CVE-2019-10187
+ RESERVED
+CVE-2019-10186
+ RESERVED
+CVE-2019-10185
+ RESERVED
+CVE-2019-10184
+ RESERVED
+CVE-2019-10183
+ RESERVED
+CVE-2019-10182
+ RESERVED
+CVE-2019-10181
+ RESERVED
+CVE-2019-10180
+ RESERVED
+CVE-2019-10179
+ RESERVED
+CVE-2019-10178
+ RESERVED
+CVE-2019-10177
+ RESERVED
+CVE-2019-10176
+ RESERVED
+CVE-2019-10175
+ RESERVED
+CVE-2019-10174
+ RESERVED
+CVE-2019-10173
+ RESERVED
+CVE-2019-10172
+ RESERVED
+CVE-2019-10171
+ RESERVED
+CVE-2019-10170
+ RESERVED
+CVE-2019-10169
+ RESERVED
+CVE-2019-10168
+ RESERVED
+CVE-2019-10167
+ RESERVED
+CVE-2019-10166
+ RESERVED
+CVE-2019-10165
+ RESERVED
+CVE-2019-10164
+ RESERVED
+CVE-2019-10163
+ RESERVED
+CVE-2019-10162
+ RESERVED
+CVE-2019-10161
+ RESERVED
+CVE-2019-10160
+ RESERVED
+CVE-2019-10159
+ RESERVED
+CVE-2019-10158
+ RESERVED
+CVE-2019-10157
+ RESERVED
+CVE-2019-10156
+ RESERVED
+CVE-2019-10155
+ RESERVED
+CVE-2019-10154
+ RESERVED
+CVE-2019-10153
+ RESERVED
+CVE-2019-10152
+ RESERVED
+CVE-2019-10151
+ RESERVED
+CVE-2019-10150
+ RESERVED
+CVE-2019-10149
+ RESERVED
+CVE-2019-10148
+ RESERVED
+CVE-2019-10147
+ RESERVED
+CVE-2019-10146
+ RESERVED
+CVE-2019-10145
+ RESERVED
+CVE-2019-10144
+ RESERVED
+CVE-2019-10143
+ RESERVED
+CVE-2019-10142
+ RESERVED
+CVE-2019-10141
+ RESERVED
+CVE-2019-10140
+ RESERVED
+CVE-2019-10139
+ RESERVED
+CVE-2019-10138
+ RESERVED
+CVE-2019-10137
+ RESERVED
+CVE-2019-10136
+ RESERVED
+CVE-2019-10135
+ RESERVED
+CVE-2019-10134
+ RESERVED
+CVE-2019-10133
+ RESERVED
+CVE-2019-10132
+ RESERVED
+CVE-2019-10131
+ RESERVED
+CVE-2019-10130
+ RESERVED
+CVE-2019-10129
+ RESERVED
+CVE-2019-10128
+ RESERVED
+CVE-2019-10127
+ RESERVED
+CVE-2019-10126
+ RESERVED
+CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php
query s ...)
+ TODO: check
CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux
kernel ...)
- linux <unfixed>
NOTE: https://patchwork.kernel.org/patch/10828359/
@@ -52,8 +282,8 @@ CVE-2019-10101
RESERVED
CVE-2019-10100
RESERVED
-CVE-2019-1000031
- RESERVED
+CVE-2019-1000031 (A disk space or quota exhaustion issue exists in
article2pdf_getfile.p ...)
+ TODO: check
CVE-2018-20815
RESERVED
CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other
products, rich ...)
@@ -341,7 +571,7 @@ CVE-2019-9963 (XnView MP 0.93.1 on Windows allows remote
attackers to cause a de
NOT-FOR-US: XnView
CVE-2019-9962 (XnView MP 0.93.1 on Windows allows remote attackers to cause a
denial ...)
NOT-FOR-US: XnView
-CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view of
Wikind ...)
+CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in
core/m ...)
TODO: check
CVE-2019-9960 (The downloadZip function in
application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
@@ -650,8 +880,8 @@ CVE-2019-1010259
RESERVED
CVE-2019-1010258
RESERVED
-CVE-2019-1010257
- RESERVED
+CVE-2019-1010257 (An Information Disclosure / Data Modification issue exists
in article2 ...)
+ TODO: check
CVE-2019-1010256
RESERVED
CVE-2019-1010255
@@ -1222,14 +1452,14 @@ CVE-2019-9865
RESERVED
CVE-2019-9864
RESERVED
-CVE-2019-9863
- RESERVED
-CVE-2019-9862
- RESERVED
+CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in
the ABUS ...)
+ TODO: check
+CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system
FUAA5000 ...)
+ TODO: check
CVE-2019-9861
RESERVED
-CVE-2019-9860
- RESERVED
+CVE-2019-9860 (Due to unencrypted signal communication and predictability of
rolling ...)
+ TODO: check
CVE-2019-9859
RESERVED
CVE-2019-9858
@@ -9314,8 +9544,8 @@ CVE-2019-6538 (The Conexus telemetry protocol utilized
within Medtronic MyCareLi
TODO: check
CVE-2019-6537 (Multiple stack-based buffer overflow vulnerabilities in WECON
LeviStud ...)
NOT-FOR-US: WECON
-CVE-2019-6536
- RESERVED
+CVE-2019-6536 (Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71
ELS file ...)
+ TODO: check
CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081
and pri ...)
NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs
CVE-2019-6534
@@ -10897,10 +11127,10 @@ CVE-2019-5929
RESERVED
CVE-2019-5928
RESERVED
-CVE-2019-5927
- RESERVED
-CVE-2019-5926
- RESERVED
+CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version
3.2.0 an ...)
+ TODO: check
+CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior
to 6.5 ...)
+ TODO: check
CVE-2019-5925 (Cross-site scripting vulnerability in Dradis Community Edition
Dradis ...)
NOT-FOR-US: Dradis
CVE-2019-5924 (Cross-site request forgery (CSRF) vulnerability in Smart Forms
2.6.15 ...)
@@ -12147,16 +12377,13 @@ CVE-2019-5422
RESERVED
CVE-2019-5421
RESERVED
-CVE-2019-5420 [Possible Remote Code Execution Exploit in Rails Development
Mode]
- RESERVED
+CVE-2019-5420 (A remote code execution vulnerability in development mode Rails
<5. ...)
- rails 2:5.2.2.1+dfsg-1 (bug #924521)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/3
-CVE-2019-5419 [Denial of Service Vulnerability in Action View]
- RESERVED
+CVE-2019-5419 (There is a possible denial of service vulnerability in Action
View (Ra ...)
- rails 2:5.2.2.1+dfsg-1 (bug #924520)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/4
-CVE-2019-5418 [File Content Disclosure in Action View]
- RESERVED
+CVE-2019-5418 (There is a File Content Disclosure vulnerability in Action View
(Rails ...)
- rails 2:5.2.2.1+dfsg-1 (bug #924520)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/5
CVE-2019-5417 (A path traversal vulnerability in serve npm package version
7.0.1 allo ...)
@@ -15284,8 +15511,7 @@ CVE-2019-3878 (A vulnerability was found in
mod_auth_mellon before v0.14.2. If A
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576719
NOTE: https://github.com/Uninett/mod_auth_mellon/pull/196
NOTE:
https://github.com/Uninett/mod_auth_mellon/commit/e09a28a30e13e5c22b481010f26b4a7743a09280
-CVE-2019-3877 [Open redirect vulnerability in logout]
- RESERVED
+CVE-2019-3877 (A vulnerability was found in mod_auth_mellon before v0.14.2. An
open r ...)
{DSA-4414-1}
- libapache2-mod-auth-mellon 0.14.2-1
[jessie] - libapache2-mod-auth-mellon <no-dsa> (Open redirect
protection not present in the first place)
@@ -15389,8 +15615,7 @@ CVE-2019-3849 (A vulnerability was found in moodle
before versions 3.6.3, 3.5.5
- moodle <removed>
CVE-2019-3848 (A vulnerability was found in moodle before versions 3.6.3,
3.5.5 and 3 ...)
- moodle <removed>
-CVE-2019-3847
- RESERVED
+CVE-2019-3847 (A vulnerability was found in moodle before versions 3.6.3,
3.5.5, 3.4. ...)
- moodle <removed>
CVE-2019-3846
RESERVED
@@ -15404,8 +15629,7 @@ CVE-2019-3842
RESERVED
CVE-2019-3841 (Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive,
were re ...)
NOT-FOR-US: KubeVirt
-CVE-2019-3840 [NULL pointer dereference after running qemuAgentCommand in
qemuAgentGetInterfaces function]
- RESERVED
+CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt
before versi ...)
- libvirt 5.0.0-1
[stretch] - libvirt <no-dsa> (Minor issue)
[jessie] - libvirt <not-affected> (vulnerable code was introduced in
1.2.14)
@@ -15448,10 +15672,9 @@ CVE-2019-3831 (A vulnerability was discovered in vdsm,
version 4.19 through 4.30
CVE-2019-3830 (A vulnerability was found in ceilometer before version
12.0.0.0rc1. An ...)
- ceilometer <unfixed> (bug #925298)
NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/
-CVE-2019-3829
- RESERVED
-CVE-2019-3828 [path traversal in the fetch module]
- RESERVED
+CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before
3.6.7. ...)
+ TODO: check
+CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has
a path ...)
{DSA-4396-1}
- ansible 2.7.7+dfsg-1 (bug #922537)
[jessie] - ansible <not-affected> (Vulnerable code not present)
@@ -15490,8 +15713,7 @@ CVE-2019-3822 (libcurl versions from 7.36.0 to before
7.64.0 are vulnerable to a
NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
NOTE: Introduced by:
https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
-CVE-2019-3821 [Resource exhaustion via TCP connection to port serving the SSL
endpoint]
- RESERVED
+CVE-2019-3821 (A flaw was found in the way civetweb frontend was handling
requests fo ...)
- ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1656852
NOTE: https://github.com/ceph/civetweb/pull/33
@@ -15507,8 +15729,7 @@ CVE-2019-3819 (A flaw was found in the Linux kernel in
the function hid_debug_ev
NOTE: Proposed patch:
https://marc.info/?l=linux-input&m=154841031101012&w=2
CVE-2019-3818 (The kube-rbac-proxy container before version 0.4.1 as used in
Red Hat ...)
NOT-FOR-US: kube-rbac-proxy
-CVE-2019-3817
- RESERVED
+CVE-2019-3817 (A use-after-free flaw has been discovered in libcomps before
version 0 ...)
NOT-FOR-US: libcomps
CVE-2019-3816 (Openwsman, versions up to and including 2.6.9, are vulnerable
to arbit ...)
- openwsman <itp> (bug #754501)
@@ -15519,8 +15740,7 @@ CVE-2019-3815 (A memory leak was discovered in the
backport of fixes for CVE-201
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666690
NOTE: For stable it affected DSA-4367-1 and was corrected in DSA-4367-2
NOTE: specifically the backport of the fix for CVE-2018-16864.
-CVE-2019-3814 [Suitable client certificate can be used to login as other user]
- RESERVED
+CVE-2019-3814 (It was discovered that Dovecot before versions 2.2.36.1 and
2.3.4.1 in ...)
{DSA-4385-1 DLA-1667-1}
- dovecot 1:2.3.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2019/02/05/1
@@ -20071,7 +20291,7 @@ CVE-2019-2424
CVE-2019-2423 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of Or ...)
NOT-FOR-US: Oracle
CVE-2019-2422 (Vulnerability in the Java SE component of Oracle Java SE
(subcomponent ...)
- {DSA-4410-1}
+ {DSA-4410-1 DLA-1732-1}
[experimental] - openjdk-7 7u211-2.6.17-1
- openjdk-7 <unfixed>
- openjdk-8 8u202-b26-1
@@ -23297,14 +23517,14 @@ CVE-2018-19646 (The Python CGI scripts in PWS in
Imperva SecureSphere 13.0.10, 1
NOT-FOR-US: Imperva SecureSphere
CVE-2018-19645 (An Authentication Bypass issue exists in Solutions Business
Manager (S ...)
NOT-FOR-US: Solutions Business Manager (SBM)
-CVE-2018-19644
- RESERVED
-CVE-2018-19643
- RESERVED
-CVE-2018-19642
- RESERVED
-CVE-2018-19641
- RESERVED
+CVE-2018-19644 (Reflected cross site script issue in Micro Focus Solutions
Business Ma ...)
+ TODO: check
+CVE-2018-19643 (Information leakage issue in Micro Focus Solutions Business
Manager (S ...)
+ TODO: check
+CVE-2018-19642 (Denial of service issue in Micro Focus Solutions Business
Manager (SBM ...)
+ TODO: check
+CVE-2018-19641 (Unauthenticated remote code execution issue in Micro Focus
Solutions B ...)
+ TODO: check
CVE-2018-19640 (If the attacker manages to create files in the directory used
to colle ...)
NOT-FOR-US: SLES support scripts
CVE-2018-19639 (If supportutils before version 3.1-5.7.1 is run with -v to
perform rpm ...)
@@ -26405,8 +26625,8 @@ CVE-2018-19468 (HuCart 5.7.4 has SQL injection in
get_ip() in system/class/helpe
NOT-FOR-US: HuCart
CVE-2018-19467
RESERVED
-CVE-2018-19466
- RESERVED
+CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0.
Portainer stores ...)
+ TODO: check
CVE-2018-19465
RESERVED
CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because
admincp/admincp_setting. ...)
@@ -27900,8 +28120,8 @@ CVE-2018-19018 (An access of uninitialized pointer
vulnerability in CX-Superviso
NOT-FOR-US: CX-Supervisor
CVE-2018-19017 (Several use after free vulnerabilities have been identified in
CX-Supe ...)
NOT-FOR-US: CX-Supervisor
-CVE-2018-19016
- RESERVED
+CVE-2018-19016 (Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB
(includes ...)
+ TODO: check
CVE-2018-19015 (An attacker could inject commands to launch programs and
create, write ...)
NOT-FOR-US: CX-Supervisor
CVE-2018-19014 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL,
all ver ...)
@@ -27944,8 +28164,8 @@ CVE-2018-18996 (LCDS Laquis SCADA prior to version
4.1.0.4150 allows taking in u
NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18995 (Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and
GATE-E2 all ...)
NOT-FOR-US: ABB GATE-E2
-CVE-2018-18994
- RESERVED
+CVE-2018-18994 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of
bounds ...)
+ TODO: check
CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been
discovered i ...)
NOT-FOR-US: CX-One
CVE-2018-18992 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in
user in ...)
@@ -28405,7 +28625,7 @@ CVE-2018-18800
RESERVED
CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via
event/controller. ...)
NOT-FOR-US: School Attendance Monitoring System
-CVE-2018-18798 (School Attendance Monitoring System 1.0 has SQL Injection via
user/con ...)
+CVE-2018-18798 (Attendance Monitoring System 1.0 has SQL Injection via the
'id' parame ...)
NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via
/user/user/edit.p ...)
NOT-FOR-US: School Attendance Monitoring System
@@ -35262,8 +35482,8 @@ CVE-2018-16209
RESERVED
CVE-2018-16208
RESERVED
-CVE-2018-16207
- RESERVED
+CVE-2018-16207 (PowerAct Pro Master Agent for Windows Version 5.13 and earlier
allows ...)
+ TODO: check
CVE-2018-16206 (Cross-site scripting vulnerability in WordPress plugin
spam-byebye 2.2 ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier
allows ...)
@@ -36949,8 +37169,8 @@ CVE-2018-1000632 (dom4j version prior to version 2.1.1
contains a CWE-91: XML In
CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the
remote s ...)
- curl 7.10.7-1
NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
-CVE-2018-15585
- RESERVED
+CVE-2018-15585 (Cross-Site Scripting (XSS) vulnerability in newwinform.php in
GNUBOARD ...)
+ TODO: check
CVE-2018-15584
RESERVED
CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in
GNUBOARD ...)
@@ -40949,7 +41169,8 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is
possible in the collapse data-
NOTE:
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
(v3.4.0)
CVE-2018-14039
RESERVED
-CVE-2018-14038 (The aout_32_swap_std_reloc_out function in aoutx.h in the
Binary File ...)
+CVE-2018-14038
+ REJECTED
- binutils 2.30-6
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -44602,15 +44823,13 @@ CVE-2018-12553
REJECTED
CVE-2018-12552
REJECTED
-CVE-2018-12551
- RESERVED
+CVE-2018-12551 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is
configured ...)
{DSA-4388-1}
- mosquitto 1.5.6-1 (bug #921976)
[jessie] - mosquitto <postponed> (Minor issue)
NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
NOTE: https://mosquitto.org/files/cve/2018-12551
-CVE-2018-12550
- RESERVED
+CVE-2018-12550 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is
configured ...)
{DSA-4388-1}
- mosquitto 1.5.6-1 (bug #921976)
[jessie] - mosquitto <postponed> (Minor issue)
@@ -44622,8 +44841,7 @@ CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version
0.11.0 builds, the public jd
NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12547 (In Eclipse OpenJ9, prior to the 0.12.0 release, the
jio_snprintf() and ...)
NOT-FOR-US: OpenJDK + Eclipse OpenJ9
-CVE-2018-12546
- RESERVED
+CVE-2018-12546 (In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a
client pu ...)
{DSA-4388-1}
- mosquitto 1.5.6-1 (bug #921976)
[jessie] - mosquitto <ignored> (Minor issue)
@@ -49182,8 +49400,7 @@ CVE-2018-10935 (A flaw was found in the 389 Directory
Server that allows users t
{DLA-1483-1}
- 389-ds-base 1.4.0.15-1 (bug #906985)
NOTE: https://pagure.io/389-ds-base/issue/49890
-CVE-2018-10934
- RESERVED
+CVE-2018-10934 (A cross-site scripting (XSS) vulnerability was found in the
JBoss Mana ...)
- wildfly <itp> (bug #752018)
CVE-2018-10933 (A vulnerability was found in libssh's server-side state
machine before ...)
{DSA-4322-1 DLA-1548-1}
@@ -63648,16 +63865,16 @@ CVE-2018-5929
RESERVED
CVE-2018-5928
RESERVED
-CVE-2018-5927
- RESERVED
-CVE-2018-5926
- RESERVED
+CVE-2018-5927 (HP Support Assistant before 8.7.50.3 allows an unauthorized
person wit ...)
+ TODO: check
+CVE-2018-5926 (A potential vulnerability has been identified in HP Remote
Graphics So ...)
+ TODO: check
CVE-2018-5925 (A security vulnerability has been identified with certain HP
Inkjet pr ...)
NOT-FOR-US: HP Inkjet printers
CVE-2018-5924 (A security vulnerability has been identified with certain HP
Inkjet pr ...)
NOT-FOR-US: HP Inkjet printers
-CVE-2018-5923
- RESERVED
+CVE-2018-5923 (In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet
Managed ...)
+ TODO: check
CVE-2018-5922
RESERVED
CVE-2018-5921 (A potential security vulnerability has been identified with
certain HP ...)
@@ -125273,16 +125490,16 @@ CVE-2017-2754
RESERVED
CVE-2017-2753
RESERVED
-CVE-2017-2752
- RESERVED
+CVE-2017-2752 (A potential security vulnerability caused by incomplete
obfuscation of ...)
+ TODO: check
CVE-2017-2751 (A BIOS password extraction vulnerability has been reported on
certain ...)
NOT-FOR-US: firmware on HP notebooks
CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential
execut ...)
NOT-FOR-US: HP printers
CVE-2017-2749
RESERVED
-CVE-2017-2748
- RESERVED
+CVE-2017-2748 (A potential security vulnerability caused by the use of
insecure (http ...)
+ TODO: check
CVE-2017-2747 (HP has identified a potential security vulnerability before
IG_11_00_0 ...)
NOT-FOR-US: HP printers
CVE-2017-2746 (Potential security vulnerabilities have been identified with HP
JetAdv ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af40f2ad493005a6c7054ec59cc224b848bd867
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af40f2ad493005a6c7054ec59cc224b848bd867
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
