Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70155b7f by security tracker role at 2019-04-03T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-10722
+ RESERVED
+CVE-2019-10721
+ RESERVED
+CVE-2019-10720
+ RESERVED
+CVE-2019-10719
+ RESERVED
+CVE-2019-10718
+ RESERVED
+CVE-2019-10717
+ RESERVED
+CVE-2019-10716
+ RESERVED
+CVE-2019-10715
+ RESERVED
+CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before
7.0.8-32 ...)
+ TODO: check
+CVE-2019-10713
+ RESERVED
+CVE-2019-10712
+ RESERVED
+CVE-2019-10711
+ RESERVED
+CVE-2019-10710
+ RESERVED
+CVE-2019-10709
+ RESERVED
CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the
4/js/scms.php?action=unlike i ...)
NOT-FOR-US: S-CMS PHP
CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter.
...)
@@ -68,8 +96,8 @@ CVE-2019-10675
REJECTED
CVE-2019-10674
RESERVED
-CVE-2019-10673
- RESERVED
+CVE-2019-10673 (A CSRF vulnerability in a logged-in user's profile edit form
in the Ul ...)
+ TODO: check
CVE-2019-10671
RESERVED
CVE-2019-10670
@@ -10627,8 +10655,8 @@ CVE-2019-6533 (Registers used to store Modbus values
can be read and written fro
NOT-FOR-US: PR100088 Modbus
CVE-2019-6532
RESERVED
-CVE-2019-6531
- RESERVED
+CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request
from the ...)
+ TODO: check
CVE-2019-6530
RESERVED
CVE-2019-6529
@@ -10678,8 +10706,8 @@ CVE-2019-6508 (An issue was discovered in
creditease-sec insight through 2018-09
NOT-FOR-US: creditease-sec
CVE-2019-6507 (An issue was discovered in creditease-sec insight through
2018-09-11. ...)
NOT-FOR-US: creditease-sec
-CVE-2019-6506
- RESERVED
+CVE-2019-6506 (SalesAgility SuiteCRM 7.11.0 allows SQL Injection. ...)
+ TODO: check
CVE-2019-6505
RESERVED
CVE-2019-6504 (Insufficient output sanitization in the Automic Web Interface
(AWI), i ...)
@@ -11734,7 +11762,7 @@ CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the
function fz_load_page of t
[jessie] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
NOTE:
http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed
-CVE-2019-6129 (png_create_info_struct in png.c in libpng 1.6.36 has a memory
leak, as ...)
+CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36
has a ...)
- libpng1.6 <unfixed> (unimportant)
- libpng <removed> (unimportant)
NOTE: https://github.com/glennrp/libpng/issues/269
@@ -31961,8 +31989,8 @@ CVE-2018-18037
RESERVED
CVE-2018-18036
RESERVED
-CVE-2018-18035
- RESERVED
+CVE-2018-18035 (A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1
Patch 6 cou ...)
+ TODO: check
CVE-2018-18034
RESERVED
CVE-2018-18033
@@ -116353,12 +116381,12 @@ CVE-2017-6051 (An Uncontrolled Search Path Element
issue was discovered in BLF-T
NOT-FOR-US: BLF-Tech LLC VisualView HMI
CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor
Versions 5.2. ...)
NOT-FOR-US: Ecava IntegraXor
-CVE-2017-6049
- RESERVED
+CVE-2017-6049 (Detcon Sitewatch Gateway, all versions without cellular, an
attacker c ...)
+ TODO: check
CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet
Data L ...)
NOT-FOR-US: Satel Iberia SenNet Data Logger and Electricity Meters
-CVE-2017-6047
- RESERVED
+CVE-2017-6047 (Detcon Sitewatch Gateway, all versions without cellular,
Passwords are ...)
+ TODO: check
CVE-2017-6046 (An Insufficiently Protected Credentials issue was discovered in
Sierra ...)
NOT-FOR-US: Sierra Wireless AirLink Raven
CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral
VTScada Vers ...)
@@ -126818,14 +126846,14 @@ CVE-2017-2681 (A vulnerability has been identified
in SIMATIC CP 343-1 Std (All
NOT-FOR-US: Siemens
CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions),
SIMATIC CP ...)
NOT-FOR-US: Siemens
-CVE-2017-2679
- RESERVED
-CVE-2017-2678
- RESERVED
-CVE-2017-2677
- RESERVED
-CVE-2017-2676
- RESERVED
+CVE-2017-2679 (Reason: The CNA or individual who requested this candidate did
not ass ...)
+ TODO: check
+CVE-2017-2678 (Reason: The CNA or individual who requested this candidate did
not ass ...)
+ TODO: check
+CVE-2017-2677 (Reason: The CNA or individual who requested this candidate did
not ass ...)
+ TODO: check
+CVE-2017-2676 (Reason: The CNA or individual who requested this candidate did
not ass ...)
+ TODO: check
CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local
privilege ...)
NOT-FOR-US: Little Snitch
CVE-2017-2674 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a
stored X ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70155b7f4c2603ba7aee307ce2cb4524eae31abd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70155b7f4c2603ba7aee307ce2cb4524eae31abd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
