Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27048f6f by security tracker role at 2019-04-16T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -484,6 +484,7 @@ CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc
in Poppler 0.75.0 has
- poppler <unfixed> (bug #926721)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no
escaping o ...)
+ {DLA-1757-1}
- cacti 1.2.2+ds1-2 (low; bug #926700)
[stretch] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/2581
@@ -3878,8 +3879,8 @@ CVE-2019-9857 (In the Linux kernel through 5.0.2, the
function inotify_update_ex
NOTE:
https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
CVE-2019-9846 (RockOA 1.8.7 allows remote attackers to obtain sensitive
information b ...)
NOT-FOR-US: RockOA
-CVE-2019-9845
- RESERVED
+CVE-2019-9845 (madskristensen Miniblog.Core through 2019-01-16 allows remote
attacker ...)
+ TODO: check
CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4
allows ...)
NOT-FOR-US: Khan Academy simple-markdown
CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin)
and befo ...)
@@ -18242,6 +18243,7 @@ CVE-2019-3840 (A NULL pointer dereference flaw was
discovered in libvirt before
CVE-2019-3839
RESERVED
CVE-2019-3838 (It was found that the forceput operator could be extracted from
the De ...)
+ {DSA-4432-1}
[experimental] - ghostscript 9.27~~dc1~dfsg-1
- ghostscript 9.27~dfsg-1 (bug #925257)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -18261,6 +18263,7 @@ CVE-2019-3836 (It was discovered in gnutls before
version 3.6.7 upstream that th
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
NOTE: Upstream versions affected are 3.6.3 and later before 3.6.7
CVE-2019-3835 (It was found that the superexec operator was available in the
internal ...)
+ {DSA-4432-1}
[experimental] - ghostscript 9.27~~dc1~dfsg-1
- ghostscript 9.27~dfsg-1 (bug #925256)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -24403,8 +24406,8 @@ CVE-2018-19973
RESERVED
CVE-2018-19972
RESERVED
-CVE-2018-19971
- RESERVED
+CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...)
+ TODO: check
CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in
the navi ...)
{DLA-1658-1}
- phpmyadmin <unfixed>
@@ -32192,8 +32195,8 @@ CVE-2018-18491
RESERVED
CVE-2018-18490
RESERVED
-CVE-2018-18489
- RESERVED
+CVE-2018-18489 (The ping feature in the Diagnostic functionality on TP-LINK
WR840N v2 ...)
+ TODO: check
CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL
Injectio ...)
NOT-FOR-US: Gxlcms
CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the
database ...)
@@ -47115,7 +47118,7 @@ CVE-2018-12655 (Reflected Cross-Site Scripting (XSS)
exists in the Circulation m
NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the
Bibliography module ...)
NOT-FOR-US: SLiMS 8 Akasia
-CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
+CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) vulnerability exists in
Adrenal ...)
NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12652 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
NOT-FOR-US: Adrenalin HRMS Software
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/27048f6fe5b09e5de296437cd8751e7f5cc4e483
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/27048f6fe5b09e5de296437cd8751e7f5cc4e483
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
