Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 59306100 by security tracker role at 2019-05-09T08:10:17Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,15 @@ +CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to multiline ...) + TODO: check +CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a ...) + TODO: check +CVE-2019-11833 + RESERVED +CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...) + TODO: check +CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...) + TODO: check +CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrap ...) + TODO: check CVE-2019-XXXX [Insecure deserialization on bundled third-party library "Phar Stream Wrapper" (SA-CORE-2019-007)] - drupal7 <removed> (bug #928688) NOTE: https://www.drupal.org/SA-CORE-2019-007 @@ -19,8 +31,8 @@ CVE-2019-11822 RESERVED CVE-2019-11821 RESERVED -CVE-2019-11820 - RESERVED +CVE-2019-11820 (Information exposure through process environment vulnerability in Syno ...) + TODO: check CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro ...) NOT-FOR-US: Alkacon OpenCMS CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross site sc ...) @@ -11404,8 +11416,8 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbit [jessie] - kde4libs <no-dsa> (Minor issue) NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a -CVE-2019-7442 - RESERVED +CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...) + TODO: check CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...) NOT-FOR-US: WooCommerce CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Ke ...) @@ -42161,7 +42173,7 @@ CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, NOT-FOR-US: F5 BIG-IP CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If ...) NOT-FOR-US: F5 BIG-IP -CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11 ...) +CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2. ...) NOT-FOR-US: F5 BIG-IP CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge ...) NOT-FOR-US: F5 BIG-IP View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/593061002b7acde5f32faff445c4a9751b40a4c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/593061002b7acde5f32faff445c4a9751b40a4c8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits