Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8373080c by security tracker role at 2019-05-23T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,30 @@
-CVE-2019-12295 [dissection engine crash]
+CVE-2019-12308
+ RESERVED
+CVE-2019-12307
+ RESERVED
+CVE-2019-12306
+ RESERVED
+CVE-2019-12305
+ RESERVED
+CVE-2019-12304
+ RESERVED
+CVE-2019-12303
+ RESERVED
+CVE-2019-12302
+ RESERVED
+CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and
Ubuntu suffer ...)
+ TODO: check
+CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a
user-submitted au ...)
+ TODO: check
+CVE-2019-12299
+ RESERVED
+CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an
out-of-bounds writ ...)
+ TODO: check
+CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01
and M2 1 ...)
+ TODO: check
+CVE-2019-12296
+ RESERVED
+CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to
2.4.14, the ...)
- wireshark <unfixed> (bug #929446)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
@@ -15,10 +41,10 @@ CVE-2019-12291
RESERVED
CVE-2019-12290
RESERVED
-CVE-2019-12289
- RESERVED
-CVE-2019-12288
- RESERVED
+CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam
100T (C782 ...)
+ TODO: check
+CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T
(C7824WI ...)
+ TODO: check
CVE-2019-12287
RESERVED
CVE-2019-12286
@@ -51,8 +77,8 @@ CVE-2019-12274
RESERVED
CVE-2019-12273
RESERVED
-CVE-2019-12272
- RESERVED
+CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints
admin/status/realtime/band ...)
+ TODO: check
CVE-2019-12271
RESERVED
CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4
configur ...)
@@ -585,8 +611,8 @@ CVE-2019-12044 (A Buffer Overflow exists in Citrix
NetScaler Gateway 10.5.x befo
NOT-FOR-US: Citrix NetScaler Gateway
CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL
filtering, wh ...)
NOT-FOR-US: remarkable
-CVE-2019-12042
- RESERVED
+CVE-2019-12042 (Insecure permissions of the section object
Global\PandaDevicesAgentSha ...)
+ TODO: check
CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular
Expression De ...)
NOT-FOR-US: remarkable
CVE-2019-12040
@@ -932,8 +958,8 @@ CVE-2019-11875
RESERVED
CVE-2019-11874
RESERVED
-CVE-2019-11873
- RESERVED
+CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in
tls13.c when ...)
+ TODO: check
CVE-2019-11872
RESERVED
CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has
XSS for ...)
@@ -1313,7 +1339,7 @@ CVE-2019-11699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1346,7 +1372,7 @@ CVE-2019-11694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
CVE-2019-11693
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1356,7 +1382,7 @@ CVE-2019-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
CVE-2019-11692
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -1366,7 +1392,7 @@ CVE-2019-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
CVE-2019-11691
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -3192,8 +3218,8 @@ CVE-2019-10979
RESERVED
CVE-2019-10978
RESERVED
-CVE-2019-10977
- RESERVED
+CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module
QJ71E71-100 ser ...)
+ TODO: check
CVE-2019-10976
RESERVED
CVE-2019-10975
@@ -3514,8 +3540,8 @@ CVE-2019-10869 (Path Traversal and Unrestricted File
Upload exists in the Ninja
NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker
with clas ...)
NOT-FOR-US: Pimcore
-CVE-2019-10866
- RESERVED
+CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's
possible to ...)
+ TODO: check
CVE-2019-10865
RESERVED
CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS,
allowin ...)
@@ -3538,20 +3564,20 @@ CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an
open redirect can occur via
- jupyter-notebook <not-affected> (Incomplete fix for CVE-2019-10255
not applied)
NOTE:
https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
NOTE:
https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
-CVE-2019-10855
- RESERVED
-CVE-2019-10854
- RESERVED
-CVE-2019-10853
- RESERVED
-CVE-2019-10852
- RESERVED
-CVE-2019-10851
- RESERVED
-CVE-2019-10850
- RESERVED
-CVE-2019-10849
- RESERVED
+CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The
approach is MD5 ...)
+ TODO: check
+CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection.
...)
+ TODO: check
+CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...)
+ TODO: check
+CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL
Injection via th ...)
+ TODO: check
+CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...)
+ TODO: check
+CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...)
+ TODO: check
+CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN)
directory / ...)
+ TODO: check
CVE-2019-10848
RESERVED
CVE-2019-10847
@@ -5655,8 +5681,8 @@ CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror
Gen2, My Cloud EX2 Ultr
NOT-FOR-US: Western Digital
CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2
Ultra, My ...)
NOT-FOR-US: Western Digital
-CVE-2019-9949
- RESERVED
+CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100,
EX4100 ...)
+ TODO: check
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file:
scheme, w ...)
- python2.7 2.7.16-2
NOTE: https://bugs.python.org/issue35907
@@ -6687,7 +6713,7 @@ CVE-2019-9821
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
CVE-2019-9820
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6697,7 +6723,7 @@ CVE-2019-9820
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
CVE-2019-9819
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6715,7 +6741,7 @@ CVE-2019-9818
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
CVE-2019-9817
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6725,7 +6751,7 @@ CVE-2019-9817
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
CVE-2019-9816
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6795,7 +6821,7 @@ CVE-2019-9801 (Firefox will accept any registered Program
ID as an external prot
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
CVE-2019-9800
RESERVED
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
[experimental] - firefox 67.0-1
- firefox <unfixed>
- firefox-esr 60.7.0esr-1
@@ -6810,7 +6836,7 @@ CVE-2019-9798 (On Android systems, Firefox can load a
library from APITRACE_LIB,
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin
policy ...)
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
- firefox 66.0-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -10596,7 +10622,7 @@ CVE-2019-8341 (An issue was discovered in Jinja2 2.10.
The from_string function
NOTE: No real security impact and upstream indicates the CVE is invalid
CVE-2019-8340
RESERVED
-CVE-2019-8339 (An issue was discovered in Sysdig through 0.24.2, as used in
Falco thr ...)
+CVE-2019-8339 (An issue was discovered in Falco through 0.14.0. A missing
indicator f ...)
- sysdig <unfixed>
CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP
Plugin, vers ...)
NOT-FOR-US: Airmail
@@ -13110,7 +13136,7 @@ CVE-2019-7319
CVE-2019-7318
RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free
because ...)
- {DSA-4448-1 DSA-4435-1}
+ {DSA-4448-1 DSA-4435-1 DLA-1800-1}
- libpng1.6 1.6.36-4 (bug #921355)
[experimental] - firefox 67.0-1
- firefox <unfixed>
@@ -13591,94 +13617,91 @@ CVE-2019-7140 (Adobe Acrobat and Reader versions
2019.010.20100 and earlier, 201
NOT-FOR-US: Adobe
CVE-2019-7139 (An unauthenticated user can execute arbitrary code through an
SQL inje ...)
NOT-FOR-US: Magento
-CVE-2019-7138
- RESERVED
-CVE-2019-7137
- RESERVED
-CVE-2019-7136
- RESERVED
-CVE-2019-7135
- RESERVED
-CVE-2019-7134
- RESERVED
-CVE-2019-7133
- RESERVED
-CVE-2019-7132
- RESERVED
+CVE-2019-7138 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read
vulnerabilit ...)
+ TODO: check
+CVE-2019-7137 (Adobe Bridge CC versions 9.0.2 have a memory corruption
vulnerability. ...)
+ TODO: check
+CVE-2019-7136 (Adobe Bridge CC versions 9.0.2 have an use after free
vulnerability. S ...)
+ TODO: check
+CVE-2019-7135 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read
vulnerabilit ...)
+ TODO: check
+CVE-2019-7134 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read
vulnerabilit ...)
+ TODO: check
+CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read
vulnerabilit ...)
+ TODO: check
+CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write
vulnerabili ...)
+ TODO: check
CVE-2019-7131
RESERVED
-CVE-2019-7130
- RESERVED
+CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow
vulnerability. Suc ...)
+ TODO: check
CVE-2019-7129
RESERVED
-CVE-2019-7128
- RESERVED
-CVE-2019-7127
- RESERVED
+CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
CVE-2019-7126
RESERVED
-CVE-2019-7125
- RESERVED
+CVE-2019-7125 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7124
- RESERVED
-CVE-2019-7123
- RESERVED
-CVE-2019-7122
- RESERVED
-CVE-2019-7121
- RESERVED
-CVE-2019-7120
- RESERVED
-CVE-2019-7119
- RESERVED
-CVE-2019-7118
- RESERVED
-CVE-2019-7117
- RESERVED
-CVE-2019-7116
- RESERVED
-CVE-2019-7115
- RESERVED
-CVE-2019-7114
- RESERVED
-CVE-2019-7113
- RESERVED
-CVE-2019-7112
- RESERVED
-CVE-2019-7111
- RESERVED
-CVE-2019-7110
- RESERVED
-CVE-2019-7109
- RESERVED
-CVE-2019-7108
- RESERVED
+CVE-2019-7124 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7123 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7122 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7121 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7120 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7119 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7118 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7117 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7116 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7115 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7114 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7113 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7112 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7111 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7110 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7109 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
+CVE-2019-7108 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156
and ear ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2019-7107
- RESERVED
-CVE-2019-7106
- RESERVED
-CVE-2019-7105
- RESERVED
-CVE-2019-7104
- RESERVED
-CVE-2019-7103
- RESERVED
-CVE-2019-7102
- RESERVED
-CVE-2019-7101
- RESERVED
-CVE-2019-7100
- RESERVED
-CVE-2019-7099
- RESERVED
-CVE-2019-7098
- RESERVED
-CVE-2019-7097
- RESERVED
-CVE-2019-7096
- RESERVED
+CVE-2019-7107 (Adobe InDesign versions 14.0.1 and below have an unsafe
hyperlink proc ...)
+ TODO: check
+CVE-2019-7106 (Adobe XD versions 16.0 and earlier have a path traversal
vulnerability ...)
+ TODO: check
+CVE-2019-7105 (Adobe XD versions 16.0 and earlier have a path traversal
vulnerability ...)
+ TODO: check
+CVE-2019-7104 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a
memory c ...)
+ TODO: check
+CVE-2019-7103 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a
memory c ...)
+ TODO: check
+CVE-2019-7102 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a
memory c ...)
+ TODO: check
+CVE-2019-7101 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a
memory c ...)
+ TODO: check
+CVE-2019-7100 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a
memory c ...)
+ TODO: check
+CVE-2019-7099 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a
memory c ...)
+ TODO: check
+CVE-2019-7098 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a
memory c ...)
+ TODO: check
+CVE-2019-7097 (Adobe Dreamweaver versions 19.0 and earlier have an insecure
protocol ...)
+ TODO: check
+CVE-2019-7096 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156
and ear ...)
NOT-FOR-US: Adobe Flash Player
CVE-2019-7095
RESERVED
@@ -13695,8 +13718,8 @@ CVE-2019-7090
NOT-FOR-US: Adobe
CVE-2019-7089
RESERVED
-CVE-2019-7088
- RESERVED
+CVE-2019-7088 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
CVE-2019-7087
RESERVED
CVE-2019-7086
@@ -13749,8 +13772,8 @@ CVE-2019-7063
RESERVED
CVE-2019-7062
RESERVED
-CVE-2019-7061
- RESERVED
+CVE-2019-7061 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
+ TODO: check
CVE-2019-7060
RESERVED
CVE-2019-7059
@@ -16835,7 +16858,7 @@ CVE-2019-5799
- chromium 73.0.3683.75-1
CVE-2019-5798
RESERVED
- {DSA-4448-1 DSA-4421-1}
+ {DSA-4448-1 DSA-4421-1 DLA-1800-1}
- chromium 73.0.3683.75-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -20588,8 +20611,8 @@ CVE-2019-4080 (IBM WebSphere Application Server Admin
Console 7.5, 8.0, 8.5, and
NOT-FOR-US: IBM
CVE-2019-4079
RESERVED
-CVE-2019-4078
- RESERVED
+CVE-2019-4078 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through
9.1.1 cou ...)
+ TODO: check
CVE-2019-4077 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
NOT-FOR-US: IBM
CVE-2019-4076 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
@@ -20666,8 +20689,8 @@ CVE-2019-4041
RESERVED
CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This
vulnerab ...)
NOT-FOR-US: IBM
-CVE-2019-4039
- RESERVED
+CVE-2019-4039 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through
9.1.1 cou ...)
+ TODO: check
CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an
attacker to c ...)
NOT-FOR-US: IBM
CVE-2019-4037
@@ -32993,8 +33016,7 @@ CVE-2019-0203
RESERVED
CVE-2019-0202
RESERVED
-CVE-2019-0201 [Information disclosure vulnerability]
- RESERVED
+CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and
3.5.0-alph ...)
- zookeeper <unfixed> (bug #929283)
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392
NOTE: Patch (3.4 branch):
https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1
@@ -35149,7 +35171,7 @@ CVE-2018-18512 (A use-after-free vulnerability can
occur while playing a sound n
- thunderbird 1:60.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
CVE-2018-18511 (Cross-origin images can be read from a canvas element in
violation of ...)
- {DSA-4448-1}
+ {DSA-4448-1 DLA-1800-1}
- firefox 65.0.1-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
@@ -42730,8 +42752,8 @@ CVE-2018-15666
RESERVED
CVE-2018-15665
RESERVED
-CVE-2018-15664
- RESERVED
+CVE-2018-15664 (In Docker through 18.06.1-ce-rc2, the API endpoints behind the
'docker ...)
+ TODO: check
CVE-2018-15663
RESERVED
CVE-2018-15662
@@ -85446,10 +85468,10 @@ CVE-2017-17063
RESERVED
CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before
7.6.3-rev35, ...)
NOT-FOR-US: Open-Xchange
-CVE-2017-17061
- RESERVED
-CVE-2017-17060
- RESERVED
+CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: Cross ...)
+ TODO: check
+CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: Insecu ...)
+ TODO: check
CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka
amtyThumb post ...)
NOT-FOR-US: WordPress plugin wp-thumb-post
CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts
to differe ...)
@@ -91417,8 +91439,8 @@ CVE-2017-15654 (Highly predictable session tokens in
the HTTPd server in all cur
NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15653 (Improper administrator IP validation after his login in the
HTTPd serv ...)
NOT-FOR-US: HTTPd server in Asus asuswrt
-CVE-2017-15652
- RESERVED
+CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information.
The impac ...)
+ TODO: check
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated
administ ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6
allows local ...)
@@ -93384,10 +93406,10 @@ CVE-2017-15032 (ImageMagick version 7.0.7-2 contains
a memory leak in ReadYCBCRI
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including
v1.4, not ...)
NOT-FOR-US: ARM Trusted Firmware
-CVE-2017-15030
- RESERVED
-CVE-2017-15029
- RESERVED
+CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected
by: Cross ...)
+ TODO: check
+CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected
by: SSRF. ...)
+ TODO: check
CVE-2017-15028
RESERVED
CVE-2017-15027
@@ -97599,10 +97621,10 @@ CVE-2017-13670 (In BlackCat CMS 1.2, remote
authenticated users can upload any f
NOT-FOR-US: BlackCat CMS
CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the
setanswere ...)
NOT-FOR-US: NexusPHP
-CVE-2017-13668
- RESERVED
-CVE-2017-13667
- RESERVED
+CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: Cross ...)
+ TODO: check
+CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: SSRF. ...)
+ TODO: check
CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the
x86 asse ...)
- x265 <not-affected> (Affected code is not enabled)
CVE-2017-13665
@@ -103208,12 +103230,12 @@ CVE-2017-11742 (The writeRandomBytes_RtlGenRandom
function in xmlparse.c in libe
- expat <not-affected> (Windows specfic issue)
CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) bef ...)
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
-CVE-2017-11740
- RESERVED
-CVE-2017-11739
- RESERVED
-CVE-2017-11738
- RESERVED
+CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the
adminis ...)
+ TODO: check
+CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an
authenti ...)
+ TODO: check
+CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the
'haid' ...)
+ TODO: check
CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3
allows XSS ...)
- rspamd 1.7.6-1
[jessie] - rspamd <not-affected> (Vulnerable code not present)
@@ -103892,16 +103914,16 @@ CVE-2017-11563 (D-Link EyeOn Baby Monitor
(DCS-825L) 1.08.1 has a remote code ex
NOT-FOR-US: D-Link
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks
SenhaSegur ...)
NOT-FOR-US: MT4 SenhaSegura
-CVE-2017-11561
- RESERVED
-CVE-2017-11560
- RESERVED
-CVE-2017-11559
- RESERVED
+CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2.
An authen ...)
+ TODO: check
+CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2.
By adding ...)
+ TODO: check
+CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2.
The 'apiK ...)
+ TODO: check
CVE-2017-11558
RESERVED
-CVE-2017-11557
- RESERVED
+CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications
Manager 12.3 ...)
+ TODO: check
CVE-2017-11556 (There is a stack consumption vulnerability in the
Parser::advanceToNex ...)
- libsass <unfixed> (bug #870182)
[stretch] - libsass <no-dsa> (Minor issue)
@@ -104500,8 +104522,7 @@ CVE-2017-11367 (The shoco_decompress function in the
API in shoco through 2017-0
NOT-FOR-US: shoco
CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before
2.8.4 is ...)
NOT-FOR-US: Codiad
-CVE-2017-11365 [Empty passwords validation issue]
- RESERVED
+CVE-2017-11365 (Certain Symfony products are affected by: Incorrect Access
Control. Th ...)
- symfony <not-affected> (introduced in versions that were never
packaged in Debian)
NOTE:
https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a
user's own ...)
@@ -124134,14 +124155,14 @@ CVE-2017-5215 (The Codextrous B2J Contact (aka
b2j_contact) extension before 2.1
NOT-FOR-US: Joomla extension
CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before
2.1.13 f ...)
NOT-FOR-US: Joomla extension
-CVE-2017-5213
- RESERVED
-CVE-2017-5212
- RESERVED
-CVE-2017-5211
- RESERVED
-CVE-2017-5210
- RESERVED
+CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Cross ...)
+ TODO: check
+CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect
Access ...)
+ TODO: check
+CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Conte ...)
+ TODO: check
+CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Infor ...)
+ TODO: check
CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice
libplist thr ...)
{DLA-811-1}
- libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196)
@@ -128022,8 +128043,8 @@ CVE-2016-9971
RESERVED
CVE-2016-9970
RESERVED
-CVE-2016-9969
- RESERVED
+CVE-2016-9969 (In libwebp 0.5.1, there is a double free bug in libwebpmux. ...)
+ TODO: check
CVE-2016-9968
RESERVED
CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the
Teleco ...)
@@ -139650,16 +139671,16 @@ CVE-2016-8903 (SQL injection vulnerability in the
"Site Browser > Templates p
NOT-FOR-US: dotCMS
CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in
dotCMS ...)
NOT-FOR-US: dotCMS
-CVE-2016-8901
- RESERVED
+CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability
in /ht ...)
+ TODO: check
CVE-2016-8900
RESERVED
-CVE-2016-8899
- RESERVED
+CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection
vulnerabili ...)
+ TODO: check
CVE-2016-8898
RESERVED
-CVE-2016-8897
- RESERVED
+CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection
vulnerability ...)
+ TODO: check
CVE-2016-8896
RESERVED
CVE-2016-8895
@@ -145013,8 +145034,7 @@ CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x
before 11.23.1 and 13.x 13
{DSA-3700-1 DLA-781-1}
- asterisk 1:13.11.2~dfsg-1 (bug #838832)
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
-CVE-2016-7550 [AST-2016-006]
- RESERVED
+CVE-2016-7550 (asterisk 13.10.0 is affected by: denial of service issues in
asterisk. ...)
- asterisk 1:13.11.2~dfsg-1 (bug #838833)
[jessie] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
[wheezy] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8373080c513b590a7bc3deefa9caf1ea486b250d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8373080c513b590a7bc3deefa9caf1ea486b250d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
