Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8b99f56 by Moritz Muehlenhoff at 2019-10-14T08:17:49Z
NFUs
new potential zabbix issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a
heap-based buffer overflow in
CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c
allows a NUL ...)
TODO: check
CVE-2019-17538 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal
for fil ...)
- TODO: check
+ NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17537 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal
for fil ...)
- TODO: check
+ NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17536 (Gila CMS through 1.11.4 allows Unrestricted Upload of a File
with a Da ...)
- TODO: check
+ NOT-FOR-US: Gila CMS
CVE-2019-17535 (Gila CMS through 1.11.4 allows blog-list.php XSS, in both the
gila-blo ...)
- TODO: check
+ NOT-FOR-US: Gila CMS
CVE-2019-17534 (vips_foreign_load_gif_scan_image in foreign/gifload.c in
libvips befor ...)
- vips <unfixed> (bug #942254)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796
@@ -101,9 +101,9 @@ CVE-2019-17504 (An issue was discovered in Kirona Dynamic
Resource Scheduling (D
CVE-2019-17503 (An issue was discovered in Kirona Dynamic Resource Scheduling
(DRS) 5. ...)
NOT-FOR-US: Kirona Dynamic Resource Scheduling (DRS)
CVE-2019-17502 (Hydra through 0.1.8 has a NULL pointer dereference and daemon
crash wh ...)
- TODO: check
+ NOT-FOR-US: Hydra (different from src:hydra)
CVE-2019-17501 (Centreon 19.04 allows attackers to execute arbitrary OS
commands via t ...)
- TODO: check
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2019-17500
RESERVED
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on
Compal CH7 ...)
@@ -157,7 +157,7 @@ CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0
has an NTLM SSO hash
CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This
field is ...)
NOT-FOR-US: Craft CMS
CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in
Swagger UI b ...)
- TODO: check
+ NOT-FOR-US: Swagger UI
CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
NOT-FOR-US: laravel-bjyblog
CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the
Problem[sample_ ...)
@@ -448,7 +448,7 @@ CVE-2019-17384 (The animate-it plugin before 2.3.4 for
WordPress has XSS. ...)
CVE-2019-17383 (The netaddr gem before 2.0.4 for Ruby has misconfigured file
permissio ...)
- ruby-netaddr <not-affected> (Upstream packaging issue)
CVE-2019-17382 (An issue was discovered in
zabbix.php?action=dashboard.view&dashbo ...)
- TODO: check
+ - zabbix <undetermined>
CVE-2019-17381
RESERVED
CVE-2019-17380 (cPanel before 82.0.15 allows self XSS in the WHM Update
Preferences in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8b99f562ebdfcea7f34dbcbc43277f645498c27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8b99f562ebdfcea7f34dbcbc43277f645498c27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
