[Git][security-tracker-team/security-tracker][master] imagemagick n/a

Moritz Muehlenhoff Thu, 14 Nov 2019 03:41:38 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1adf6b6f by Moritz Muehlenhoff at 2019-11-14T11:40:16Z
imagemagick n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -225,9 +225,8 @@ CVE-2019-18855 (A Denial Of Service vulnerability exists in 
the safe-svg (aka Sa
 CVE-2019-18854 (A Denial Of Service vulnerability exists in the safe-svg (aka 
Safe SVG ...)
        NOT-FOR-US: safe-svg (aka Safe SVG) plugin for WordPress
 CVE-2019-18853 (ImageMagick before 7.0.9-0 allows remote attackers to cause a 
denial o ...)
-       - imagemagick <undetermined>
+       - imagemagick <not-affected> (Only affects Imagemagick 7.x)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/ec9c8944af2bfc65c697ca44f93a727a99b405f1
-       TODO: check if affects as well ImageMagick6
 CVE-2019-18852 (Certain D-Link devices have a hardcoded Alphanetworks user 
account wit ...)
        NOT-FOR-US: D-Link
 CVE-2019-18851
@@ -8372,7 +8371,7 @@ CVE-2019-16865 (An issue was discovered in Pillow before 
6.2.0. When reading spe
 CVE-2019-16864
        RESERVED
 CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 
allow a ...)
-       TODO: check
+       NOT-FOR-US: STMicroelectronics
 CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 
5.x befor ...)
        NOT-FOR-US: OpenEMR
 CVE-2019-16861
@@ -19294,7 +19293,7 @@ CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 
3.02.1757 and prior, there
 CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based 
buffer ove ...)
        NOT-FOR-US: WebAccess
 CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: 
serial n ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2019-13554
        RESERVED
 CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon 
Carel pCOWeb ...)
@@ -43125,7 +43124,7 @@ CVE-2019-5031 (An exploitable memory corruption 
vulnerability exists in the Java
 CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint 
document conv ...)
        NOT-FOR-US: Rainbow PDF Office Server Document Converter
 CVE-2019-5029 (An exploitable command injection vulnerability exists in the 
Config ed ...)
-       TODO: check
+       NOT-FOR-US: Exhibitor Web UI
 CVE-2019-5028
        REJECTED
 CVE-2019-5027
@@ -46195,13 +46194,13 @@ CVE-2019-3665
 CVE-2019-3664
        RESERVED
 CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee 
Advanced Th ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3662 (Path Traversal: '/absolute/pathname/here' vulnerability in 
McAfee Adva ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3661 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3660 (Improper Neutralization of HTTP requests in McAfee Advanced 
Threat Def ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3659
        RESERVED
 CVE-2019-3658
@@ -46219,11 +46218,11 @@ CVE-2019-3653 (Improper access control vulnerability 
in Configuration tool in Mc
 CVE-2019-3652 (Code Injection vulnerability in EPSetup.exe in McAfee Endpoint 
Securit ...)
        NOT-FOR-US: McAfee Endpoint Security (ENS)
 CVE-2019-3651 (Information Disclosure vulnerability in McAfee Advanced Threat 
Defense ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3650 (Information Disclosure vulnerability in McAfee Advanced Threat 
Defense ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3649 (Information Disclosure vulnerability in McAfee Advanced Threat 
Defense ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows 
client i ...)
        NOT-FOR-US: McAfee Total Protection
 CVE-2019-3647
@@ -46241,7 +46240,7 @@ CVE-2019-3642
 CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE 
server in  ...)
        NOT-FOR-US: McAfee
 CVE-2019-3640 (Unprotected Transport of Credentials in ePO extension in McAfee 
Data L ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee 
Web Gate ...)
        NOT-FOR-US: McAfee
 CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators 
web con ...)
@@ -46814,7 +46813,7 @@ CVE-2019-3422 (Security researcher Shen Ying from the 
Sec Consult Security Lab r
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE 
produc ...)
        NOT-FOR-US: ZTE
 CVE-2019-3420 (The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are 
impacted by ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2019-3419 (A security vulnerability exists in a management port in the 
version of ...)
        NOT-FOR-US: ZTE
 CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are 
impacted  ...)
@@ -254275,7 +254274,7 @@ CVE-2013-3518
 CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U 
and WNR35 ...)
        NOT-FOR-US: NETGEAR
 CVE-2013-3516 (NETGEAR WNR3500U and WNR3500L routers uses form tokens abased 
solely o ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX 
Source 2. ...)
        NOT-FOR-US: OpenX
 CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 
2.8.10 re ...)
@@ -254588,9 +254587,9 @@ CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x 
before 3.8.17 and 4.0.x befo
        - request-tracker3.8 <removed>
        - request-tracker4 4.0.12-2 (bug #709836)
 CVE-2013-3367 (Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR 
when a ...)
-       TODO: check
+       NOT-FOR-US: TRENDnet
 CVE-2013-3366 (Undocumented TELNET service in TRENDnet TEW-812DRU when a web 
page nam ...)
-       TODO: check
+       NOT-FOR-US: TRENDnet
 CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to 
execut ...)
        NOT-FOR-US: TRENDnet TEW-812DRU router
 CVE-2013-3364
@@ -255187,7 +255186,7 @@ CVE-2013-3099
 CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
TRENDnet ...)
        NOT-FOR-US: TRENDnet TEW-812DRU router
 CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the 
Verizon FI ...)
-       TODO: check
+       NOT-FOR-US: Verizon
 CVE-2013-3096
        RESERVED
 CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
D-Link D ...)
@@ -267475,7 +267474,7 @@ CVE-2012-5195 (Heap-based buffer overflow in the 
Perl_repeatcpy function in util
 CVE-2012-5194
        RESERVED
 CVE-2012-5193 (Multiple cross-site scripting (XSS) vulnerabilities in 
Bitweaver 2.8.1 ...)
-       TODO: check
+       NOT-FOR-US: Bitweaver
 CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in 
Bitweave ...)
        NOT-FOR-US: Bitweaver
 CVE-2012-5191



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1adf6b6fa8819642bb3ad736f73f1c0dca757476

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1adf6b6fa8819642bb3ad736f73f1c0dca757476
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] imagemagick n/a

Reply via email to