Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cffd0b8d by security tracker role at 2019-02-18T08:10:18Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,61 @@ +CVE-2019-8441 + RESERVED +CVE-2019-8440 + RESERVED +CVE-2019-8439 + RESERVED +CVE-2019-8438 + RESERVED +CVE-2019-8437 + RESERVED +CVE-2019-8436 (imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] ...) + TODO: check +CVE-2019-8435 (admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. ...) + TODO: check +CVE-2019-8434 (In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. ...) + TODO: check +CVE-2019-8433 (JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the ...) + TODO: check +CVE-2019-8432 (In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. ...) + TODO: check +CVE-2019-8431 + RESERVED +CVE-2019-8430 + RESERVED +CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php ...) + TODO: check +CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the ...) + TODO: check +CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before 1.32.3 ...) + TODO: check +CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...) + TODO: check +CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in the ...) + TODO: check +CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort ...) + TODO: check +CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the ...) + TODO: check +CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the ...) + TODO: check +CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS through ...) + TODO: check +CVE-2019-8420 + RESERVED +CVE-2019-8419 (VNote 2.2 has XSS via a new text note. ...) + TODO: check +CVE-2019-8418 (SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. ...) + TODO: check +CVE-2019-8417 + RESERVED +CVE-2019-8416 + RESERVED +CVE-2019-8415 + RESERVED +CVE-2019-8414 + RESERVED +CVE-2013-7469 + RESERVED CVE-2019-8413 (On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer ...) NOT-FOR-US: Xiaomi CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or ...) @@ -1577,6 +1635,7 @@ CVE-2019-7664 (In elfutils 0.175, a negative-sized memcpy is attempted in elf_cv NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24084 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32 CVE-2019-7663 (An Invalid Address dereference was discovered in ...) + {DLA-1680-1} - tiff 4.0.10-4 [stretch] - tiff <postponed> (Minor issue) - tiff3 <removed> @@ -1617,8 +1676,8 @@ CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 h - rdflib 4.2.2-2 (bug #921751) NOTE: Debian specific issue as respective scripts are overwritten in Debian NOTE: packaging as wrappers invoking python -m. -CVE-2019-7649 - RESERVED +CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies ...) + TODO: check CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in Hotels_Server ...) NOT-FOR-US: Hotels_Server CVE-2019-7647 @@ -2258,7 +2317,7 @@ CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack a CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...) - imagemagick <unfixed> (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453 -CVE-2019-7397 (In ImageMagick before 7.0.8-25, several memory leaks exist in ...) +CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, ...) - imagemagick <unfixed> (unimportant) - graphicsmagick 1.4~hg15896-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82 @@ -22185,6 +22244,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...) CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function ...) NOTE: Duplicate of CVE-2018-10754 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the ...) + {DLA-1680-1} - tiff 4.0.10-4 (bug #913675) [stretch] - tiff <postponed> (Minor issue, revisit when fixed upstream) - tiff3 <removed> @@ -27841,6 +27901,7 @@ CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS ...) CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS ...) NOT-FOR-US: RICOH CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...) + {DLA-1680-1} - tiff 4.0.10-4 (bug #908778) [stretch] - tiff <postponed> (Minor issue) - tiff3 <removed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd0b8d08b4e91d0edea4e043fa21d24b9886ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd0b8d08b4e91d0edea4e043fa21d24b9886ce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits