Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cffd0b8d by security tracker role at 2019-02-18T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2019-8441
+ RESERVED
+CVE-2019-8440
+ RESERVED
+CVE-2019-8439
+ RESERVED
+CVE-2019-8438
+ RESERVED
+CVE-2019-8437
+ RESERVED
+CVE-2019-8436 (imcat 4.5 has Stored XSS via the root/run/adm.php
fm[instop][note] ...)
+ TODO: check
+CVE-2019-8435 (admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host
header. ...)
+ TODO: check
+CVE-2019-8434 (In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay
parameter. ...)
+ TODO: check
+CVE-2019-8433 (JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the ...)
+ TODO: check
+CVE-2019-8432 (In CmsEasy 7.0, there is XSS via the ckplayer.php url
parameter. ...)
+ TODO: check
+CVE-2019-8431
+ RESERVED
+CVE-2019-8430
+ RESERVED
+CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the
ajax/status.php ...)
+ TODO: check
+CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the ...)
+ TODO: check
+CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before
1.32.3 ...)
+ TODO: check
+CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3
has XSS ...)
+ TODO: check
+CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in
the ...)
+ TODO: check
+CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the
ajax/status.php sort ...)
+ TODO: check
+CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the ...)
+ TODO: check
+CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the
...)
+ TODO: check
+CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS
through ...)
+ TODO: check
+CVE-2019-8420
+ RESERVED
+CVE-2019-8419 (VNote 2.2 has XSS via a new text note. ...)
+ TODO: check
+CVE-2019-8418 (SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. ...)
+ TODO: check
+CVE-2019-8417
+ RESERVED
+CVE-2019-8416
+ RESERVED
+CVE-2019-8415
+ RESERVED
+CVE-2019-8414
+ RESERVED
+CVE-2013-7469
+ RESERVED
CVE-2019-8413 (On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer
...)
NOT-FOR-US: Xiaomi
CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read
or ...)
@@ -1577,6 +1635,7 @@ CVE-2019-7664 (In elfutils 0.175, a negative-sized memcpy
is attempted in elf_cv
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24084
NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32
CVE-2019-7663 (An Invalid Address dereference was discovered in ...)
+ {DLA-1680-1}
- tiff 4.0.10-4
[stretch] - tiff <postponed> (Minor issue)
- tiff3 <removed>
@@ -1617,8 +1676,8 @@ CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1
package for RDFLib 4.2.2 h
- rdflib 4.2.2-2 (bug #921751)
NOTE: Debian specific issue as respective scripts are overwritten in
Debian
NOTE: packaging as wrappers invoking python -m.
-CVE-2019-7649
- RESERVED
+CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7
relies ...)
+ TODO: check
CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in
Hotels_Server ...)
NOT-FOR-US: Hotels_Server
CVE-2019-7647
@@ -2258,7 +2317,7 @@ CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a
man-in-the-middle attack a
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in
WriteDIBImage ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453
-CVE-2019-7397 (In ImageMagick before 7.0.8-25, several memory leaks exist in
...)
+CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through
1.3.31, ...)
- imagemagick <unfixed> (unimportant)
- graphicsmagick 1.4~hg15896-1 (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82
@@ -22185,6 +22244,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is
an abort caused by ...)
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at
function ...)
NOTE: Duplicate of CVE-2018-10754
CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the
...)
+ {DLA-1680-1}
- tiff 4.0.10-4 (bug #913675)
[stretch] - tiff <postponed> (Minor issue, revisit when fixed upstream)
- tiff3 <removed>
@@ -27841,6 +27901,7 @@ CVE-2018-17002 (On the RICOH MP 2001 printer, HTML
Injection and Stored XSS ...)
CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS
...)
NOT-FOR-US: RICOH
CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at
tif_unix.c ...)
+ {DLA-1680-1}
- tiff 4.0.10-4 (bug #908778)
[stretch] - tiff <postponed> (Minor issue)
- tiff3 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd0b8d08b4e91d0edea4e043fa21d24b9886ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd0b8d08b4e91d0edea4e043fa21d24b9886ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
