Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 80a11a79 by Salvatore Bonaccorso at 2019-06-06T20:28:21Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -62,7 +62,7 @@ CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows NOTE: vim patches: https://github.com/vim/vim/commit/5357552 NOTE: neovim pull request: https://github.com/neovim/neovim/pull/10082 CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby allows XSS. ...) - TODO: check + NOT-FOR-US: Chartkick Ruby gem CVE-2019-12731 RESERVED CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not ...) @@ -1072,7 +1072,7 @@ CVE-2019-12305 CVE-2019-12304 RESERVED CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...) - TODO: check + NOT-FOR-US: Rancher CVE-2019-12302 RESERVED CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffer ...) @@ -1107,7 +1107,7 @@ CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-rea CVE-2019-12292 RESERVED CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...) - TODO: check + NOT-FOR-US: HashiCorp Consul CVE-2019-12290 RESERVED CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...) @@ -1143,7 +1143,7 @@ CVE-2019-12275 CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerable to ...) - hazelcast <itp> (bug #745640) CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...) - TODO: check + NOT-FOR-US: Rancher CVE-2019-12273 RESERVED CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...) @@ -1499,7 +1499,7 @@ CVE-2019-12137 (Typora 0.9.9.24.6 on macOS allows directory traversal, for execu CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, a ...) NOT-FOR-US: Boostnote CVE-2019-12135 (An unspecified vulnerability in the application server in PaperCut MF ...) - TODO: check + NOT-FOR-US: PaperCut CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) TODO: check CVE-2019-12133 @@ -4042,7 +4042,7 @@ CVE-2019-11082 (core/api/datasets/internal/actions/Explode.java in the Dataset A CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.2 and pos ...) NOT-FOR-US: Dentsply Sirona Sidexis CVE-2019-11080 (Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remo ...) - TODO: check + NOT-FOR-US: Sitecore Experience Platform CVE-2019-11079 RESERVED CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the uc ...) @@ -9691,11 +9691,11 @@ CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and ea CVE-2019-9159 RESERVED CVE-2019-9158 (Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control ...) - TODO: check + NOT-FOR-US: Gemalto DS3 Authentication Server CVE-2019-9157 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclos ...) - TODO: check + NOT-FOR-US: Gemalto DS3 Authentication Server CVE-2019-9156 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injecti ...) - TODO: check + NOT-FOR-US: Gemalto DS3 Authentication Server CVE-2019-9192 (** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, ...) - glibc <unfixed> (unimportant) - eglibc <removed> (unimportant) @@ -11687,7 +11687,7 @@ CVE-2019-8387 (MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Executi CVE-2019-8386 RESERVED CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.35 ...) - TODO: check + NOT-FOR-US: Thomson Reuters Desktop Extensions CVE-2019-8384 RESERVED CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory ...) @@ -13274,7 +13274,7 @@ CVE-2019-7673 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Admi CVE-2019-7672 (Prima Systems FlexAir devices have Hard-coded Credentials. ...) TODO: check CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS. ...) - TODO: check + NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7670 RESERVED CVE-2019-7669 @@ -13629,11 +13629,11 @@ CVE-2019-7556 CVE-2019-7555 RESERVED CVE-2019-7554 (An issue was discovered in PHP Scripts Mall API Based Travel Booking 3 ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall API Based Travel Booking CVE-2019-7553 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stor ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website CVE-2019-7552 (An issue was discovered in PHP Scripts Mall Investment MLM Software 2. ...) - TODO: check + NOT-FOR-US: PHP Scripts Mall Investment MLM Software CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4 ...) NOT-FOR-US: Cantemo Portal CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whe ...) @@ -14358,7 +14358,7 @@ CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 allows CRLF injection in CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for Window ...) NOT-FOR-US: PRIMX Zed Enterprise CVE-2019-7311 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A ...) - TODO: check + NOT-FOR-US: Linksys CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...) {DLA-1706-1} - poppler 0.71.0-4 (bug #921215) @@ -15131,7 +15131,7 @@ CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77: Improper Neutralization - rssh 2.3.4-9 (bug #919623) NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/ CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caus ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers ...) - openjpeg2 <unfixed> (low; bug #922648) [buster] - openjpeg2 <ignored> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80a11a797d59f7e37231506f3bd7b85d45ab192a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80a11a797d59f7e37231506f3bd7b85d45ab192a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits