Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7b2818f5 by Salvatore Bonaccorso at 2019-06-25T07:43:09Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -27,7 +27,7 @@ CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML names NOTE: https://github.com/libexpat/libexpat/pull/262 NOTE: https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 CVE-2019-12937 (apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow ...) - TODO: check + NOT-FOR-US: gsudo in ToaruOS CVE-2019-12936 (BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for ...) NOT-FOR-US: BlueStacks App Player CVE-2019-12934 @@ -1507,7 +1507,7 @@ CVE-2019-12325 CVE-2019-12324 RESERVED CVE-2019-12323 (The HC.Server service in Hosting Controller HC10 10.14 allows an Inval ...) - TODO: check + NOT-FOR-US: Hosting Controller HC10 CVE-2019-12322 RESERVED CVE-2019-12321 @@ -1612,7 +1612,7 @@ CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-rea NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c CVE-2019-12292 (Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. ...) - TODO: check + NOT-FOR-US: Citrix AppDNA CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...) NOT-FOR-US: HashiCorp Consul CVE-2019-12290 @@ -7361,7 +7361,7 @@ CVE-2019-10030 CVE-2019-10029 RESERVED CVE-2019-10028 (Denial of Service (DOS) in Dial Reference Source Code Used before June ...) - TODO: check + NOT-FOR-US: Dial Reference Source Code Repo CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field ...) NOT-FOR-US: PHPCMS CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) @@ -7505,9 +7505,9 @@ CVE-2019-9960 (The downloadZip function in application/controllers/admin/export. CVE-2019-9959 RESERVED CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 u ...) - TODO: check + NOT-FOR-US: Quadbase EspressReport ES (ERES) CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allow ...) - TODO: check + NOT-FOR-US: Quadbase EspressReport ES (ERES) CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in ...) {DSA-4436-1 DLA-1785-1} - imagemagick 8:6.9.10.23+dfsg-2.1 (bug #925395) @@ -15273,13 +15273,13 @@ CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL poi NOTE: https://github.com/uvoteam/libdoc/issues/6 NOTE: Crash in CLI tool, no security impact CVE-2019-7232 (The ABB IDAL HTTP server is vulnerable to a buffer overflow when a lon ...) - TODO: check + NOT-FOR-US: ABB IDAL HTTP server CVE-2019-7231 RESERVED CVE-2019-7230 (The ABB IDAL FTP server mishandles format strings in a username during ...) - TODO: check + NOT-FOR-US: ABB IDAL FTP server CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to upgrade i ...) - TODO: check + NOT-FOR-US: ABB CP635 HMI CVE-2019-7228 RESERVED CVE-2019-7227 @@ -35521,7 +35521,7 @@ CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain in CVE-2018-19147 RESERVED CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by ...) - TODO: check + NOT-FOR-US: Concrete5 CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS vulnerability i ...) NOT-FOR-US: S-CMS CVE-2018-19144 @@ -40740,11 +40740,11 @@ CVE-2018-17150 CVE-2018-17149 RESERVED CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to credential di ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2018-17147 RESERVED CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2018-17145 RESERVED CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x be ...) @@ -44516,23 +44516,23 @@ CVE-2018-15739 CVE-2018-15738 RESERVED CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15735 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15734 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15733 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15732 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15731 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15730 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15729 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver ...) - TODO: check + NOT-FOR-US: STOPzilla CVE-2018-15728 (An issue was discovered in Couchbase Server. Authenticated users can s ...) NOT-FOR-US: Couchbase CVE-2018-15727 (Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows aut ...) @@ -78115,7 +78115,7 @@ CVE-2017-1000411 (OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attackers to e ...) NOT-FOR-US: Handy Password CVE-2017-17945 (The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing ...) - TODO: check + NOT-FOR-US: ASUS HiVivo CVE-2017-17944 (The ASUS Vivobaby application before 1.1.09 for Android has Missing SS ...) NOT-FOR-US: ASUS Vivobaby application CVE-2017-17943 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2818f5e9d680554dffabdc5eea707a95c74254 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b2818f5e9d680554dffabdc5eea707a95c74254 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits