[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 3 20:10:35 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1f64be07 by security tracker role at 2018-12-03T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting ...)
+ TODO: check
+CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php ...)
+ TODO: check
+CVE-2018-19834
+ RESERVED
+CVE-2018-19833
+ RESERVED
+CVE-2018-19832
+ RESERVED
+CVE-2018-19831
+ RESERVED
+CVE-2018-19830
+ RESERVED
+CVE-2018-19829
+ RESERVED
+CVE-2018-19828
+ RESERVED
+CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...)
+ TODO: check
+CVE-2018-19826 (In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an ...)
+ TODO: check
+CVE-2018-19825
+ RESERVED
+CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a ...)
+ TODO: check
+CVE-2018-19823
+ RESERVED
+CVE-2018-19822
+ RESERVED
+CVE-2018-19821
+ RESERVED
+CVE-2018-19820
+ RESERVED
+CVE-2018-19819
+ RESERVED
+CVE-2018-19818
+ RESERVED
+CVE-2018-19817
+ RESERVED
+CVE-2018-19816
+ RESERVED
+CVE-2018-19815
+ RESERVED
+CVE-2018-19814
+ RESERVED
+CVE-2018-19813
+ RESERVED
+CVE-2018-19812
+ RESERVED
+CVE-2018-19811
+ RESERVED
+CVE-2018-19810
+ RESERVED
+CVE-2018-19809
+ RESERVED
CVE-2018-1002105 [Kubernetes API server issue]
- kubernetes <unfixed>
NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
@@ -10174,12 +10230,10 @@ CVE-2018-16871
RESERVED
CVE-2018-16870
RESERVED
-CVE-2018-16869 [Leaky data conversion exposing a manager oracle]
- RESERVED
+CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack was ...)
- nettle <unfixed>
NOTE: http://cat.eyalro.net/
-CVE-2018-16868 [Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification]
- RESERVED
+CVE-2018-16868 (A Bleichenbacher type side-channel based padding oracle attack was ...)
- gnutls28 <unfixed>
- gnutls26 <removed>
NOTE: http://cat.eyalro.net/
@@ -10191,8 +10245,8 @@ CVE-2018-16865
RESERVED
CVE-2018-16864
RESERVED
-CVE-2018-16863
- RESERVED
+CVE-2018-16863 (It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An ...)
+ TODO: check
CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/patchwork/patch/1011367/
@@ -10216,8 +10270,7 @@ CVE-2018-16856 [Private keys written to world-readable log files]
- octavia <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649165
TODO: check if Debian affected by the problem or Red Hat specific setup
-CVE-2018-16855
- RESERVED
+CVE-2018-16855 (An issue has been found in PowerDNS Recursor before version 4.1.8 ...)
- pdns-recursor 4.1.8-1
[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
@@ -10345,25 +10398,25 @@ CVE-2018-17459 [url spoofing in omnibox]
{DSA-4297-1}
- chromium-browser 69.0.3497.92-1 (bug #908806)
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-1002009
+CVE-2018-1002009 (There is a reflected XSS vulnerability in WordPress Arigato ...)
NOTE: Wordpress plugin
-CVE-2018-1002008
+CVE-2018-1002008 (There is a reflected XSS vulnerability in WordPress Arigato ...)
NOTE: Wordpress plugin
-CVE-2018-1002007
+CVE-2018-1002007 (There is a reflected XSS vulnerability in WordPress Arigato ...)
NOTE: Wordpress plugin
-CVE-2018-1002006
+CVE-2018-1002006 (These vulnerabilities require administrative privileges to exploit. ...)
NOTE: Wordpress plugin
-CVE-2018-1002005
+CVE-2018-1002005 (These vulnerabilities require administrative privileges to exploit. ...)
NOTE: Wordpress plugin
-CVE-2018-1002004
+CVE-2018-1002004 (There is a reflected XSS vulnerability in WordPress Arigato ...)
NOTE: Wordpress plugin
-CVE-2018-1002003
+CVE-2018-1002003 (There is a reflected XSS vulnerability in WordPress Arigato ...)
NOTE: Wordpress plugin
-CVE-2018-1002002
+CVE-2018-1002002 (There is a reflected XSS vulnerability in WordPress Arigato ...)
NOTE: Wordpress plugin
-CVE-2018-1002001
+CVE-2018-1002001 (There is a reflected XSS vulnerability in WordPress Arigato ...)
NOTE: Wordpress plugin
-CVE-2018-1002000
+CVE-2018-1002000 (There is blind SQL injection in WordPress Arigato Autoresponder and ...)
NOTE: Wordpress plugin
CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ...)
- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bug #908698)
@@ -13213,7 +13266,7 @@ CVE-2018-15718
RESERVED
CVE-2018-15717
RESERVED
-CVE-2018-15716 (NUUO NVRMini2 version 3.10.0 and earlier is vulnerable to ...)
+CVE-2018-15716 (NUUO NVRMini2 version 3.9.1 is vulnerable to ...)
NOT-FOR-US: NUUO NVRMini2
CVE-2018-15715 (Zoom clients on Windows (before version 4.1.34814.1119), Mac OS ...)
NOT-FOR-US: Zoom
@@ -36129,16 +36182,16 @@ CVE-2018-7118
RESERVED
CVE-2018-7117
RESERVED
-CVE-2018-7116
- RESERVED
-CVE-2018-7115
- RESERVED
-CVE-2018-7114
- RESERVED
-CVE-2018-7113
- RESERVED
-CVE-2018-7112
- RESERVED
+CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 ...)
+ TODO: check
+CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 ...)
+ TODO: check
+CVE-2018-7114 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 ...)
+ TODO: check
+CVE-2018-7113 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior ...)
+ TODO: check
+CVE-2018-7112 (The HPE-provided Windows firmware installer for certain Gen9, Gen8, ...)
+ TODO: check
CVE-2018-7111 (A remote unauthorized access vulnerability was identified in HPE UIoT ...)
NOT-FOR-US: HPE
CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability was ...)
@@ -38567,8 +38620,7 @@ CVE-2018-6334 [ability to override global variables and members of $GLOBALS via
NOTE: https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
CVE-2018-6333
RESERVED
-CVE-2018-6332 [denial-of-service issue in the Proxygen handling of invalid HTTP2 settings]
- RESERVED
+CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of ...)
- hhvm 3.24.7+dfsg-1 (bug #895194)
NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
CVE-2018-6331
@@ -51387,8 +51439,8 @@ CVE-2018-1842 (IBM Cognos Analytics 11 Configuration tool, under certain ...)
NOT-FOR-US: IBM
CVE-2018-1841 (IBM Cloud Private 2.1.0 could allow a local user to obtain the CA ...)
NOT-FOR-US: IBM
-CVE-2018-1840
- RESERVED
+CVE-2018-1840 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote ...)
+ TODO: check
CVE-2018-1839
RESERVED
CVE-2018-1838 (IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f64be0713eebefa7b8039c3bd24ea74a814a965
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f64be0713eebefa7b8039c3bd24ea74a814a965
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181203/c40cbdd1/attachment.html>
More information about the debian-security-tracker-commits
mailing list