[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Dec 4 08:10:21 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
793d3889 by security tracker role at 2018-12-04T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2018-19843
+	RESERVED
+CVE-2018-19842
+	RESERVED
+CVE-2018-19841
+	RESERVED
+CVE-2018-19840
+	RESERVED
+CVE-2018-19839
+	RESERVED
+CVE-2018-19838
+	RESERVED
+CVE-2018-19837
+	RESERVED
 CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting ...)
 	NOT-FOR-US: Metinfo
 CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php ...)
@@ -15641,36 +15655,36 @@ CVE-2018-14711
 	RESERVED
 CVE-2018-14710
 	RESERVED
-CVE-2018-14709
-	RESERVED
-CVE-2018-14708
-	RESERVED
-CVE-2018-14707
-	RESERVED
-CVE-2018-14706
-	RESERVED
+CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS version ...)
+	TODO: check
+CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on Drobo ...)
+	TODO: check
+CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS ...)
+	TODO: check
+CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint ...)
+	TODO: check
 CVE-2018-14705
 	RESERVED
-CVE-2018-14704
-	RESERVED
-CVE-2018-14703
-	RESERVED
-CVE-2018-14702
-	RESERVED
-CVE-2018-14701
-	RESERVED
-CVE-2018-14700
-	RESERVED
-CVE-2018-14699
-	RESERVED
-CVE-2018-14698
-	RESERVED
-CVE-2018-14697
-	RESERVED
-CVE-2018-14696
-	RESERVED
-CVE-2018-14695
-	RESERVED
+CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS ...)
+	TODO: check
+CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in ...)
+	TODO: check
+CVE-2018-14702 (Incorrect access control in the /drobopix/api/drobo.php endpoint in ...)
+	TODO: check
+CVE-2018-14701 (System command injection in the /DroboAccess/delete_user endpoint in ...)
+	TODO: check
+CVE-2018-14700 (Incorrect access control in the /mysql/api/logfile.php endpoint in ...)
+	TODO: check
+CVE-2018-14699 (System command injection in the /DroboAccess/enable_user endpoint in ...)
+	TODO: check
+CVE-2018-14698 (Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo ...)
+	TODO: check
+CVE-2018-14697 (Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo ...)
+	TODO: check
+CVE-2018-14696 (Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo ...)
+	TODO: check
+CVE-2018-14695 (Incorrect access control in the /mysql/api/diags.php endpoint in Drobo ...)
+	TODO: check
 CVE-2018-14694
 	RESERVED
 CVE-2018-14693
@@ -38281,10 +38295,10 @@ CVE-2018-6442 (A vulnerability in the Brocade Webtools firmware update section o
 	NOT-FOR-US: Brocade
 CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade Fabric OS ...)
 	NOT-FOR-US: Brocade
-CVE-2018-6440
-	RESERVED
-CVE-2018-6439
-	RESERVED
+CVE-2018-6440 (A vulnerability in the proxy service of Brocade Fabric OS versions ...)
+	TODO: check
+CVE-2018-6439 (A Vulnerability in the configdownload command of Brocade Fabric OS ...)
+	TODO: check
 CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS ...)
 	NOT-FOR-US: Brocade
 CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS command line ...)
@@ -45172,12 +45186,12 @@ CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix MKVIN
 	[jessie] - mkvtoolnix <not-affected> (vulnerable code is not present)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694
 	NOTE: https://gitlab.com/mbunkus/mkvtoolnix/commit/43021d16c7bcd3f9f70214827755a5163782b633
-CVE-2018-4021
-	RESERVED
-CVE-2018-4020
-	RESERVED
-CVE-2018-4019
-	RESERVED
+CVE-2018-4021 (An exploitable command injection vulnerability exists in the way ...)
+	TODO: check
+CVE-2018-4020 (An exploitable command injection vulnerability exists in the way ...)
+	TODO: check
+CVE-2018-4019 (An exploitable command injection vulnerability exists in the way ...)
+	TODO: check
 CVE-2018-4018
 	RESERVED
 CVE-2018-4017
@@ -45516,8 +45530,8 @@ CVE-2018-3856 (An exploitable vulnerability exists in the smart cameras RTSP ...
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
 	NOT-FOR-US: Hyland Perceptive Document Filters
-CVE-2018-3854
-	RESERVED
+CVE-2018-3854 (An exploitable information disclosure vulnerability exists in the ...)
+	TODO: check
 CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3852 (An exploitable denial of service vulnerability exists in the Ocularis ...)
@@ -50051,7 +50065,7 @@ CVE-2018-2517
 CVE-2018-2516
 	RESERVED
 CVE-2018-2515
-	RESERVED
+	REJECTED
 CVE-2018-2514
 	RESERVED
 CVE-2018-2513



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/793d388912f51937ab52510df930ccdc0be2d0b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/793d388912f51937ab52510df930ccdc0be2d0b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181204/115f368d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list