[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 5 08:10:27 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2634cd1b by security tracker role at 2018-12-05T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5067,16 +5067,16 @@ CVE-2018-18995
RESERVED
CVE-2018-18994
RESERVED
-CVE-2018-18993
- RESERVED
+CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discovered ...)
+ TODO: check
CVE-2018-18992
RESERVED
-CVE-2018-18991
- RESERVED
+CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer ...)
+ TODO: check
CVE-2018-18990
RESERVED
-CVE-2018-18989
- RESERVED
+CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
+ TODO: check
CVE-2018-18988
RESERVED
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...)
@@ -5402,8 +5402,7 @@ CVE-2018-18845
RESERVED
CVE-2018-18844
RESERVED
-CVE-2018-18843
- RESERVED
+CVE-2018-18843 (The Kubernetes integration in GitLab Enterprise Edition 11.x before ...)
- gitlab <not-affected> (Only affects Enterprise edition)
NOTE: https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
CVE-2018-18842 (CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP ...)
@@ -5859,43 +5858,35 @@ CVE-2018-18650 (An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XR
CVE-2018-18649 (An issue was discovered in the wiki API in GitLab Community and ...)
- gitlab <not-affected> (Only affects 11.3 and later)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18648 [Information exposure through stack trace error message]
- RESERVED
+CVE-2018-18648 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <not-affected> (Only affects 11.2 and later)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18647 [Unauthorized changes to a protected branch's access levels]
- RESERVED
+CVE-2018-18647 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <not-affected> (Only affects GitLab EE)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18646 [SSRF in Hipchat integration]
- RESERVED
+CVE-2018-18646 (An issue was discovered in GitLab Community and Enterprise Edition ...)
[experimental] - gitlab 11.2.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18645 [Information exposure when replying to issues through email]
- RESERVED
+CVE-2018-18645 (An issue was discovered in GitLab Community and Enterprise Edition ...)
[experimental] - gitlab 11.2.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18644 [Metrics information disclosure in Prometheus integration]
- RESERVED
+CVE-2018-18644 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <not-affected> (Only affects GitLab EE)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18643 [Persistent XSS autocomplete]
RESERVED
- gitlab <not-affected> (Only affects 11.2 and later)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18642 [Persistent XSS in License Management and Security Reports]
- RESERVED
+CVE-2018-18642 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <not-affected> (Only affects GitLab EE)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18641 [Cleartext storage of personal access tokens]
- RESERVED
+CVE-2018-18641 (An issue was discovered in GitLab Community and Enterprise Edition ...)
[experimental] - gitlab 11.2.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18640 [Information exposure in stored browser history]
- RESERVED
+CVE-2018-18640 (An issue was discovered in GitLab Community and Enterprise Edition ...)
[experimental] - gitlab 11.2.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
@@ -7720,10 +7711,10 @@ CVE-2018-17978
RESERVED
CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM ...)
- linux <undetermined>
-CVE-2018-17976
- RESERVED
-CVE-2018-17975
- RESERVED
+CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before ...)
+ TODO: check
+CVE-2018-17975 (An issue was discovered in GitLab Community Edition 11.x before ...)
+ TODO: check
CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...)
- tcpreplay <unfixed> (bug #910598)
[stretch] - tcpreplay <no-dsa> (Minor issue)
@@ -7837,8 +7828,8 @@ CVE-2018-17941
RESERVED
CVE-2018-17940
RESERVED
-CVE-2018-17939
- RESERVED
+CVE-2018-17939 (An issue was discovered in GitLab Community and Enterprise Edition ...)
+ TODO: check
CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofing via ...)
NOT-FOR-US: Zimbra
CVE-2018-17937
@@ -9637,8 +9628,8 @@ CVE-2018-17162
RESERVED
CVE-2018-17161
RESERVED
-CVE-2018-17160
- RESERVED
+CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, ...)
+ TODO: check
CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS ...)
TODO: check
CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
@@ -41419,8 +41410,8 @@ CVE-2018-5498
RESERVED
CVE-2018-5497
RESERVED
-CVE-2018-5496
- RESERVED
+CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...)
+ TODO: check
CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerability ...)
NOT-FOR-US: NetApp
CVE-2018-5494
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634cd1bbf5a5f4cf90e51f37542857487d8d7c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634cd1bbf5a5f4cf90e51f37542857487d8d7c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181205/065c35e5/attachment.html>
More information about the debian-security-tracker-commits
mailing list