[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 5 08:10:27 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2634cd1b by security tracker role at 2018-12-05T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5067,16 +5067,16 @@ CVE-2018-18995
 	RESERVED
 CVE-2018-18994
 	RESERVED
-CVE-2018-18993
-	RESERVED
+CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discovered ...)
+	TODO: check
 CVE-2018-18992
 	RESERVED
-CVE-2018-18991
-	RESERVED
+CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer ...)
+	TODO: check
 CVE-2018-18990
 	RESERVED
-CVE-2018-18989
-	RESERVED
+CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
+	TODO: check
 CVE-2018-18988
 	RESERVED
 CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...)
@@ -5402,8 +5402,7 @@ CVE-2018-18845
 	RESERVED
 CVE-2018-18844
 	RESERVED
-CVE-2018-18843
-	RESERVED
+CVE-2018-18843 (The Kubernetes integration in GitLab Enterprise Edition 11.x before ...)
 	- gitlab <not-affected> (Only affects Enterprise edition)
 	NOTE: https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
 CVE-2018-18842 (CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP ...)
@@ -5859,43 +5858,35 @@ CVE-2018-18650 (An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XR
 CVE-2018-18649 (An issue was discovered in the wiki API in GitLab Community and ...)
 	- gitlab <not-affected> (Only affects 11.3 and later)
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18648 [Information exposure through stack trace error message]
-	RESERVED
+CVE-2018-18648 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	- gitlab <not-affected> (Only affects 11.2 and later)
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18647 [Unauthorized changes to a protected branch's access levels]
-	RESERVED
+CVE-2018-18647 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	- gitlab <not-affected> (Only affects GitLab EE)
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18646 [SSRF in Hipchat integration]
-	RESERVED
+CVE-2018-18646 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18645 [Information exposure when replying to issues through email]
-	RESERVED
+CVE-2018-18645 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18644 [Metrics information disclosure in Prometheus integration]
-	RESERVED
+CVE-2018-18644 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	- gitlab <not-affected> (Only affects GitLab EE)
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18643 [Persistent XSS autocomplete]
 	RESERVED
 	- gitlab <not-affected> (Only affects 11.2 and later)
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18642 [Persistent XSS in License Management and Security Reports]
-	RESERVED
+CVE-2018-18642 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	- gitlab <not-affected> (Only affects GitLab EE)
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18641 [Cleartext storage of personal access tokens]
-	RESERVED
+CVE-2018-18641 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18640 [Information exposure in stored browser history]
-	RESERVED
+CVE-2018-18640 (An issue was discovered in GitLab Community and Enterprise Edition ...)
 	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
@@ -7720,10 +7711,10 @@ CVE-2018-17978
 	RESERVED
 CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM ...)
 	- linux <undetermined>
-CVE-2018-17976
-	RESERVED
-CVE-2018-17975
-	RESERVED
+CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before ...)
+	TODO: check
+CVE-2018-17975 (An issue was discovered in GitLab Community Edition 11.x before ...)
+	TODO: check
 CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...)
 	- tcpreplay <unfixed> (bug #910598)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
@@ -7837,8 +7828,8 @@ CVE-2018-17941
 	RESERVED
 CVE-2018-17940
 	RESERVED
-CVE-2018-17939
-	RESERVED
+CVE-2018-17939 (An issue was discovered in GitLab Community and Enterprise Edition ...)
+	TODO: check
 CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofing via ...)
 	NOT-FOR-US: Zimbra
 CVE-2018-17937
@@ -9637,8 +9628,8 @@ CVE-2018-17162
 	RESERVED
 CVE-2018-17161
 	RESERVED
-CVE-2018-17160
-	RESERVED
+CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, ...)
+	TODO: check
 CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS ...)
 	TODO: check
 CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
@@ -41419,8 +41410,8 @@ CVE-2018-5498
 	RESERVED
 CVE-2018-5497
 	RESERVED
-CVE-2018-5496
-	RESERVED
+CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...)
+	TODO: check
 CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerability ...)
 	NOT-FOR-US: NetApp
 CVE-2018-5494



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634cd1bbf5a5f4cf90e51f37542857487d8d7c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634cd1bbf5a5f4cf90e51f37542857487d8d7c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181205/065c35e5/attachment.html>

More information about the debian-security-tracker-commits mailing list