[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 11 20:11:12 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7deb2861 by security tracker role at 2018-12-11T20:10:40Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2018-20063
+ RESERVED
+CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php ...)
+ TODO: check
+CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...)
+ TODO: check
+CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP ...)
+ TODO: check
+CVE-2018-20059 (jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. ...)
+ TODO: check
+CVE-2018-20058 (In Evernote before 7.6 on macOS, there is a local file path traversal ...)
+ TODO: check
+CVE-2018-20057 (An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and ...)
+ TODO: check
+CVE-2018-20056 (An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and ...)
+ TODO: check
+CVE-2018-20055
+ RESERVED
+CVE-2018-20054
+ RESERVED
+CVE-2018-20053
+ RESERVED
+CVE-2018-20052
+ RESERVED
CVE-2018-20051 (Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware ...)
NOT-FOR-US: Jooan JA-Q1H Wi-Fi camera
CVE-2018-20050 (Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with ...)
@@ -1000,12 +1024,12 @@ CVE-2018-19972
RESERVED
CVE-2018-19971
RESERVED
-CVE-2018-19970
- RESERVED
-CVE-2018-19969
- RESERVED
-CVE-2018-19968
- RESERVED
+CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the ...)
+ TODO: check
+CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a ...)
+ TODO: check
+CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of ...)
+ TODO: check
CVE-2018-19959
RESERVED
CVE-2018-19958
@@ -8805,105 +8829,80 @@ CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. ...)
NOT-FOR-US: nc-cms
CVE-2018-18360
RESERVED
-CVE-2018-18359
- RESERVED
+CVE-2018-18359 (Incorrect handling of Reflect.construct in V8 in Google Chrome prior ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18358
- RESERVED
+CVE-2018-18358 (Lack of special casing of localhost in WPAD files in Google Chrome ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18357
- RESERVED
+CVE-2018-18357 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18356
- RESERVED
+CVE-2018-18356 (An integer overflow in path handling lead to a use after free in Skia ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18355
- RESERVED
+CVE-2018-18355 (Incorrect handling of confusable characters in URL Formatter in Google ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18354
- RESERVED
+CVE-2018-18354 (Insufficient validate of external protocols in Shell Integration in ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18353
- RESERVED
+CVE-2018-18353 (Failure to dismiss http auth dialogs on navigation in Network ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18352
- RESERVED
+CVE-2018-18352 (Service works could inappropriately gain access to cross origin audio ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18351
- RESERVED
+CVE-2018-18351 (Lack of proper validation of ancestor frames site when sending lax ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18350
- RESERVED
+CVE-2018-18350 (Incorrect handling of CSP enforcement during navigations in Blink in ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18349
- RESERVED
+CVE-2018-18349 (Remote frame navigations was incorrectly permitted to local resources ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18348
- RESERVED
+CVE-2018-18348 (Incorrect handling of bidirectional domain names with RTL characters ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18347
- RESERVED
+CVE-2018-18347 (Incorrect handling of failed navigations with invalid URLs in ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18346
- RESERVED
+CVE-2018-18346 (Incorrect handling of alert box display in Blink in Google Chrome ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18345
- RESERVED
+CVE-2018-18345 (Incorrect handling of blob URLS in Site Isolation in Google Chrome ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18344
- RESERVED
+CVE-2018-18344 (Inappropriate allowance of the setDownloadBehavior devtools protocol ...)
{DSA-4352-1}
- sqlite3 <undetermined>
- chromium 71.0.3578.80-1
-CVE-2018-18343
- RESERVED
+CVE-2018-18343 (Incorrect handing of paths leading to a use after free in Skia in ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18342
- RESERVED
+CVE-2018-18342 (Execution of user supplied Javascript during object deserialization ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18341
- RESERVED
+CVE-2018-18341 (An integer overflow leading to a heap buffer overflow in Blink in ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18340
- RESERVED
+CVE-2018-18340 (Incorrect object lifecycle in MediaRecorder in Google Chrome prior to ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18339
- RESERVED
+CVE-2018-18339 (Incorrect object lifecycle in WebAudio in Google Chrome prior to ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18338
- RESERVED
+CVE-2018-18338 (Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18337
- RESERVED
+CVE-2018-18337 (Incorrect handling of stylesheets leading to a use after free in Blink ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18336
- RESERVED
+CVE-2018-18336 (Incorrect object lifecycle in PDFium in Google Chrome prior to ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-18335
- RESERVED
+CVE-2018-18335 (Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18334
@@ -11058,12 +11057,10 @@ CVE-2018-17483
RESERVED
CVE-2018-17482
RESERVED
-CVE-2018-17481
- RESERVED
+CVE-2018-17481 (Incorrect object lifecycle in PDFium in Google Chrome prior to ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-17480
- RESERVED
+CVE-2018-17480 (Execution of user supplied Javascript during array deserialization ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-17479
@@ -53618,16 +53615,16 @@ CVE-2018-1906
RESERVED
CVE-2018-1905 (IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2018-1904
- RESERVED
+CVE-2018-1904 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow ...)
+ TODO: check
CVE-2018-1903
RESERVED
CVE-2018-1902
RESERVED
CVE-2018-1901
RESERVED
-CVE-2018-1900
- RESERVED
+CVE-2018-1900 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
+ TODO: check
CVE-2018-1899
RESERVED
CVE-2018-1898
@@ -54118,12 +54115,12 @@ CVE-2018-1656 (The IBM Java Runtime Environment's Diagnostic Tooling Framework f
NOT-FOR-US: IBM JDK
CVE-2018-1655 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock ...)
NOT-FOR-US: IBM AIX
-CVE-2018-1654
- RESERVED
+CVE-2018-1654 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
+ TODO: check
CVE-2018-1653
RESERVED
-CVE-2018-1652
- RESERVED
+CVE-2018-1652 (IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through ...)
+ TODO: check
CVE-2018-1651
RESERVED
CVE-2018-1650 (IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7deb286185075416793f22cf1641fb58c22c305a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7deb286185075416793f22cf1641fb58c22c305a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181211/a9145caa/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list