[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 12 20:10:33 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
afa4392e by security tracker role at 2018-12-12T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2018-20113
+	RESERVED
+CVE-2018-20112
+	RESERVED
+CVE-2018-20111
+	RESERVED
+CVE-2018-20110
+	RESERVED
+CVE-2018-20109
+	RESERVED
+CVE-2018-20108
+	RESERVED
+CVE-2018-20107
+	RESERVED
+CVE-2018-20106
+	RESERVED
+CVE-2018-20105
+	RESERVED
+CVE-2018-20104
+	RESERVED
+CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the case ...)
+	TODO: check
+CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c was ...)
+	TODO: check
+CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 1.12.1 ...)
+	TODO: check
+CVE-2018-20100
+	RESERVED
+CVE-2018-20099 (There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of ...)
+	TODO: check
+CVE-2018-20098 (There is a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups ...)
+	TODO: check
+CVE-2018-20096 (There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf ...)
+	TODO: check
+CVE-2018-20095 (An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 ...)
+	TODO: check
+CVE-2018-20094 (An issue was discovered in XXL-CONF 1.6.0. There is a path traversal ...)
+	TODO: check
 CVE-2018-XXXX [response discrepancy information exposure]
 	- mini-httpd <unfixed> (bug #916190)
 	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2018-01.md
@@ -10137,14 +10177,14 @@ CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rul
 	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/pam-hostnames-in-access_conf.patch
 	NOTE: And fixed with (use-correct-IP-address.patch)
 	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/use-correct-IP-address.patch
-CVE-2018-17952
-	RESERVED
+CVE-2018-17952 (Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 ...)
+	TODO: check
 CVE-2018-17951
 	RESERVED
-CVE-2018-17950
-	RESERVED
-CVE-2018-17949
-	RESERVED
+CVE-2018-17950 (Incorrect enforcement of authorization checks in eDirectory prior to ...)
+	TODO: check
+CVE-2018-17949 (Cross site scripting vulnerability in iManager prior to 3.1 SP2. ...)
+	TODO: check
 CVE-2018-17948 (An open redirect vulnerability exists in the Access Manager Identity ...)
 	NOT-FOR-US: Microfocus
 CVE-2018-17947 (The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text ...)
@@ -12666,8 +12706,7 @@ CVE-2018-16868 (A Bleichenbacher type side-channel based padding oracle attack w
 	NOTE: http://cat.eyalro.net/
 	NOTE: https://gitlab.com/gnutls/gnutls/issues/630
 	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/832
-CVE-2018-16867 [dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)]
-	RESERVED
+CVE-2018-16867 (A flaw was found in qemu Media Transfer Protocol (MTP) before version ...)
 	- qemu 1:3.1+dfsg-1 (bug #915884)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
@@ -15700,12 +15739,12 @@ CVE-2018-15721
 	RESERVED
 CVE-2018-15720
 	RESERVED
-CVE-2018-15719
-	RESERVED
-CVE-2018-15718
-	RESERVED
-CVE-2018-15717
-	RESERVED
+CVE-2018-15719 (Open Dental before version 18.4 installs a mysql database and uses the ...)
+	TODO: check
+CVE-2018-15718 (Open Dental before version 18.4 transmits the entire user database ...)
+	TODO: check
+CVE-2018-15717 (Open Dental before version 18.4 stores user passwords as base64 ...)
+	TODO: check
 CVE-2018-15716 (NUUO NVRMini2 version 3.9.1 is vulnerable to ...)
 	NOT-FOR-US: NUUO NVRMini2
 CVE-2018-15715 (Zoom clients on Windows (before version 4.1.34814.1119), Mac OS ...)
@@ -16650,8 +16689,8 @@ CVE-2018-15330
 	RESERVED
 CVE-2018-15329
 	RESERVED
-CVE-2018-15328
-	RESERVED
+CVE-2018-15328 (On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, ...)
+	TODO: check
 CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, ...)
@@ -20564,8 +20603,8 @@ CVE-2018-13818 (** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Inj
 	NOTE: input to it.
 CVE-2018-13817
 	RESERVED
-CVE-2018-13816
-	RESERVED
+CVE-2018-13816 (A vulnerability has been identified in TIM 1531 IRC (All version < ...)
+	TODO: check
 CVE-2018-13815
 	RESERVED
 CVE-2018-13814
@@ -26711,26 +26750,26 @@ CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISC
 	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
 CVE-2018-11467
 	RESERVED
-CVE-2018-11466
-	RESERVED
-CVE-2018-11465
-	RESERVED
-CVE-2018-11464
-	RESERVED
-CVE-2018-11463
-	RESERVED
-CVE-2018-11462
-	RESERVED
-CVE-2018-11461
-	RESERVED
-CVE-2018-11460
-	RESERVED
-CVE-2018-11459
-	RESERVED
-CVE-2018-11458
-	RESERVED
-CVE-2018-11457
-	RESERVED
+CVE-2018-11466 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
+	TODO: check
+CVE-2018-11465 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
+	TODO: check
+CVE-2018-11464 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...)
+	TODO: check
+CVE-2018-11463 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
+	TODO: check
+CVE-2018-11462 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
+	TODO: check
+CVE-2018-11461 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
+	TODO: check
+CVE-2018-11460 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
+	TODO: check
+CVE-2018-11459 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All ...)
+	TODO: check
+CVE-2018-11458 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...)
+	TODO: check
+CVE-2018-11457 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All ...)
+	TODO: check
 CVE-2018-11456 (A vulnerability has been identified in Automation License Manager 5 ...)
 	NOT-FOR-US: Automation License Manager
 CVE-2018-11455 (A vulnerability has been identified in Automation License Manager 5 ...)
@@ -34245,8 +34284,8 @@ CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows Az
 	NOT-FOR-US: Windows Azure Pack Rollup
 CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
 	NOT-FOR-US: Microsoft Dynamics NAV
-CVE-2018-8650
-	RESERVED
+CVE-2018-8650 (A cross-site-scripting (XSS) vulnerability exists when Microsoft ...)
+	TODO: check
 CVE-2018-8649 (A denial of service vulnerability exists when Windows improperly ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2018-8648
@@ -53711,8 +53750,8 @@ CVE-2018-1928 (IBM StoredIQ 7.6.0 does not implement proper authorization of use
 	NOT-FOR-US: IBM
 CVE-2018-1927 (IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which ...)
 	NOT-FOR-US: IBM
-CVE-2018-1926
-	RESERVED
+CVE-2018-1926 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...)
+	TODO: check
 CVE-2018-1925
 	RESERVED
 CVE-2018-1924
@@ -53761,8 +53800,8 @@ CVE-2018-1903
 	RESERVED
 CVE-2018-1902
 	RESERVED
-CVE-2018-1901
-	RESERVED
+CVE-2018-1901 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote ...)
+	TODO: check
 CVE-2018-1900 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
 	NOT-FOR-US: IBM
 CVE-2018-1899
@@ -54593,30 +54632,30 @@ CVE-2018-1487 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
 	NOT-FOR-US: IBM
 CVE-2018-1486
 	RESERVED
-CVE-2018-1485
-	RESERVED
-CVE-2018-1484
-	RESERVED
+CVE-2018-1485 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does ...)
+	TODO: check
+CVE-2018-1484 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does ...)
+	TODO: check
 CVE-2018-1483 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2018-1482
 	RESERVED
-CVE-2018-1481
-	RESERVED
-CVE-2018-1480
-	RESERVED
+CVE-2018-1481 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores ...)
+	TODO: check
+CVE-2018-1480 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does ...)
+	TODO: check
 CVE-2018-1479 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request ...)
 	NOT-FOR-US: IBM
-CVE-2018-1478
-	RESERVED
+CVE-2018-1478 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could ...)
+	TODO: check
 CVE-2018-1477
 	RESERVED
-CVE-2018-1476
-	RESERVED
+CVE-2018-1476 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 ...)
+	TODO: check
 CVE-2018-1475 (IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout ...)
 	NOT-FOR-US: IBM
-CVE-2018-1474
-	RESERVED
+CVE-2018-1474 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is ...)
+	TODO: check
 CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...)
 	NOT-FOR-US: IBM
 CVE-2018-1472



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afa4392e784c0ea373eacfa0fe9b5aca0472196b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afa4392e784c0ea373eacfa0fe9b5aca0472196b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181212/283f6f46/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list