[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 19 08:10:27 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b25b3357 by security tracker role at 2018-12-19T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4674,8 +4674,8 @@ CVE-2018-19831
RESERVED
CVE-2018-19830
RESERVED
-CVE-2018-19829
- RESERVED
+CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in ...)
+ TODO: check
CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
NOT-FOR-US: Artica Integria IMS
CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...)
@@ -4763,12 +4763,10 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows lo
NOT-FOR-US: OpenLiteSpeed
CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not ...)
NOT-FOR-US: OpenLiteSpeed
-CVE-2018-19790 [symfony: Open Redirect Vulnerability when using Security\Http]
- RESERVED
+CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...)
- symfony 3.4.20+dfsg-1
NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
-CVE-2018-19789 [symfony: Disclosure of uploaded files full path]
- RESERVED
+CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before ...)
- symfony 3.4.20+dfsg-1
NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user ...)
@@ -9898,8 +9896,8 @@ CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...)
NOT-FOR-US: AbiSoft Ticketly
CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...)
NOT-FOR-US: AbiSoft Ticketly
-CVE-2018-18921
- RESERVED
+CVE-2018-18921 (PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete ...)
+ TODO: check
CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...)
- python3-py-evm <itp> (bug #884796)
CVE-2018-18919 (The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment ...)
@@ -12909,8 +12907,8 @@ CVE-2018-17779
RESERVED
CVE-2018-17778
RESERVED
-CVE-2018-17777
- RESERVED
+CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If ...)
+ TODO: check
CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
NOT-FOR-US: PCProtect Anti-Virus
CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for ...)
@@ -14978,8 +14976,7 @@ CVE-2018-16886
RESERVED
CVE-2018-16885
RESERVED
-CVE-2018-16884 [nfs: use-after-free in svc_process_common()]
- RESERVED
+CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ ...)
- linux <unfixed>
NOTE: https://patchwork.kernel.org/cover/10733767/
NOTE: https://patchwork.kernel.org/patch/10733769/
@@ -41348,8 +41345,8 @@ CVE-2018-6980 (VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before
NOT-FOR-US: VMware
CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console (A/W ...)
NOT-FOR-US: VMware
-CVE-2018-6978
- RESERVED
+CVE-2018-6978 (vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before ...)
+ TODO: check
CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion ...)
NOT-FOR-US: VMware
CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data ...)
@@ -229071,7 +229068,7 @@ CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly ot
- mysql-5.5 5.5.22 (bug #675872)
- cyassl <not-affected> (Fixed before initial upload to archive)
NOTE: limited information about issue, only a video of exploit taking place
-CVE-2012-0881 (Apache Xerces2 Java allows remote attackers to cause a denial of ...)
+CVE-2012-0881 (Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ...)
- libxerces2-java <unfixed> (unimportant)
NOTE: Negligible impact for Xerces
CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of service ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/1f637d3a/attachment.html>
More information about the debian-security-tracker-commits
mailing list