[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 19 08:10:27 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b25b3357 by security tracker role at 2018-12-19T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4674,8 +4674,8 @@ CVE-2018-19831
 	RESERVED
 CVE-2018-19830
 	RESERVED
-CVE-2018-19829
-	RESERVED
+CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in ...)
+	TODO: check
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
 	NOT-FOR-US: Artica Integria IMS
 CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...)
@@ -4763,12 +4763,10 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows lo
 	NOT-FOR-US: OpenLiteSpeed
 CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not ...)
 	NOT-FOR-US: OpenLiteSpeed
-CVE-2018-19790 [symfony: Open Redirect Vulnerability when using Security\Http]
-	RESERVED
+CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...)
 	- symfony 3.4.20+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
-CVE-2018-19789 [symfony: Disclosure of uploaded files full path]
-	RESERVED
+CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before ...)
 	- symfony 3.4.20+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
 CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user ...)
@@ -9898,8 +9896,8 @@ CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...)
 	NOT-FOR-US: AbiSoft Ticketly
 CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...)
 	NOT-FOR-US: AbiSoft Ticketly
-CVE-2018-18921
-	RESERVED
+CVE-2018-18921 (PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete ...)
+	TODO: check
 CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...)
 	- python3-py-evm <itp> (bug #884796)
 CVE-2018-18919 (The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment ...)
@@ -12909,8 +12907,8 @@ CVE-2018-17779
 	RESERVED
 CVE-2018-17778
 	RESERVED
-CVE-2018-17777
-	RESERVED
+CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If ...)
+	TODO: check
 CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
 	NOT-FOR-US: PCProtect Anti-Virus
 CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for ...)
@@ -14978,8 +14976,7 @@ CVE-2018-16886
 	RESERVED
 CVE-2018-16885
 	RESERVED
-CVE-2018-16884 [nfs: use-after-free in svc_process_common()]
-	RESERVED
+CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.kernel.org/cover/10733767/
 	NOTE: https://patchwork.kernel.org/patch/10733769/
@@ -41348,8 +41345,8 @@ CVE-2018-6980 (VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before
 	NOT-FOR-US: VMware
 CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console (A/W ...)
 	NOT-FOR-US: VMware
-CVE-2018-6978
-	RESERVED
+CVE-2018-6978 (vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before ...)
+	TODO: check
 CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion ...)
 	NOT-FOR-US: VMware
 CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data ...)
@@ -229071,7 +229068,7 @@ CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly ot
 	- mysql-5.5 5.5.22 (bug #675872)
 	- cyassl <not-affected> (Fixed before initial upload to archive)
 	NOTE: limited information about issue, only a video of exploit taking place
-CVE-2012-0881 (Apache Xerces2 Java allows remote attackers to cause a denial of ...)
+CVE-2012-0881 (Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ...)
 	- libxerces2-java <unfixed> (unimportant)
 	NOTE: Negligible impact for Xerces
 CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of service ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/1f637d3a/attachment.html>

More information about the debian-security-tracker-commits mailing list