[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 19 20:10:27 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9cb5e897 by security tracker role at 2018-12-19T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,197 @@
+CVE-2019-3408
+	RESERVED
+CVE-2019-3407
+	RESERVED
+CVE-2019-3406
+	RESERVED
+CVE-2019-3405
+	RESERVED
+CVE-2019-3404
+	RESERVED
+CVE-2019-3403
+	RESERVED
+CVE-2019-3402
+	RESERVED
+CVE-2019-3401
+	RESERVED
+CVE-2019-3400
+	RESERVED
+CVE-2019-3399
+	RESERVED
+CVE-2019-3398
+	RESERVED
+CVE-2019-3397
+	RESERVED
+CVE-2019-3396
+	RESERVED
+CVE-2019-3395
+	RESERVED
+CVE-2019-3394
+	RESERVED
+CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) ...)
+	TODO: check
+CVE-2018-20297
+	RESERVED
+CVE-2018-20296
+	RESERVED
+CVE-2018-20295
+	RESERVED
+CVE-2018-20294
+	RESERVED
+CVE-2018-20293
+	RESERVED
+CVE-2018-20292
+	RESERVED
+CVE-2018-20291
+	RESERVED
+CVE-2018-20290
+	RESERVED
+CVE-2018-20289
+	RESERVED
+CVE-2018-20288
+	RESERVED
+CVE-2018-20287
+	RESERVED
+CVE-2018-20286
+	RESERVED
+CVE-2018-20285
+	RESERVED
+CVE-2018-20284
+	RESERVED
+CVE-2018-20283
+	RESERVED
+CVE-2018-20282
+	RESERVED
+CVE-2018-20281
+	RESERVED
+CVE-2018-20280
+	RESERVED
+CVE-2018-20279
+	RESERVED
+CVE-2018-20278
+	RESERVED
+CVE-2018-20277
+	RESERVED
+CVE-2018-20276
+	RESERVED
+CVE-2018-20275
+	RESERVED
+CVE-2018-20274
+	RESERVED
+CVE-2018-20273
+	RESERVED
+CVE-2018-20272
+	RESERVED
+CVE-2018-20271
+	RESERVED
+CVE-2018-20270
+	RESERVED
+CVE-2018-20269
+	RESERVED
+CVE-2018-20268
+	RESERVED
+CVE-2018-20267
+	RESERVED
+CVE-2018-20266
+	RESERVED
+CVE-2018-20265
+	RESERVED
+CVE-2018-20264
+	RESERVED
+CVE-2018-20263
+	RESERVED
+CVE-2018-20262
+	RESERVED
+CVE-2018-20261
+	RESERVED
+CVE-2018-20260
+	RESERVED
+CVE-2018-20259
+	RESERVED
+CVE-2018-20258
+	RESERVED
+CVE-2018-20257
+	RESERVED
+CVE-2018-20256
+	RESERVED
+CVE-2018-20255
+	RESERVED
+CVE-2018-20254
+	RESERVED
+CVE-2018-20253
+	RESERVED
+CVE-2018-20252
+	RESERVED
+CVE-2018-20251
+	RESERVED
+CVE-2018-20250
+	RESERVED
+CVE-2018-20249
+	RESERVED
+CVE-2018-20248
+	RESERVED
+CVE-2018-20247
+	RESERVED
+CVE-2018-20246
+	RESERVED
+CVE-2018-20245
+	RESERVED
+CVE-2018-20244
+	RESERVED
+CVE-2018-20243
+	RESERVED
+CVE-2018-20242
+	RESERVED
+CVE-2018-20241
+	RESERVED
+CVE-2018-20240
+	RESERVED
+CVE-2018-20239
+	RESERVED
+CVE-2018-20238
+	RESERVED
+CVE-2018-20237
+	RESERVED
+CVE-2018-20236
+	RESERVED
+CVE-2018-20235
+	RESERVED
+CVE-2018-20234
+	RESERVED
+CVE-2018-20233
+	RESERVED
+CVE-2018-20232
+	RESERVED
+CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication ...)
+	TODO: check
+CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buffer ...)
+	TODO: check
+CVE-2018-20229
+	RESERVED
+CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with ...)
+	TODO: check
+CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP ...)
+	TODO: check
+CVE-2018-20226
+	RESERVED
+CVE-2018-20225
+	RESERVED
+CVE-2018-20224
+	RESERVED
+CVE-2018-20223
+	RESERVED
+CVE-2018-20222
+	RESERVED
+CVE-2018-20221
+	RESERVED
+CVE-2018-20220
+	RESERVED
+CVE-2018-20219
+	RESERVED
+CVE-2018-20218
+	RESERVED
+CVE-2018-20217
+	RESERVED
 CVE-2018-20216 [pvrdma: infinite loop in pvrdma_qp_send/recv]
 	RESERVED
 	- qemu <unfixed> (unimportant)
@@ -3306,18 +3500,18 @@ CVE-2018-20026
 	RESERVED
 CVE-2018-20025
 	RESERVED
-CVE-2018-20024
-	RESERVED
-CVE-2018-20023
-	RESERVED
-CVE-2018-20022
-	RESERVED
-CVE-2018-20021
-	RESERVED
-CVE-2018-20020
-	RESERVED
-CVE-2018-20019
-	RESERVED
+CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains ...)
+	TODO: check
+CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains ...)
+	TODO: check
+CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains ...)
+	TODO: check
+CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...)
+	TODO: check
+CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...)
+	TODO: check
+CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains ...)
+	TODO: check
 CVE-2018-20018 (S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by ...)
 	NOT-FOR-US: S-CMS
 CVE-2018-20017 (SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. ...)
@@ -7291,12 +7485,12 @@ CVE-2018-19600
 	RESERVED
 CVE-2018-19599
 	RESERVED
-CVE-2018-19598
-	RESERVED
-CVE-2018-19597
-	RESERVED
-CVE-2018-19596
-	RESERVED
+CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the /users ...)
+	TODO: check
+CVE-2018-19597 (CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a ...)
+	TODO: check
+CVE-2018-19596 (Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the ...)
+	TODO: check
 CVE-2018-19595 (PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute ...)
 	NOT-FOR-US: PbootCMS
 CVE-2018-19594
@@ -8132,12 +8326,12 @@ CVE-2018-19510
 	RESERVED
 CVE-2018-19509
 	RESERVED
-CVE-2018-19508
-	RESERVED
-CVE-2018-19507
-	RESERVED
-CVE-2018-19506
-	RESERVED
+CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ...)
+	TODO: check
+CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ...)
+	TODO: check
+CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the ...)
+	TODO: check
 CVE-2018-19505
 	RESERVED
 CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
@@ -9734,8 +9928,8 @@ CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The softwa
 	NOT-FOR-US: Philips HealthSuite Health Android App
 CVE-2018-19000
 	RESERVED
-CVE-2018-18999
-	RESERVED
+CVE-2018-18999 (WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows ...)
+	TODO: check
 CVE-2018-18998
 	RESERVED
 CVE-2018-18997
@@ -14271,14 +14465,14 @@ CVE-2018-17197
 	RESERVED
 CVE-2018-17196
 	RESERVED
-CVE-2018-17195
-	RESERVED
-CVE-2018-17194
-	RESERVED
-CVE-2018-17193
-	RESERVED
-CVE-2018-17192
-	RESERVED
+CVE-2018-17195 (The template upload API endpoint accepted requests from different ...)
+	TODO: check
+CVE-2018-17194 (When a client request to a cluster node was replicated to other nodes ...)
+	TODO: check
+CVE-2018-17193 (The message-page.jsp error page used the value of the HTTP request ...)
+	TODO: check
+CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on some HTTP ...)
+	TODO: check
 CVE-2018-17191
 	RESERVED
 CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager ...)
@@ -15004,8 +15198,7 @@ CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. NF
 	NOTE: https://patchwork.kernel.org/cover/10733767/
 	NOTE: https://patchwork.kernel.org/patch/10733769/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660375
-CVE-2018-16883 [Information leak in infopipe due to an improper uid restriction]
-	RESERVED
+CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly restrict ...)
 	- sssd <unfixed> (bug #916824)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1659862
 	NOTE: Fixed in upstream 2.0.0 while refactoring code
@@ -19506,10 +19699,10 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the ...)
 	NOT-FOR-US: ThinkSAAS
 CVE-2018-15128
 	RESERVED
-CVE-2018-15127
-	RESERVED
-CVE-2018-15126
-	RESERVED
+CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains ...)
+	TODO: check
+CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...)
+	TODO: check
 CVE-2018-15125 (Sensitive Information Disclosure in Zipato Zipabox Smart Home ...)
 	NOT-FOR-US: Zipato
 CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD ...)
@@ -40115,7 +40308,7 @@ CVE-2018-7366
 	RESERVED
 CVE-2018-7365
 	RESERVED
-CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Orange ...)
+CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product ...)
 	NOT-FOR-US: ZTE
 CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
 	NOT-FOR-US: ZTE
@@ -43574,8 +43767,8 @@ CVE-2018-6309
 	RESERVED
 CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and ...)
 	NOT-FOR-US: SugarCRM
-CVE-2018-6307
-	RESERVED
+CVE-2018-6307 (LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains ...)
+	TODO: check
 CVE-2018-6306 (Unauthorized code execution from specific DLL and is known as DLL ...)
 	NOT-FOR-US: Kaspersky Password Manager
 CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before 7.65 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9cb5e8972c1bd5b9979404646f09cf29a4426424

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9cb5e8972c1bd5b9979404646f09cf29a4426424
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/6311bfb6/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list