[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Dec 21 20:10:29 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0eb0b66d by security tracker role at 2018-12-21T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,35 @@
-CVE-2018-20331
+CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in StackStorm ...)
+	TODO: check
+CVE-2018-20344
+	RESERVED
+CVE-2018-20343
+	RESERVED
+CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
+	TODO: check
+CVE-2018-20341
+	RESERVED
+CVE-2018-20340
 	RESERVED
-CVE-2018-20330
+CVE-2018-20339 (Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the ...)
+	TODO: check
+CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL ...)
+	TODO: check
+CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...)
+	TODO: check
+CVE-2018-20336
+	RESERVED
+CVE-2018-20335
+	RESERVED
+CVE-2018-20334
+	RESERVED
+CVE-2018-20333
+	RESERVED
+CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 1.2.4 for ...)
+	TODO: check
+CVE-2018-20331
 	RESERVED
+CVE-2018-20330 (The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow ...)
+	TODO: check
 CVE-2018-20329 (Chamilo LMS version 1.11.8 contains a ...)
 	NOT-FOR-US: Chamilo LMS
 CVE-2018-20328 (Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php ...)
@@ -11872,12 +11900,12 @@ CVE-2018-18334
 	RESERVED
 CVE-2018-18333
 	RESERVED
-CVE-2018-18332
-	RESERVED
-CVE-2018-18331
-	RESERVED
-CVE-2018-18330
-	RESERVED
+CVE-2018-18332 (A Trend Micro OfficeScan XG weak file permissions vulnerability may ...)
+	TODO: check
+CVE-2018-18331 (A Trend Micro OfficeScan XG weak file permissions vulnerability on a ...)
+	TODO: check
+CVE-2018-18330 (An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for ...)
+	TODO: check
 CVE-2018-18329 (A KERedirect Untrusted Pointer Dereference Privilege Escalation ...)
 	NOT-FOR-US: Trend Micro
 CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation ...)
@@ -15476,7 +15504,7 @@ CVE-2018-16886
 	RESERVED
 CVE-2018-16885
 	RESERVED
-CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ ...)
+CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.kernel.org/cover/10733767/
 	NOTE: https://patchwork.kernel.org/patch/10733769/
@@ -28665,7 +28693,7 @@ CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansi
 CVE-2018-11795
 	REJECTED
 CVE-2018-11794
-	RESERVED
+	REJECTED
 CVE-2018-11793
 	RESERVED
 CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER ...)
@@ -47561,10 +47589,10 @@ CVE-2018-5204
 	RESERVED
 CVE-2018-5203
 	RESERVED
-CVE-2018-5202
-	RESERVED
-CVE-2018-5201
-	RESERVED
+CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that could ...)
+	TODO: check
+CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO ...)
+	TODO: check
 CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow ...)
 	TODO: check
 CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain validation, It ...)
@@ -47573,8 +47601,8 @@ CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the ..
 	TODO: check
 CVE-2018-5197
 	RESERVED
-CVE-2018-5196
-	RESERVED
+CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused ...)
+	TODO: check
 CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow ...)
 	NOT-FOR-US: Hancom NEO
 CVE-2018-5194
@@ -203909,7 +203937,7 @@ CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative co
 	NOT-FOR-US: IBM WebSphere
 CVE-2013-4003 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...)
 	NOT-FOR-US: IBM TRIRIGA
-CVE-2013-4002 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
+CVE-2013-4002 (XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used ...)
 	- openjdk-6 6b27-1.12.7-1
 	- openjdk-7 7u45-2.4.3-1
 CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eb0b66db94751839290a149cf5240e5690a89b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eb0b66db94751839290a149cf5240e5690a89b1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/7a560128/attachment.html>


More information about the debian-security-tracker-commits mailing list