[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 21 20:10:29 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0eb0b66d by security tracker role at 2018-12-21T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,35 @@
-CVE-2018-20331
+CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in StackStorm ...)
+ TODO: check
+CVE-2018-20344
+ RESERVED
+CVE-2018-20343
+ RESERVED
+CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
+ TODO: check
+CVE-2018-20341
+ RESERVED
+CVE-2018-20340
RESERVED
-CVE-2018-20330
+CVE-2018-20339 (Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the ...)
+ TODO: check
+CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL ...)
+ TODO: check
+CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...)
+ TODO: check
+CVE-2018-20336
+ RESERVED
+CVE-2018-20335
+ RESERVED
+CVE-2018-20334
+ RESERVED
+CVE-2018-20333
+ RESERVED
+CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 1.2.4 for ...)
+ TODO: check
+CVE-2018-20331
RESERVED
+CVE-2018-20330 (The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow ...)
+ TODO: check
CVE-2018-20329 (Chamilo LMS version 1.11.8 contains a ...)
NOT-FOR-US: Chamilo LMS
CVE-2018-20328 (Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php ...)
@@ -11872,12 +11900,12 @@ CVE-2018-18334
RESERVED
CVE-2018-18333
RESERVED
-CVE-2018-18332
- RESERVED
-CVE-2018-18331
- RESERVED
-CVE-2018-18330
- RESERVED
+CVE-2018-18332 (A Trend Micro OfficeScan XG weak file permissions vulnerability may ...)
+ TODO: check
+CVE-2018-18331 (A Trend Micro OfficeScan XG weak file permissions vulnerability on a ...)
+ TODO: check
+CVE-2018-18330 (An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for ...)
+ TODO: check
CVE-2018-18329 (A KERedirect Untrusted Pointer Dereference Privilege Escalation ...)
NOT-FOR-US: Trend Micro
CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation ...)
@@ -15476,7 +15504,7 @@ CVE-2018-16886
RESERVED
CVE-2018-16885
RESERVED
-CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ ...)
+CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares ...)
- linux <unfixed>
NOTE: https://patchwork.kernel.org/cover/10733767/
NOTE: https://patchwork.kernel.org/patch/10733769/
@@ -28665,7 +28693,7 @@ CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansi
CVE-2018-11795
REJECTED
CVE-2018-11794
- RESERVED
+ REJECTED
CVE-2018-11793
RESERVED
CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER ...)
@@ -47561,10 +47589,10 @@ CVE-2018-5204
RESERVED
CVE-2018-5203
RESERVED
-CVE-2018-5202
- RESERVED
-CVE-2018-5201
- RESERVED
+CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that could ...)
+ TODO: check
+CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO ...)
+ TODO: check
CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow ...)
TODO: check
CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain validation, It ...)
@@ -47573,8 +47601,8 @@ CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the ..
TODO: check
CVE-2018-5197
RESERVED
-CVE-2018-5196
- RESERVED
+CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused ...)
+ TODO: check
CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow ...)
NOT-FOR-US: Hancom NEO
CVE-2018-5194
@@ -203909,7 +203937,7 @@ CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative co
NOT-FOR-US: IBM WebSphere
CVE-2013-4003 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...)
NOT-FOR-US: IBM TRIRIGA
-CVE-2013-4002 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
+CVE-2013-4002 (XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used ...)
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eb0b66db94751839290a149cf5240e5690a89b1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eb0b66db94751839290a149cf5240e5690a89b1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/7a560128/attachment.html>
More information about the debian-security-tracker-commits
mailing list