[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Dec 22 08:10:26 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71e76cfc by security tracker role at 2018-12-22T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on macOS ...)
+	TODO: check
+CVE-2018-20350
+	RESERVED
+CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 ...)
+	TODO: check
+CVE-2018-20348 (libpff_item_tree_create_node in libpff_item_tree.c in libpff before ...)
+	TODO: check
+CVE-2018-20347
+	RESERVED
 CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in StackStorm ...)
 	TODO: check
 CVE-2018-20344
@@ -38,14 +48,14 @@ CVE-2018-20327 (Chamilo LMS version 1.11.8 contains XSS in ...)
 	NOT-FOR-US: Chamilo LMS
 CVE-2018-20326
 	RESERVED
-CVE-2018-20325
-	RESERVED
+CVE-2018-20325 (There is a vulnerability in load() method in definitions/parser.py in ...)
+	TODO: check
 CVE-2018-20324
 	RESERVED
 CVE-2018-20323
 	RESERVED
-CVE-2018-20322
-	RESERVED
+CVE-2018-20322 (LimeSurvey contains an XSS vulnerability while uploading a ZIP file, ...)
+	TODO: check
 CVE-2018-20321
 	RESERVED
 CVE-2018-20320
@@ -104,12 +114,14 @@ CVE-2018-1000879 (libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd554
 	NOTE: Introduced in: https://github.com/libarchive/libarchive/commit/379867ecb330b3a952fb7bfa7bffb7bbd5547205 (3.3.0)
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175
 CVE-2018-1000878 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc ...)
+	{DLA-1612-1}
 	- libarchive 3.3.3-2 (bug #916963)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
 	NOTE: https://github.com/libarchive/libarchive/pull/1105
 	NOTE: Introduced after: https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28
 CVE-2018-1000877 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc ...)
+	{DLA-1612-1}
 	- libarchive 3.3.3-2 (bug #916964)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
 	NOTE: https://github.com/libarchive/libarchive/pull/1105
@@ -457,8 +469,8 @@ CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF
 	NOT-FOR-US: Subsonic
 CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP ...)
 	NOT-FOR-US: RDF4J
-CVE-2018-20226
-	RESERVED
+CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...)
+	TODO: check
 CVE-2018-20225
 	RESERVED
 CVE-2018-20224
@@ -537,8 +549,8 @@ CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of ...)
 CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the ...)
 	- faad2 <unfixed>
 	NOTE: https://github.com/knik0/faad2/issues/21
-CVE-2018-20193
-	RESERVED
+CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally developed ...)
+	TODO: check
 CVE-2018-20192
 	RESERVED
 CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ...)
@@ -592,7 +604,8 @@ CVE-2018-20174
 	RESERVED
 CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
 	NOT-FOR-US: Zoho ManageEngine OpManager
-CVE-2018-20346 ["Magellan" remote code execution vulnerability]
+CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an ...)
+	{DSA-4352-1 DLA-1613-1}
 	- sqlite3 3.25.3-1
 	- chromium 71.0.3578.80-1
 	NOTE: https://blade.tencent.com/magellan/index_en.html
@@ -9159,14 +9172,14 @@ CVE-2018-19325
 	RESERVED
 CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the ...)
 	NOT-FOR-US: kimsQ Rb
-CVE-2018-19323
-	RESERVED
-CVE-2018-19322
-	RESERVED
-CVE-2018-19321
-	RESERVED
-CVE-2018-19320
-	RESERVED
+CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
+	TODO: check
+CVE-2018-19322 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
+	TODO: check
+CVE-2018-19321 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
+	TODO: check
+CVE-2018-19320 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
+	TODO: check
 CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to ...)
 	NOT-FOR-US: SRCMS
 CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to ...)
@@ -12850,12 +12863,12 @@ CVE-2018-18011
 	RESERVED
 CVE-2018-18010
 	RESERVED
-CVE-2018-18009
-	RESERVED
-CVE-2018-18008
-	RESERVED
-CVE-2018-18007
-	RESERVED
+CVE-2018-18009 (dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote ...)
+	TODO: check
+CVE-2018-18008 (spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote ...)
+	TODO: check
+CVE-2018-18007 (atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated ...)
+	TODO: check
 CVE-2018-18006 (Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for ...)
 	TODO: check
 CVE-2018-18005
@@ -15893,8 +15906,8 @@ CVE-2018-16780 (Complete Responsive CMS Blog through 2018-05-20 has XSS via a co
 	NOT-FOR-US: Complete Responsive CMS Blog
 CVE-2018-16779 (BlogCMS through 2016-10-25 has XSS via a comment. ...)
 	NOT-FOR-US: BlogCMS
-CVE-2018-16778
-	RESERVED
+CVE-2018-16778 (Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through ...)
+	TODO: check
 CVE-2018-16777
 	RESERVED
 CVE-2018-16776 (wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e76cfc99f5c190b642073549a74bbb3d454334

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e76cfc99f5c190b642073549a74bbb3d454334
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181222/53501e2a/attachment.html>

More information about the debian-security-tracker-commits mailing list