[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 24 20:10:28 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97a40758 by security tracker role at 2018-12-24T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,16 @@
+CVE-2018-20434
+ RESERVED
+CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in ...)
+ TODO: check
CVE-2018-20432
RESERVED
CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference ...)
+ {DLA-1616-1}
- libextractor <unfixed> (bug #917213)
NOTE: https://gnunet.org/bugs/view.php?id=5494
NOTE: https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
CVE-2018-20430 (GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in ...)
+ {DLA-1616-1}
- libextractor <unfixed> (bug #917214)
NOTE: https://gnunet.org/bugs/view.php?id=5493
NOTE: https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
@@ -619,12 +625,12 @@ CVE-2018-20251
RESERVED
CVE-2018-20250
RESERVED
-CVE-2018-20249
- RESERVED
-CVE-2018-20248
- RESERVED
-CVE-2018-20247
- RESERVED
+CVE-2018-20249 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where ...)
+ TODO: check
+CVE-2018-20248 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where ...)
+ TODO: check
+CVE-2018-20247 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where ...)
+ TODO: check
CVE-2018-20246
RESERVED
CVE-2018-20245
@@ -9843,8 +9849,8 @@ CVE-2018-19250
RESERVED
CVE-2018-19249
RESERVED
-CVE-2018-19248
- RESERVED
+CVE-2018-19248 (The web service on Epson WorkForce WF-2861 10.48 ...)
+ TODO: check
CVE-2018-19247
RESERVED
CVE-2018-19246 (PHP-Proxy 5.1.0 allows remote attackers to read local files if the ...)
@@ -9875,8 +9881,8 @@ CVE-2018-19234 (The Miss Marple Updater Service in COMPAREX Miss Marple Enterpri
NOT-FOR-US: Miss Marple Enterprise
CVE-2018-19233 (COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users ...)
NOT-FOR-US: Miss Marple Enterprise
-CVE-2018-19232
- RESERVED
+CVE-2018-19232 (The web service on Epson WorkForce WF-2861 10.48 ...)
+ TODO: check
CVE-2018-19231
RESERVED
CVE-2018-19230
@@ -10548,10 +10554,10 @@ CVE-2018-18962
RESERVED
CVE-2018-18961
RESERVED
-CVE-2018-18960
- RESERVED
-CVE-2018-18959
- RESERVED
+CVE-2018-18960 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, ...)
+ TODO: check
+CVE-2018-18959 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, ...)
+ TODO: check
CVE-2018-18958
RESERVED
CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...)
@@ -11155,8 +11161,8 @@ CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as ..
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
CVE-2018-18699 (An issue was discovered in GoPro gpmf-parser 1.2.1. There is an ...)
NOT-FOR-US: GoPro gpmf-parser
-CVE-2018-18698
- RESERVED
+CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 ...)
+ TODO: check
CVE-2018-18697
RESERVED
CVE-2018-18696
@@ -12505,6 +12511,7 @@ CVE-2018-18246 (Icinga Web 2 before 2.6.2 has CSRF via ...)
- icingaweb2 2.6.2-1
NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt
CVE-2018-18245 (Nagios Core 4.4.2 has XSS via the alert summary reports of plugin ...)
+ {DLA-1615-1}
- nagios4 <unfixed> (bug #917138)
- nagios3 <removed>
NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt
@@ -15001,8 +15008,7 @@ CVE-2018-17199
RESERVED
CVE-2018-17198
RESERVED
-CVE-2018-17197 [nfinite Loop in Tika's SQLite3Parser]
- RESERVED
+CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an infinite loop ...)
- tika <not-affected> (Only affects 1.8 to 1.19.1)
NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/2
CVE-2018-17196
@@ -19513,8 +19519,8 @@ CVE-2018-15467
RESERVED
CVE-2018-15466
RESERVED
-CVE-2018-15465
- RESERVED
+CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive ...)
+ TODO: check
CVE-2018-15464
RESERVED
CVE-2018-15463
@@ -36636,14 +36642,14 @@ CVE-2018-8922 (Improper access control vulnerability in Synology Drive before ..
NOT-FOR-US: Synology Drive
CVE-2018-8921 (Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast ...)
NOT-FOR-US: Synology Drive
-CVE-2018-8920
- RESERVED
-CVE-2018-8919
- RESERVED
-CVE-2018-8918
- RESERVED
-CVE-2018-8917
- RESERVED
+CVE-2018-8920 (Improper neutralization of escape vulnerability in Log Exporter in ...)
+ TODO: check
+CVE-2018-8919 (Information exposure vulnerability in SYNO.Core.Desktop.SessionData in ...)
+ TODO: check
+CVE-2018-8918 (Cross-site scripting (XSS) vulnerability in info.cgi in Synology ...)
+ TODO: check
+CVE-2018-8917 (Cross-site scripting (XSS) vulnerability in info.cgi in Synology ...)
+ TODO: check
CVE-2018-8916 (Unverified password change vulnerability in Change Password in ...)
NOT-FOR-US: Synology
CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center in ...)
@@ -39339,18 +39345,18 @@ CVE-2018-7839
RESERVED
CVE-2018-7838
RESERVED
-CVE-2018-7837
- RESERVED
-CVE-2018-7836
- RESERVED
-CVE-2018-7835
- RESERVED
+CVE-2018-7837 (An Improper Restriction of XML External Entity Reference ('XXE') ...)
+ TODO: check
+CVE-2018-7836 (An unrestricted Upload of File with Dangerous Type vulnerability ...)
+ TODO: check
+CVE-2018-7835 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ TODO: check
CVE-2018-7834
RESERVED
CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Schneider Electric
-CVE-2018-7832
- RESERVED
+CVE-2018-7832 (An Improper Input Validation vulnerability exists in Pro-Face GP-Pro ...)
+ TODO: check
CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web Page ...)
NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7830 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP ...)
@@ -39409,26 +39415,26 @@ CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the .
NOT-FOR-US: Schneider Electric
CVE-2018-7803
RESERVED
-CVE-2018-7802
- RESERVED
-CVE-2018-7801
- RESERVED
-CVE-2018-7800
- RESERVED
+CVE-2018-7802 (A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 ...)
+ TODO: check
+CVE-2018-7801 (A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 ...)
+ TODO: check
+CVE-2018-7800 (A Hard-coded Credentials vulnerability exists in EVLink Parking, ...)
+ TODO: check
CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Software ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
NOT-FOR-US: Schneider
CVE-2018-7797 (A URL redirection vulnerability exists in Power Monitoring Expert, ...)
NOT-FOR-US: Schneider Electric
-CVE-2018-7796
- RESERVED
+CVE-2018-7796 (A Buffer Error vulnerability exists in PowerSuite 2, all released ...)
+ TODO: check
CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider ...)
NOT-FOR-US: Schneider
CVE-2018-7794
RESERVED
-CVE-2018-7793
- RESERVED
+CVE-2018-7793 (A Credential Management vulnerability exists in FoxView HMI SCADA (All ...)
+ TODO: check
CVE-2018-7792 (A Permissions, Privileges, and Access Control vulnerability exists in ...)
NOT-FOR-US: Schneider
CVE-2018-7791 (A Permissions, Privileges, and Access Control vulnerability exists in ...)
@@ -113302,7 +113308,7 @@ CVE-2016-9568 (A security design issue can allow an unprivileged user to interac
CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) ...)
NOT-FOR-US: Samsung
CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with ...)
- {DLA-751-1}
+ {DLA-1615-1 DLA-751-1}
- nagios3 <removed>
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
@@ -190291,7 +190297,7 @@ CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAd
- phpmyadmin 4:4.1.7-1 (unimportant)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c ...)
- {DSA-2956-1 DLA-461-1 DLA-60-1}
+ {DSA-2956-1 DLA-1615-1 DLA-461-1 DLA-60-1}
- icinga 1.10.3-1
- nagios3 <removed> (bug #823721)
NOTE: Fixed by https://github.com/Icinga/icinga-core/commit/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5
@@ -194442,6 +194448,7 @@ CVE-2013-7220 (js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=686740
NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94
CVE-2013-7205 (Off-by-one error in the process_cgivars function in ...)
+ {DLA-1615-1}
- nagios3 <removed> (low; bug #771466)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
@@ -194598,7 +194605,7 @@ CVE-2013-7110 (Transifex command-line client before 0.10 does not validate X.509
NOTE: https://github.com/transifex/transifex-client/issues/42
NOTE: https://github.com/transifex/transifex-client/commit/6d69d61
CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, ...)
- {DSA-2956-1 DLA-60-1}
+ {DSA-2956-1 DLA-1615-1 DLA-60-1}
- icinga 1.10.2-1 (low)
- nagios3 <removed> (low; bug #771466)
[squeeze] - nagios3 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97a407584beff33445be5cb4f8c0631ed0b4001c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97a407584beff33445be5cb4f8c0631ed0b4001c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181224/f57d6fc2/attachment.html>
More information about the debian-security-tracker-commits
mailing list