[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 27 08:10:26 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6907716c by security tracker role at 2018-12-27T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,52 @@
+CVE-2018-20507
+ RESERVED
+CVE-2018-20506
+ RESERVED
+CVE-2018-20505
+ RESERVED
+CVE-2018-20504
+ RESERVED
+CVE-2018-20503
+ RESERVED
+CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ...)
+ TODO: check
+CVE-2018-20501
+ RESERVED
+CVE-2018-20500
+ RESERVED
+CVE-2018-20499
+ RESERVED
+CVE-2018-20498
+ RESERVED
+CVE-2018-20497
+ RESERVED
+CVE-2018-20496
+ RESERVED
+CVE-2018-20495
+ RESERVED
+CVE-2018-20494
+ RESERVED
+CVE-2018-20493
+ RESERVED
+CVE-2018-20492
+ RESERVED
+CVE-2018-20491
+ RESERVED
+CVE-2018-20490
+ RESERVED
+CVE-2018-20489
+ RESERVED
+CVE-2018-20488
+ RESERVED
+CVE-2018-20487
+ RESERVED
CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php ...)
NOT-FOR-US: MetInfo
CVE-2018-20485 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20484 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget through 1.20 stores a file's ...)
+CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's ...)
- wget <unfixed> (bug #917375)
[stretch] - wget <not-affected> (Vulnerable code introduced in 1.19)
[jessie] - wget <not-affected> (Vulnerable code introduced in 1.19)
@@ -211,8 +253,8 @@ CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow
NOTE: https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc (3.6)
CVE-2018-20405 (BigTree 4.3 allows full path disclosure via authenticated admin/news/ ...)
NOT-FOR-US: BigTree CMS
-CVE-2018-20404
- RESERVED
+CVE-2018-20404 (ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system ...)
+ TODO: check
CVE-2018-20403
RESERVED
CVE-2018-20402 (Safe Software FME Server through 2018.1 creates and enables three ...)
@@ -837,8 +879,7 @@ CVE-2018-20219
RESERVED
CVE-2018-20218
RESERVED
-CVE-2018-20217 [Ignore password attributes for S4U2Self requests]
- RESERVED
+CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...)
- krb5 <unfixed> (bug #917387)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
@@ -5421,8 +5462,7 @@ CVE-2018-19875
RESERVED
CVE-2018-19874
RESERVED
-CVE-2018-19873 [QBmpHandler segfault on malformed BMP file]
- RESERVED
+CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...)
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2
[jessie] - qtbase-opensource-src <ignored> (Minor issue)
@@ -5432,8 +5472,7 @@ CVE-2018-19873 [QBmpHandler segfault on malformed BMP file]
NOTE: https://codereview.qt-project.org/#/c/238749/
CVE-2018-19872
RESERVED
-CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
- RESERVED
+CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile ...)
- qtimageformats-opensource-src 5.11.3-2 (low)
[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
@@ -5443,8 +5482,7 @@ CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/237761/
NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
-CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
- RESERVED
+CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image ...)
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
[stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -5456,8 +5494,7 @@ CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
NOTE: https://codereview.qt-project.org/#/c/235998/
NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
-CVE-2018-19869 [Fix crash when parsing malformed url reference]
- RESERVED
+CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image ...)
[experimental] - qtsvg-opensource-src 5.11.3-1
- qtsvg-opensource-src 5.11.3-2 (low)
[stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -5647,8 +5684,8 @@ CVE-2018-19801
RESERVED
CVE-2018-19800
RESERVED
-CVE-2018-19799
- RESERVED
+CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= ...)
+ TODO: check
CVE-2018-19798
RESERVED
CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
@@ -6140,10 +6177,10 @@ CVE-2018-19618
RESERVED
CVE-2018-19617
RESERVED
-CVE-2018-19616
- RESERVED
-CVE-2018-19615
- RESERVED
+CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley ...)
+ TODO: check
+CVE-2018-19615 (An issue was discovered in Rockwell Automation Allen-Bradley ...)
+ TODO: check
CVE-2018-19614
RESERVED
CVE-2018-19613
@@ -10183,8 +10220,8 @@ CVE-2018-19184 (cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attack
NOT-FOR-US: Go Ethereum
CVE-2018-19183 (ethereumjs-vm 2.4.0 allows attackers to cause a denial of service ...)
NOT-FOR-US: ethereumjs-vm
-CVE-2018-19182
- RESERVED
+CVE-2018-19182 (Engelsystem before commit hash 2e28336 allows CSRF. ...)
+ TODO: check
CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows ...)
NOT-FOR-US: YUNUCMS
CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if ...)
@@ -11736,12 +11773,12 @@ CVE-2018-18541 (In Teeworlds before 0.6.5, connection packets could be forged. T
NOTE: https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e
CVE-2018-18538
RESERVED
-CVE-2018-18537
- RESERVED
-CVE-2018-18536
- RESERVED
-CVE-2018-18535
- RESERVED
+CVE-2018-18537 (The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier ...)
+ TODO: check
+CVE-2018-18536 (The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 ...)
+ TODO: check
+CVE-2018-18535 (The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier ...)
+ TODO: check
CVE-2018-18534
RESERVED
CVE-2018-18533
@@ -13283,8 +13320,8 @@ CVE-2018-17989
RESERVED
CVE-2018-17988
RESERVED
-CVE-2018-17987
- RESERVED
+CVE-2018-17987 (The determineWinner function of a smart contract implementation for ...)
+ TODO: check
CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
NOT-FOR-US: razorCMS
CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...)
@@ -19567,8 +19604,7 @@ CVE-2018-15520
RESERVED
CVE-2018-15519
RESERVED
-CVE-2018-15518 [Qt Base: "double free or corruption" in QXmlStreamReader]
- RESERVED
+CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption ...)
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2
[jessie] - qtbase-opensource-src <ignored> (Minor issue)
@@ -29251,10 +29287,10 @@ CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initiali
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
NOTE: https://github.com/mruby/mruby/issues/4027
-CVE-2018-11742
- RESERVED
-CVE-2018-11741
- RESERVED
+CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password ...)
+ TODO: check
+CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session ...)
+ TODO: check
CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from ...)
- sleuthkit <unfixed> (low; bug #902187)
[stretch] - sleuthkit <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6907716ce60968bf824c62ae7b869a47b4c94931
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6907716ce60968bf824c62ae7b869a47b4c94931
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181227/30a42d0f/attachment.html>
More information about the debian-security-tracker-commits
mailing list