[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Dec 31 20:10:23 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e6953db by security tracker role at 2018-12-31T20:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,191 @@
+CVE-2019-3493
+	RESERVED
+CVE-2019-3492
+	RESERVED
+CVE-2019-3491
+	RESERVED
+CVE-2019-3490
+	RESERVED
+CVE-2019-3489
+	RESERVED
+CVE-2019-3488
+	RESERVED
+CVE-2019-3487
+	RESERVED
+CVE-2019-3486
+	RESERVED
+CVE-2019-3485
+	RESERVED
+CVE-2019-3484
+	RESERVED
+CVE-2019-3483
+	RESERVED
+CVE-2019-3482
+	RESERVED
+CVE-2019-3481
+	RESERVED
+CVE-2019-3480
+	RESERVED
+CVE-2019-3479
+	RESERVED
+CVE-2019-3478
+	RESERVED
+CVE-2019-3477
+	RESERVED
+CVE-2019-3476
+	RESERVED
+CVE-2019-3475
+	RESERVED
+CVE-2019-3474
+	RESERVED
+CVE-2019-3473
+	RESERVED
+CVE-2019-3472
+	RESERVED
+CVE-2019-3471
+	RESERVED
+CVE-2019-3470
+	RESERVED
+CVE-2019-3469
+	RESERVED
+CVE-2019-3468
+	RESERVED
+CVE-2019-3467
+	RESERVED
+CVE-2019-3466
+	RESERVED
+CVE-2019-3465
+	RESERVED
+CVE-2019-3464
+	RESERVED
+CVE-2019-3463
+	RESERVED
+CVE-2019-3462
+	RESERVED
+CVE-2019-3461
+	RESERVED
+CVE-2019-3460
+	RESERVED
+CVE-2019-3459
+	RESERVED
+CVE-2019-3458
+	RESERVED
+CVE-2019-3457
+	RESERVED
+CVE-2019-3456
+	RESERVED
+CVE-2019-3455
+	RESERVED
+CVE-2019-3454
+	RESERVED
+CVE-2019-3453
+	RESERVED
+CVE-2019-3452
+	RESERVED
+CVE-2019-3451
+	RESERVED
+CVE-2019-3450
+	RESERVED
+CVE-2019-3449
+	RESERVED
+CVE-2019-3448
+	RESERVED
+CVE-2019-3447
+	RESERVED
+CVE-2019-3446
+	RESERVED
+CVE-2019-3445
+	RESERVED
+CVE-2019-3444
+	RESERVED
+CVE-2019-3443
+	RESERVED
+CVE-2019-3442
+	RESERVED
+CVE-2019-3441
+	RESERVED
+CVE-2019-3440
+	RESERVED
+CVE-2019-3439
+	RESERVED
+CVE-2019-3438
+	RESERVED
+CVE-2019-3437
+	RESERVED
+CVE-2019-3436
+	RESERVED
+CVE-2019-3435
+	RESERVED
+CVE-2019-3434
+	RESERVED
+CVE-2019-3433
+	RESERVED
+CVE-2019-3432
+	RESERVED
+CVE-2019-3431
+	RESERVED
+CVE-2019-3430
+	RESERVED
+CVE-2019-3429
+	RESERVED
+CVE-2019-3428
+	RESERVED
+CVE-2019-3427
+	RESERVED
+CVE-2019-3426
+	RESERVED
+CVE-2019-3425
+	RESERVED
+CVE-2019-3424
+	RESERVED
+CVE-2019-3423
+	RESERVED
+CVE-2019-3422
+	RESERVED
+CVE-2019-3421
+	RESERVED
+CVE-2019-3420
+	RESERVED
+CVE-2019-3419
+	RESERVED
+CVE-2019-3418
+	RESERVED
+CVE-2019-3417
+	RESERVED
+CVE-2019-3416
+	RESERVED
+CVE-2019-3415
+	RESERVED
+CVE-2019-3414
+	RESERVED
+CVE-2019-3413
+	RESERVED
+CVE-2019-3412
+	RESERVED
+CVE-2019-3411
+	RESERVED
+CVE-2019-3410
+	RESERVED
+CVE-2019-3409
+	RESERVED
+CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error function ...)
+	TODO: check
+CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a ...)
+	TODO: check
+CVE-2018-20621
+	RESERVED
+CVE-2018-20620
+	RESERVED
+CVE-2018-20619
+	RESERVED
+CVE-2018-20618 (ok-file-formats through 2018-10-16 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2018-20617 (ok-file-formats through 2018-10-16 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2018-20616 (ok-file-formats through 2018-10-16 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2018-20615
+	RESERVED
 CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote attackers to ...)
 	NOT-FOR-US: CIM
 CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
@@ -328,6 +516,7 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a
 	NOTE: Don't use extended attributes by default: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
 	NOTE: Introduced by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3 (v1.19)
 CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
+	{DLA-1623-1}
 	- tar <unfixed> (bug #917377)
 	[stretch] - tar <no-dsa> (Minor issue)
 	NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
@@ -453,7 +642,7 @@ CVE-2018-20438 (Technicolor TC7110.AR STD3.38.03 devices allow remote attackers
 	NOT-FOR-US: Technicolor
 CVE-2018-20437 (** DISPUTED ** An issue was discovered in the fileDownload function in ...)
 	TODO: check
-CVE-2018-20436 (The "secret chat" feature in Telegram 4.9.1 for Android has a "side ...)
+CVE-2018-20436 (** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android ...)
 	TODO: check
 CVE-2018-20435
 	RESERVED
@@ -4738,8 +4927,8 @@ CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on
 	NOT-FOR-US: Goodix GT9xx touchscreen driver
 CVE-2018-19938
 	RESERVED
-CVE-2018-19937
-	RESERVED
+CVE-2018-19937 (A local, authenticated attacker can bypass the passcode in the ...)
+	TODO: check
 CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
 	NOT-FOR-US: PrinterOn Enterprise
 CVE-2018-19934
@@ -5596,8 +5785,8 @@ CVE-2018-19920
 	RESERVED
 CVE-2018-19919 (Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php ...)
 	NOT-FOR-US: Pixelimity
-CVE-2018-19918
-	RESERVED
+CVE-2018-19918 (CuppaCMS has XSS via an SVG document uploaded to the ...)
+	TODO: check
 CVE-2019-1584
 	RESERVED
 CVE-2019-1583
@@ -5664,18 +5853,18 @@ CVE-2018-1000853
 	REJECTED
 CVE-2018-19907 (A Server-Side Template Injection issue was discovered in Crafter CMS ...)
 	NOT-FOR-US: Crafter CMS
-CVE-2018-19906
-	RESERVED
-CVE-2018-19905
-	RESERVED
-CVE-2018-19904
-	RESERVED
-CVE-2018-19903
-	RESERVED
-CVE-2018-19902
-	RESERVED
-CVE-2018-19901
-	RESERVED
+CVE-2018-19906 (Stored XSS exists in razorCMS 3.4.8 via the /#/page description ...)
+	TODO: check
+CVE-2018-19905 (HTML injection exists in razorCMS 3.4.8 via the /#/page keywords ...)
+	TODO: check
+CVE-2018-19904 (Persistent XSS exists in XSLT CMS via the ...)
+	TODO: check
+CVE-2018-19903 (Persistent XSS exists in XSLT CMS via the ...)
+	TODO: check
+CVE-2018-19902 (No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article ...)
+	TODO: check
+CVE-2018-19901 (No-CMS 1.1.3 is prone to Persistent XSS via the ...)
+	TODO: check
 CVE-2018-19900
 	RESERVED
 CVE-2018-19899
@@ -5868,10 +6057,10 @@ CVE-2018-19847
 	RESERVED
 CVE-2018-19846
 	RESERVED
-CVE-2018-19845
-	RESERVED
-CVE-2018-19844
-	RESERVED
+CVE-2018-19845 (There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php ...)
+	TODO: check
+CVE-2018-19844 (FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, ...)
+	TODO: check
 CVE-2018-19843 (opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows ...)
 	- radare2 3.1.0+dfsg-1 (low)
 	[stretch] - radare2 <no-dsa> (Minor issue)
@@ -11924,12 +12113,12 @@ CVE-2018-18604
 	RESERVED
 CVE-2018-18603 (** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape ...)
 	NOT-FOR-US: 360 Total Security
-CVE-2018-18602
-	RESERVED
-CVE-2018-18601
-	RESERVED
-CVE-2018-18600
-	RESERVED
+CVE-2018-18602 (The Cloud API on Guardzilla smart cameras allows user enumeration, ...)
+	TODO: check
+CVE-2018-18601 (The TK_set_deviceModel_req_handle function in the cloud communication ...)
+	TODO: check
+CVE-2018-18600 (The remote upgrade feature in Guardzilla GZ180 devices allow command ...)
+	TODO: check
 CVE-2018-18599 (Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress ...)
 	- stegdetect <removed>
 CVE-2018-18598
@@ -11942,8 +12131,8 @@ CVE-2018-18595
 	RESERVED
 CVE-2018-18594
 	RESERVED
-CVE-2018-18593
-	RESERVED
+CVE-2018-18593 (Remote Directory Traversal and Remote Disclosure of Privileged ...)
+	TODO: check
 CVE-2018-18592
 	RESERVED
 CVE-2018-18591 (A potential unauthorized disclosure of data vulnerability has been ...)
@@ -15534,8 +15723,7 @@ CVE-2018-17193 (The message-page.jsp error page used the value of the HTTP reque
 	NOT-FOR-US: Apache NiFi
 CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on some HTTP ...)
 	NOT-FOR-US: Apache NiFi
-CVE-2018-17191 [Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE)]
-	RESERVED
+CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration ...)
 	- netbeans <unfixed>
 	NOTE: Fixed upstream in version 10.0
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
@@ -43502,8 +43690,8 @@ CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in McAf
 	NOT-FOR-US: McAfee
 CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control / ...)
 	NOT-FOR-US: McAfee
-CVE-2018-6668
-	RESERVED
+CVE-2018-6668 (A whitelist bypass vulnerability in McAfee Application Control / ...)
+	TODO: check
 CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user ...)
 	NOT-FOR-US: McAfee
 CVE-2018-6666



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e6953dbd41723e893d1a4cab62d207c43fc888e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e6953dbd41723e893d1a4cab62d207c43fc888e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181231/18949aab/attachment.html>


More information about the debian-security-tracker-commits mailing list