[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Nov 6 08:11:14 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
530f8354 by security tracker role at 2018-11-06T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...)
+	TODO: check
+CVE-2018-18979
+	RESERVED
+CVE-2018-18978
+	RESERVED
+CVE-2018-18977
+	RESERVED
+CVE-2018-18976
+	RESERVED
+CVE-2018-18975
+	RESERVED
+CVE-2018-18974
+	RESERVED
+CVE-2018-18973
+	RESERVED
+CVE-2018-18972
+	RESERVED
+CVE-2018-18971
+	RESERVED
+CVE-2018-18970
+	RESERVED
+CVE-2018-18969
+	RESERVED
+CVE-2018-18968
+	RESERVED
+CVE-2018-18967
+	RESERVED
+CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...)
+	TODO: check
+CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...)
+	TODO: check
+CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...)
+	TODO: check
+CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce ...)
+	TODO: check
+CVE-2018-18962
+	RESERVED
+CVE-2018-18961
+	RESERVED
+CVE-2018-18960
+	RESERVED
+CVE-2018-18959
+	RESERVED
+CVE-2018-18958
+	RESERVED
+CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...)
+	TODO: check
+CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...)
+	TODO: check
+CVE-2018-18955
+	RESERVED
 CVE-2018-18954
 	RESERVED
 CVE-2018-18953
@@ -2632,24 +2684,24 @@ CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P
 	NOT-FOR-US: P2P Cloud Server
 CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...)
 	NOT-FOR-US: InduSoft Web Studio
-CVE-2018-17913
-	RESERVED
+CVE-2018-17913 (A type confusion vulnerability exists when processing project files in ...)
+	TODO: check
 CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...)
 	NOT-FOR-US: CASE Suite
 CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...)
 	NOT-FOR-US: LAquis SCADA
 CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...)
 	NOT-FOR-US: Advantech WebAccess
-CVE-2018-17909
-	RESERVED
+CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...)
+	TODO: check
 CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the ...)
 	NOT-FOR-US: Advantech WebAccess
-CVE-2018-17907
-	RESERVED
+CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...)
+	TODO: check
 CVE-2018-17906
 	RESERVED
-CVE-2018-17905
-	RESERVED
+CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...)
+	TODO: check
 CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...)
 	NOT-FOR-US: Reliance 4 SCADA/HMI
 CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
@@ -13743,10 +13795,10 @@ CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucib
 	NOT-FOR-US: Atlassian
 CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2018-13397
-	RESERVED
-CVE-2018-13396
-	RESERVED
+CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for ...)
+	TODO: check
+CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS ...)
+	TODO: check
 CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181106/384f5574/attachment.html>


More information about the debian-security-tracker-commits mailing list