[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c341d348 by security tracker role at 2018-11-07T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,24 @@
-CVE-2018-19052 [potential path traversal with specific configs]
+CVE-2018-19055
+	RESERVED
+CVE-2018-19054
+	RESERVED
+CVE-2018-19053 (PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by ...)
+	TODO: check
+CVE-2018-19051 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type ...)
+	TODO: check
+CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset ...)
+	TODO: check
+CVE-2018-19049
+	RESERVED
+CVE-2017-18351
+	RESERVED
+CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...)
 	- lighttpd <unfixed>
 	NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
 CVE-2018-19048
 	RESERVED
-CVE-2018-19047
-	RESERVED
+CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application ...)
+	TODO: check
 CVE-2018-19046
 	RESERVED
 CVE-2018-19045
@@ -4518,8 +4532,7 @@ CVE-2018-17188
 	RESERVED
 CVE-2018-17187
 	RESERVED
-CVE-2018-17186
-	RESERVED
+CVE-2018-17186 (An administrator with workflow definition entitlements can use DTD to ...)
 	NOT-FOR-US: Apache Syncope
 CVE-2018-17185
 	RESERVED
@@ -10690,8 +10703,7 @@ CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c
 	- libmspack 0.7-1 (bug #904799)
 	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
-CVE-2018-14667 [Expression Language injection via UserResource allows for unauthenticated remote code execution]
-	RESERVED
+CVE-2018-14667 (The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression ...)
 	NOT-FOR-US: RichFaces
 CVE-2018-14666
 	RESERVED
@@ -16565,16 +16577,16 @@ CVE-2018-12417
 	RESERVED
 CVE-2018-12416
 	RESERVED
-CVE-2018-12415
-	RESERVED
-CVE-2018-12414
-	RESERVED
-CVE-2018-12413
-	RESERVED
-CVE-2018-12412
-	RESERVED
-CVE-2018-12411
-	RESERVED
+CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO Software ...)
+	TODO: check
+CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
+	TODO: check
+CVE-2018-12413 (The Schema repository server (tibschemad) component of TIBCO Software ...)
+	TODO: check
+CVE-2018-12412 (The realm server (tibrealmserver) component of TIBCO Software Inc. ...)
+	TODO: check
+CVE-2018-12411 (The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ...)
+	TODO: check
 CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire Statistics ...)
 	NOT-FOR-US: TIBCO
 CVE-2018-12409



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c341d348f8f63a11875da5671ab604afdd6f018e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c341d348f8f63a11875da5671ab604afdd6f018e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181107/d1fef000/attachment.html>