[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Nov 7 20:10:38 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bdacd30 by security tracker role at 2018-11-07T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2018-19093 (** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a ...)
+	TODO: check
+CVE-2018-19092 (An issue was discovered in YzmCMS v5.2. It has XSS via a ...)
+	TODO: check
+CVE-2018-19091 (tianti 2.3 has reflected XSS in the user management module via the ...)
+	TODO: check
+CVE-2018-19090 (tianti 2.3 has stored XSS in the article management module via an ...)
+	TODO: check
+CVE-2018-19089 (tianti 2.3 has stored XSS in the userlist module via the ...)
+	TODO: check
+CVE-2018-19088
+	RESERVED
+CVE-2018-19087
+	RESERVED
+CVE-2018-19086
+	RESERVED
+CVE-2018-19085
+	RESERVED
+CVE-2018-19084
+	RESERVED
+CVE-2018-19083 (WeCenter 3.2.0 through 3.2.2 has XSS in the ...)
+	TODO: check
+CVE-2018-19082 (An issue was discovered on Foscam Opticam i5 devices with System ...)
+	TODO: check
+CVE-2018-19081 (An issue was discovered on Foscam Opticam i5 devices with System ...)
+	TODO: check
+CVE-2018-19080 (An issue was discovered on Foscam Opticam i5 devices with System ...)
+	TODO: check
+CVE-2018-19079 (An issue was discovered on Foscam Opticam i5 devices with System ...)
+	TODO: check
+CVE-2018-19078 (An issue was discovered on Foscam Opticam i5 devices with System ...)
+	TODO: check
+CVE-2018-19077 (An issue was discovered on Foscam Opticam i5 devices with System ...)
+	TODO: check
+CVE-2018-19076 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19075 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19074 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19073 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19072 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19071 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19070 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19069 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19068 (An issue was discovered on Foscam Opticam i5 devices with System ...)
+	TODO: check
+CVE-2018-19067 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19066 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19065 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19064 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19063 (An issue was discovered on Foscam C2 devices with System Firmware ...)
+	TODO: check
+CVE-2018-19062
+	RESERVED
+CVE-2018-19061 (DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. ...)
+	TODO: check
+CVE-2018-19060 (An issue was discovered in Poppler 0.71.0. There is a NULL pointer ...)
+	TODO: check
+CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bounds ...)
+	TODO: check
+CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...)
+	TODO: check
+CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ...)
+	TODO: check
+CVE-2018-19056 (pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" ...)
+	TODO: check
 CVE-2018-XXXX [VirtualBox E1000 Guest-to-Host Escape]
 	- virtualbox <unfixed> (bug #913137)
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -1067,8 +1143,8 @@ CVE-2018-18592
 	RESERVED
 CVE-2018-18591
 	RESERVED
-CVE-2018-18590
-	RESERVED
+CVE-2018-18590 (A potential remote code execution and information disclosure ...)
+	TODO: check
 CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has been ...)
 	NOT-FOR-US: Micro Focus
 CVE-2018-18588
@@ -5318,21 +5394,18 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
 CVE-2018-16846
 	RESERVED
-CVE-2018-16845 [Memory disclosure in the ngx_http_mp4_module]
-	RESERVED
+CVE-2018-16845 (nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ...)
 	- nginx 1.14.1-1 (bug #913090)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
 	NOTE: https://nginx.org/download/patch.2018.mp4.txt
 	NOTE: http://hg.nginx.org/nginx/rev/fdc19a3289c1
 	NOTE: Fixed in 1.15.6, 1.14.1.
-CVE-2018-16844 [Excessive CPU usage in HTTP/2]
-	RESERVED
+CVE-2018-16844 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the ...)
 	- nginx 1.14.1-1 (bug #913090)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
 	NOTE: http://hg.nginx.org/nginx/rev/9200b41db765
 	NOTE: Fixed in 1.15.6, 1.14.1.
-CVE-2018-16843 [Excessive memory usage in HTTP/2]
-	RESERVED
+CVE-2018-16843 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the ...)
 	- nginx 1.14.1-1 (bug #913090)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
 	NOTE: http://hg.nginx.org/nginx/rev/d4448892a294
@@ -28125,8 +28198,8 @@ CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffi
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/1
 	NOTE: Only affects 6.x, marking 7.0 as the fixed version
 	NOTE: https://github.com/apache/trafficserver/pull/2147
-CVE-2018-8021
-	RESERVED
+CVE-2018-8021 (Versions of Superset prior to 0.23 used an unsafe load method from the ...)
+	TODO: check
 CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw ...)
 	{DLA-1475-1}
 	- tomcat-native 1.2.17-1
@@ -42872,7 +42945,7 @@ CVE-2018-3283 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
 CVE-2018-3282 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DLA-1566-1}
+	{DLA-1570-1 DLA-1566-1}
 	- mariadb-10.1 1:10.1.37-1 (bug #912848)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.24-1 (bug #911221)
@@ -42951,6 +43024,7 @@ CVE-2018-3253 (Vulnerability in the Oracle Virtual Directory component of Oracle
 CVE-2018-3252 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3251 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1570-1}
 	- mariadb-10.1 1:10.1.37-1 (bug #912848)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.24-1 (bug #911221)
@@ -43137,7 +43211,7 @@ CVE-2018-3176 (Vulnerability in the Hyperion Common Events component of Oracle .
 CVE-2018-3175 (Vulnerability in the Hyperion Common Events component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3174 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DLA-1566-1}
+	{DLA-1570-1 DLA-1566-1}
 	- mariadb-10.1 1:10.1.37-1 (bug #912848)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.24-1 (bug #911221)
@@ -43193,6 +43267,7 @@ CVE-2018-3158 (Vulnerability in the Oracle Hospitality Cruise Fleet Management .
 CVE-2018-3157 (Vulnerability in the Java SE component of Oracle Java SE ...)
 	- openjdk-11 11.0.1+13-1
 CVE-2018-3156 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1570-1}
 	- mariadb-10.1 1:10.1.37-1 (bug #912848)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.24-1 (bug #911221)
@@ -43235,6 +43310,7 @@ CVE-2018-3144 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
 CVE-2018-3143 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1570-1}
 	- mariadb-10.1 1:10.1.37-1 (bug #912848)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.24-1 (bug #911221)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bdacd30588285937a79f8fa5d4594234b174b07

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bdacd30588285937a79f8fa5d4594234b174b07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181107/07c63803/attachment.html>

More information about the debian-security-tracker-commits mailing list