[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 9 20:11:47 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1760a242 by security tracker role at 2018-11-09T20:10:27Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ...)
+	TODO: check
+CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...)
+	TODO: check
+CVE-2018-19135
+	RESERVED
+CVE-2018-19134
+	RESERVED
+CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...)
+	TODO: check
+CVE-2018-19130 (In Libav 12.3, there is an invalid memory access in vc1_decode_frame in ...)
+	TODO: check
+CVE-2018-19129 (In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ...)
+	TODO: check
+CVE-2018-19128 (In Libav 12.3, there is a heap-based buffer over-read in decode_frame ...)
+	TODO: check
+CVE-2018-19127 (A code injection vulnerability in /type.php in PHPCMS 2008 allows ...)
+	TODO: check
+CVE-2018-19126 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote ...)
+	TODO: check
+CVE-2018-19125 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote ...)
+	TODO: check
+CVE-2018-19124 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows ...)
+	TODO: check
+CVE-2018-19123
+	RESERVED
+CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL pointer ...)
+	TODO: check
+CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in ...)
+	TODO: check
 CVE-2018-XXXX [otrs: Security Advisory 2018-09]
 	- otrs2 6.0.13-1
 	NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
@@ -23,7 +53,7 @@ CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock up host]
 	- xen <unfixed>
 	[stretch] - xen <postponed> (Hold back until next DSA)
 	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
-CVE-2018-19115 (keepalived through 2.0.8 has a heap-based buffer overflow when parsing ...)
+CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...)
 	- keepalived <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/pull/961
@@ -713,12 +743,12 @@ CVE-2018-18807
 	RESERVED
 CVE-2017-18350
 	RESERVED
-CVE-2018-19132 [Squid: SNMP mem leak]
+CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service ...)
 	- squid 4.4-1 (low; bug #912294)
 	- squid3 <removed> (low)
 	[stretch] - squid3 <postponed> (Can be fixed along in a future DSA)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
-CVE-2018-19131 [Squid: XSS when generating HTTPS response messages about TLS errors]
+CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) ...)
 	- squid 4.4-1 (unimportant; bug #912293)
 	- squid3 <removed> (unimportant)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
@@ -847,7 +877,7 @@ CVE-2018-18750
 	RESERVED
 CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading to an ...)
 	NOT-FOR-US: data-tools
-CVE-2018-18748 (Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, ...)
+CVE-2018-18748 (** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import ...)
 	NOT-FOR-US: Sandboxie
 CVE-2018-18747
 	RESERVED
@@ -11029,8 +11059,7 @@ CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1.
 	[stretch] - haproxy <not-affected> (Only affects 1.8.x)
 	[jessie] - haproxy <not-affected> (Only affects 1.8.x)
 	NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
-CVE-2018-14644 [Crafted query for meta-types can cause a denial of service]
-	RESERVED
+CVE-2018-14644 (An issue has been found in PowerDNS Recursor from 4.0.0 up to and ...)
 	- pdns-recursor <unfixed> (bug #913162)
 	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
 	NOTE: https://downloads.powerdns.com/patches/2018-07/
@@ -46489,8 +46518,8 @@ CVE-2018-1874
 	RESERVED
 CVE-2018-1873
 	RESERVED
-CVE-2018-1872
-	RESERVED
+CVE-2018-1872 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
+	TODO: check
 CVE-2018-1871
 	RESERVED
 CVE-2018-1870
@@ -46685,7 +46714,7 @@ CVE-2018-1776
 	RESERVED
 CVE-2018-1775
 	RESERVED
-CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and2018.3.6 is vulnerable to ...)
+CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an ...)
 	NOT-FOR-US: IBM



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1760a242d20266d74fbffcaa594d88be8a2c8255

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1760a242d20266d74fbffcaa594d88be8a2c8255
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181109/3ce24b7f/attachment.html>

More information about the debian-security-tracker-commits mailing list