[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 11 08:10:30 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7eb469d8 by security tracker role at 2018-11-11T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first three ...)
+ TODO: check
+CVE-2018-19169
+ RESERVED
+CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi ...)
+ TODO: check
+CVE-2018-19167
+ RESERVED
+CVE-2018-19166
+ RESERVED
+CVE-2018-19165
+ RESERVED
+CVE-2018-19164
+ RESERVED
+CVE-2018-19163
+ RESERVED
+CVE-2018-19162
+ RESERVED
+CVE-2018-19161
+ RESERVED
+CVE-2018-19160
+ RESERVED
+CVE-2018-19159
+ RESERVED
+CVE-2018-19158
+ RESERVED
+CVE-2018-19157
+ RESERVED
+CVE-2018-19156
+ RESERVED
+CVE-2018-19155
+ RESERVED
+CVE-2018-19154
+ RESERVED
+CVE-2018-19153
+ RESERVED
+CVE-2018-19152
+ RESERVED
+CVE-2018-19151
+ RESERVED
CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in ...)
NOT-FOR-US: pdfforge PDF Architect
CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...)
@@ -24,8 +64,8 @@ CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address
NOT-FOR-US: DomainMOD
CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...)
NOT-FOR-US: DomainMOD
-CVE-2018-19135
- RESERVED
+CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file ...)
+ TODO: check
CVE-2018-19134
RESERVED
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...)
@@ -53,20 +93,17 @@ CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL pointe
NOT-FOR-US: libIEC61850
CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in ...)
NOT-FOR-US: libIEC61850
-CVE-2018-19141 [otrs: Security Advisory 2018-09]
- RESERVED
+CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...)
- otrs2 6.0.1-1
NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions).
NOTE: Add workaround and mark first 6.x version as fixing version
-CVE-2018-19142 [otrs: Security Advisory 2018-08]
- RESERVED
+CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin ...)
- otrs2 6.0.13-1
[stretch] - otrs2 <not-affected> (Only affects 6.x)
[jessie] - otrs2 <not-affected> (Only affects 6.x)
NOTE: https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/
-CVE-2018-19143 [otrs: Security Advisory 2018-07]
- RESERVED
+CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before ...)
- otrs2 6.0.13-1
NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120
@@ -16906,7 +16943,7 @@ CVE-2018-12394
RESERVED
CVE-2018-12393
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -16915,7 +16952,7 @@ CVE-2018-12393
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393
CVE-2018-12392
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -16932,7 +16969,7 @@ CVE-2018-12391
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391
CVE-2018-12390
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -16941,7 +16978,7 @@ CVE-2018-12390
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
CVE-2018-12389
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- thunderbird 1:60.3.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
@@ -47903,8 +47940,8 @@ CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManag
NOT-FOR-US: Fortinet
CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for Android ...)
NOT-FOR-US: Dolphin Browser for Android
-CVE-2017-17550
- RESERVED
+CVE-2017-17550 (ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a ...)
+ TODO: check
CVE-2017-17549 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2017-17548
@@ -64308,14 +64345,14 @@ CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w ...)
- {DSA-3999-1 DLA-1150-1}
+ {DSA-3999-1 DLA-1573-1 DLA-1150-1}
- firmware-nonfree 20180825-1
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
- {DSA-3999-1 DLA-1200-1 DLA-1150-1}
+ {DSA-3999-1 DLA-1573-1 DLA-1200-1 DLA-1150-1}
- firmware-nonfree 20180825-1
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
@@ -64326,21 +64363,21 @@ CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of t
NOTE: https://w1.fi/security/2017-1/
NOTE: https://git.kernel.org/linus/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e (v4.14-rc6)
CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w ...)
- {DSA-3999-1 DLA-1150-1}
+ {DSA-3999-1 DLA-1573-1 DLA-1150-1}
- firmware-nonfree 20180825-1
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
- {DSA-3999-1 DLA-1150-1}
+ {DSA-3999-1 DLA-1573-1 DLA-1150-1}
- firmware-nonfree 20180825-1
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
- {DSA-3999-1 DLA-1150-1}
+ {DSA-3999-1 DLA-1573-1 DLA-1150-1}
- firmware-nonfree 20180825-1
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
@@ -75595,6 +75632,7 @@ CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Cust
CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for ...)
NOT-FOR-US: WP-Testimonials plugin for WordPress
CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ...)
+ {DLA-1573-1}
- firmware-nonfree 20180518-1 (bug #869639)
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
@@ -101660,6 +101698,7 @@ CVE-2017-0563 (An elevation of privilege vulnerability in the HTC touchscreen dr
CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscreen ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmware ...)
+ {DLA-1573-1}
- firmware-nonfree 20180518-1 (bug #869639)
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
@@ -132052,6 +132091,7 @@ CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x be
CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
NOT-FOR-US: Android drivers
CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
+ {DLA-1573-1}
- firmware-nonfree 20180518-1 (bug #869639)
[stretch] - firmware-nonfree 20161130-4
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7eb469d81afbdff4c9f4164119b95e06257361a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7eb469d81afbdff4c9f4164119b95e06257361a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181111/9bdeca8e/attachment.html>
More information about the debian-security-tracker-commits
mailing list