[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1df794d by security tracker role at 2018-11-15T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2018-19294
+	RESERVED
+CVE-2018-19293
+	RESERVED
+CVE-2018-19292
+	RESERVED
+CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability ...)
+	TODO: check
+CVE-2018-19290
+	RESERVED
+CVE-2018-19289 (An issue was discovered in Valine v1.3.3. It allows HTML injection, ...)
+	TODO: check
+CVE-2018-19288 (Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the ...)
+	TODO: check
+CVE-2018-19287 (XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote ...)
+	TODO: check
+CVE-2018-19286 (The server in mubu note 2018-11-11 has XSS by configuring an account ...)
+	TODO: check
+CVE-2018-19285
+	RESERVED
+CVE-2018-19284
+	RESERVED
+CVE-2018-19283
+	RESERVED
+CVE-2018-19282
+	RESERVED
+CVE-2018-19281 (Centreon 3.4.x allows SNMP trap SQL Injection. ...)
+	TODO: check
+CVE-2018-19280 (Centreon 3.4.x has XSS via the resource name or macro expression of a ...)
+	TODO: check
+CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the ...)
+	TODO: check
+CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x ...)
+	TODO: check
+CVE-2015-9274 (HarfBuzz before 1.0.4 allows remote attackers to cause a denial of ...)
+	TODO: check
 CVE-2019-0235
 	RESERVED
 CVE-2019-0234
@@ -3608,8 +3644,7 @@ CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291
-CVE-2018-17960 [ckeditor XSS]
-	RESERVED
+CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a ...)
 	- ckeditor 4.11.1+dfsg-1 (low)
 	[stretch] - ckeditor <no-dsa> (Minor issue)
 	[jessie] - ckeditor <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1df794d183bae3bbe057cd0ebbd128d8a8f458d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1df794d183bae3bbe057cd0ebbd128d8a8f458d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181115/801b8aa5/attachment.html>