[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 16 08:10:23 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed707066 by security tracker role at 2018-11-16T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2018-19305
+ RESERVED
+CVE-2018-19304
+ RESERVED
+CVE-2018-19303
+ RESERVED
+CVE-2018-19302
+ RESERVED
+CVE-2018-19301 (tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted ...)
+ TODO: check
+CVE-2018-19300
+ RESERVED
+CVE-2018-19299
+ RESERVED
+CVE-2018-19298
+ RESERVED
CVE-2018-19297
RESERVED
CVE-2018-19296
@@ -1102,8 +1118,7 @@ CVE-2018-18955 [userns: also map extents in the reverse map to kernel IDs]
NOTE: https://git.kernel.org/linus/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd
NOTE: Introduced in https://git.kernel.org/linus/6397fac4915a
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
-CVE-2018-18954 [ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb]
- RESERVED
+CVE-2018-18954 (The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 ...)
- qemu <unfixed> (low)
[stretch] - qemu <postponed> (Minor issue, can be backported once fixed upstream)
- qemu-kvm <removed>
@@ -6839,12 +6854,12 @@ CVE-2018-16623
RESERVED
CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: DoraCMS
-CVE-2018-16621
- RESERVED
-CVE-2018-16620
- RESERVED
-CVE-2018-16619
- RESERVED
+CVE-2018-16621 (Sonatype Nexus Repository Manager before 3.14 allows Java Expression ...)
+ TODO: check
+CVE-2018-16620 (Sonatype Nexus Repository Manager before 3.14 has Incorrect Access ...)
+ TODO: check
+CVE-2018-16619 (Sonatype Nexus Repository Manager before 3.14 allows XSS. ...)
+ TODO: check
CVE-2018-16618
RESERVED
CVE-2018-1000670 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x ...)
@@ -10935,10 +10950,10 @@ CVE-2018-14937 (The Add page option in my little forum 2.4.12 allows XSS via the
NOT-FOR-US: My Little Forum
CVE-2018-14936 (The Add page option in my little forum 2.4.12 allows XSS via the Title ...)
NOT-FOR-US: My Little Forum
-CVE-2018-14935
- RESERVED
-CVE-2018-14934
- RESERVED
+CVE-2018-14935 (The Web administration console on Polycom Trio devices with software ...)
+ TODO: check
+CVE-2018-14934 (The Bluetooth subsystem on Polycom Trio devices with software before ...)
+ TODO: check
CVE-2018-14933 (upgrade_handle.php on NUUO NVRmini devices allows Remote Command ...)
NOT-FOR-US: NUUO NVRmini devices
CVE-2018-14932
@@ -37375,8 +37390,7 @@ CVE-2018-5409
RESERVED
CVE-2018-5408
RESERVED
-CVE-2018-5407 [new side-channel vulnerability on SMT/Hyper-Threading architectures]
- RESERVED
+CVE-2018-5407 (Simultaneous Multi-threading (SMT) in processors can enable local ...)
- openssl 1.1.1~~pre9-1
- openssl1.0 <unfixed>
NOTE: https://www.openssl.org/news/secadv/20181112.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed7070660de6830c07c58cdbbbe5469932651a51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed7070660de6830c07c58cdbbbe5469932651a51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181116/62b228ff/attachment.html>
More information about the debian-security-tracker-commits
mailing list