[Git][security-tracker-team/security-tracker][master] automatic update

Thu Nov 22 08:10:27 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86757c1f by security tracker role at 2018-11-22T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2018-19437 (UCMS 1.4.7 allows remote authenticated users to change the ...)
+	TODO: check
+CVE-2018-19436 (An issue was discovered in the Manufacturing component in webERP 4.15. ...)
+	TODO: check
+CVE-2018-19435 (An issue was discovered in the Sales component in webERP 4.15. ...)
+	TODO: check
+CVE-2018-19434 (An issue was discovered on the "Bank Account Matching - Receipts" ...)
+	TODO: check
+CVE-2018-19433 (ShowDoc 2.4.1 has XSS via the lang parameter because ...)
+	TODO: check
+CVE-2018-19432 (An issue was discovered in libsndfile 1.0.28. There is a NULL pointer ...)
+	TODO: check
+CVE-2018-19431
+	RESERVED
+CVE-2018-19430
+	RESERVED
+CVE-2018-19429
+	RESERVED
+CVE-2018-19428
+	RESERVED
+CVE-2018-19427
+	RESERVED
+CVE-2018-19426
+	RESERVED
+CVE-2018-19425
+	RESERVED
+CVE-2018-19424 (ClipperCMS 1.3.3 allows remote authenticated administrators to upload ...)
+	TODO: check
+CVE-2018-19423 (Codiad 2.8.4 allows remote authenticated administrators to execute ...)
+	TODO: check
+CVE-2018-19422 (/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute ...)
+	TODO: check
+CVE-2018-19421 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but ...)
+	TODO: check
+CVE-2018-19420 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there ...)
+	TODO: check
+CVE-2018-19419
+	RESERVED
+CVE-2018-19418
+	RESERVED
 CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG before 4.2. ...)
 	TODO: check
 CVE-2018-19416 (An issue was discovered in sysstat 12.1.1. The remap_struct function in ...)
@@ -37741,6 +37781,7 @@ CVE-2018-5409
 CVE-2018-5408
 	RESERVED
 CVE-2018-5407 (Simultaneous Multi-threading (SMT) in processors can enable local ...)
+	{DLA-1586-1}
 	- openssl 1.1.1~~pre9-1
 	- openssl1.0 <unfixed>
 	NOTE: https://www.openssl.org/news/secadv/20181112.txt
@@ -51854,6 +51895,7 @@ CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be ...
 CVE-2018-0736
 	RESERVED
 CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ...)
+	{DLA-1586-1}
 	- openssl <unfixed>
 	[stretch] - openssl <postponed> (Wait for next DSA and upstream release)
 	- openssl1.0 <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86757c1f27fef0932aea135074f6d9bbc7ed3a3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86757c1f27fef0932aea135074f6d9bbc7ed3a3c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181122/84de298c/attachment.html>
