[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 30 08:10:42 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
47adffcb by security tracker role at 2018-11-30T08:10:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2018-19779
+ RESERVED
+CVE-2018-19778
+ RESERVED
+CVE-2018-19777
+ RESERVED
+CVE-2018-19776
+ RESERVED
+CVE-2018-19775
+ RESERVED
+CVE-2018-19774
+ RESERVED
+CVE-2018-19773
+ RESERVED
+CVE-2018-19772
+ RESERVED
+CVE-2018-19771
+ RESERVED
+CVE-2018-19770
+ RESERVED
+CVE-2018-19769
+ RESERVED
+CVE-2018-19768
+ RESERVED
+CVE-2018-19767
+ RESERVED
+CVE-2018-19766
+ RESERVED
+CVE-2018-19765
+ RESERVED
+CVE-2018-19764 (Mini-XML (aka mxml) 2.12 has memory leaks. ...)
+ TODO: check
+CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: ...)
+ TODO: check
+CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function: ...)
+ TODO: check
+CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: ...)
+ TODO: check
+CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
+ TODO: check
+CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
+ TODO: check
+CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
+ TODO: check
+CVE-2018-19757 (There is a NULL pointer dereference at function ...)
+ TODO: check
+CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: ...)
+ TODO: check
+CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: ...)
+ TODO: check
+CVE-2018-19754
+ RESERVED
+CVE-2018-19753
+ RESERVED
+CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php ...)
+ TODO: check
+CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php ...)
+ TODO: check
+CVE-2018-19750 (DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes ...)
+ TODO: check
+CVE-2018-19749 (DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php ...)
+ TODO: check
+CVE-2018-19748 (app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows ...)
+ TODO: check
+CVE-2018-19747
+ RESERVED
+CVE-2018-19746
+ RESERVED
+CVE-2018-19745
+ RESERVED
+CVE-2018-19744
+ RESERVED
+CVE-2018-19743
+ RESERVED
+CVE-2018-19742
+ RESERVED
+CVE-2018-19741
+ RESERVED
+CVE-2018-19740
+ RESERVED
+CVE-2018-19739
+ RESERVED
+CVE-2018-19738
+ RESERVED
+CVE-2018-19737
+ RESERVED
+CVE-2018-19736
+ RESERVED
+CVE-2018-19735
+ RESERVED
+CVE-2018-19734
+ RESERVED
+CVE-2018-19733
+ RESERVED
+CVE-2018-19732
+ RESERVED
+CVE-2018-19731
+ RESERVED
+CVE-2018-19730
+ RESERVED
+CVE-2018-19729
+ RESERVED
+CVE-2018-19728
+ RESERVED
+CVE-2018-19727
+ RESERVED
+CVE-2018-19726
+ RESERVED
+CVE-2018-19725
+ RESERVED
+CVE-2018-19724
+ RESERVED
+CVE-2018-19723
+ RESERVED
+CVE-2018-19722
+ RESERVED
+CVE-2018-19721
+ RESERVED
+CVE-2018-19720
+ RESERVED
+CVE-2018-19719
+ RESERVED
+CVE-2018-19718
+ RESERVED
+CVE-2018-19717
+ RESERVED
+CVE-2018-19716
+ RESERVED
+CVE-2018-19715
+ RESERVED
+CVE-2018-19714
+ RESERVED
+CVE-2018-19713
+ RESERVED
+CVE-2018-19712
+ RESERVED
+CVE-2018-19711
+ RESERVED
+CVE-2018-19710
+ RESERVED
+CVE-2018-19709
+ RESERVED
+CVE-2018-19708
+ RESERVED
+CVE-2018-19707
+ RESERVED
+CVE-2018-19706
+ RESERVED
+CVE-2018-19705
+ RESERVED
+CVE-2018-19704
+ RESERVED
+CVE-2018-19703
+ RESERVED
+CVE-2018-19702
+ RESERVED
+CVE-2018-19701
+ RESERVED
+CVE-2018-19700
+ RESERVED
+CVE-2018-19699
+ RESERVED
+CVE-2018-19698
+ RESERVED
+CVE-2018-1000819
+ REJECTED
+ TODO: check
+CVE-2018-1000818
+ REJECTED
+ TODO: check
CVE-2018-19697
RESERVED
CVE-2018-19696
@@ -3070,8 +3240,8 @@ CVE-2018-19529
RESERVED
CVE-2018-19528 (TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a ...)
NOT-FOR-US: TP-Link
-CVE-2018-19527
- RESERVED
+CVE-2018-19527 (i4 assistant 7.85 allows XSS via a crafted machine name field within ...)
+ TODO: check
CVE-2018-19526
RESERVED
CVE-2018-19525
@@ -3134,8 +3304,7 @@ CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code .
NOT-FOR-US: Vanilla
CVE-2018-19498
RESERVED
-CVE-2018-19497 [out of bounds read]
- RESERVED
+CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c ...)
- sleuthkit <unfixed> (bug #914796)
NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
CVE-2018-19496
@@ -4384,8 +4553,7 @@ CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x bef
{DLA-1592-1}
- otrs2 6.0.13-1
NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
-CVE-2018-19120 [HTML Thumbnailer automatic remote file access]
- RESERVED
+CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...)
- kio-extras 4:18.08.3-1 (bug #913595)
[stretch] - kio-extras <no-dsa> (Minor issue)
- kde-runtime <unfixed> (bug #913596)
@@ -5587,8 +5755,8 @@ CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in Pron
NOT-FOR-US: CommuniGate Pro
CVE-2018-18620
RESERVED
-CVE-2018-18619
- RESERVED
+CVE-2018-18619 (internal/advanced_comment_system/admin.php in Advanced Comment System ...)
+ TODO: check
CVE-2018-18618
RESERVED
CVE-2018-18617
@@ -6335,24 +6503,28 @@ CVE-2018-18315 (com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attacker
NOT-FOR-US: lemon, different from src:lemon
CVE-2018-18314 [Heap-based buffer overflow]
RESERVED
+ {DSA-4347-1}
- perl 5.28.0-3
[jessie] - perl <not-affected> (Vulnerable code introduced later)
NOTE: https://rt.perl.org/Ticket/Display.html?id=131649
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/19a498a461d7c81ae3507c450953d1148efecf4f
CVE-2018-18313 [Heap-buffer-overflow read in regcomp.c]
RESERVED
+ {DSA-4347-1}
- perl 5.28.0-3
[jessie] - perl <not-affected> (Vulnerable code introduced later)
NOTE: https://rt.perl.org/Ticket/Display.html?id=133192
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
CVE-2018-18312 [Heap-buffer-overflow write in S_regatom (regcomp.c)]
RESERVED
+ {DSA-4347-1}
- perl 5.28.1-1
[jessie] - perl <not-affected> (Vulnerable code introduced later)
NOTE: https://rt.perl.org/Ticket/Display.html?id=133423
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/9b0464aa670d0a59bda5b75d54f2a6b6f9d1288a
CVE-2018-18311 [Integer overflow leading to buffer overflow and segmentation fault]
RESERVED
+ {DSA-4347-1}
- perl 5.28.1-1
NOTE: https://rt.perl.org/Ticket/Display.html?id=133204
NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
@@ -12224,15 +12396,13 @@ CVE-2018-15983
RESERVED
CVE-2018-15982
RESERVED
-CVE-2018-15981
- RESERVED
+CVE-2018-15981 (Flash Player versions 31.0.0.148 and earlier have a type confusion ...)
NOT-FOR-US: Adobe
-CVE-2018-15980
- RESERVED
-CVE-2018-15979
- RESERVED
-CVE-2018-15978
- RESERVED
+CVE-2018-15980 (Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds ...)
+ TODO: check
+CVE-2018-15979 (Adobe Acrobat and Reader versions 2019.008.20080 and earlier, ...)
+ TODO: check
+CVE-2018-15978 (Flash Player versions 31.0.0.122 and earlier have an out-of-bounds ...)
NOT-FOR-US: Adobe
CVE-2018-15977
RESERVED
@@ -13447,8 +13617,8 @@ CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus,
NOT-FOR-US: Agentejo Cockpit
CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. ...)
NOT-FOR-US: Agentejo Cockpit
-CVE-2018-15537
- RESERVED
+CVE-2018-15537 (Unrestricted file upload (with remote code execution) in OCS Inventory ...)
+ TODO: check
CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)
NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47adffcbed79570b66352b3f839436efcf58d216
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47adffcbed79570b66352b3f839436efcf58d216
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181130/d5001174/attachment.html>
More information about the debian-security-tracker-commits
mailing list