[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Oct 4 21:10:31 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca001a0b by security tracker role at 2018-10-04T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -218,18 +218,18 @@ CVE-2018-17878
 	RESERVED
 CVE-2018-17877
 	RESERVED
-CVE-2018-17876
-	RESERVED
+CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version ...)
+	TODO: check
 CVE-2018-17875
 	RESERVED
 CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
 	NOT-FOR-US: ExpressionEngine
 CVE-2018-17873
 	RESERVED
-CVE-2018-17872
-	RESERVED
-CVE-2018-17871
-	RESERVED
+CVE-2018-17872 (Verba Collaboration Compliance and Quality Management Platform before ...)
+	TODO: check
+CVE-2018-17871 (Verba Collaboration Compliance and Quality Management Platform before ...)
+	TODO: check
 CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" ...)
 	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection mechanism. ...)
@@ -13311,12 +13311,12 @@ CVE-2018-12474
 	RESERVED
 CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of ...)
 	TODO: check
-CVE-2018-12472
-	RESERVED
-CVE-2018-12471
-	RESERVED
-CVE-2018-12470
-	RESERVED
+CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux SMT ...)
+	TODO: check
+CVE-2018-12471 (A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT ...)
+	TODO: check
+CVE-2018-12470 (A SQL Injection in the RegistrationSharing module of SUSE Linux SMT ...)
+	TODO: check
 CVE-2018-12469
 	RESERVED
 CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...)
@@ -15208,8 +15208,8 @@ CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in K
 	- apache-karaf <itp> (bug #881297)
 CVE-2018-11785
 	RESERVED
-CVE-2018-11784
-	RESERVED
+CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...)
+	TODO: check
 CVE-2018-11783
 	RESERVED
 CVE-2018-11782
@@ -33202,8 +33202,8 @@ CVE-2018-5494
 	RESERVED
 CVE-2018-5493
 	RESERVED
-CVE-2018-5492
-	RESERVED
+CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and later ...)
+	TODO: check
 CVE-2018-5491
 	RESERVED
 CVE-2018-5490 (Read-Only export policy rules are not correctly enforced in Clustered ...)
@@ -43144,8 +43144,8 @@ CVE-2018-1821
 	RESERVED
 CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
-CVE-2018-1819
-	RESERVED
+CVE-2018-1819 (IBM Financial Transaction Manager for Digital Payments for ...)
+	TODO: check
 CVE-2018-1818
 	RESERVED
 CVE-2018-1817
@@ -43442,8 +43442,8 @@ CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the .
 	NOT-FOR-US: IBM
 CVE-2018-1671
 	RESERVED
-CVE-2018-1670
-	RESERVED
+CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
+	TODO: check
 CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1668
@@ -43574,12 +43574,12 @@ CVE-2018-1606
 	RESERVED
 CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
 	NOT-FOR-US: IBM
-CVE-2018-1604
-	RESERVED
-CVE-2018-1603
-	RESERVED
-CVE-2018-1602
-	RESERVED
+CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+	TODO: check
+CVE-2018-1603 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+	TODO: check
+CVE-2018-1602 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
+	TODO: check
 CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
 	NOT-FOR-US: IBM
 CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)
@@ -84312,8 +84312,8 @@ CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when ther
 	NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above)
 	NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb
 	NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153
-CVE-2017-5658
-	RESERVED
+CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to ...)
+	TODO: check
 CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected ...)
 	NOT-FOR-US: Apache Archiva
 CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca001a0bb63f8e082ea4409b04f9987074b9de70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca001a0bb63f8e082ea4409b04f9987074b9de70
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181004/3ab6fa76/attachment.html>

More information about the debian-security-tracker-commits mailing list