[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 16 09:10:59 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3bb8343 by security tracker role at 2019-04-16T08:10:48Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-11242
+	RESERVED
+CVE-2019-11241
+	RESERVED
+CVE-2019-11240
+	RESERVED
+CVE-2019-11239
+	RESERVED
+CVE-2019-11238
+	RESERVED
+CVE-2019-11237
+	RESERVED
 CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...)
 	- python-urllib3 <unfixed>
 	NOTE: https://github.com/urllib3/urllib3/issues/1553
@@ -33561,12 +33573,12 @@ CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObje
 	NOTE: https://github.com/qpdf/qpdf/issues/243
 CVE-2018-1000806
 	REJECTED
-CVE-2018-18019
-	RESERVED
-CVE-2018-18018
-	RESERVED
-CVE-2018-18017
-	RESERVED
+CVE-2018-18019 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPre ...)
+	TODO: check
+CVE-2018-18018 (SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 f ...)
+	TODO: check
+CVE-2018-18017 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPre ...)
+	TODO: check
 CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage  ...)
 	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1049
@@ -34572,14 +34584,14 @@ CVE-2018-17588 (AirTies Air 5021 devices with software 1.0.0.18 have XSS via the
 	NOT-FOR-US: AirTies Air 5021 devices
 CVE-2018-17587 (AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.h ...)
 	NOT-FOR-US: AirTies Air 5750 devices
-CVE-2018-17586
-	RESERVED
-CVE-2018-17585
-	RESERVED
-CVE-2018-17584
-	RESERVED
-CVE-2018-17583
-	RESERVED
+CVE-2018-17586 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rule ...)
+	TODO: check
+CVE-2018-17585 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfa ...)
+	TODO: check
+CVE-2018-17584 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp- ...)
+	TODO: check
+CVE-2018-17583 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rule ...)
+	TODO: check
 CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get ...)
 	- tcpreplay 4.3.1-1 (bug #910597)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
@@ -36126,10 +36138,10 @@ CVE-2018-16969 (Citrix ShareFile StorageZones Controller before 5.4.2 has Inform
 	NOT-FOR-US: Citrix ShareFile StorageZones Controller
 CVE-2018-16968 (Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory ...)
 	NOT-FOR-US: Citrix ShareFile StorageZones Controller
-CVE-2018-16967
-	RESERVED
-CVE-2018-16966
-	RESERVED
+CVE-2018-16967 (There is an XSS vulnerability in the mndpsingh287 File Manager plugin  ...)
+	TODO: check
+CVE-2018-16966 (There is a CSRF vulnerability in the mndpsingh287 File Manager plugin  ...)
+	TODO: check
 CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there i ...)
 	NOT-FOR-US: Zoho
 CVE-2018-16964
@@ -71702,10 +71714,10 @@ CVE-2018-4011 (An exploitable integer underflow vulnerability exists in the mdns
 	NOT-FOR-US: CUJO Smart Firewall
 CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect func ...)
 	NOT-FOR-US: ProtonVPN client
-CVE-2018-4009
-	RESERVED
-CVE-2018-4008
-	RESERVED
+CVE-2018-4009 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
+	TODO: check
+CVE-2018-4008 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
+	TODO: check
 CVE-2018-4007
 	RESERVED
 CVE-2018-4006



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3bb83436a16f95ac62397736ebb941d08f48a17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3bb83436a16f95ac62397736ebb941d08f48a17
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190416/8ced4e5b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list