[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 2 20:10:37 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50885e59 by security tracker role at 2019-01-02T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2019-3579
+ RESERVED
+CVE-2019-3578
+ RESERVED
+CVE-2019-3577 (An issue was discovered in Waimai Super Cms 20150505. ...)
+ TODO: check
+CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability that can ...)
+ TODO: check
+CVE-2019-3575
+ RESERVED
+CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function ...)
+ TODO: check
+CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based buffer ...)
+ TODO: check
+CVE-2019-3571
+ RESERVED
+CVE-2019-3570
+ RESERVED
+CVE-2019-3569
+ RESERVED
+CVE-2019-3568
+ RESERVED
+CVE-2019-3567
+ RESERVED
+CVE-2019-3566
+ RESERVED
+CVE-2019-3565
+ RESERVED
+CVE-2019-3564
+ RESERVED
+CVE-2019-3563
+ RESERVED
+CVE-2019-3562
+ RESERVED
+CVE-2019-3561
+ RESERVED
+CVE-2019-3560
+ RESERVED
+CVE-2019-3559
+ RESERVED
+CVE-2019-3558
+ RESERVED
+CVE-2019-3557
+ RESERVED
+CVE-2019-3556
+ RESERVED
+CVE-2019-3555
+ RESERVED
+CVE-2019-3554
+ RESERVED
+CVE-2019-3553
+ RESERVED
+CVE-2019-3552
+ RESERVED
+CVE-2019-3551
+ RESERVED
+CVE-2019-3550
+ RESERVED
+CVE-2019-3549
+ RESERVED
+CVE-2019-3548
+ RESERVED
+CVE-2019-3547
+ RESERVED
+CVE-2019-3546
+ RESERVED
+CVE-2019-3545
+ RESERVED
+CVE-2019-3544
+ RESERVED
+CVE-2019-3543
+ RESERVED
+CVE-2019-3542
+ RESERVED
+CVE-2019-3541
+ RESERVED
+CVE-2019-3540
+ RESERVED
+CVE-2019-3539
+ RESERVED
+CVE-2019-3538
+ RESERVED
+CVE-2019-3537
+ RESERVED
+CVE-2019-3536
+ RESERVED
+CVE-2019-3535
+ RESERVED
+CVE-2019-3534
+ RESERVED
+CVE-2019-3533
+ RESERVED
+CVE-2019-3532
+ RESERVED
+CVE-2019-3531
+ RESERVED
+CVE-2019-3530
+ RESERVED
+CVE-2019-3529
+ RESERVED
+CVE-2019-3528
+ RESERVED
+CVE-2019-3527
+ RESERVED
+CVE-2019-3526
+ RESERVED
+CVE-2019-3525
+ RESERVED
+CVE-2019-3524
+ RESERVED
+CVE-2019-3523
+ RESERVED
+CVE-2019-3522
+ RESERVED
+CVE-2019-3521
+ RESERVED
+CVE-2019-3520
+ RESERVED
+CVE-2019-3519
+ RESERVED
+CVE-2019-3518
+ RESERVED
+CVE-2019-3517
+ RESERVED
+CVE-2019-3516
+ RESERVED
+CVE-2019-3515
+ RESERVED
+CVE-2019-3514
+ RESERVED
+CVE-2019-3513
+ RESERVED
+CVE-2019-3512
+ RESERVED
+CVE-2019-3511
+ RESERVED
+CVE-2019-3510
+ RESERVED
+CVE-2019-3509
+ RESERVED
+CVE-2019-3508
+ RESERVED
+CVE-2019-3507
+ RESERVED
+CVE-2019-3506
+ RESERVED
+CVE-2019-3505
+ RESERVED
+CVE-2019-3504
+ RESERVED
+CVE-2019-3503
+ RESERVED
+CVE-2019-3502
+ RESERVED
+CVE-2019-3501 (The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted ...)
+ TODO: check
+CVE-2018-20661
+ RESERVED
+CVE-2018-20660
+ RESERVED
+CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in ...)
+ TODO: check
+CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...)
+ TODO: check
+CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as ...)
+ TODO: check
+CVE-2018-20656
+ RESERVED
+CVE-2018-20655
+ RESERVED
CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic ...)
- aria2 <unfixed>
NOTE: https://github.com/aria2/aria2/issues/1329
@@ -1022,8 +1194,8 @@ CVE-2018-20328 (Chamilo LMS version 1.11.8 contains XSS in main/social/group_vie
NOT-FOR-US: Chamilo LMS
CVE-2018-20327 (Chamilo LMS version 1.11.8 contains XSS in ...)
NOT-FOR-US: Chamilo LMS
-CVE-2018-20326
- RESERVED
+CVE-2018-20326 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware ...)
+ TODO: check
CVE-2018-20325 (There is a vulnerability in load() method in definitions/parser.py in ...)
TODO: check
CVE-2018-20324
@@ -1497,8 +1669,8 @@ CVE-2018-20213 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01
NOT-FOR-US: libexcel
CVE-2018-20212
RESERVED
-CVE-2018-20211
- RESERVED
+CVE-2018-20211 (ExifTool 8.32 allows local users to gain privileges by creating a ...)
+ TODO: check
CVE-2018-20210
RESERVED
CVE-2018-20209
@@ -1627,8 +1799,8 @@ CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The U
NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a different level ...)
NOT-FOR-US: gVisor
-CVE-2018-20166
- RESERVED
+CVE-2018-20166 (A file-upload vulnerability exists in Rukovoditel 2.3.1. ...)
+ TODO: check
CVE-2017-18355 (Installed packages are exposed by node_modules in Rendertron 1.0.0, ...)
NOT-FOR-US: Rendertron
CVE-2017-18354 (Rendertron 1.0.0 allows for alternative protocols such as 'file://' ...)
@@ -3780,8 +3952,8 @@ CVE-2018-20116
RESERVED
CVE-2018-20115
RESERVED
-CVE-2018-20114
- RESERVED
+CVE-2018-20114 (On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 ...)
+ TODO: check
CVE-2018-20113
RESERVED
CVE-2018-20112
@@ -3814,8 +3986,8 @@ CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c was
NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0
CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 1.12.1 ...)
NOT-FOR-US: codection "Import users from CSV with meta" plugin for WordPress
-CVE-2018-20100
- RESERVED
+CVE-2018-20100 (An issue was discovered on August Connect devices. Insecure data ...)
+ TODO: check
CVE-2018-20099 (There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of ...)
TODO: check
CVE-2018-20098 (There is a heap-based buffer over-read in ...)
@@ -6077,6 +6249,7 @@ CVE-2018-19875
CVE-2018-19874
RESERVED
CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...)
+ {DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
[stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -6099,6 +6272,7 @@ CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile .
NOTE: https://codereview.qt-project.org/#/c/237761/
NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image ...)
+ {DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
[stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -9780,8 +9954,7 @@ CVE-2018-19480
RESERVED
CVE-2018-19479
RESERVED
-CVE-2018-19478 [Attempting to open a carefully crafted PDF file results in long-running computation]
- RESERVED
+CVE-2018-19478 (In Artifex Ghostscript before 9.26, a carefully crafted PDF file can ...)
{DSA-4346-1 DLA-1620-1}
- ghostscript 9.26~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856
@@ -10069,8 +10242,8 @@ CVE-2018-19373
RESERVED
CVE-2018-19372
RESERVED
-CVE-2018-19371
- RESERVED
+CVE-2018-19371 (The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has ...)
+ TODO: check
CVE-2018-19370 (A Race condition vulnerability in unzip_file in ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-19369
@@ -10112,12 +10285,12 @@ CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b3c77aa581ebb215125c84b0742119483571e55
CVE-2018-19363
RESERVED
-CVE-2018-19362
- RESERVED
-CVE-2018-19361
- RESERVED
-CVE-2018-19360
- RESERVED
+CVE-2018-19362 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to ...)
+ TODO: check
+CVE-2018-19361 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to ...)
+ TODO: check
+CVE-2018-19360 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to ...)
+ TODO: check
CVE-2018-19359 [Unauthorized service template creation]
RESERVED
- gitlab 11.3.10+dfsg-2 (bug #914166)
@@ -15868,8 +16041,7 @@ CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager
NOT-FOR-US: Apache Spark
CVE-2018-17189
RESERVED
-CVE-2018-17188
- RESERVED
+CVE-2018-17188 (Prior to CouchDB version 2.3.0, CouchDB allowed for ...)
- couchdb <removed>
NOTE: https://www.openwall.com/lists/oss-security/2018/12/17/1
CVE-2018-17187 (The Apache Qpid Proton-J transport includes an optional wrapper layer ...)
@@ -19502,15 +19674,15 @@ CVE-2018-15805 (Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an
CVE-2018-15804 (An issue was discovered in the MapR File System in MapR Converged Data ...)
NOT-FOR-US: MapR File System
CVE-2018-15803
- RESERVED
+ REJECTED
CVE-2018-15802
- RESERVED
+ REJECTED
CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an authorization ...)
TODO: check
CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes an ...)
TODO: check
CVE-2018-15799
- RESERVED
+ REJECTED
CVE-2018-15798 (Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow ...)
TODO: check
CVE-2018-15797 (Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to ...)
@@ -19588,7 +19760,7 @@ CVE-2018-15762 (Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, vers
CVE-2018-15761 (Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15760
- RESERVED
+ REJECTED
CVE-2018-15759 (Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to ...)
@@ -20255,6 +20427,7 @@ CVE-2018-15520
CVE-2018-15519
RESERVED
CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption ...)
+ {DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2
[jessie] - qtbase-opensource-src <ignored> (Minor issue)
@@ -20321,8 +20494,8 @@ CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel License
NOT-FOR-US: Sentinel License Manager
CVE-2018-15491 (A vulnerability in the permission and encryption implementation of ...)
NOT-FOR-US: Zemana Anti-Logger
-CVE-2018-15490
- RESERVED
+CVE-2018-15490 (An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe ...)
+ TODO: check
CVE-2018-15489
RESERVED
CVE-2018-15488
@@ -22070,14 +22243,14 @@ CVE-2018-14723
CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in ...)
- btrfsmaintenance 0.4.1-2 (bug #906131)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
-CVE-2018-14721
- RESERVED
-CVE-2018-14720
- RESERVED
-CVE-2018-14719
- RESERVED
-CVE-2018-14718
- RESERVED
+CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
+ TODO: check
+CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to ...)
+ TODO: check
+CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
+ TODO: check
+CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
+ TODO: check
CVE-2018-14717
RESERVED
CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SEOmatic ...)
@@ -26271,8 +26444,8 @@ CVE-2018-13047
RESERVED
CVE-2018-13046
RESERVED
-CVE-2018-13045
- RESERVED
+CVE-2018-13045 (SQL injection vulnerability in the "Bazar" page in Yeswiki ...)
+ TODO: check
CVE-2018-13054 (An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The ...)
{DLA-1420-1}
- cinnamon 3.8.8-1 (bug #903201)
@@ -40025,8 +40198,8 @@ CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a J
NOT-FOR-US: Huawei
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ...)
NOT-FOR-US: Huawei
-CVE-2018-7900
- RESERVED
+CVE-2018-7900 (There is an information leak vulnerability in some Huawei HG products. ...)
+ TODO: check
CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones ...)
NOT-FOR-US: Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones
CVE-2018-7898
@@ -48726,8 +48899,8 @@ CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain validatio
NOT-FOR-US: Veraport G3 ALL
CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the ...)
NOT-FOR-US: Veraport G3 ALL
-CVE-2018-5197
- RESERVED
+CVE-2018-5197 (A vulnerability in the ExtCommon.dll user extension module version ...)
+ TODO: check
CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused ...)
TODO: check
CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow ...)
@@ -70971,25 +71144,25 @@ CVE-2017-14819 (This vulnerability allows remote attackers to disclose sensitive
CVE-2017-14818 (This vulnerability allows remote attackers to disclose sensitive on ...)
NOT-FOR-US: Foxit Reader
CVE-2017-14817
- RESERVED
+ REJECTED
CVE-2017-14816
- RESERVED
+ REJECTED
CVE-2017-14815
- RESERVED
+ REJECTED
CVE-2017-14814
- RESERVED
+ REJECTED
CVE-2017-14813
- RESERVED
+ REJECTED
CVE-2017-14812
- RESERVED
+ REJECTED
CVE-2017-14811
- RESERVED
+ REJECTED
CVE-2017-14810
- RESERVED
+ REJECTED
CVE-2017-14809
- RESERVED
+ REJECTED
CVE-2017-14808
- RESERVED
+ REJECTED
CVE-2017-14807
RESERVED
CVE-2017-14806
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50885e591cbc446863c21d8138aaa5a9b1714fde
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50885e591cbc446863c21d8138aaa5a9b1714fde
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190102/4a4b3dde/attachment.html>
More information about the debian-security-tracker-commits
mailing list