[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 25 08:10:23 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7233c51d by security tracker role at 2019-01-25T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck Community ...)
+	TODO: check
+CVE-2019-6803 (typora through 0.9.9.20.3 beta has XSS, with resultant remote command ...)
+	TODO: check
+CVE-2019-6802 (CRLF Injection in pypiserver 1.2.5 and below allows attackers to set ...)
+	TODO: check
+CVE-2019-6801
+	RESERVED
+CVE-2019-6800
+	RESERVED
+CVE-2019-6799
+	RESERVED
+CVE-2019-6798
+	RESERVED
+CVE-2019-6797
+	RESERVED
+CVE-2019-6796
+	RESERVED
+CVE-2019-6795
+	RESERVED
+CVE-2019-6794
+	RESERVED
+CVE-2019-6793
+	RESERVED
+CVE-2019-6792
+	RESERVED
+CVE-2019-6791
+	RESERVED
+CVE-2019-6790
+	RESERVED
+CVE-2019-6789
+	RESERVED
+CVE-2019-6788
+	RESERVED
+CVE-2019-6787
+	RESERVED
+CVE-2019-6786
+	RESERVED
+CVE-2019-6785
+	RESERVED
+CVE-2019-6784
+	RESERVED
+CVE-2019-6783
+	RESERVED
+CVE-2019-6782
+	RESERVED
+CVE-2019-6781
+	RESERVED
+CVE-2019-6780 (The Wise Chat plugin before 2.7 for WordPress mishandles external links ...)
+	TODO: check
+CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote ...)
+	TODO: check
 CVE-2019-6779 (Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete ...)
 	NOT-FOR-US: Cscms
 CVE-2019-6778 [slirp: heap buffer overflow in tcp_emu()]
@@ -12198,6 +12250,7 @@ CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ...
 	[jessie] - mxml <ignored> (Minor issue)
 	NOTE: https://github.com/michaelrsweet/mxml/issues/234
 CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ...)
+	{DLA-1641-1}
 	- mxml 2.12-2 (low; bug #918007)
 	[stretch] - mxml <no-dsa> (Minor issue)
 	NOTE: https://github.com/michaelrsweet/mxml/issues/233
@@ -18677,8 +18730,8 @@ CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program readin
 	NOT-FOR-US: VT-Designer
 CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows ...)
 	NOT-FOR-US: NUUO CMS
-CVE-2018-18981
-	RESERVED
+CVE-2018-18981 (In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, ...)
+	TODO: check
 CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...)
 	{DLA-1584-1}
 	- ruby-i18n 0.7.0-3 (bug #913093)
@@ -20235,8 +20288,8 @@ CVE-2018-18365
 	RESERVED
 CVE-2018-18364
 	RESERVED
-CVE-2018-18363
-	RESERVED
+CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass ...)
+	TODO: check
 CVE-2018-18362 (Norton Password Manager for Android (formerly Norton Identity Safe) ...)
 	NOT-FOR-US: Norton Password Manager for Android
 CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. ...)
@@ -26084,8 +26137,8 @@ CVE-2018-16100
 	RESERVED
 CVE-2018-16099
 	RESERVED
-CVE-2018-16098
-	RESERVED
+CVE-2018-16098 (In some Lenovo ThinkPads, an unquoted search path vulnerability was ...)
+	TODO: check
 CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System ...)
 	NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
 CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the SMM web ...)
@@ -36129,8 +36182,8 @@ CVE-2018-12239 (Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior
 	NOT-FOR-US: Norton
 CVE-2018-12238 (Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to ...)
 	NOT-FOR-US: Norton
-CVE-2018-12237
-	RESERVED
+CVE-2018-12237 (The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to ...)
+	TODO: check
 CVE-2018-12236
 	RESERVED
 CVE-2018-12235
@@ -55264,8 +55317,8 @@ CVE-2018-5499
 	RESERVED
 CVE-2018-5498
 	RESERVED
-CVE-2018-5497
-	RESERVED
+CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are ...)
+	TODO: check
 CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...)
 	NOT-FOR-US: Data ONTAP
 CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerability ...)
@@ -138571,11 +138624,13 @@ CVE-2016-4547 (Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow
 CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users ...)
 	NOT-FOR-US: Samsung Android component
 CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly ...)
+	{DLA-1641-1}
 	- mxml 2.9-1 (bug #825855)
 	[wheezy] - mxml <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
 	NOTE: https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
 CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and ...)
+	{DLA-1641-1}
 	- mxml 2.9-2 (bug #825855)
 	[wheezy] - mxml <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7233c51d95bd9a55af19e3749fe75190f7044614

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7233c51d95bd9a55af19e3749fe75190f7044614
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190125/05803938/attachment.html>

More information about the debian-security-tracker-commits mailing list