[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 16 08:10:24 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e9b7214 by security tracker role at 2019-03-16T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,39 @@
+CVE-2019-9845
+ RESERVED
+CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows ...)
+ TODO: check
+CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and ...)
+ TODO: check
+CVE-2019-9842
+ RESERVED
+CVE-2019-9841
+ RESERVED
+CVE-2019-9840
+ RESERVED
+CVE-2018-20814 (An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse ...)
+ TODO: check
+CVE-2018-20813 (An input validation issue has been found with login_meeting.cgi in ...)
+ TODO: check
+CVE-2018-20812 (An information exposure issue where IPv6 DNS traffic would be sent ...)
+ TODO: check
+CVE-2018-20811 (A hidden RPC service issue was found with Pulse Secure Pulse Connect ...)
+ TODO: check
+CVE-2018-20810 (Session data between cluster nodes during cluster synchronization is ...)
+ TODO: check
+CVE-2018-20809 (A crafted message can cause the web server to crash with Pulse Secure ...)
+ TODO: check
+CVE-2018-20808 (An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect ...)
+ TODO: check
+CVE-2018-20807 (An XSS issue has been found in welcome.cgi in Pulse Secure Pulse ...)
+ TODO: check
+CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the ...)
+ TODO: check
CVE-2019-9839
RESERVED
CVE-2019-9838
RESERVED
-CVE-2019-9837
- RESERVED
+CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for ...)
+ TODO: check
CVE-2019-9836
RESERVED
CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set ...)
@@ -8876,8 +8906,8 @@ CVE-2019-6151
RESERVED
CVE-2019-6150
RESERVED
-CVE-2019-6149
- RESERVED
+CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo Dynamic ...)
+ TODO: check
CVE-2019-6148
RESERVED
CVE-2019-6147
@@ -10256,8 +10286,8 @@ CVE-2019-5618
RESERVED
CVE-2019-5617
RESERVED
-CVE-2019-5616
- RESERVED
+CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical ...)
+ TODO: check
CVE-2019-5615
RESERVED
CVE-2019-5614
@@ -15862,7 +15892,7 @@ CVE-2018-20324
RESERVED
CVE-2018-20323
RESERVED
-CVE-2018-20322 (LimeSurvey contains an XSS vulnerability while uploading a ZIP file, ...)
+CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) ...)
- limesurvey <itp> (bug #472802)
CVE-2018-20321
RESERVED
@@ -18715,8 +18745,8 @@ CVE-2018-20108
REJECTED
CVE-2018-20107
REJECTED
-CVE-2018-20106
- RESERVED
+CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB printer ...)
+ TODO: check
CVE-2018-20105
RESERVED
CVE-2018-20104
@@ -21077,8 +21107,8 @@ CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a b
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/238749/
NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
-CVE-2018-19872
- RESERVED
+CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a ...)
+ TODO: check
CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile ...)
- qtimageformats-opensource-src 5.11.3-2 (low)
[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
@@ -25339,7 +25369,7 @@ CVE-2018-19293
RESERVED
CVE-2018-19292
RESERVED
-CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability ...)
+CVE-2018-19291 (An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability ...)
NOT-FOR-US: DiliCMS
CVE-2018-19290 (In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax ...)
NOT-FOR-US: Budabot
@@ -28593,8 +28623,8 @@ CVE-2018-18207 (Virtualmin 6.03 allows Frame Injection via the settings-editor_r
NOT-FOR-US: Virtualmin
CVE-2018-18206 (In the client in Bytom before 1.0.6, checkTopicRegister in ...)
NOT-FOR-US: Bytom
-CVE-2018-18205
- RESERVED
+CVE-2018-18205 (Topvision CC8800 CMTS C-E devices allow remote attackers to obtain ...)
+ TODO: check
CVE-2018-18204
RESERVED
CVE-2018-18203 (A vulnerability in the update mechanism of Subaru StarLink Harman head ...)
@@ -28615,7 +28645,7 @@ CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator ne
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- libgig <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
-CVE-2018-18195 (An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...)
+CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...)
- libgig <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
@@ -29237,10 +29267,10 @@ CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl81
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
CVE-2018-17957 (The YaST2 RMT module for configuring the SUSE Repository Mirroring ...)
NOT-FOR-US: YaST2 RMT module
-CVE-2018-17956
- RESERVED
-CVE-2018-17955
- RESERVED
+CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the ...)
+ TODO: check
+CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary filename ...)
+ TODO: check
CVE-2018-17954
RESERVED
CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule ...)
@@ -29408,8 +29438,8 @@ CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12
NOTE: https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279
CVE-2018-17884 (XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook ...)
NOT-FOR-US: WordPress plugin gwolle-gb
-CVE-2018-17882
- RESERVED
+CVE-2018-17882 (An Integer overflow vulnerability exists in the batchTransfer function ...)
+ TODO: check
CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration ...)
NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration ...)
@@ -33337,9 +33367,9 @@ CVE-2018-16368 (SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00
NOTE: Crash in GUI/CLI tool, no security impact
CVE-2018-16367 (In OnlineJudge 2.0, the sandbox has an incorrect access control ...)
NOT-FOR-US: OnlineJudge
-CVE-2018-16366 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+CVE-2018-16366 (An issue was discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+CVE-2018-16365 (An issue was discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-16364 (A serialization vulnerability in Zoho ManageEngine Applications ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
@@ -35538,10 +35568,10 @@ CVE-2018-15511
RESERVED
CVE-2018-15510
RESERVED
-CVE-2018-15509
- RESERVED
-CVE-2018-15508
- RESERVED
+CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 ...)
+ TODO: check
+CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing ...)
+ TODO: check
CVE-2018-15507
RESERVED
CVE-2018-15506
@@ -37296,8 +37326,8 @@ CVE-2018-14950 (The mail message display page in SquirrelMail through 1.4.22 has
{DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
-CVE-2018-14745
- RESERVED
+CVE-2018-14745 (Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver ...)
+ TODO: check
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
@@ -43170,9 +43200,9 @@ CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOU
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
-CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a "Directory ...)
+CVE-2018-12494 (An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory ...)
NOT-FOR-US: PublicCMS
-CVE-2018-12493 (An issue discovered in PublicCMS V4.0.20180210. There is a "Directory ...)
+CVE-2018-12493 (An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory ...)
NOT-FOR-US: PublicCMS
CVE-2018-12492 (PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the ...)
NOT-FOR-US: PHPOK
@@ -44386,7 +44416,7 @@ CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
NOT-FOR-US: md4c
CVE-2018-12101
RESERVED
-CVE-2018-12100 (Sonatype Nexus Repository Manager before 3.12.0 has XSS in multiple ...)
+CVE-2018-12100 (Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. ...)
- grafana <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e9b72147c8c6990be030a49f89cc3f4367dc799
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e9b72147c8c6990be030a49f89cc3f4367dc799
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190316/154d5608/attachment.html>
More information about the debian-security-tracker-commits
mailing list