[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 06 Nov 2018 00:11:31 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
530f8354 by security tracker role at 2018-11-06T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in 
Zoho ...)
+       TODO: check
+CVE-2018-18979
+       RESERVED
+CVE-2018-18978
+       RESERVED
+CVE-2018-18977
+       RESERVED
+CVE-2018-18976
+       RESERVED
+CVE-2018-18975
+       RESERVED
+CVE-2018-18974
+       RESERVED
+CVE-2018-18973
+       RESERVED
+CVE-2018-18972
+       RESERVED
+CVE-2018-18971
+       RESERVED
+CVE-2018-18970
+       RESERVED
+CVE-2018-18969
+       RESERVED
+CVE-2018-18968
+       RESERVED
+CVE-2018-18967
+       RESERVED
+CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist 
...)
+       TODO: check
+CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist 
...)
+       TODO: check
+CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist 
...)
+       TODO: check
+CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de 
E-commerce ...)
+       TODO: check
+CVE-2018-18962
+       RESERVED
+CVE-2018-18961
+       RESERVED
+CVE-2018-18960
+       RESERVED
+CVE-2018-18959
+       RESERVED
+CVE-2018-18958
+       RESERVED
+CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a 
stack-based buffer ...)
+       TODO: check
+CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in 
Suricata 4.x ...)
+       TODO: check
+CVE-2018-18955
+       RESERVED
 CVE-2018-18954
        RESERVED
 CVE-2018-18953
@@ -2632,24 +2684,24 @@ CVE-2018-17915 (All versions of Hangzhou Xiongmai 
Technology Co., Ltd XMeye P2P
        NOT-FOR-US: P2P Cloud Server
 CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch 
Edge HMI ...)
        NOT-FOR-US: InduSoft Web Studio
-CVE-2018-17913
-       RESERVED
+CVE-2018-17913 (A type confusion vulnerability exists when processing project 
files in ...)
+       TODO: check
 CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and 
prior when ...)
        NOT-FOR-US: CASE Suite
 CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several 
stack-based ...)
        NOT-FOR-US: LAquis SCADA
 CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to 
properly ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2018-17909
-       RESERVED
+CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 
3.4.1.0 ...)
+       TODO: check
 CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the 
...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2018-17907
-       RESERVED
+CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 
3.4.1.0 ...)
+       TODO: check
 CVE-2018-17906
        RESERVED
-CVE-2018-17905
-       RESERVED
+CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 
3.4.1.0 ...)
+       TODO: check
 CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This 
...)
        NOT-FOR-US: Reliance 4 SCADA/HMI
 CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are 
vulnerable to ...)
@@ -13743,10 +13795,10 @@ CVE-2018-13399 (The Microsoft Windows Installer for 
Atlassian Fisheye and Crucib
        NOT-FOR-US: Atlassian
 CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye 
and ...)
        NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2018-13397
-       RESERVED
-CVE-2018-13396
-       RESERVED
+CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree 
for ...)
+       TODO: check
+CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree 
for macOS ...)
+       TODO: check
 CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from 
version ...)
        NOT-FOR-US: Atlassian Jira
 CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions 
before ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to