[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 09 Nov 2018 12:12:02 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1760a242 by security tracker role at 2018-11-09T20:10:27Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the 
assets/edit/ip-address.php ...)
+       TODO: check
+CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...)
+       TODO: check
+CVE-2018-19135
+       RESERVED
+CVE-2018-19134
+       RESERVED
+CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get 
everyone's email ...)
+       TODO: check
+CVE-2018-19130 (In Libav 12.3, there is an invalid memory access in 
vc1_decode_frame in ...)
+       TODO: check
+CVE-2018-19129 (In Libav 12.3, a NULL pointer dereference (RIP points to zero) 
issue in ...)
+       TODO: check
+CVE-2018-19128 (In Libav 12.3, there is a heap-based buffer over-read in 
decode_frame ...)
+       TODO: check
+CVE-2018-19127 (A code injection vulnerability in /type.php in PHPCMS 2008 
allows ...)
+       TODO: check
+CVE-2018-19126 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 
allows remote ...)
+       TODO: check
+CVE-2018-19125 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 
allows remote ...)
+       TODO: check
+CVE-2018-19124 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on 
Windows ...)
+       TODO: check
+CVE-2018-19123
+       RESERVED
+CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL 
pointer ...)
+       TODO: check
+CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in 
...)
+       TODO: check
 CVE-2018-XXXX [otrs: Security Advisory 2018-09]
        - otrs2 6.0.13-1
        NOTE: 
https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
@@ -23,7 +53,7 @@ CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock 
up host]
        - xen <unfixed>
        [stretch] - xen <postponed> (Hold back until next DSA)
        NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
-CVE-2018-19115 (keepalived through 2.0.8 has a heap-based buffer overflow when 
parsing ...)
+CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when 
parsing ...)
        - keepalived <unfixed>
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
        NOTE: https://github.com/acassen/keepalived/pull/961
@@ -713,12 +743,12 @@ CVE-2018-18807
        RESERVED
 CVE-2017-18350
        RESERVED
-CVE-2018-19132 [Squid: SNMP mem leak]
+CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of 
service ...)
        - squid 4.4-1 (low; bug #912294)
        - squid3 <removed> (low)
        [stretch] - squid3 <postponed> (Can be fixed along in a future DSA)
        NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
-CVE-2018-19131 [Squid: XSS when generating HTTPS response messages about TLS 
errors]
+CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate 
during HTTP(S) ...)
        - squid 4.4-1 (unimportant; bug #912293)
        - squid3 <removed> (unimportant)
        NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
@@ -847,7 +877,7 @@ CVE-2018-18750
        RESERVED
 CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading 
to an ...)
        NOT-FOR-US: data-tools
-CVE-2018-18748 (Sandboxie 5.26 allows a Sandbox Escape via an &quot;import 
os&quot; statement, ...)
+CVE-2018-18748 (** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an 
&quot;import ...)
        NOT-FOR-US: Sandboxie
 CVE-2018-18747
        RESERVED
@@ -11029,8 +11059,7 @@ CVE-2018-14645 (A flaw was discovered in the HPACK 
decoder of HAProxy, before 1.
        [stretch] - haproxy <not-affected> (Only affects 1.8.x)
        [jessie] - haproxy <not-affected> (Only affects 1.8.x)
        NOTE: 
https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
-CVE-2018-14644 [Crafted query for meta-types can cause a denial of service]
-       RESERVED
+CVE-2018-14644 (An issue has been found in PowerDNS Recursor from 4.0.0 up to 
and ...)
        - pdns-recursor <unfixed> (bug #913162)
        NOTE: 
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
        NOTE: https://downloads.powerdns.com/patches/2018-07/
@@ -46489,8 +46518,8 @@ CVE-2018-1874
        RESERVED
 CVE-2018-1873
        RESERVED
-CVE-2018-1872
-       RESERVED
+CVE-2018-1872 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site 
scripting. ...)
+       TODO: check
 CVE-2018-1871
        RESERVED
 CVE-2018-1870
@@ -46685,7 +46714,7 @@ CVE-2018-1776
        RESERVED
 CVE-2018-1775
        RESERVED
-CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and2018.3.6 is 
vulnerable to ...)
+CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is 
vulnerable to ...)
        NOT-FOR-US: IBM
 CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow 
an ...)
        NOT-FOR-US: IBM



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1760a242d20266d74fbffcaa594d88be8a2c8255

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1760a242d20266d74fbffcaa594d88be8a2c8255
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to