[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 28 Nov 2018 00:10:33 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
04fb4b7f by security tracker role at 2018-11-28T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2956,16 +2956,19 @@ CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX 
executes commands from the c
        NOTE: Fixed by: 
https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
        NOTE: Introduced by: 
https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
 CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote 
...)
+       {DSA-4346-1}
        - ghostscript 9.26~dfsg-1
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
 (ghostscript-9.26)
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03
 (master)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
 CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote 
attackers ...)
+       {DSA-4346-1}
        - ghostscript 9.26~dfsg-1
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
 (ghostscript-9.26)
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16
 (master)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
 CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows 
remote ...)
+       {DSA-4346-1}
        - ghostscript 9.26~dfsg-1
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
 (ghostscript-9.26)
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
 (master)
@@ -3087,6 +3090,7 @@ CVE-2018-19411 (PRTG Network Monitor before 18.2.40.1683 
allows an authenticated
 CVE-2018-19410 (PRTG Network Monitor before 18.2.40.1683 allows remote 
unauthenticated ...)
        NOT-FOR-US: PRTG Network Monitor
 CVE-2018-19409 (An issue was discovered in Artifex Ghostscript before 9.26. 
...)
+       {DSA-4346-1}
        - ghostscript 9.26~dfsg-1
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700176
        NOTE: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=661e8d8fb8248c38d67958beda32f3a5876d0c3f
@@ -4428,8 +4432,8 @@ CVE-2018-18984
        RESERVED
 CVE-2018-18983
        RESERVED
-CVE-2018-18982
-       RESERVED
+CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application 
allows ...)
+       TODO: check
 CVE-2018-18981
        RESERVED
 CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 
0.8.0 ...)
@@ -7134,12 +7138,12 @@ CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA 
allows text content spoofi
        NOT-FOR-US: Zimbra
 CVE-2018-17937
        RESERVED
-CVE-2018-17936
-       RESERVED
+CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the 
upload ...)
+       TODO: check
 CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 
00.0A use ...)
        NOT-FOR-US: Telecrane
-CVE-2018-17934
-       RESERVED
+CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows 
external ...)
+       TODO: check
 CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior 
versions may ...)
        NOT-FOR-US: VGo Robot
 CVE-2018-17932
@@ -8685,8 +8689,8 @@ CVE-2018-17258
        RESERVED
 CVE-2018-17257
        RESERVED
-CVE-2018-17256
-       RESERVED
+CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco 
CMS ...)
+       TODO: check
 CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid 
parameter. ...)
        NOT-FOR-US: Navigate CMS
 CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL 
Injection via the ...)
@@ -11540,8 +11544,8 @@ CVE-2018-16132 (The image rendering component 
(createGenericPreview) of the Open
        NOT-FOR-US: Signal app (specific on iOS)
 CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in 
Lightbend Akka ...)
        NOT-FOR-US: Lightbend Akka
-CVE-2018-16130
-       RESERVED
+CVE-2018-16130 (System command injection in request_mitv in Xiaomi Mi Router 3 
version ...)
+       TODO: check
 CVE-2018-558213
        REJECTED
 CVE-2018-16129
@@ -14501,10 +14505,10 @@ CVE-2018-14895
        RESERVED
 CVE-2018-14894
        RESERVED
-CVE-2018-14893
-       RESERVED
-CVE-2018-14892
-       RESERVED
+CVE-2018-14893 (A system command injection vulnerability in zyshclient in 
ZyXEL NSA325 ...)
+       TODO: check
+CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the 
web ...)
+       TODO: check
 CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor 
before ...)
        NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
 CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a 
...)
@@ -18344,8 +18348,8 @@ CVE-2018-13419 (An issue has been found in libsndfile 
1.0.28. There is a memory
        [stretch] - libsndfile <no-dsa> (Minor issue)
        [jessie] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/erikd/libsndfile/issues/398
-CVE-2018-13418
-       RESERVED
+CVE-2018-13418 (System command injection in ajaxdata.php in TerraMaster TOS 
3.1.03 ...)
+       TODO: check
 CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for 
...)
        - azureus <removed>
 CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine 
for ...)
@@ -18467,32 +18471,32 @@ CVE-2018-13363
        RESERVED
 CVE-2018-13362
        RESERVED
-CVE-2018-13361
-       RESERVED
-CVE-2018-13360
-       RESERVED
-CVE-2018-13359
-       RESERVED
-CVE-2018-13358
-       RESERVED
-CVE-2018-13357
-       RESERVED
-CVE-2018-13356
-       RESERVED
-CVE-2018-13355
-       RESERVED
-CVE-2018-13354
-       RESERVED
-CVE-2018-13353
-       RESERVED
-CVE-2018-13352
-       RESERVED
-CVE-2018-13351
-       RESERVED
-CVE-2018-13350
-       RESERVED
-CVE-2018-13349
-       RESERVED
+CVE-2018-13361 (User enumeration in usertable.php in TerraMaster TOS version 
3.1.03 ...)
+       TODO: check
+CVE-2018-13360 (Cross-site scripting in Text Editor in TerraMaster TOS version 
3.1.03 ...)
+       TODO: check
+CVE-2018-13359 (Cross-site scripting in usertable.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13358 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13357 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13356 (Incorrect access control on ajaxdata.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13355 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13354 (System command injection in logtable.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13353 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13352 (Session Exposure in the web application for TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13351 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13350 (SQL injection in logtable.php in TerraMaster TOS version 
3.1.03 allows ...)
+       TODO: check
+CVE-2018-13349 (Cross-site scripting in the web application taskbar in 
TerraMaster TOS ...)
+       TODO: check
 CVE-2018-13345
        RESERVED
 CVE-2018-13344
@@ -18507,26 +18511,26 @@ CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as 
demonstrated by a /page/add request
        NOT-FOR-US: Gleez CMS
 CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML 
content mode ...)
        NOT-FOR-US: Imperavi Redactor
-CVE-2018-13338
-       RESERVED
-CVE-2018-13337
-       RESERVED
-CVE-2018-13336
-       RESERVED
-CVE-2018-13335
-       RESERVED
-CVE-2018-13334
-       RESERVED
-CVE-2018-13333
-       RESERVED
-CVE-2018-13332
-       RESERVED
-CVE-2018-13331
-       RESERVED
-CVE-2018-13330
-       RESERVED
-CVE-2018-13329
-       RESERVED
+CVE-2018-13338 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13337 (Session Fixation in the web application for TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13336 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13335 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13334 (Cross-site scripting in handle.php in TerraMaster TOS version 
3.1.03 ...)
+       TODO: check
+CVE-2018-13333 (Cross-site scripting in File Manager in TerraMaster TOS 
version 3.1.03 ...)
+       TODO: check
+CVE-2018-13332 (Directory Traversal in the explorer application in TerraMaster 
TOS ...)
+       TODO: check
+CVE-2018-13331 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13330 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
+       TODO: check
+CVE-2018-13329 (Cross-site scripting in ajaxdata.php in TerraMaster TOS 
version 3.1.03 ...)
+       TODO: check
 CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart 
contract ...)
        NOT-FOR-US: smart contract
 CVE-2018-13327 (The transfer and transferFrom functions of a smart contract 
...)
@@ -18551,12 +18555,12 @@ CVE-2018-13318 (System command injection in 
User.create method in Buffalo TS5600
        NOT-FOR-US: Buffalo
 CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU 
version 1.0.8 ...)
        NOT-FOR-US: TOTOLINK
-CVE-2018-13316
-       RESERVED
+CVE-2018-13316 (System command injection in formAliasIp in TOTOLINK A3002RU 
version ...)
+       TODO: check
 CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK 
A3002RU ...)
        NOT-FOR-US: TOTOLINK
-CVE-2018-13314
-       RESERVED
+CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU 
version ...)
+       TODO: check
 CVE-2018-13313
        RESERVED
 CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU 
version ...)
@@ -18569,10 +18573,10 @@ CVE-2018-13309 (Cross-site scripting in password.htm 
in TOTOLINK A3002RU version
        NOT-FOR-US: TOTOLINK
 CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU 
version ...)
        NOT-FOR-US: TOTOLINK
-CVE-2018-13307
-       RESERVED
-CVE-2018-13306
-       RESERVED
+CVE-2018-13307 (System command injection in fromNtp in TOTOLINK A3002RU 
version 1.0.8 ...)
+       TODO: check
+CVE-2018-13306 (System command injection in formDlna in TOTOLINK A3002RU 
version 1.0.8 ...)
+       TODO: check
 CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of 
the ...)
        - ffmpeg <not-affected> (Vulnerable code not present)
        - libav <undetermined>
@@ -19218,10 +19222,10 @@ CVE-2018-13025 
(protected/apps/admin/controller/photoController.php in YXcms 1.4
        NOT-FOR-US: YXcms
 CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a 
.php file, ...)
        NOT-FOR-US: Metinfo
-CVE-2018-13023
-       RESERVED
-CVE-2018-13022
-       RESERVED
+CVE-2018-13023 (System command injection vulnerability in wifi_access in 
Xiaomi Mi ...)
+       TODO: check
+CVE-2018-13022 (Cross-site scripting vulnerability in the API 404 page on 
Xiaomi Mi ...)
+       TODO: check
 CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an 
Arbitrary Script ...)
        NOT-FOR-US: HongCMS
 CVE-2018-13020
@@ -27266,8 +27270,8 @@ CVE-2018-10144
        RESERVED
 CVE-2018-10143
        RESERVED
-CVE-2018-10142
-       RESERVED
+CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an 
...)
+       TODO: check
 CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS 
before ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks 
PAN-OS 8.1.2 ...)
@@ -32690,8 +32694,8 @@ CVE-2018-7990 (Mate10 Pro Huawei smart phones with the 
versions before 8.1.0.326
        NOT-FOR-US: Huawei
 CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before 
BLA-AL00B ...)
        NOT-FOR-US: Huawei
-CVE-2018-7988
-       RESERVED
+CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability 
on ...)
+       TODO: check
 CVE-2018-7987
        RESERVED
 CVE-2018-7986
@@ -32712,8 +32716,8 @@ CVE-2018-7979
        RESERVED
 CVE-2018-7978
        RESERVED
-CVE-2018-7977
-       RESERVED
+CVE-2018-7977 (There is an information leakage vulnerability on several Huawei 
...)
+       TODO: check
 CVE-2018-7976 (There is a stored cross-site scripting (XSS) vulnerability in 
Huawei ...)
        NOT-FOR-US: Huawei
 CVE-2018-7975
@@ -32744,14 +32748,14 @@ CVE-2018-7963
        RESERVED
 CVE-2018-7962
        RESERVED
-CVE-2018-7961
-       RESERVED
-CVE-2018-7960
-       RESERVED
-CVE-2018-7959
-       RESERVED
-CVE-2018-7958
-       RESERVED
+CVE-2018-7961 (There is a smart SMS verification code vulnerability in some 
Huawei ...)
+       TODO: check
+CVE-2018-7960 (There is a SRTP icon display vulnerability in Huawei eSpace 
product. ...)
+       TODO: check
+CVE-2018-7959 (There is a short key vulnerability in Huawei eSpace product. An 
...)
+       TODO: check
+CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability 
in ...)
+       TODO: check
 CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) 
have an ...)
        NOT-FOR-US: Huawei
 CVE-2018-7956
@@ -32774,8 +32778,8 @@ CVE-2018-7948
        RESERVED
 CVE-2018-7947 (Huawei mobile phones with versions earlier before Emily-AL00A 
...)
        NOT-FOR-US: Huawei
-CVE-2018-7946
-       RESERVED
+CVE-2018-7946 (There is an information leak vulnerability in some Huawei 
smartphones. ...)
+       TODO: check
 CVE-2018-7945
        RESERVED
 CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) 
and ...)
@@ -55167,12 +55171,12 @@ CVE-2018-0723
        RESERVED
 CVE-2018-0722
        RESERVED
-CVE-2018-0721
-       RESERVED
+CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 
and ...)
+       TODO: check
 CVE-2018-0720
        RESERVED
-CVE-2018-0719
-       RESERVED
+CVE-2018-0719 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 
build ...)
+       TODO: check
 CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and 
earlier ...)
        NOT-FOR-US: Music Station
 CVE-2018-0717



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/04fb4b7f9ff851df4ec33f15eff3aa1fc475cacb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/04fb4b7f9ff851df4ec33f15eff3aa1fc475cacb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to