[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 30 Nov 2018 00:11:16 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
47adffcb by security tracker role at 2018-11-30T08:10:31Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2018-19779
+       RESERVED
+CVE-2018-19778
+       RESERVED
+CVE-2018-19777
+       RESERVED
+CVE-2018-19776
+       RESERVED
+CVE-2018-19775
+       RESERVED
+CVE-2018-19774
+       RESERVED
+CVE-2018-19773
+       RESERVED
+CVE-2018-19772
+       RESERVED
+CVE-2018-19771
+       RESERVED
+CVE-2018-19770
+       RESERVED
+CVE-2018-19769
+       RESERVED
+CVE-2018-19768
+       RESERVED
+CVE-2018-19767
+       RESERVED
+CVE-2018-19766
+       RESERVED
+CVE-2018-19765
+       RESERVED
+CVE-2018-19764 (Mini-XML (aka mxml) 2.12 has memory leaks. ...)
+       TODO: check
+CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: 
...)
+       TODO: check
+CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c 
(function: ...)
+       TODO: check
+CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: 
...)
+       TODO: check
+CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. 
...)
+       TODO: check
+CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h 
(function: ...)
+       TODO: check
+CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in 
wav_write_header in ...)
+       TODO: check
+CVE-2018-19757 (There is a NULL pointer dereference at function ...)
+       TODO: check
+CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h 
(function: ...)
+       TODO: check
+CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: 
...)
+       TODO: check
+CVE-2018-19754
+       RESERVED
+CVE-2018-19753
+       RESERVED
+CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the 
assets/add/registrar.php ...)
+       TODO: check
+CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the 
admin/ssl-fields/add.php ...)
+       TODO: check
+CVE-2018-19750 (DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ 
notes ...)
+       TODO: check
+CVE-2018-19749 (DomainMOD through 4.11.01 has XSS via the 
assets/add/account-owner.php ...)
+       TODO: check
+CVE-2018-19748 (app/plug/attachment/controller/admincontroller.php in SDCMS 
1.6 allows ...)
+       TODO: check
+CVE-2018-19747
+       RESERVED
+CVE-2018-19746
+       RESERVED
+CVE-2018-19745
+       RESERVED
+CVE-2018-19744
+       RESERVED
+CVE-2018-19743
+       RESERVED
+CVE-2018-19742
+       RESERVED
+CVE-2018-19741
+       RESERVED
+CVE-2018-19740
+       RESERVED
+CVE-2018-19739
+       RESERVED
+CVE-2018-19738
+       RESERVED
+CVE-2018-19737
+       RESERVED
+CVE-2018-19736
+       RESERVED
+CVE-2018-19735
+       RESERVED
+CVE-2018-19734
+       RESERVED
+CVE-2018-19733
+       RESERVED
+CVE-2018-19732
+       RESERVED
+CVE-2018-19731
+       RESERVED
+CVE-2018-19730
+       RESERVED
+CVE-2018-19729
+       RESERVED
+CVE-2018-19728
+       RESERVED
+CVE-2018-19727
+       RESERVED
+CVE-2018-19726
+       RESERVED
+CVE-2018-19725
+       RESERVED
+CVE-2018-19724
+       RESERVED
+CVE-2018-19723
+       RESERVED
+CVE-2018-19722
+       RESERVED
+CVE-2018-19721
+       RESERVED
+CVE-2018-19720
+       RESERVED
+CVE-2018-19719
+       RESERVED
+CVE-2018-19718
+       RESERVED
+CVE-2018-19717
+       RESERVED
+CVE-2018-19716
+       RESERVED
+CVE-2018-19715
+       RESERVED
+CVE-2018-19714
+       RESERVED
+CVE-2018-19713
+       RESERVED
+CVE-2018-19712
+       RESERVED
+CVE-2018-19711
+       RESERVED
+CVE-2018-19710
+       RESERVED
+CVE-2018-19709
+       RESERVED
+CVE-2018-19708
+       RESERVED
+CVE-2018-19707
+       RESERVED
+CVE-2018-19706
+       RESERVED
+CVE-2018-19705
+       RESERVED
+CVE-2018-19704
+       RESERVED
+CVE-2018-19703
+       RESERVED
+CVE-2018-19702
+       RESERVED
+CVE-2018-19701
+       RESERVED
+CVE-2018-19700
+       RESERVED
+CVE-2018-19699
+       RESERVED
+CVE-2018-19698
+       RESERVED
+CVE-2018-1000819
+       REJECTED
+       TODO: check
+CVE-2018-1000818
+       REJECTED
+       TODO: check
 CVE-2018-19697
        RESERVED
 CVE-2018-19696
@@ -3070,8 +3240,8 @@ CVE-2018-19529
        RESERVED
 CVE-2018-19528 (TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to 
cause a ...)
        NOT-FOR-US: TP-Link
-CVE-2018-19527
-       RESERVED
+CVE-2018-19527 (i4 assistant 7.85 allows XSS via a crafted machine name field 
within ...)
+       TODO: check
 CVE-2018-19526
        RESERVED
 CVE-2018-19525
@@ -3134,8 +3304,7 @@ CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 
2.6.2 allows Remote Code .
        NOT-FOR-US: Vanilla
 CVE-2018-19498
        RESERVED
-CVE-2018-19497 [out of bounds read]
-       RESERVED
+CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in 
tsk/fs/hfs.c ...)
        - sleuthkit <unfixed> (bug #914796)
        NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
 CVE-2018-19496
@@ -4384,8 +4553,7 @@ CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x 
before 4.0.33, 5.0.x bef
        {DLA-1592-1}
        - otrs2 6.0.13-1
        NOTE: 
https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
-CVE-2018-19120 [HTML Thumbnailer automatic remote file access]
-       RESERVED
+CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 
allows ...)
        - kio-extras 4:18.08.3-1 (bug #913595)
        [stretch] - kio-extras <no-dsa> (Minor issue)
        - kde-runtime <unfixed> (bug #913596)
@@ -5587,8 +5755,8 @@ CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via 
a message body in Pron
        NOT-FOR-US: CommuniGate Pro
 CVE-2018-18620
        RESERVED
-CVE-2018-18619
-       RESERVED
+CVE-2018-18619 (internal/advanced_comment_system/admin.php in Advanced Comment 
System ...)
+       TODO: check
 CVE-2018-18618
        RESERVED
 CVE-2018-18617
@@ -6335,24 +6503,28 @@ CVE-2018-18315 (com/mossle/cdn/CdnController.java in 
lemon 1.9.0 allows attacker
        NOT-FOR-US: lemon, different from src:lemon
 CVE-2018-18314 [Heap-based buffer overflow]
        RESERVED
+       {DSA-4347-1}
        - perl 5.28.0-3
        [jessie] - perl <not-affected> (Vulnerable code introduced later)
        NOTE: https://rt.perl.org/Ticket/Display.html?id=131649
        NOTE: maint-5.28: 
https://perl5.git.perl.org/perl.git/commitdiff/19a498a461d7c81ae3507c450953d1148efecf4f
 CVE-2018-18313 [Heap-buffer-overflow read in regcomp.c]
        RESERVED
+       {DSA-4347-1}
        - perl 5.28.0-3
        [jessie] - perl <not-affected> (Vulnerable code introduced later)
        NOTE: https://rt.perl.org/Ticket/Display.html?id=133192
        NOTE: maint-5.28: 
https://perl5.git.perl.org/perl.git/commitdiff/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
 CVE-2018-18312 [Heap-buffer-overflow write in S_regatom (regcomp.c)]
        RESERVED
+       {DSA-4347-1}
        - perl 5.28.1-1
        [jessie] - perl <not-affected> (Vulnerable code introduced later)
        NOTE: https://rt.perl.org/Ticket/Display.html?id=133423
        NOTE: maint-5.28: 
https://perl5.git.perl.org/perl.git/commitdiff/9b0464aa670d0a59bda5b75d54f2a6b6f9d1288a
 CVE-2018-18311 [Integer overflow leading to buffer overflow and segmentation 
fault]
        RESERVED
+       {DSA-4347-1}
        - perl 5.28.1-1
        NOTE: https://rt.perl.org/Ticket/Display.html?id=133204
        NOTE: Introduced by: 
https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
@@ -12224,15 +12396,13 @@ CVE-2018-15983
        RESERVED
 CVE-2018-15982
        RESERVED
-CVE-2018-15981
-       RESERVED
+CVE-2018-15981 (Flash Player versions 31.0.0.148 and earlier have a type 
confusion ...)
        NOT-FOR-US: Adobe
-CVE-2018-15980
-       RESERVED
-CVE-2018-15979
-       RESERVED
-CVE-2018-15978
-       RESERVED
+CVE-2018-15980 (Adobe Photoshop CC versions 19.1.6 and earlier have an 
out-of-bounds ...)
+       TODO: check
+CVE-2018-15979 (Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 
...)
+       TODO: check
+CVE-2018-15978 (Flash Player versions 31.0.0.122 and earlier have an 
out-of-bounds ...)
        NOT-FOR-US: Adobe
 CVE-2018-15977
        RESERVED
@@ -13447,8 +13617,8 @@ CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF 
protection mechanism. Thus,
        NOT-FOR-US: Agentejo Cockpit
 CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting 
vulnerabilities. ...)
        NOT-FOR-US: Agentejo Cockpit
-CVE-2018-15537
-       RESERVED
+CVE-2018-15537 (Unrestricted file upload (with remote code execution) in OCS 
Inventory ...)
+       TODO: check
 CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager 
before ...)
        NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager 
before ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/47adffcbed79570b66352b3f839436efcf58d216

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/47adffcbed79570b66352b3f839436efcf58d216
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to