[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 04 Dec 2018 00:10:54 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
793d3889 by security tracker role at 2018-12-04T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2018-19843
+       RESERVED
+CVE-2018-19842
+       RESERVED
+CVE-2018-19841
+       RESERVED
+CVE-2018-19840
+       RESERVED
+CVE-2018-19839
+       RESERVED
+CVE-2018-19838
+       RESERVED
+CVE-2018-19837
+       RESERVED
 CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows 
setting ...)
        NOT-FOR-US: Metinfo
 CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php 
...)
@@ -15641,36 +15655,36 @@ CVE-2018-14711
        RESERVED
 CVE-2018-14710
        RESERVED
-CVE-2018-14709
-       RESERVED
-CVE-2018-14708
-       RESERVED
-CVE-2018-14707
-       RESERVED
-CVE-2018-14706
-       RESERVED
+CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS 
version ...)
+       TODO: check
+CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on 
Drobo ...)
+       TODO: check
+CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 
5N2 NAS ...)
+       TODO: check
+CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo 
endpoint ...)
+       TODO: check
 CVE-2018-14705
        RESERVED
-CVE-2018-14704
-       RESERVED
-CVE-2018-14703
-       RESERVED
-CVE-2018-14702
-       RESERVED
-CVE-2018-14701
-       RESERVED
-CVE-2018-14700
-       RESERVED
-CVE-2018-14699
-       RESERVED
-CVE-2018-14698
-       RESERVED
-CVE-2018-14697
-       RESERVED
-CVE-2018-14696
-       RESERVED
-CVE-2018-14695
-       RESERVED
+CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 
NAS ...)
+       TODO: check
+CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data 
endpoint in ...)
+       TODO: check
+CVE-2018-14702 (Incorrect access control in the /drobopix/api/drobo.php 
endpoint in ...)
+       TODO: check
+CVE-2018-14701 (System command injection in the /DroboAccess/delete_user 
endpoint in ...)
+       TODO: check
+CVE-2018-14700 (Incorrect access control in the /mysql/api/logfile.php 
endpoint in ...)
+       TODO: check
+CVE-2018-14699 (System command injection in the /DroboAccess/enable_user 
endpoint in ...)
+       TODO: check
+CVE-2018-14698 (Cross-site scripting in the /DroboAccess/delete_user endpoint 
in Drobo ...)
+       TODO: check
+CVE-2018-14697 (Cross-site scripting in the /DroboAccess/enable_user endpoint 
in Drobo ...)
+       TODO: check
+CVE-2018-14696 (Incorrect access control in the /mysql/api/drobo.php endpoint 
in Drobo ...)
+       TODO: check
+CVE-2018-14695 (Incorrect access control in the /mysql/api/diags.php endpoint 
in Drobo ...)
+       TODO: check
 CVE-2018-14694
        RESERVED
 CVE-2018-14693
@@ -38281,10 +38295,10 @@ CVE-2018-6442 (A vulnerability in the Brocade 
Webtools firmware update section o
        NOT-FOR-US: Brocade
 CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade 
Fabric OS ...)
        NOT-FOR-US: Brocade
-CVE-2018-6440
-       RESERVED
-CVE-2018-6439
-       RESERVED
+CVE-2018-6440 (A vulnerability in the proxy service of Brocade Fabric OS 
versions ...)
+       TODO: check
+CVE-2018-6439 (A Vulnerability in the configdownload command of Brocade Fabric 
OS ...)
+       TODO: check
 CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS 
...)
        NOT-FOR-US: Brocade
 CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS 
command line ...)
@@ -45172,12 +45186,12 @@ CVE-2018-4022 (A use-after-free vulnerability exists 
in the way MKVToolNix MKVIN
        [jessie] - mkvtoolnix <not-affected> (vulnerable code is not present)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694
        NOTE: 
https://gitlab.com/mbunkus/mkvtoolnix/commit/43021d16c7bcd3f9f70214827755a5163782b633
-CVE-2018-4021
-       RESERVED
-CVE-2018-4020
-       RESERVED
-CVE-2018-4019
-       RESERVED
+CVE-2018-4021 (An exploitable command injection vulnerability exists in the 
way ...)
+       TODO: check
+CVE-2018-4020 (An exploitable command injection vulnerability exists in the 
way ...)
+       TODO: check
+CVE-2018-4019 (An exploitable command injection vulnerability exists in the 
way ...)
+       TODO: check
 CVE-2018-4018
        RESERVED
 CVE-2018-4017
@@ -45516,8 +45530,8 @@ CVE-2018-3856 (An exploitable vulnerability exists in 
the smart cameras RTSP ...
        NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
        NOT-FOR-US: Hyland Perceptive Document Filters
-CVE-2018-3854
-       RESERVED
+CVE-2018-3854 (An exploitable information disclosure vulnerability exists in 
the ...)
+       TODO: check
 CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
        NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3852 (An exploitable denial of service vulnerability exists in the 
Ocularis ...)
@@ -50051,7 +50065,7 @@ CVE-2018-2517
 CVE-2018-2516
        RESERVED
 CVE-2018-2515
-       RESERVED
+       REJECTED
 CVE-2018-2514
        RESERVED
 CVE-2018-2513



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/793d388912f51937ab52510df930ccdc0be2d0b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/793d388912f51937ab52510df930ccdc0be2d0b5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to