[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 05 Dec 2018 00:10:36 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2634cd1b by security tracker role at 2018-12-05T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5067,16 +5067,16 @@ CVE-2018-18995
        RESERVED
 CVE-2018-18994
        RESERVED
-CVE-2018-18993
-       RESERVED
+CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been 
discovered ...)
+       TODO: check
 CVE-2018-18992
        RESERVED
-CVE-2018-18991
-       RESERVED
+CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA 
WebServer ...)
+       TODO: check
 CVE-2018-18990
        RESERVED
-CVE-2018-18989
-       RESERVED
+CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 
and ...)
+       TODO: check
 CVE-2018-18988
        RESERVED
 CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program 
populating ...)
@@ -5402,8 +5402,7 @@ CVE-2018-18845
        RESERVED
 CVE-2018-18844
        RESERVED
-CVE-2018-18843
-       RESERVED
+CVE-2018-18843 (The Kubernetes integration in GitLab Enterprise Edition 11.x 
before ...)
        - gitlab <not-affected> (Only affects Enterprise edition)
        NOTE: 
https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
 CVE-2018-18842 (CSRF exists in zb_users/plugin/AppCentre/theme.js.php in 
Z-BlogPHP ...)
@@ -5859,43 +5858,35 @@ CVE-2018-18650 (An issue was discovered in Xpdf 4.00. 
XRef::readXRefStream in XR
 CVE-2018-18649 (An issue was discovered in the wiki API in GitLab Community 
and ...)
        - gitlab <not-affected> (Only affects 11.3 and later)
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18648 [Information exposure through stack trace error message]
-       RESERVED
+CVE-2018-18648 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        - gitlab <not-affected> (Only affects 11.2 and later)
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18647 [Unauthorized changes to a protected branch's access levels]
-       RESERVED
+CVE-2018-18647 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        - gitlab <not-affected> (Only affects GitLab EE)
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18646 [SSRF in Hipchat integration]
-       RESERVED
+CVE-2018-18646 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        [experimental] - gitlab 11.2.8+dfsg-1
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18645 [Information exposure when replying to issues through email]
-       RESERVED
+CVE-2018-18645 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        [experimental] - gitlab 11.2.8+dfsg-1
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18644 [Metrics information disclosure in Prometheus integration]
-       RESERVED
+CVE-2018-18644 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        - gitlab <not-affected> (Only affects GitLab EE)
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18643 [Persistent XSS autocomplete]
        RESERVED
        - gitlab <not-affected> (Only affects 11.2 and later)
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18642 [Persistent XSS in License Management and Security Reports]
-       RESERVED
+CVE-2018-18642 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        - gitlab <not-affected> (Only affects GitLab EE)
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18641 [Cleartext storage of personal access tokens]
-       RESERVED
+CVE-2018-18641 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        [experimental] - gitlab 11.2.8+dfsg-1
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
-CVE-2018-18640 [Information exposure in stored browser history]
-       RESERVED
+CVE-2018-18640 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
        [experimental] - gitlab 11.2.8+dfsg-1
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
@@ -7720,10 +7711,10 @@ CVE-2018-17978
        RESERVED
 CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among 
XFRM ...)
        - linux <undetermined>
-CVE-2018-17976
-       RESERVED
-CVE-2018-17975
-       RESERVED
+CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x 
before ...)
+       TODO: check
+CVE-2018-17975 (An issue was discovered in GitLab Community Edition 11.x 
before ...)
+       TODO: check
 CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based 
buffer ...)
        - tcpreplay <unfixed> (bug #910598)
        [stretch] - tcpreplay <no-dsa> (Minor issue)
@@ -7837,8 +7828,8 @@ CVE-2018-17941
        RESERVED
 CVE-2018-17940
        RESERVED
-CVE-2018-17939
-       RESERVED
+CVE-2018-17939 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
+       TODO: check
 CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content 
spoofing via ...)
        NOT-FOR-US: Zimbra
 CVE-2018-17937
@@ -9637,8 +9628,8 @@ CVE-2018-17162
        RESERVED
 CVE-2018-17161
        RESERVED
-CVE-2018-17160
-       RESERVED
+CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, 
...)
+       TODO: check
 CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, 
the NFS ...)
        TODO: check
 CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an 
integer ...)
@@ -41419,8 +41410,8 @@ CVE-2018-5498
        RESERVED
 CVE-2018-5497
        RESERVED
-CVE-2018-5496
-       RESERVED
+CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are 
...)
+       TODO: check
 CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a 
vulnerability ...)
        NOT-FOR-US: NetApp
 CVE-2018-5494



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634cd1bbf5a5f4cf90e51f37542857487d8d7c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2634cd1bbf5a5f4cf90e51f37542857487d8d7c4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to