[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 05 Dec 2018 12:11:33 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9f52a9f8 by security tracker role at 2018-12-05T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2018-19875
+       RESERVED
+CVE-2018-19874
+       RESERVED
+CVE-2018-19873
+       RESERVED
+CVE-2018-19872
+       RESERVED
+CVE-2018-19871
+       RESERVED
+CVE-2018-19870
+       RESERVED
+CVE-2018-19869
+       RESERVED
+CVE-2018-19868
+       RESERVED
+CVE-2018-19867
+       RESERVED
+CVE-2018-19866
+       RESERVED
+CVE-2018-19865 (A keystroke logging issue was discovered in Virtual Keyboard 
in Qt ...)
+       TODO: check
+CVE-2018-19864 (NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 
allows ...)
+       TODO: check
+CVE-2018-19863
+       RESERVED
+CVE-2018-19862
+       RESERVED
+CVE-2018-19861
+       RESERVED
+CVE-2018-19860
+       RESERVED
+CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a 
relative ...)
+       TODO: check
+CVE-2018-19858
+       RESERVED
+CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media 
player ...)
+       TODO: check
+CVE-2018-19856
+       RESERVED
+CVE-2018-19855
+       RESERVED
 CVE-2018-19854 (An issue was discovered in the Linux kernel before 4.19.3. ...)
        - linux 4.18.20-1
        [stretch] - linux <not-affected> (Vulnerable code not present)
@@ -171,8 +213,8 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 
0.115 that allows a u
 CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. 
lxml/html/clean.py in the ...)
        - lxml 4.2.5-1
        NOTE: Fixed by: 
https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 
(lxml-4.2.5)
-CVE-2018-19786
-       RESERVED
+CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the 
server log in ...)
+       TODO: check
 CVE-2018-19785 (PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the 
URL ...)
        NOT-FOR-US: PHP-Proxy
 CVE-2018-19784 (The str_rot_pass function in ...)
@@ -13171,8 +13213,8 @@ CVE-2018-15799
        RESERVED
 CVE-2018-15798
        RESERVED
-CVE-2018-15797
-       RESERVED
+CVE-2018-15797 (Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x 
prior to ...)
+       TODO: check
 CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, 
uses an ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2018-15795 (Pivotal CredHub Service Broker, versions prior to 1.1.0, uses 
a ...)
@@ -13219,8 +13261,8 @@ CVE-2018-15775
        RESERVED
 CVE-2018-15774
        RESERVED
-CVE-2018-15773
-       RESERVED
+CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption) 
v10.1.0 ...)
+       TODO: check
 CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and 
RecoverPoint for ...)
        NOT-FOR-US: EMC RecoverPoint
 CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and 
RecoverPoint for ...)
@@ -41352,7 +41394,7 @@ CVE-2018-5537 (A remote attacker may be able to disrupt 
services on F5 BIG-IP ..
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-5536 (A remote attacker via undisclosed measures, may be able to 
exploit an ...)
        NOT-FOR-US: F5 BIG-IP
-CVE-2018-5535 (On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 ...)
+CVE-2018-5535 (On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 
11.5.1-11.6.3 ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 
...)
        NOT-FOR-US: F5 BIG-IP
@@ -51320,8 +51362,8 @@ CVE-2018-1943
        RESERVED
 CVE-2018-1942
        RESERVED
-CVE-2018-1941
-       RESERVED
+CVE-2018-1941 (IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain 
admini ...)
+       TODO: check
 CVE-2018-1940
        RESERVED
 CVE-2018-1939
@@ -51738,16 +51780,16 @@ CVE-2018-1734
        RESERVED
 CVE-2018-1733
        RESERVED
-CVE-2018-1732
-       RESERVED
+CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to 
unauthorized ...)
+       TODO: check
 CVE-2018-1731
        RESERVED
-CVE-2018-1730
-       RESERVED
+CVE-2018-1730 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External 
Entity ...)
+       TODO: check
 CVE-2018-1729
        RESERVED
-CVE-2018-1728
-       RESERVED
+CVE-2018-1728 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site 
scripting. ...)
+       TODO: check
 CVE-2018-1727
        RESERVED
 CVE-2018-1726
@@ -51808,8 +51850,8 @@ CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 
7.6.3 is vulnerable to SQ
        NOT-FOR-US: IBM
 CVE-2018-1698 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an 
...)
        NOT-FOR-US: IBM
-CVE-2018-1697
-       RESERVED
+CVE-2018-1697 (IBM Maximo Asset Management 7.6 could allow an authenticated 
user to ...)
+       TODO: check
 CVE-2018-1696
        RESERVED
 CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 
installations ...)
@@ -51902,12 +51944,12 @@ CVE-2018-1652
        RESERVED
 CVE-2018-1651
        RESERVED
-CVE-2018-1650
-       RESERVED
+CVE-2018-1650 (IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which 
could ...)
+       TODO: check
 CVE-2018-1649 (IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote 
...)
        NOT-FOR-US: IBM
-CVE-2018-1648
-       RESERVED
+CVE-2018-1648 (IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected 
cryptographic ...)
+       TODO: check
 CVE-2018-1647 (IBM QRadar Incident Forensics 7.2 and 7.3 does not properly 
restrict ...)
        NOT-FOR-US: IBM
 CVE-2018-1646
@@ -52066,8 +52108,8 @@ CVE-2018-1570
        RESERVED
 CVE-2018-1569
        RESERVED
-CVE-2018-1568
-       RESERVED
+CVE-2018-1568 (IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored 
locally ...)
+       TODO: check
 CVE-2018-1567 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow ...)
        NOT-FOR-US: IBM
 CVE-2018-1566 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
@@ -104223,8 +104265,8 @@ CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies 
permissions for a security-cri
        NOT-FOR-US: IBM
 CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. 
This ...)
        NOT-FOR-US: IBM QRadar
-CVE-2017-1622
-       RESERVED
+CVE-2017-1622 (IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly 
...)
+       TODO: check
 CVE-2017-1621 (IBM Rational Quality Manager and IBM Rational Collaborative 
Lifecycle ...)
        NOT-FOR-US: IBM
 CVE-2017-1620



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f52a9f82592a5b88164aaa427ccc665f2d33ded

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f52a9f82592a5b88164aaa427ccc665f2d33ded
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to