Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b7b19db by security tracker role at 2018-12-06T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2018-19907 (A Server-Side Template Injection issue was discovered in
Crafter CMS ...)
+ TODO: check
+CVE-2018-19906
+ RESERVED
+CVE-2018-19905
+ RESERVED
+CVE-2018-19904
+ RESERVED
+CVE-2018-19903
+ RESERVED
+CVE-2018-19902
+ RESERVED
+CVE-2018-19901
+ RESERVED
+CVE-2018-19900
+ RESERVED
+CVE-2018-19899
+ RESERVED
+CVE-2018-19898 (ThinkCMF X2.2.2 has SQL Injection via the method edit_post in
...)
+ TODO: check
+CVE-2018-19897 (ThinkCMF X2.2.2 has SQL Injection via the function
_listorders() in ...)
+ TODO: check
+CVE-2018-19896 (ThinkCMF X2.2.2 has SQL Injection via the function delete() in
...)
+ TODO: check
+CVE-2018-19895 (ThinkCMF X2.2.2 has SQL Injection via the function edit_post()
in ...)
+ TODO: check
+CVE-2018-19894 (ThinkCMF X2.2.2 has SQL Injection via the functions check()
and ...)
+ TODO: check
+CVE-2018-19893 (SearchController.php in PbootCMS 1.2.1 has SQL injection via
the ...)
+ TODO: check
+CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the
admin/dw/add-server.php ...)
+ TODO: check
+CVE-2018-19891 (An invalid memory address dereference was discovered in the
huffcode ...)
+ TODO: check
+CVE-2018-19890 (An invalid memory address dereference was discovered in the
huffcode ...)
+ TODO: check
+CVE-2018-19889 (An invalid memory address dereference was discovered in the
huffcode ...)
+ TODO: check
+CVE-2018-19888 (An invalid memory address dereference was discovered in the
huffcode ...)
+ TODO: check
+CVE-2018-19887 (An invalid memory address dereference was discovered in the
huffcode ...)
+ TODO: check
+CVE-2018-19886 (An invalid memory address dereference was discovered in the
huffcode ...)
+ TODO: check
+CVE-2018-19885
+ RESERVED
+CVE-2018-19884
+ RESERVED
+CVE-2018-19883
+ RESERVED
+CVE-2018-19882 (In Artifex MuPDF 1.14.0, the svg_run_image function in
svg/svg-run.c ...)
+ TODO: check
+CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers
to cause ...)
+ TODO: check
+CVE-2018-19880
+ RESERVED
+CVE-2018-19879
+ RESERVED
+CVE-2018-19878
+ RESERVED
+CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the
Login ...)
+ TODO: check
+CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in
cairo-ft-font.c, would ...)
+ TODO: check
+CVE-2018-1002104
+ RESERVED
+CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the
Kubernetes ...)
+ TODO: check
+CVE-2018-1002102
+ RESERVED
CVE-2018-19875
RESERVED
CVE-2018-19874
@@ -160,7 +230,7 @@ CVE-2018-19810
RESERVED
CVE-2018-19809
RESERVED
-CVE-2018-1002105 [Kubernetes API server issue]
+CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and
v1.12.3, ...)
- kubernetes <unfixed>
NOTE:
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
NOTE: https://github.com/kubernetes/kubernetes/issues/71411
@@ -285,10 +355,10 @@ CVE-2018-19755 (There is an illegal address access at
asm/preproc.c (function: .
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
NOTE:
https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
-CVE-2018-19754
- RESERVED
-CVE-2018-19753
- RESERVED
+CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access
Control. ...)
+ TODO: check
+CVE-2018-19753 (Tarantella Enterprise before 3.11 allows Directory Traversal.
...)
+ TODO: check
CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the
assets/add/registrar.php ...)
NOT-FOR-US: DomainMOD
CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the
admin/ssl-fields/add.php ...)
@@ -507,8 +577,8 @@ CVE-2018-19652
RESERVED
CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer
through 6.1.6 ...)
NOT-FOR-US: Interspire Email Marketer
-CVE-2018-19650
- RESERVED
+CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on
...)
+ TODO: check
CVE-2019-1564
RESERVED
CVE-2019-1563
@@ -672,8 +742,8 @@ CVE-2018-19610
RESERVED
CVE-2018-19609 (ShowDoc 2.4.1 allows remote attackers to obtain sensitive
information ...)
NOT-FOR-US: ShowDoc
-CVE-2018-19608
- RESERVED
+CVE-2018-19608 (Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17
allows a ...)
+ TODO: check
CVE-2019-1534
RESERVED
CVE-2019-1533
@@ -3622,6 +3692,7 @@ CVE-2018-19479
RESERVED
CVE-2018-19478 [Attempting to open a carefully crafted PDF file results in
long-running computation]
RESERVED
+ {DSA-4346-1}
- ghostscript 9.26~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
@@ -4774,6 +4845,7 @@ CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF
protection on its kcfinder f
NOT-FOR-US: ClipperCMS
CVE-2018-19134 [ghostscript: Type confusion in setpattern (700141)]
RESERVED
+ {DSA-4346-1}
- ghostscript 9.26~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700141
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf
(master)
@@ -6802,8 +6874,7 @@ CVE-2018-18313 [Heap-buffer-overflow read in regcomp.c]
[jessie] - perl <not-affected> (Vulnerable code introduced later)
NOTE: https://rt.perl.org/Ticket/Display.html?id=133192
NOTE: maint-5.28:
https://perl5.git.perl.org/perl.git/commitdiff/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
-CVE-2018-18312 [Heap-buffer-overflow write in S_regatom (regcomp.c)]
- RESERVED
+CVE-2018-18312 (Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer
overflow via ...)
{DSA-4347-1}
- perl 5.28.1-1
[jessie] - perl <not-affected> (Vulnerable code introduced later)
@@ -10662,10 +10733,10 @@ CVE-2018-16802 (An issue was discovered in Artifex
Ghostscript before 9.25. Inco
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
-CVE-2018-16792
- RESERVED
-CVE-2018-16791
- RESERVED
+CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to
XXE via ...)
+ TODO: check
+CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the
configuration ...)
+ TODO: check
CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as
used in ...)
- libbson <unfixed> (bug #913896)
[stretch] - libbson <no-dsa> (Minor issue)
@@ -22546,8 +22617,8 @@ CVE-2018-12157
RESERVED
CVE-2018-12156
RESERVED
-CVE-2018-12155
- RESERVED
+CVE-2018-12155 (Data leakage in cryptographic libraries for Intel IPP before
2019 ...)
+ TODO: check
CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics
Drivers ...)
NOT-FOR-US: Intel
CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics
Drivers ...)
@@ -23730,8 +23801,8 @@ CVE-2018-11709 (wpforo_get_request_uri in
wpf-includes/functions.php in the wpFo
NOT-FOR-US: wpForo Forum plugin for WordPress
CVE-2018-11708
RESERVED
-CVE-2018-1002101
- RESERVED
+CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and
1.11.0-1.11.1, ...)
+ TODO: check
CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier
the DSA key ...)
{DLA-1418-1}
- bouncycastle 1.56-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7b19db32b6a509979955ceb030aa5b9b2afda3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7b19db32b6a509979955ceb030aa5b9b2afda3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
