Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9cb5e897 by security tracker role at 2018-12-19T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,197 @@
+CVE-2019-3408
+ RESERVED
+CVE-2019-3407
+ RESERVED
+CVE-2019-3406
+ RESERVED
+CVE-2019-3405
+ RESERVED
+CVE-2019-3404
+ RESERVED
+CVE-2019-3403
+ RESERVED
+CVE-2019-3402
+ RESERVED
+CVE-2019-3401
+ RESERVED
+CVE-2019-3400
+ RESERVED
+CVE-2019-3399
+ RESERVED
+CVE-2019-3398
+ RESERVED
+CVE-2019-3397
+ RESERVED
+CVE-2019-3396
+ RESERVED
+CVE-2019-3395
+ RESERVED
+CVE-2019-3394
+ RESERVED
+CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE)
...)
+ TODO: check
+CVE-2018-20297
+ RESERVED
+CVE-2018-20296
+ RESERVED
+CVE-2018-20295
+ RESERVED
+CVE-2018-20294
+ RESERVED
+CVE-2018-20293
+ RESERVED
+CVE-2018-20292
+ RESERVED
+CVE-2018-20291
+ RESERVED
+CVE-2018-20290
+ RESERVED
+CVE-2018-20289
+ RESERVED
+CVE-2018-20288
+ RESERVED
+CVE-2018-20287
+ RESERVED
+CVE-2018-20286
+ RESERVED
+CVE-2018-20285
+ RESERVED
+CVE-2018-20284
+ RESERVED
+CVE-2018-20283
+ RESERVED
+CVE-2018-20282
+ RESERVED
+CVE-2018-20281
+ RESERVED
+CVE-2018-20280
+ RESERVED
+CVE-2018-20279
+ RESERVED
+CVE-2018-20278
+ RESERVED
+CVE-2018-20277
+ RESERVED
+CVE-2018-20276
+ RESERVED
+CVE-2018-20275
+ RESERVED
+CVE-2018-20274
+ RESERVED
+CVE-2018-20273
+ RESERVED
+CVE-2018-20272
+ RESERVED
+CVE-2018-20271
+ RESERVED
+CVE-2018-20270
+ RESERVED
+CVE-2018-20269
+ RESERVED
+CVE-2018-20268
+ RESERVED
+CVE-2018-20267
+ RESERVED
+CVE-2018-20266
+ RESERVED
+CVE-2018-20265
+ RESERVED
+CVE-2018-20264
+ RESERVED
+CVE-2018-20263
+ RESERVED
+CVE-2018-20262
+ RESERVED
+CVE-2018-20261
+ RESERVED
+CVE-2018-20260
+ RESERVED
+CVE-2018-20259
+ RESERVED
+CVE-2018-20258
+ RESERVED
+CVE-2018-20257
+ RESERVED
+CVE-2018-20256
+ RESERVED
+CVE-2018-20255
+ RESERVED
+CVE-2018-20254
+ RESERVED
+CVE-2018-20253
+ RESERVED
+CVE-2018-20252
+ RESERVED
+CVE-2018-20251
+ RESERVED
+CVE-2018-20250
+ RESERVED
+CVE-2018-20249
+ RESERVED
+CVE-2018-20248
+ RESERVED
+CVE-2018-20247
+ RESERVED
+CVE-2018-20246
+ RESERVED
+CVE-2018-20245
+ RESERVED
+CVE-2018-20244
+ RESERVED
+CVE-2018-20243
+ RESERVED
+CVE-2018-20242
+ RESERVED
+CVE-2018-20241
+ RESERVED
+CVE-2018-20240
+ RESERVED
+CVE-2018-20239
+ RESERVED
+CVE-2018-20238
+ RESERVED
+CVE-2018-20237
+ RESERVED
+CVE-2018-20236
+ RESERVED
+CVE-2018-20235
+ RESERVED
+CVE-2018-20234
+ RESERVED
+CVE-2018-20233
+ RESERVED
+CVE-2018-20232
+ RESERVED
+CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the
two-factor-authentication ...)
+ TODO: check
+CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based
buffer ...)
+ TODO: check
+CVE-2018-20229
+ RESERVED
+CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl
CSRF, with ...)
+ TODO: check
+CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in
a ZIP ...)
+ TODO: check
+CVE-2018-20226
+ RESERVED
+CVE-2018-20225
+ RESERVED
+CVE-2018-20224
+ RESERVED
+CVE-2018-20223
+ RESERVED
+CVE-2018-20222
+ RESERVED
+CVE-2018-20221
+ RESERVED
+CVE-2018-20220
+ RESERVED
+CVE-2018-20219
+ RESERVED
+CVE-2018-20218
+ RESERVED
+CVE-2018-20217
+ RESERVED
CVE-2018-20216 [pvrdma: infinite loop in pvrdma_qp_send/recv]
RESERVED
- qemu <unfixed> (unimportant)
@@ -3306,18 +3500,18 @@ CVE-2018-20026
RESERVED
CVE-2018-20025
RESERVED
-CVE-2018-20024
- RESERVED
-CVE-2018-20023
- RESERVED
-CVE-2018-20022
- RESERVED
-CVE-2018-20021
- RESERVED
-CVE-2018-20020
- RESERVED
-CVE-2018-20019
- RESERVED
+CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
contains ...)
+ TODO: check
+CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858
contains ...)
+ TODO: check
+CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
contains ...)
+ TODO: check
+CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
contains ...)
+ TODO: check
+CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
contains ...)
+ TODO: check
+CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f
contains ...)
+ TODO: check
CVE-2018-20018 (S-CMS V3.0 has SQL injection via the S_id parameter, as
demonstrated by ...)
NOT-FOR-US: S-CMS
CVE-2018-20017 (SEMCMS 3.5 has XSS via the first text box to the
SEMCMS_Main.php URI. ...)
@@ -7291,12 +7485,12 @@ CVE-2018-19600
RESERVED
CVE-2018-19599
RESERVED
-CVE-2018-19598
- RESERVED
-CVE-2018-19597
- RESERVED
-CVE-2018-19596
- RESERVED
+CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the
/users ...)
+ TODO: check
+CVE-2018-19597 (CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document,
a ...)
+ TODO: check
+CVE-2018-19596 (Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML
in the ...)
+ TODO: check
CVE-2018-19595 (PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to
execute ...)
NOT-FOR-US: PbootCMS
CVE-2018-19594
@@ -8132,12 +8326,12 @@ CVE-2018-19510
RESERVED
CVE-2018-19509
RESERVED
-CVE-2018-19508
- RESERVED
-CVE-2018-19507
- RESERVED
-CVE-2018-19506
- RESERVED
+CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at
a ...)
+ TODO: check
+CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ...)
+ TODO: check
+CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter
in the ...)
+ TODO: check
CVE-2018-19505
RESERVED
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2
(FAAD2) ...)
@@ -9734,8 +9928,8 @@ CVE-2018-19001 (Philips HealthSuite Health Android App,
all versions. The softwa
NOT-FOR-US: Philips HealthSuite Health Android App
CVE-2018-19000
RESERVED
-CVE-2018-18999
- RESERVED
+CVE-2018-18999 (WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on
Windows ...)
+ TODO: check
CVE-2018-18998
RESERVED
CVE-2018-18997
@@ -14271,14 +14465,14 @@ CVE-2018-17197
RESERVED
CVE-2018-17196
RESERVED
-CVE-2018-17195
- RESERVED
-CVE-2018-17194
- RESERVED
-CVE-2018-17193
- RESERVED
-CVE-2018-17192
- RESERVED
+CVE-2018-17195 (The template upload API endpoint accepted requests from
different ...)
+ TODO: check
+CVE-2018-17194 (When a client request to a cluster node was replicated to
other nodes ...)
+ TODO: check
+CVE-2018-17193 (The message-page.jsp error page used the value of the HTTP
request ...)
+ TODO: check
+CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on
some HTTP ...)
+ TODO: check
CVE-2018-17191
RESERVED
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource
manager ...)
@@ -15004,8 +15198,7 @@ CVE-2018-16884 (A flaw was found in the Linux kernel in
the NFS41+ subsystem. NF
NOTE: https://patchwork.kernel.org/cover/10733767/
NOTE: https://patchwork.kernel.org/patch/10733769/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660375
-CVE-2018-16883 [Information leak in infopipe due to an improper uid
restriction]
- RESERVED
+CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly
restrict ...)
- sssd <unfixed> (bug #916824)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1659862
NOTE: Fixed in upstream 2.0.0 while refactoring code
@@ -19506,10 +19699,10 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS
via the ...)
NOT-FOR-US: ThinkSAAS
CVE-2018-15128
RESERVED
-CVE-2018-15127
- RESERVED
-CVE-2018-15126
- RESERVED
+CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de
contains ...)
+ TODO: check
+CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b
contains ...)
+ TODO: check
CVE-2018-15125 (Sensitive Information Disclosure in Zipato Zipabox Smart Home
...)
NOT-FOR-US: Zipato
CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox Smart Home Controller
BOARD ...)
@@ -40115,7 +40308,7 @@ CVE-2018-7366
RESERVED
CVE-2018-7365
RESERVED
-CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product
Orange ...)
+CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product
...)
NOT-FOR-US: ZTE
CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
NOT-FOR-US: ZTE
@@ -43574,8 +43767,8 @@ CVE-2018-6309
RESERVED
CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition
6.5.26 and ...)
NOT-FOR-US: SugarCRM
-CVE-2018-6307
- RESERVED
+CVE-2018-6307 (LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
contains ...)
+ TODO: check
CVE-2018-6306 (Unauthorized code execution from specific DLL and is known as
DLL ...)
NOT-FOR-US: Kaspersky Password Manager
CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before
7.65 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9cb5e8972c1bd5b9979404646f09cf29a4426424
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9cb5e8972c1bd5b9979404646f09cf29a4426424
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
