[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 21 Dec 2018 12:10:58 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0eb0b66d by security tracker role at 2018-12-21T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,35 @@
-CVE-2018-20331
+CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in 
StackStorm ...)
+       TODO: check
+CVE-2018-20344
+       RESERVED
+CVE-2018-20343
+       RESERVED
+CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a 
UART serial ...)
+       TODO: check
+CVE-2018-20341
+       RESERVED
+CVE-2018-20340
        RESERVED
-CVE-2018-20330
+CVE-2018-20339 (Zoho ManageEngine OpManager 12.3 before build 123239 allows 
XSS in the ...)
+       TODO: check
+CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows 
SQL ...)
+       TODO: check
+CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote 
function ...)
+       TODO: check
+CVE-2018-20336
+       RESERVED
+CVE-2018-20335
+       RESERVED
+CVE-2018-20334
+       RESERVED
+CVE-2018-20333
+       RESERVED
+CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 
1.2.4 for ...)
+       TODO: check
+CVE-2018-20331
        RESERVED
+CVE-2018-20330 (The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer 
overflow ...)
+       TODO: check
 CVE-2018-20329 (Chamilo LMS version 1.11.8 contains a ...)
        NOT-FOR-US: Chamilo LMS
 CVE-2018-20328 (Chamilo LMS version 1.11.8 contains XSS in 
main/social/group_view.php ...)
@@ -11872,12 +11900,12 @@ CVE-2018-18334
        RESERVED
 CVE-2018-18333
        RESERVED
-CVE-2018-18332
-       RESERVED
-CVE-2018-18331
-       RESERVED
-CVE-2018-18330
-       RESERVED
+CVE-2018-18332 (A Trend Micro OfficeScan XG weak file permissions 
vulnerability may ...)
+       TODO: check
+CVE-2018-18331 (A Trend Micro OfficeScan XG weak file permissions 
vulnerability on a ...)
+       TODO: check
+CVE-2018-18330 (An Address Bar Spoofing vulnerability in Trend Micro Dr. 
Safety for ...)
+       TODO: check
 CVE-2018-18329 (A KERedirect Untrusted Pointer Dereference Privilege 
Escalation ...)
        NOT-FOR-US: Trend Micro
 CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege 
Escalation ...)
@@ -15476,7 +15504,7 @@ CVE-2018-16886
        RESERVED
 CVE-2018-16885
        RESERVED
-CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. 
NFS41+ ...)
+CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. 
NFS41+ shares ...)
        - linux <unfixed>
        NOTE: https://patchwork.kernel.org/cover/10733767/
        NOTE: https://patchwork.kernel.org/patch/10733769/
@@ -28665,7 +28693,7 @@ CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), 
we added an entity expansi
 CVE-2018-11795
        REJECTED
 CVE-2018-11794
-       RESERVED
+       REJECTED
 CVE-2018-11793
        RESERVED
 CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME 
required ALTER ...)
@@ -47561,10 +47589,10 @@ CVE-2018-5204
        RESERVED
 CVE-2018-5203
        RESERVED
-CVE-2018-5202
-       RESERVED
-CVE-2018-5201
-       RESERVED
+CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that 
could ...)
+       TODO: check
+CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 
...)
+       TODO: check
 CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow 
...)
        TODO: check
 CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain 
validation, It ...)
@@ -47573,8 +47601,8 @@ CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race 
condition when calling the ..
        TODO: check
 CVE-2018-5197
        RESERVED
-CVE-2018-5196
-       RESERVED
+CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow 
caused ...)
+       TODO: check
 CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer 
Overflow ...)
        NOT-FOR-US: Hancom NEO
 CVE-2018-5194
@@ -203909,7 +203937,7 @@ CVE-2013-4004 (Cross-site scripting (XSS) 
vulnerability in the Administrative co
        NOT-FOR-US: IBM WebSphere
 CVE-2013-4003 (Multiple cross-site scripting (XSS) vulnerabilities in IBM 
TRIRIGA ...)
        NOT-FOR-US: IBM TRIRIGA
-CVE-2013-4002 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
in IBM ...)
+CVE-2013-4002 (XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as 
used ...)
        - openjdk-6 6b27-1.12.7-1
        - openjdk-7 7u45-2.4.3-1
 CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center 
before ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eb0b66db94751839290a149cf5240e5690a89b1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0eb0b66db94751839290a149cf5240e5690a89b1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to