[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 22 Dec 2018 00:10:56 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
71e76cfc by security tracker role at 2018-12-22T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on 
macOS ...)
+       TODO: check
+CVE-2018-20350
+       RESERVED
+CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph 
through 0.7.1 ...)
+       TODO: check
+CVE-2018-20348 (libpff_item_tree_create_node in libpff_item_tree.c in libpff 
before ...)
+       TODO: check
+CVE-2018-20347
+       RESERVED
 CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in 
StackStorm ...)
        TODO: check
 CVE-2018-20344
@@ -38,14 +48,14 @@ CVE-2018-20327 (Chamilo LMS version 1.11.8 contains XSS in 
...)
        NOT-FOR-US: Chamilo LMS
 CVE-2018-20326
        RESERVED
-CVE-2018-20325
-       RESERVED
+CVE-2018-20325 (There is a vulnerability in load() method in 
definitions/parser.py in ...)
+       TODO: check
 CVE-2018-20324
        RESERVED
 CVE-2018-20323
        RESERVED
-CVE-2018-20322
-       RESERVED
+CVE-2018-20322 (LimeSurvey contains an XSS vulnerability while uploading a ZIP 
file, ...)
+       TODO: check
 CVE-2018-20321
        RESERVED
 CVE-2018-20320
@@ -104,12 +114,14 @@ CVE-2018-1000879 (libarchive version commit 
379867ecb330b3a952fb7bfa7bffb7bbd554
        NOTE: Introduced in: 
https://github.com/libarchive/libarchive/commit/379867ecb330b3a952fb7bfa7bffb7bbd5547205
 (3.3.0)
        NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175
 CVE-2018-1000878 (libarchive version commit 
416694915449219d505531b1096384f3237dd6cc ...)
+       {DLA-1612-1}
        - libarchive 3.3.3-2 (bug #916963)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
        NOTE: https://github.com/libarchive/libarchive/pull/1105
        NOTE: Introduced after: 
https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
        NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28
 CVE-2018-1000877 (libarchive version commit 
416694915449219d505531b1096384f3237dd6cc ...)
+       {DLA-1612-1}
        - libarchive 3.3.3-2 (bug #916964)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
        NOTE: https://github.com/libarchive/libarchive/pull/1105
@@ -457,8 +469,8 @@ CVE-2018-20228 (Subsonic V6.1.5 allows 
internetRadioSettings.view streamUrl CSRF
        NOT-FOR-US: Subsonic
 CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in 
a ZIP ...)
        NOT-FOR-US: RDF4J
-CVE-2018-20226
-       RESERVED
+CVE-2018-20226 (An organization administrator can add a super administrator in 
THEHIVE ...)
+       TODO: check
 CVE-2018-20225
        RESERVED
 CVE-2018-20224
@@ -537,8 +549,8 @@ CVE-2018-20195 (A NULL pointer dereference was discovered 
in ic_predict of ...)
 CVE-2018-20194 (There is a stack-based buffer underflow in the third instance 
of the ...)
        - faad2 <unfixed>
        NOTE: https://github.com/knik0/faad2/issues/21
-CVE-2018-20193
-       RESERVED
+CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally 
developed ...)
+       TODO: check
 CVE-2018-20192
        RESERVED
 CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read 
operation ...)
@@ -592,7 +604,8 @@ CVE-2018-20174
        RESERVED
 CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL 
injection via ...)
        NOT-FOR-US: Zoho ManageEngine OpManager
-CVE-2018-20346 ["Magellan" remote code execution vulnerability]
+CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, 
encounters an ...)
+       {DSA-4352-1 DLA-1613-1}
        - sqlite3 3.25.3-1
        - chromium 71.0.3578.80-1
        NOTE: https://blade.tencent.com/magellan/index_en.html
@@ -9159,14 +9172,14 @@ CVE-2018-19325
        RESERVED
 CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the 
...)
        NOT-FOR-US: kimsQ Rb
-CVE-2018-19323
-       RESERVED
-CVE-2018-19322
-       RESERVED
-CVE-2018-19321
-       RESERVED
-CVE-2018-19320
-       RESERVED
+CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and 
earlier, ...)
+       TODO: check
+CVE-2018-19322 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center 
v1.05.21 ...)
+       TODO: check
+CVE-2018-19321 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center 
v1.05.21 ...)
+       TODO: check
+CVE-2018-19320 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and 
earlier, ...)
+       TODO: check
 CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via 
admin.php?m=Admin&amp;c=gifts&amp;a=update to ...)
        NOT-FOR-US: SRCMS
 CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via 
admin.php?m=Admin&amp;c=manager&amp;a=update to ...)
@@ -12850,12 +12863,12 @@ CVE-2018-18011
        RESERVED
 CVE-2018-18010
        RESERVED
-CVE-2018-18009
-       RESERVED
-CVE-2018-18008
-       RESERVED
-CVE-2018-18007
-       RESERVED
+CVE-2018-18009 (dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote 
...)
+       TODO: check
+CVE-2018-18008 (spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows 
remote ...)
+       TODO: check
+CVE-2018-18007 (atbox.htm on D-Link DSL-2770L devices allows remote 
unauthenticated ...)
+       TODO: check
 CVE-2018-18006 (Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 
for ...)
        TODO: check
 CVE-2018-18005
@@ -15893,8 +15906,8 @@ CVE-2018-16780 (Complete Responsive CMS Blog through 
2018-05-20 has XSS via a co
        NOT-FOR-US: Complete Responsive CMS Blog
 CVE-2018-16779 (BlogCMS through 2016-10-25 has XSS via a comment. ...)
        NOT-FOR-US: BlogCMS
-CVE-2018-16778
-       RESERVED
+CVE-2018-16778 (Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 
through ...)
+       TODO: check
 CVE-2018-16777
        RESERVED
 CVE-2018-16776 (wityCMS 0.6.2 has XSS via the &quot;Site Name&quot; field 
found in the &quot;Contact&quot; ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e76cfc99f5c190b642073549a74bbb3d454334

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e76cfc99f5c190b642073549a74bbb3d454334
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to