Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e6953db by security tracker role at 2018-12-31T20:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,191 @@
+CVE-2019-3493
+ RESERVED
+CVE-2019-3492
+ RESERVED
+CVE-2019-3491
+ RESERVED
+CVE-2019-3490
+ RESERVED
+CVE-2019-3489
+ RESERVED
+CVE-2019-3488
+ RESERVED
+CVE-2019-3487
+ RESERVED
+CVE-2019-3486
+ RESERVED
+CVE-2019-3485
+ RESERVED
+CVE-2019-3484
+ RESERVED
+CVE-2019-3483
+ RESERVED
+CVE-2019-3482
+ RESERVED
+CVE-2019-3481
+ RESERVED
+CVE-2019-3480
+ RESERVED
+CVE-2019-3479
+ RESERVED
+CVE-2019-3478
+ RESERVED
+CVE-2019-3477
+ RESERVED
+CVE-2019-3476
+ RESERVED
+CVE-2019-3475
+ RESERVED
+CVE-2019-3474
+ RESERVED
+CVE-2019-3473
+ RESERVED
+CVE-2019-3472
+ RESERVED
+CVE-2019-3471
+ RESERVED
+CVE-2019-3470
+ RESERVED
+CVE-2019-3469
+ RESERVED
+CVE-2019-3468
+ RESERVED
+CVE-2019-3467
+ RESERVED
+CVE-2019-3466
+ RESERVED
+CVE-2019-3465
+ RESERVED
+CVE-2019-3464
+ RESERVED
+CVE-2019-3463
+ RESERVED
+CVE-2019-3462
+ RESERVED
+CVE-2019-3461
+ RESERVED
+CVE-2019-3460
+ RESERVED
+CVE-2019-3459
+ RESERVED
+CVE-2019-3458
+ RESERVED
+CVE-2019-3457
+ RESERVED
+CVE-2019-3456
+ RESERVED
+CVE-2019-3455
+ RESERVED
+CVE-2019-3454
+ RESERVED
+CVE-2019-3453
+ RESERVED
+CVE-2019-3452
+ RESERVED
+CVE-2019-3451
+ RESERVED
+CVE-2019-3450
+ RESERVED
+CVE-2019-3449
+ RESERVED
+CVE-2019-3448
+ RESERVED
+CVE-2019-3447
+ RESERVED
+CVE-2019-3446
+ RESERVED
+CVE-2019-3445
+ RESERVED
+CVE-2019-3444
+ RESERVED
+CVE-2019-3443
+ RESERVED
+CVE-2019-3442
+ RESERVED
+CVE-2019-3441
+ RESERVED
+CVE-2019-3440
+ RESERVED
+CVE-2019-3439
+ RESERVED
+CVE-2019-3438
+ RESERVED
+CVE-2019-3437
+ RESERVED
+CVE-2019-3436
+ RESERVED
+CVE-2019-3435
+ RESERVED
+CVE-2019-3434
+ RESERVED
+CVE-2019-3433
+ RESERVED
+CVE-2019-3432
+ RESERVED
+CVE-2019-3431
+ RESERVED
+CVE-2019-3430
+ RESERVED
+CVE-2019-3429
+ RESERVED
+CVE-2019-3428
+ RESERVED
+CVE-2019-3427
+ RESERVED
+CVE-2019-3426
+ RESERVED
+CVE-2019-3425
+ RESERVED
+CVE-2019-3424
+ RESERVED
+CVE-2019-3423
+ RESERVED
+CVE-2019-3422
+ RESERVED
+CVE-2019-3421
+ RESERVED
+CVE-2019-3420
+ RESERVED
+CVE-2019-3419
+ RESERVED
+CVE-2019-3418
+ RESERVED
+CVE-2019-3417
+ RESERVED
+CVE-2019-3416
+ RESERVED
+CVE-2019-3415
+ RESERVED
+CVE-2019-3414
+ RESERVED
+CVE-2019-3413
+ RESERVED
+CVE-2019-3412
+ RESERVED
+CVE-2019-3411
+ RESERVED
+CVE-2019-3410
+ RESERVED
+CVE-2019-3409
+ RESERVED
+CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error
function ...)
+ TODO: check
+CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in
libjasper.a ...)
+ TODO: check
+CVE-2018-20621
+ RESERVED
+CVE-2018-20620
+ RESERVED
+CVE-2018-20619
+ RESERVED
+CVE-2018-20618 (ok-file-formats through 2018-10-16 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2018-20617 (ok-file-formats through 2018-10-16 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2018-20616 (ok-file-formats through 2018-10-16 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2018-20615
+ RESERVED
CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote
attackers to ...)
NOT-FOR-US: CIM
CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
@@ -328,6 +516,7 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget
before 1.20.1 stores a
NOTE: Don't use extended attributes by default:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
NOTE: Introduced by:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3
(v1.19)
CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file
shrinkage ...)
+ {DLA-1623-1}
- tar <unfixed> (bug #917377)
[stretch] - tar <no-dsa> (Minor issue)
NOTE:
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
@@ -453,7 +642,7 @@ CVE-2018-20438 (Technicolor TC7110.AR STD3.38.03 devices
allow remote attackers
NOT-FOR-US: Technicolor
CVE-2018-20437 (** DISPUTED ** An issue was discovered in the fileDownload
function in ...)
TODO: check
-CVE-2018-20436 (The "secret chat" feature in Telegram 4.9.1 for
Android has a "side ...)
+CVE-2018-20436 (** DISPUTED ** The "secret chat" feature in Telegram
4.9.1 for Android ...)
TODO: check
CVE-2018-20435
RESERVED
@@ -4738,8 +4927,8 @@ CVE-2018-19939 (The Goodix GT9xx touchscreen driver for
custom Linux kernels on
NOT-FOR-US: Goodix GT9xx touchscreen driver
CVE-2018-19938
RESERVED
-CVE-2018-19937
- RESERVED
+CVE-2018-19937 (A local, authenticated attacker can bypass the passcode in the
...)
+ TODO: check
CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-19934
@@ -5596,8 +5785,8 @@ CVE-2018-19920
RESERVED
CVE-2018-19919 (Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php
...)
NOT-FOR-US: Pixelimity
-CVE-2018-19918
- RESERVED
+CVE-2018-19918 (CuppaCMS has XSS via an SVG document uploaded to the ...)
+ TODO: check
CVE-2019-1584
RESERVED
CVE-2019-1583
@@ -5664,18 +5853,18 @@ CVE-2018-1000853
REJECTED
CVE-2018-19907 (A Server-Side Template Injection issue was discovered in
Crafter CMS ...)
NOT-FOR-US: Crafter CMS
-CVE-2018-19906
- RESERVED
-CVE-2018-19905
- RESERVED
-CVE-2018-19904
- RESERVED
-CVE-2018-19903
- RESERVED
-CVE-2018-19902
- RESERVED
-CVE-2018-19901
- RESERVED
+CVE-2018-19906 (Stored XSS exists in razorCMS 3.4.8 via the /#/page
description ...)
+ TODO: check
+CVE-2018-19905 (HTML injection exists in razorCMS 3.4.8 via the /#/page
keywords ...)
+ TODO: check
+CVE-2018-19904 (Persistent XSS exists in XSLT CMS via the ...)
+ TODO: check
+CVE-2018-19903 (Persistent XSS exists in XSLT CMS via the ...)
+ TODO: check
+CVE-2018-19902 (No-CMS 1.1.3 is prone to Persistent XSS via the
blog/manage_article ...)
+ TODO: check
+CVE-2018-19901 (No-CMS 1.1.3 is prone to Persistent XSS via the ...)
+ TODO: check
CVE-2018-19900
RESERVED
CVE-2018-19899
@@ -5868,10 +6057,10 @@ CVE-2018-19847
RESERVED
CVE-2018-19846
RESERVED
-CVE-2018-19845
- RESERVED
-CVE-2018-19844
- RESERVED
+CVE-2018-19845 (There is Stored XSS in GetSimple CMS 3.3.12 via the
admin/edit.php ...)
+ TODO: check
+CVE-2018-19844 (FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name
parameter, ...)
+ TODO: check
CVE-2018-19843 (opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0
allows ...)
- radare2 3.1.0+dfsg-1 (low)
[stretch] - radare2 <no-dsa> (Minor issue)
@@ -11924,12 +12113,12 @@ CVE-2018-18604
RESERVED
CVE-2018-18603 (** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox
Escape ...)
NOT-FOR-US: 360 Total Security
-CVE-2018-18602
- RESERVED
-CVE-2018-18601
- RESERVED
-CVE-2018-18600
- RESERVED
+CVE-2018-18602 (The Cloud API on Guardzilla smart cameras allows user
enumeration, ...)
+ TODO: check
+CVE-2018-18601 (The TK_set_deviceModel_req_handle function in the cloud
communication ...)
+ TODO: check
+CVE-2018-18600 (The remote upgrade feature in Guardzilla GZ180 devices allow
command ...)
+ TODO: check
CVE-2018-18599 (Stegdetect through 2018-05-26 has an out-of-bounds write in
f5_compress ...)
- stegdetect <removed>
CVE-2018-18598
@@ -11942,8 +12131,8 @@ CVE-2018-18595
RESERVED
CVE-2018-18594
RESERVED
-CVE-2018-18593
- RESERVED
+CVE-2018-18593 (Remote Directory Traversal and Remote Disclosure of Privileged
...)
+ TODO: check
CVE-2018-18592
RESERVED
CVE-2018-18591 (A potential unauthorized disclosure of data vulnerability has
been ...)
@@ -15534,8 +15723,7 @@ CVE-2018-17193 (The message-page.jsp error page used
the value of the HTTP reque
NOT-FOR-US: Apache NiFi
CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on
some HTTP ...)
NOT-FOR-US: Apache NiFi
-CVE-2018-17191 [Proxy Auto-Configuration (PAC) interpretation is vulnerable
for remote command execution (RCE)]
- RESERVED
+CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy
Auto-Configuration ...)
- netbeans <unfixed>
NOTE: Fixed upstream in version 10.0
NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
@@ -43502,8 +43690,8 @@ CVE-2018-6670 (External Entity Attack vulnerability in
the ePO extension in McAf
NOT-FOR-US: McAfee
CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control
/ ...)
NOT-FOR-US: McAfee
-CVE-2018-6668
- RESERVED
+CVE-2018-6668 (A whitelist bypass vulnerability in McAfee Application Control
/ ...)
+ TODO: check
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user
...)
NOT-FOR-US: McAfee
CVE-2018-6666
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e6953dbd41723e893d1a4cab62d207c43fc888e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e6953dbd41723e893d1a4cab62d207c43fc888e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
