Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e9b7214 by security tracker role at 2019-03-16T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,39 @@
+CVE-2019-9845
+ RESERVED
+CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4
allows ...)
+ TODO: check
+CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin)
and ...)
+ TODO: check
+CVE-2019-9842
+ RESERVED
+CVE-2019-9841
+ RESERVED
+CVE-2019-9840
+ RESERVED
+CVE-2018-20814 (An XSS issue was found with Psaldownload.cgi in Pulse Secure
Pulse ...)
+ TODO: check
+CVE-2018-20813 (An input validation issue has been found with
login_meeting.cgi in ...)
+ TODO: check
+CVE-2018-20812 (An information exposure issue where IPv6 DNS traffic would be
sent ...)
+ TODO: check
+CVE-2018-20811 (A hidden RPC service issue was found with Pulse Secure Pulse
Connect ...)
+ TODO: check
+CVE-2018-20810 (Session data between cluster nodes during cluster
synchronization is ...)
+ TODO: check
+CVE-2018-20809 (A crafted message can cause the web server to crash with Pulse
Secure ...)
+ TODO: check
+CVE-2018-20808 (An XSS issue has been found with rd.cgi in Pulse Secure Pulse
Connect ...)
+ TODO: check
+CVE-2018-20807 (An XSS issue has been found in welcome.cgi in Pulse Secure
Pulse ...)
+ TODO: check
+CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS
via the ...)
+ TODO: check
CVE-2019-9839
RESERVED
CVE-2019-9838
RESERVED
-CVE-2019-9837
- RESERVED
+CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for
...)
+ TODO: check
CVE-2019-9836
RESERVED
CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless
Keyboard Set ...)
@@ -8876,8 +8906,8 @@ CVE-2019-6151
RESERVED
CVE-2019-6150
RESERVED
-CVE-2019-6149
- RESERVED
+CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo
Dynamic ...)
+ TODO: check
CVE-2019-6148
RESERVED
CVE-2019-6147
@@ -10256,8 +10286,8 @@ CVE-2019-5618
RESERVED
CVE-2019-5617
RESERVED
-CVE-2019-5616
- RESERVED
+CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing
electrical ...)
+ TODO: check
CVE-2019-5615
RESERVED
CVE-2019-5614
@@ -15862,7 +15892,7 @@ CVE-2018-20324
RESERVED
CVE-2018-20323
RESERVED
-CVE-2018-20322 (LimeSurvey contains an XSS vulnerability while uploading a ZIP
file, ...)
+CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting
(XSS) ...)
- limesurvey <itp> (bug #472802)
CVE-2018-20321
RESERVED
@@ -18715,8 +18745,8 @@ CVE-2018-20108
REJECTED
CVE-2018-20107
REJECTED
-CVE-2018-20106
- RESERVED
+CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB
printer ...)
+ TODO: check
CVE-2018-20105
RESERVED
CVE-2018-20104
@@ -21077,8 +21107,8 @@ CVE-2018-19873 (An issue was discovered in Qt before
5.11.3. QBmpHandler has a b
NOTE:
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/238749/
NOTE:
https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
-CVE-2018-19872
- RESERVED
+CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image
causes a ...)
+ TODO: check
CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile
...)
- qtimageformats-opensource-src 5.11.3-2 (low)
[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
@@ -25339,7 +25369,7 @@ CVE-2018-19293
RESERVED
CVE-2018-19292
RESERVED
-CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There is a CSRF
vulnerability ...)
+CVE-2018-19291 (An issue was discovered in DiliCMS 2.4.0. There is a CSRF
vulnerability ...)
NOT-FOR-US: DiliCMS
CVE-2018-19290 (In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax
syntax ...)
NOT-FOR-US: Budabot
@@ -28593,8 +28623,8 @@ CVE-2018-18207 (Virtualmin 6.03 allows Frame Injection
via the settings-editor_r
NOT-FOR-US: Virtualmin
CVE-2018-18206 (In the client in Bytom before 1.0.6, checkTopicRegister in ...)
NOT-FOR-US: Bytom
-CVE-2018-18205
- RESERVED
+CVE-2018-18205 (Topvision CC8800 CMTS C-E devices allow remote attackers to
obtain ...)
+ TODO: check
CVE-2018-18204
RESERVED
CVE-2018-18203 (A vulnerability in the update mechanism of Subaru StarLink
Harman head ...)
@@ -28615,7 +28645,7 @@ CVE-2018-18197 (An issue was discovered in libgig
4.1.0. There is an operator ne
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based
buffer ...)
- libgig <undetermined>
NOTE:
https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
-CVE-2018-18195 (An issue discovered in libgig 4.1.0. There is an FPE
(divide-by-zero ...)
+CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE
(divide-by-zero ...)
- libgig <undetermined>
NOTE:
https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based
buffer ...)
@@ -29237,10 +29267,10 @@ CVE-2018-17958 (Qemu has a Buffer Overflow in
rtl8139_do_receive in hw/net/rtl81
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
CVE-2018-17957 (The YaST2 RMT module for configuring the SUSE Repository
Mirroring ...)
NOT-FOR-US: YaST2 RMT module
-CVE-2018-17956
- RESERVED
-CVE-2018-17955
- RESERVED
+CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the
...)
+ TODO: check
+CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary
filename ...)
+ TODO: check
CVE-2018-17954
RESERVED
CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access
rule ...)
@@ -29408,8 +29438,8 @@ CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the
Linux kernel before 4.18.12
NOTE:
https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279
CVE-2018-17884 (XSS exists in admin/gb-dashboard-widget.php in the Gwolle
Guestbook ...)
NOT-FOR-US: WordPress plugin gwolle-gb
-CVE-2018-17882
- RESERVED
+CVE-2018-17882 (An Integer overflow vulnerability exists in the batchTransfer
function ...)
+ TODO: check
CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead
configuration ...)
NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead
configuration ...)
@@ -33337,9 +33367,9 @@ CVE-2018-16368 (SplashXPath::strokeAdjust in
splash/SplashXPath.cc in Xpdf 4.00
NOTE: Crash in GUI/CLI tool, no security impact
CVE-2018-16367 (In OnlineJudge 2.0, the sandbox has an incorrect access
control ...)
NOT-FOR-US: OnlineJudge
-CVE-2018-16366 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+CVE-2018-16366 (An issue was discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+CVE-2018-16365 (An issue was discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-16364 (A serialization vulnerability in Zoho ManageEngine
Applications ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
@@ -35538,10 +35568,10 @@ CVE-2018-15511
RESERVED
CVE-2018-15510
RESERVED
-CVE-2018-15509
- RESERVED
-CVE-2018-15508
- RESERVED
+CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control
(issue 2 ...)
+ TODO: check
+CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control
allowing ...)
+ TODO: check
CVE-2018-15507
RESERVED
CVE-2018-15506
@@ -37296,8 +37326,8 @@ CVE-2018-14950 (The mail message display page in
SquirrelMail through 1.4.22 has
{DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
-CVE-2018-14745
- RESERVED
+CVE-2018-14745 (Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi
driver ...)
+ TODO: check
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through
2017-03-02. ...)
@@ -43170,9 +43200,9 @@ CVE-2018-12495 (The quoteblock function in markdown.c
in libmarkdown.a in DISCOU
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
NOTE: Fixed by
https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
-CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a
"Directory ...)
+CVE-2018-12494 (An issue was discovered in PublicCMS V4.0.20180210. There is a
"Directory ...)
NOT-FOR-US: PublicCMS
-CVE-2018-12493 (An issue discovered in PublicCMS V4.0.20180210. There is a
"Directory ...)
+CVE-2018-12493 (An issue was discovered in PublicCMS V4.0.20180210. There is a
"Directory ...)
NOT-FOR-US: PublicCMS
CVE-2018-12492 (PHPOK 4.9.032 has an arbitrary file deletion vulnerability in
the ...)
NOT-FOR-US: PHPOK
@@ -44386,7 +44416,7 @@ CVE-2018-12102 (md4c 0.2.6 has a NULL pointer
dereference in the function ...)
NOT-FOR-US: md4c
CVE-2018-12101
RESERVED
-CVE-2018-12100 (Sonatype Nexus Repository Manager before 3.12.0 has XSS in
multiple ...)
+CVE-2018-12100 (Sonatype Nexus Repository Manager versions 3.x before 3.12.0
has XSS ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in
dashboard links. ...)
- grafana <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e9b72147c8c6990be030a49f89cc3f4367dc799
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e9b72147c8c6990be030a49f89cc3f4367dc799
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
