[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 16 Apr 2019 01:11:20 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b3bb8343 by security tracker role at 2019-04-16T08:10:48Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-11242
+       RESERVED
+CVE-2019-11241
+       RESERVED
+CVE-2019-11240
+       RESERVED
+CVE-2019-11239
+       RESERVED
+CVE-2019-11238
+       RESERVED
+CVE-2019-11237
+       RESERVED
 CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF 
injection is po ...)
        - python-urllib3 <unfixed>
        NOTE: https://github.com/urllib3/urllib3/issues/1553
@@ -33561,12 +33573,12 @@ CVE-2018-18020 (In QPDF 8.2.1, in 
libqpdf/QPDFWriter.cc, QPDFWriter::unparseObje
        NOTE: https://github.com/qpdf/qpdf/issues/243
 CVE-2018-1000806
        REJECTED
-CVE-2018-18019
-       RESERVED
-CVE-2018-18018
-       RESERVED
-CVE-2018-18017
-       RESERVED
+CVE-2018-18019 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for 
WordPre ...)
+       TODO: check
+CVE-2018-18018 (SQL Injection exists in the Tribulant Slideshow Gallery plugin 
1.6.8 f ...)
+       TODO: check
+CVE-2018-18017 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for 
WordPre ...)
+       TODO: check
 CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak vulnerability in 
WritePCXImage  ...)
        - imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1049
@@ -34572,14 +34584,14 @@ CVE-2018-17588 (AirTies Air 5021 devices with 
software 1.0.0.18 have XSS via the
        NOT-FOR-US: AirTies Air 5021 devices
 CVE-2018-17587 (AirTies Air 5750 devices with software 1.0.0.18 have XSS via 
the top.h ...)
        NOT-FOR-US: AirTies Air 5750 devices
-CVE-2018-17586
-       RESERVED
-CVE-2018-17585
-       RESERVED
-CVE-2018-17584
-       RESERVED
-CVE-2018-17583
-       RESERVED
+CVE-2018-17586 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via 
the rule ...)
+       TODO: check
+CVE-2018-17585 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via 
the wpfa ...)
+       TODO: check
+CVE-2018-17584 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via 
the wp- ...)
+       TODO: check
+CVE-2018-17583 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via 
the rule ...)
+       TODO: check
 CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. 
The get ...)
        - tcpreplay 4.3.1-1 (bug #910597)
        [stretch] - tcpreplay <no-dsa> (Minor issue)
@@ -36126,10 +36138,10 @@ CVE-2018-16969 (Citrix ShareFile StorageZones 
Controller before 5.4.2 has Inform
        NOT-FOR-US: Citrix ShareFile StorageZones Controller
 CVE-2018-16968 (Citrix ShareFile StorageZones Controller before 5.4.2 allows 
Directory ...)
        NOT-FOR-US: Citrix ShareFile StorageZones Controller
-CVE-2018-16967
-       RESERVED
-CVE-2018-16966
-       RESERVED
+CVE-2018-16967 (There is an XSS vulnerability in the mndpsingh287 File Manager 
plugin  ...)
+       TODO: check
+CVE-2018-16966 (There is a CSRF vulnerability in the mndpsingh287 File Manager 
plugin  ...)
+       TODO: check
 CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, 
there i ...)
        NOT-FOR-US: Zoho
 CVE-2018-16964
@@ -71702,10 +71714,10 @@ CVE-2018-4011 (An exploitable integer underflow 
vulnerability exists in the mdns
        NOT-FOR-US: CUJO Smart Firewall
 CVE-2018-4010 (An exploitable code execution vulnerability exists in the 
connect func ...)
        NOT-FOR-US: ProtonVPN client
-CVE-2018-4009
-       RESERVED
-CVE-2018-4008
-       RESERVED
+CVE-2018-4009 (An exploitable privilege escalation vulnerability exists in the 
Shimo  ...)
+       TODO: check
+CVE-2018-4008 (An exploitable privilege escalation vulnerability exists in the 
Shimo  ...)
+       TODO: check
 CVE-2018-4007
        RESERVED
 CVE-2018-4006



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3bb83436a16f95ac62397736ebb941d08f48a17

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3bb83436a16f95ac62397736ebb941d08f48a17
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to