[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 18 Dec 2018 00:10:39 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d6224e92 by security tracker role at 2018-12-18T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of 
...)
+       TODO: check
+CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of 
...)
+       TODO: check
+CVE-2018-20197 (There is a stack-based buffer underflow in the third instance 
of the ...)
+       TODO: check
+CVE-2018-20196 (There is a stack-based buffer overflow in the third instance 
of the ...)
+       TODO: check
+CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of ...)
+       TODO: check
+CVE-2018-20194 (There is a stack-based buffer underflow in the third instance 
of the ...)
+       TODO: check
+CVE-2018-20193
+       RESERVED
+CVE-2018-20192
+       RESERVED
+CVE-2018-20191
+       RESERVED
+CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function 
...)
+       TODO: check
+CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of 
coders/dib.c has ...)
+       TODO: check
 CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an 
administrator ...)
        NOT-FOR-US: FUEL CMS
 CVE-2018-20187
@@ -8061,6 +8083,7 @@ CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 
2.6.2 allows Remote Code .
 CVE-2018-19498
        RESERVED
 CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in 
tsk/fs/hfs.c ...)
+       {DLA-1610-1}
        - sleuthkit <unfixed> (low; bug #914796)
        [stretch] - sleuthkit <no-dsa> (Minor issue)
        NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
@@ -28064,7 +28087,7 @@ CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), 
we added an entity expansi
        NOTE: https://issues.apache.org/jira/projects/TIKA/issues/TIKA-2727
        NOTE: https://github.com/apache/tika/commit/86d4ba1e
 CVE-2018-11795
-       RESERVED
+       REJECTED
 CVE-2018-11794
        RESERVED
 CVE-2018-11793
@@ -28174,6 +28197,7 @@ CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML 
parsers were not configured
 CVE-2018-11760
        RESERVED
 CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised 
the ...)
+       {DLA-1609-1}
        - libapache-mod-jk 1:1.2.46-1
        NOTE: 
https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.46
        NOTE: 
https://www.immunit.ch/blog/2018/11/01/cve-2018-11759-apache-mod_jk-access-bypass/
@@ -38474,8 +38498,8 @@ CVE-2018-7835
        RESERVED
 CVE-2018-7834
        RESERVED
-CVE-2018-7833
-       RESERVED
+CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability ...)
+       TODO: check
 CVE-2018-7832
        RESERVED
 CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web 
Page ...)
@@ -38516,8 +38540,8 @@ CVE-2018-7814
        RESERVED
 CVE-2018-7813
        RESERVED
-CVE-2018-7812
-       RESERVED
+CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability 
exists in ...)
+       TODO: check
 CVE-2018-7811 (An Unverified Password Change vulnerability exists in the 
embedded web ...)
        NOT-FOR-US: Modicon (Schneider Electric)
 CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation 
...)
@@ -38532,8 +38556,8 @@ CVE-2018-7806 (Data Center Operation allows for the 
upload of a zip file from it
        NOT-FOR-US: Data Center Operation
 CVE-2018-7805
        RESERVED
-CVE-2018-7804
-       RESERVED
+CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the 
...)
+       TODO: check
 CVE-2018-7803
        RESERVED
 CVE-2018-7802
@@ -38546,8 +38570,8 @@ CVE-2018-7799 (A DLL hijacking vulnerability exists in 
Schneider Electric Softwa
        NOT-FOR-US: Schneider Electric
 CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
        NOT-FOR-US: Schneider
-CVE-2018-7797
-       RESERVED
+CVE-2018-7797 (A URL redirection vulnerability exists in Power Monitoring 
Expert, ...)
+       TODO: check
 CVE-2018-7796
        RESERVED
 CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6224e92fc58ad82d08947d55595d3a6d2ebbb4e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6224e92fc58ad82d08947d55595d3a6d2ebbb4e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to