Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b25b3357 by security tracker role at 2018-12-19T08:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4674,8 +4674,8 @@ CVE-2018-19831 RESERVED CVE-2018-19830 RESERVED -CVE-2018-19829 - RESERVED +CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in ...) + TODO: check CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...) NOT-FOR-US: Artica Integria IMS CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...) @@ -4763,12 +4763,10 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows lo NOT-FOR-US: OpenLiteSpeed CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not ...) NOT-FOR-US: OpenLiteSpeed -CVE-2018-19790 [symfony: Open Redirect Vulnerability when using Security\Http] - RESERVED +CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...) - symfony 3.4.20+dfsg-1 NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http -CVE-2018-19789 [symfony: Disclosure of uploaded files full path] - RESERVED +CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before ...) - symfony 3.4.20+dfsg-1 NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user ...) @@ -9898,8 +9896,8 @@ CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...) NOT-FOR-US: AbiSoft Ticketly CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...) NOT-FOR-US: AbiSoft Ticketly -CVE-2018-18921 - RESERVED +CVE-2018-18921 (PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete ...) + TODO: check CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...) - python3-py-evm <itp> (bug #884796) CVE-2018-18919 (The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment ...) @@ -12909,8 +12907,8 @@ CVE-2018-17779 RESERVED CVE-2018-17778 RESERVED -CVE-2018-17777 - RESERVED +CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If ...) + TODO: check CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...) NOT-FOR-US: PCProtect Anti-Virus CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for ...) @@ -14978,8 +14976,7 @@ CVE-2018-16886 RESERVED CVE-2018-16885 RESERVED -CVE-2018-16884 [nfs: use-after-free in svc_process_common()] - RESERVED +CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ ...) - linux <unfixed> NOTE: https://patchwork.kernel.org/cover/10733767/ NOTE: https://patchwork.kernel.org/patch/10733769/ @@ -41348,8 +41345,8 @@ CVE-2018-6980 (VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before NOT-FOR-US: VMware CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console (A/W ...) NOT-FOR-US: VMware -CVE-2018-6978 - RESERVED +CVE-2018-6978 (vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before ...) + TODO: check CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion ...) NOT-FOR-US: VMware CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data ...) @@ -229071,7 +229068,7 @@ CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly ot - mysql-5.5 5.5.22 (bug #675872) - cyassl <not-affected> (Fixed before initial upload to archive) NOTE: limited information about issue, only a video of exploit taking place -CVE-2012-0881 (Apache Xerces2 Java allows remote attackers to cause a denial of ...) +CVE-2012-0881 (Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ...) - libxerces2-java <unfixed> (unimportant) NOTE: Negligible impact for Xerces CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of service ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits