[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 19 Dec 2018 00:11:08 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b25b3357 by security tracker role at 2018-12-19T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4674,8 +4674,8 @@ CVE-2018-19831
        RESERVED
 CVE-2018-19830
        RESERVED
-CVE-2018-19829
-       RESERVED
+CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in ...)
+       TODO: check
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string 
parameter. ...)
        NOT-FOR-US: Artica Integria IMS
 CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the 
...)
@@ -4763,12 +4763,10 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed 
before 1.5.0 RC6 allows lo
        NOT-FOR-US: OpenLiteSpeed
 CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does 
not ...)
        NOT-FOR-US: OpenLiteSpeed
-CVE-2018-19790 [symfony: Open Redirect Vulnerability when using Security\Http]
-       RESERVED
+CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 
2.7.50, 2.8.x ...)
        - symfony 3.4.20+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
-CVE-2018-19789 [symfony: Disclosure of uploaded files full path]
-       RESERVED
+CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x 
before ...)
        - symfony 3.4.20+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
 CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a 
user ...)
@@ -9898,8 +9896,8 @@ CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by 
multiple SQL Injection ...)
        NOT-FOR-US: AbiSoft Ticketly
 CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to 
create ...)
        NOT-FOR-US: AbiSoft Ticketly
-CVE-2018-18921
-       RESERVED
+CVE-2018-18921 (PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a 
Delete ...)
+       TODO: check
 CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a 
vm.execute_bytecode ...)
        - python3-py-evm <itp> (bug #884796)
 CVE-2018-18919 (The WP Editor.md plugin 10.0.1 for WordPress allows XSS via 
the comment ...)
@@ -12909,8 +12907,8 @@ CVE-2018-17779
        RESERVED
 CVE-2018-17778
        RESERVED
-CVE-2018-17777
-       RESERVED
+CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823 
devices. If ...)
+       TODO: check
 CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has &quot;Everyone: (F)&quot; 
permission for ...)
        NOT-FOR-US: PCProtect Anti-Virus
 CVE-2018-17775 (Seqrite End Point Security v7.4 has &quot;Everyone: (F)&quot; 
permission for ...)
@@ -14978,8 +14976,7 @@ CVE-2018-16886
        RESERVED
 CVE-2018-16885
        RESERVED
-CVE-2018-16884 [nfs: use-after-free in svc_process_common()]
-       RESERVED
+CVE-2018-16884 (A flaw was found in the Linux kernel in the NFS41+ subsystem. 
NFS41+ ...)
        - linux <unfixed>
        NOTE: https://patchwork.kernel.org/cover/10733767/
        NOTE: https://patchwork.kernel.org/patch/10733769/
@@ -41348,8 +41345,8 @@ CVE-2018-6980 (VMware vRealize Log Insight (4.7.x 
before 4.7.1 and 4.6.x before
        NOT-FOR-US: VMware
 CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console 
(A/W ...)
        NOT-FOR-US: VMware
-CVE-2018-6978
-       RESERVED
+CVE-2018-6978 (vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 
...)
+       TODO: check
 CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and 
Fusion ...)
        NOT-FOR-US: VMware
 CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data 
...)
@@ -229071,7 +229068,7 @@ CVE-2012-0882 (Buffer overflow in yaSSL, as used in 
MySQL 5.5.20 and possibly ot
        - mysql-5.5 5.5.22 (bug #675872)
        - cyassl <not-affected> (Fixed before initial upload to archive)
        NOTE: limited information about issue, only a video of exploit taking 
place
-CVE-2012-0881 (Apache Xerces2 Java allows remote attackers to cause a denial 
of ...)
+CVE-2012-0881 (Apache Xerces2 Java Parser before 2.12.0 allows remote 
attackers to ...)
        - libxerces2-java <unfixed> (unimportant)
        NOTE: Negligible impact for Xerces
 CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of 
service ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b25b3357bc3d85ca4fdc46674fa102fb39765c6e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to