Commit d5e815a3 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Merge remote-tracking branch 'origin/master'

parents ad39d5ae fef205e9
CVE-2019-9845
RESERVED
CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows ...)
TODO: check
CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and ...)
TODO: check
CVE-2019-9842
RESERVED
CVE-2019-9841
RESERVED
CVE-2019-9840
RESERVED
CVE-2018-20814 (An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse ...)
TODO: check
CVE-2018-20813 (An input validation issue has been found with login_meeting.cgi in ...)
TODO: check
CVE-2018-20812 (An information exposure issue where IPv6 DNS traffic would be sent ...)
TODO: check
CVE-2018-20811 (A hidden RPC service issue was found with Pulse Secure Pulse Connect ...)
TODO: check
CVE-2018-20810 (Session data between cluster nodes during cluster synchronization is ...)
TODO: check
CVE-2018-20809 (A crafted message can cause the web server to crash with Pulse Secure ...)
TODO: check
CVE-2018-20808 (An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect ...)
TODO: check
CVE-2018-20807 (An XSS issue has been found in welcome.cgi in Pulse Secure Pulse ...)
TODO: check
CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the ...)
TODO: check
CVE-2019-9839
RESERVED
CVE-2019-9838
RESERVED
CVE-2019-9837
RESERVED
CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for ...)
TODO: check
CVE-2019-9836
RESERVED
CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set ...)
......@@ -8876,8 +8906,8 @@ CVE-2019-6151
RESERVED
CVE-2019-6150
RESERVED
CVE-2019-6149
RESERVED
CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo Dynamic ...)
TODO: check
CVE-2019-6148
RESERVED
CVE-2019-6147
......@@ -10256,8 +10286,8 @@ CVE-2019-5618
RESERVED
CVE-2019-5617
RESERVED
CVE-2019-5616
RESERVED
CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical ...)
TODO: check
CVE-2019-5615
RESERVED
CVE-2019-5614
......@@ -15862,7 +15892,7 @@ CVE-2018-20324
RESERVED
CVE-2018-20323
RESERVED
CVE-2018-20322 (LimeSurvey contains an XSS vulnerability while uploading a ZIP file, ...)
CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) ...)
- limesurvey <itp> (bug #472802)
CVE-2018-20321
RESERVED
......@@ -18715,8 +18745,8 @@ CVE-2018-20108
REJECTED
CVE-2018-20107
REJECTED
CVE-2018-20106
RESERVED
CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB printer ...)
TODO: check
CVE-2018-20105
RESERVED
CVE-2018-20104
......@@ -21077,8 +21107,8 @@ CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a b
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/238749/
NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
CVE-2018-19872
RESERVED
CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a ...)
TODO: check
CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile ...)
- qtimageformats-opensource-src 5.11.3-2 (low)
[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
......@@ -25339,7 +25369,7 @@ CVE-2018-19293
RESERVED
CVE-2018-19292
RESERVED
CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability ...)
CVE-2018-19291 (An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability ...)
NOT-FOR-US: DiliCMS
CVE-2018-19290 (In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax ...)
NOT-FOR-US: Budabot
......@@ -28593,8 +28623,8 @@ CVE-2018-18207 (Virtualmin 6.03 allows Frame Injection via the settings-editor_r
NOT-FOR-US: Virtualmin
CVE-2018-18206 (In the client in Bytom before 1.0.6, checkTopicRegister in ...)
NOT-FOR-US: Bytom
CVE-2018-18205
RESERVED
CVE-2018-18205 (Topvision CC8800 CMTS C-E devices allow remote attackers to obtain ...)
TODO: check
CVE-2018-18204
RESERVED
CVE-2018-18203 (A vulnerability in the update mechanism of Subaru StarLink Harman head ...)
......@@ -28615,7 +28645,7 @@ CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator ne
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- libgig <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18195 (An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...)
CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...)
- libgig <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
......@@ -29237,10 +29267,10 @@ CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl81
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
CVE-2018-17957 (The YaST2 RMT module for configuring the SUSE Repository Mirroring ...)
NOT-FOR-US: YaST2 RMT module
CVE-2018-17956
RESERVED
CVE-2018-17955
RESERVED
CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the ...)
TODO: check
CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary filename ...)
TODO: check
CVE-2018-17954
RESERVED
CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule ...)
......@@ -29408,8 +29438,8 @@ CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12
NOTE: https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279
CVE-2018-17884 (XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook ...)
NOT-FOR-US: WordPress plugin gwolle-gb
CVE-2018-17882
RESERVED
CVE-2018-17882 (An Integer overflow vulnerability exists in the batchTransfer function ...)
TODO: check
CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration ...)
NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration ...)
......@@ -33337,9 +33367,9 @@ CVE-2018-16368 (SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00
NOTE: Crash in GUI/CLI tool, no security impact
CVE-2018-16367 (In OnlineJudge 2.0, the sandbox has an incorrect access control ...)
NOT-FOR-US: OnlineJudge
CVE-2018-16366 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
CVE-2018-16366 (An issue was discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
CVE-2018-16365 (An issue was discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-16364 (A serialization vulnerability in Zoho ManageEngine Applications ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
......@@ -35538,10 +35568,10 @@ CVE-2018-15511
RESERVED
CVE-2018-15510
RESERVED
CVE-2018-15509
RESERVED
CVE-2018-15508
RESERVED
CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 ...)
TODO: check
CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing ...)
TODO: check
CVE-2018-15507
RESERVED
CVE-2018-15506
......@@ -37296,8 +37326,8 @@ CVE-2018-14950 (The mail message display page in SquirrelMail through 1.4.22 has
{DLA-1484-1}
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14745
RESERVED
CVE-2018-14745 (Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver ...)
TODO: check
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
......@@ -43170,9 +43200,9 @@ CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOU
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-12494 (An issue discovered in PublicCMS V4.0.20180210. There is a &quot;Directory ...)
CVE-2018-12494 (An issue was discovered in PublicCMS V4.0.20180210. There is a &quot;Directory ...)
NOT-FOR-US: PublicCMS
CVE-2018-12493 (An issue discovered in PublicCMS V4.0.20180210. There is a &quot;Directory ...)
CVE-2018-12493 (An issue was discovered in PublicCMS V4.0.20180210. There is a &quot;Directory ...)
NOT-FOR-US: PublicCMS
CVE-2018-12492 (PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the ...)
NOT-FOR-US: PHPOK
......@@ -44386,7 +44416,7 @@ CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
NOT-FOR-US: md4c
CVE-2018-12101
RESERVED
CVE-2018-12100 (Sonatype Nexus Repository Manager before 3.12.0 has XSS in multiple ...)
CVE-2018-12100 (Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. ...)
- grafana <not-affected> (Vulnerable code introduced later)
......@@ -44595,6 +44625,7 @@ CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x th
NOTE: Related hardening commits:
NOTE: https://github.com/phusion/passenger/commit/9ed61bb4641ba1f5158fca3840d4e4088805b5af (release-5.3.2)
NOTE: https://github.com/phusion/passenger/commit/4f663c8246f529e32575d50196d11cde12a6dfda (release-5.3.3)
NOTE: https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...)
- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment