Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c281f82 by security tracker role at 2018-04-20T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in
a ...)
+ TODO: check
+CVE-2018-10249 (baijiacms V3 has CSRF via ...)
+ TODO: check
+CVE-2018-10248 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF
...)
+ TODO: check
+CVE-2018-10247
+ RESERVED
+CVE-2018-10246
+ RESERVED
+CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6
allows ...)
+ TODO: check
+CVE-2018-10244
+ RESERVED
+CVE-2018-10243
+ RESERVED
+CVE-2018-10242
+ RESERVED
CVE-2018-XXXX [directory traversal flaw]
- psensor 1.1.5-1 (bug #896195)
NOTE:
http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
@@ -81,8 +99,8 @@ CVE-2018-10203
RESERVED
CVE-2018-10202
RESERVED
-CVE-2018-10201
- RESERVED
+CVE-2018-10201 (An issue was discovered in NcMonitorServer.exe in NC Monitor
Server in ...)
+ TODO: check
CVE-2017-18261 (The arch_timer_reg_read_stable macro in ...)
- linux 4.13.4-1
NOTE: Fixed by:
https://git.kernel.org/linus/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4 (4.13-rc6)
@@ -286,7 +304,7 @@ CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise
Portal System (aka .
CVE-2018-10121 (plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a
stored XSS ...)
NOT-FOR-US: Monstra CMS
CVE-2018-10120 (The SwCTBWrapper::Read function in
sw/source/filter/ww8/ww8toolbar.cxx ...)
- {DLA-1356-1}
+ {DSA-4178-1 DLA-1356-1}
- libreoffice 1:6.0.2-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173
NOTE: https://gerrit.libreoffice.org/#/c/49486/
@@ -295,7 +313,7 @@ CVE-2018-10120 (The SwCTBWrapper::Read function in
sw/source/filter/ww8/ww8toolb
NOTE:
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=017fcc2fcd00af17a97bd5463d89662404f57667
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/
CVE-2018-10119 (sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1
and 6.x ...)
- {DLA-1356-1}
+ {DSA-4178-1 DLA-1356-1}
- libreoffice 1:6.0.1-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747
NOTE: https://gerrit.libreoffice.org/#/c/48751/
@@ -8425,8 +8443,8 @@ CVE-2018-6962
RESERVED
CVE-2018-6961
RESERVED
-CVE-2018-6960
- RESERVED
+CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
+ TODO: check
CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...)
NOT-FOR-US: VMware vRealize Automation
CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a ...)
@@ -16750,19 +16768,19 @@ CVE-2018-3841
CVE-2018-3840
RESERVED
CVE-2018-3839 (An exploitable code execution vulnerability exists in the XCF
image ...)
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://hg.libsdl.org/SDL_image/rev/fb643e371806910f1973abfdfe7f981e8dba60f5
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
CVE-2018-3838 (An exploitable information vulnerability exists in the XCF
image ...)
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520
CVE-2018-3837 (An exploitable information disclosure vulnerability exists in
the PCX ...)
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e
@@ -20006,17 +20024,17 @@ CVE-2018-2821 (Vulnerability in the PeopleSoft
Enterprise PeopleTools component
CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20037,7 +20055,7 @@ CVE-2018-2814 (Vulnerability in the Java SE, Java SE
Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20149,7 +20167,7 @@ CVE-2018-2782 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20180,14 +20198,14 @@ CVE-2018-2775 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-2774 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20228,7 +20246,7 @@ CVE-2018-2762 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20247,7 +20265,7 @@ CVE-2018-2757
CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service
...)
NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1355-1}
+ {DSA-4176-1 DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -24079,17 +24097,13 @@ CVE-2018-1294 (If a user of Commons-Email (typically
an application programmer)
NOTE: Fixed by:
https://svn.apache.org/viewvc?view=revision&revision=1777030
CVE-2018-1293
RESERVED
-CVE-2018-1292
- RESERVED
+CVE-2018-1292 (Within the 'getReportType' method in Apache Fineract 1.0.0, ...)
NOT-FOR-US: Apache Fineract
-CVE-2018-1291
- RESERVED
+CVE-2018-1291 (Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
NOT-FOR-US: Apache Fineract
-CVE-2018-1290
- RESERVED
+CVE-2018-1290 (In Apache Fineract versions 1.0.0, 0.6.0-incubating,
0.5.0-incubating, ...)
NOT-FOR-US: Apache Fineract
-CVE-2018-1289
- RESERVED
+CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating,
0.5.0-incubating, ...)
NOT-FOR-US: Apache Fineract
CVE-2018-1288
RESERVED
@@ -26838,8 +26852,8 @@ CVE-2018-0566
RESERVED
CVE-2018-0565
RESERVED
-CVE-2018-0564
- RESERVED
+CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0,
EC-CUBE ...)
+ TODO: check
CVE-2018-0563
RESERVED
CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine
Free ...)
@@ -36026,20 +36040,21 @@ CVE-2017-14451
RESERVED
CVE-2017-14450 [Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer
Overflow Vulnerability]
RESERVED
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499
NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84
CVE-2017-14449 [Simple DirectMedia Layer SDL2_image do_layer_surface
Double-Free Vulnerability]
RESERVED
+ {DSA-4177-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 <not-affected> (Vulnerable code not present)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498
NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c
CVE-2017-14448 [Simple DirectMedia Layer SDL2_image load_xcf_tile_rle
Decompression Code Execution Vulnerability]
RESERVED
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
@@ -36056,21 +36071,21 @@ CVE-2017-14443
RESERVED
CVE-2017-14442 [Simple DirectMedia Layer SDL2_image Image Palette Population
Code Execution Vulnerability]
RESERVED
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491
NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8
CVE-2017-14441 [Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code
Execution Vulnerability]
RESERVED
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490
NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
CVE-2017-14440 [Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code
Execution Vulnerability]
RESERVED
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489
@@ -43027,7 +43042,7 @@ CVE-2017-12123
RESERVED
CVE-2017-12122 [Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code
Execution Vulnerability]
RESERVED
- {DLA-1341-1}
+ {DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488
@@ -54289,8 +54304,8 @@ CVE-2017-8317
RESERVED
CVE-2017-8316
RESERVED
-CVE-2017-8315
- RESERVED
+CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and
earlier ...)
+ TODO: check
CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi
17.1 ...)
{DLA-1243-1}
- kodi 2:17.1+dfsg1-3 (bug #863230)
@@ -71722,7 +71737,7 @@ CVE-2017-2888 (An exploitable integer overflow
vulnerability exists when creatin
NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0
CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF
...)
- {DLA-1134-1}
+ {DSA-4177-1 DLA-1134-1}
- libsdl2-image 2.0.1+dfsg-4 (bug #878266)
- sdl-image1.2 1.2.12-7 (bug #878267)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c281f820fce65c74ef472b992cc82bbff317d0f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c281f820fce65c74ef472b992cc82bbff317d0f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
