Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d99a8778 by security tracker role at 2018-06-20T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2018-12587
+ RESERVED
+CVE-2018-12586
+ RESERVED
+CVE-2018-12585
+ RESERVED
CVE-2018-12584
RESERVED
CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an
article via an ...)
@@ -180,8 +188,8 @@ CVE-2018-12521
RESERVED
CVE-2018-12520
RESERVED
-CVE-2018-12519
- RESERVED
+CVE-2018-12519 (An issue was discovered in ShopNx through 2017-11-17. The ...)
+ TODO: check
CVE-2018-12518
RESERVED
CVE-2018-12517
@@ -770,13 +778,11 @@ CVE-2018-12296
RESERVED
CVE-2018-12295
RESERVED
-CVE-2018-12294
- RESERVED
+CVE-2018-12294 (WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in
WebKit, as ...)
- webkit2gtk 2.20.2-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
-CVE-2018-12293
- RESERVED
+CVE-2018-12293 (The getImageData function in the ImageBufferCairo class in ...)
- webkit2gtk 2.20.3-1 (unimportant)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
@@ -1200,12 +1206,12 @@ CVE-2018-12100 (Sonatype Nexus Repository Manager
before 3.12.0 has XSS in multi
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in
dashboard links. ...)
- grafana <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/grafana/grafana/pull/11813
-CVE-2018-12098
- RESERVED
-CVE-2018-12097
- RESERVED
-CVE-2018-12096
- RESERVED
+CVE-2018-12098 (The liblnk_data_block_read function in liblnk_data_block.c in
liblnk ...)
+ TODO: check
+CVE-2018-12097 (The liblnk_location_information_read_data function in ...)
+ TODO: check
+CVE-2018-12096 (The liblnk_data_string_get_utf8_string_size function in ...)
+ TODO: check
CVE-2018-12095 (A Reflected Cross-Site Scripting web vulnerability has been
discovered ...)
NOT-FOR-US: OEcms
CVE-2018-12094 (Cross-site scripting (XSS) vulnerability in news.php in
Dimofinf CMS ...)
@@ -2066,24 +2072,24 @@ CVE-2018-11733
RESERVED
CVE-2018-11732
RESERVED
-CVE-2018-11731
- RESERVED
-CVE-2018-11730
- RESERVED
-CVE-2018-11729
- RESERVED
-CVE-2018-11728
- RESERVED
-CVE-2018-11727
- RESERVED
-CVE-2018-11726
- RESERVED
-CVE-2018-11725
- RESERVED
-CVE-2018-11724
- RESERVED
-CVE-2018-11723
- RESERVED
+CVE-2018-11731 (The libfsntfs_mft_entry_read_attributes function in ...)
+ TODO: check
+CVE-2018-11730 (The libfsntfs_security_descriptor_values_free function in ...)
+ TODO: check
+CVE-2018-11729 (The libfsntfs_mft_entry_read_header function in
libfsntfs_mft_entry.c ...)
+ TODO: check
+CVE-2018-11728 (The libfsntfs_reparse_point_values_read_data function in ...)
+ TODO: check
+CVE-2018-11727 (The libfsntfs_attribute_read_from_mft function in ...)
+ TODO: check
+CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi
0.3 allows ...)
+ TODO: check
+CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3
allows ...)
+ TODO: check
+CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3
allows ...)
+ TODO: check
+CVE-2018-11723 (The libpff_name_to_id_map_entry_read function in ...)
+ TODO: check
CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the
'code' ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-11721
@@ -3718,8 +3724,8 @@ CVE-2018-11118 (The RSS subsystem in ILIAS 5.1.x, 5.2.x,
and 5.3.x before 5.3.5
NOT-FOR-US: ILIAS
CVE-2018-11117 (Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS
5.1.x, ...)
NOT-FOR-US: ILIAS
-CVE-2018-11116
- RESERVED
+CVE-2018-11116 (OpenWrt mishandles access control in /etc/config/rpcd and the
...)
+ TODO: check
CVE-2018-11115
RESERVED
CVE-2018-11114
@@ -4124,8 +4130,8 @@ CVE-2017-18266 (The open_envvar function in xdg-open in
xdg-utils before 1.1.3 d
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
NOTE: Upstream bug discussed possible other approach to fix the issue.
NOTE: Fixed by:
https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
-CVE-2018-10945
- RESERVED
+CVE-2018-10945 (The mg_handle_cgi function in mongoose.c in Mongoose 6.11
allows ...)
+ TODO: check
CVE-2018-10944 (The request_dividend function of a smart contract
implementation for ...)
NOT-FOR-US: Rasputin Online Coin
CVE-2018-10943
@@ -4417,8 +4423,7 @@ CVE-2018-10813 (In Dedos-web 1.0, the cookie and session
secrets used in the ...
NOT-FOR-US: Dedos-web
CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses
cleartext ...)
NOT-FOR-US: Bitpie application for Android and iOS
-CVE-2018-10811 [Missing Initialization of a Variable in IKEv2 Key Derivation]
- RESERVED
+CVE-2018-10811 (strongSwan 5.6.0 and older allows Remote Denial of Service
because of ...)
{DSA-4229-1}
- strongswan 5.6.3-1
NOTE:
https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
@@ -23906,6 +23911,7 @@ CVE-2018-3666
RESERVED
CVE-2018-3665 [speculative register leakage from lazy FPU context switching]
RESERVED
+ {DSA-4232-1}
- linux 4.6.1-1
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-267.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d99a8778f40f9dd91d9ba0055af011418e6b0b0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d99a8778f40f9dd91d9ba0055af011418e6b0b0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
