Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 85008a49 by security tracker role at 2018-09-17T08:10:14Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,19 +1,109 @@ -CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER] - - ghostscript 9.25~dfsg-1 - [stretch] - ghostscript 9.20~dfsg-3.2+deb9u5 - NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624 -CVE-2018-17095 +CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...) + TODO: check +CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...) + TODO: check +CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS ...) + TODO: check +CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 ...) + TODO: check +CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via ...) + TODO: check +CVE-2018-17135 RESERVED -CVE-2018-17094 +CVE-2018-17134 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...) + TODO: check +CVE-2018-17133 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...) + TODO: check +CVE-2018-17132 (admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute ...) + TODO: check +CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...) + TODO: check +CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...) + TODO: check +CVE-2018-17129 (MetInfo 6.1.0 has XSS in doexport() in ...) + TODO: check +CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB ...) + TODO: check +CVE-2018-17127 (blocking_request.cgi on ASUS GT-AC5300 devices through ...) + TODO: check +CVE-2018-17126 (CScms 4.1 allows remote code execution, as demonstrated by ...) + TODO: check +CVE-2018-17125 (CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring ...) + TODO: check +CVE-2018-17124 + RESERVED +CVE-2018-17123 + RESERVED +CVE-2018-17122 + RESERVED +CVE-2018-17121 RESERVED -CVE-2018-17093 +CVE-2018-17120 RESERVED -CVE-2018-17092 +CVE-2018-17119 RESERVED -CVE-2018-17091 +CVE-2018-17118 RESERVED -CVE-2018-17090 +CVE-2018-17117 RESERVED +CVE-2018-17116 + RESERVED +CVE-2018-17115 + RESERVED +CVE-2018-17114 + RESERVED +CVE-2018-17113 (App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf ...) + TODO: check +CVE-2018-17112 + RESERVED +CVE-2018-17111 + RESERVED +CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a products/get_products/ ...) + TODO: check +CVE-2018-17109 + RESERVED +CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...) + TODO: check +CVE-2018-17107 + RESERVED +CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...) + TODO: check +CVE-2018-17105 + RESERVED +CVE-2018-17104 (An issue was discovered in Microweber 1.0.7. There is a CSRF attack ...) + TODO: check +CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There ...) + TODO: check +CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...) + TODO: check +CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...) + TODO: check +CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...) + TODO: check +CVE-2018-17099 + RESERVED +CVE-2018-17098 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...) + TODO: check +CVE-2018-17097 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...) + TODO: check +CVE-2018-17096 (The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli ...) + TODO: check +CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER] + - ghostscript 9.25~dfsg-1 + [stretch] - ghostscript 9.20~dfsg-3.2+deb9u5 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624 +CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka ...) + TODO: check +CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...) + TODO: check +CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...) + TODO: check +CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in ...) + TODO: check +CVE-2018-17091 (An issue was discovered in DonLinkage 6.6.8. It allows remote attackers ...) + TODO: check +CVE-2018-17090 (An issue was discovered in DonLinkage 6.6.8. The modules ...) + TODO: check CVE-2018-17089 RESERVED CVE-2018-17087 @@ -664,7 +754,7 @@ CVE-2018-16794 CVE-2018-16793 RESERVED CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...) - {DLA-1504-1} + {DSA-4294-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 @@ -1851,7 +1941,7 @@ CVE-2018-16311 CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause a denial ...) NOT-FOR-US: Technicolor CVE-2018-16309 - RESERVED + REJECTED CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi ...) @@ -2915,7 +3005,7 @@ CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Inco NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671 CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...) - {DLA-1504-1} + {DSA-4294-1 DLA-1504-1} [experimental] - ghostscript 9.25~dfsg-1~exp1 - ghostscript 9.25~dfsg-1 (bug #907332; bug #907703) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156 @@ -11646,6 +11736,7 @@ CVE-2018-12372 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372 CVE-2018-12371 RESERVED + {DSA-4295-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371 @@ -11668,6 +11759,7 @@ CVE-2018-12368 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368 CVE-2018-12367 RESERVED + {DSA-4295-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367 @@ -11719,6 +11811,7 @@ CVE-2018-12362 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362 CVE-2018-12361 RESERVED + {DSA-4295-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361 @@ -32010,6 +32103,7 @@ CVE-2018-5188 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188 CVE-2018-5187 RESERVED + {DSA-4295-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187 @@ -32136,7 +32230,7 @@ CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allow NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157 CVE-2018-5156 RESERVED - {DSA-4235-1 DLA-1406-1} + {DSA-4295-1 DSA-4235-1 DLA-1406-1} - firefox-esr 52.9.0esr-1 - firefox 61.0-1 - thunderbird 1:60.0-1 @@ -35987,7 +36081,7 @@ CVE-2018-3642 CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...) NOT-FOR-US: Intel CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that ...) - {DSA-4273-1 DLA-1446-1} + {DSA-4273-2 DSA-4273-1 DLA-1446-1} - intel-microcode 3.20180703.1 NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability NOTE: No software mitigations planned to be implemented in src:linux @@ -35995,7 +36089,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...) - {DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1} + {DSA-4273-2 DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1} - intel-microcode 3.20180703.1 - linux 4.16.12-1 [stretch] - linux 4.9.107-1 @@ -45832,10 +45926,12 @@ CVE-2018-0499 (A cross-site scripting vulnerability in ...) [jessie] - xapian-core <not-affected> (vulnerable code not present) NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...) + {DSA-4296-1} - mbedtls 2.12.0-1 (bug #904821) - polarssl <removed> NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...) + {DSA-4296-1} - mbedtls 2.12.0-1 (bug #904821) - polarssl <removed> NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85008a49ff6c87b842a84cbfec6b906c1155e576 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85008a49ff6c87b842a84cbfec6b906c1155e576 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
