[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 05 Oct 2018 01:11:30 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a54e86e0 by security tracker role at 2018-10-05T08:10:29Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,58 @@
-CVE-2018-17983 [manifest: fix out-of-bounds read of corrupted manifest entry]
+CVE-2018-18003
+       RESERVED
+CVE-2018-18002
+       RESERVED
+CVE-2018-18001
+       RESERVED
+CVE-2018-18000
+       RESERVED
+CVE-2018-17999
+       RESERVED
+CVE-2018-17998
+       RESERVED
+CVE-2018-17997
+       RESERVED
+CVE-2018-17996
+       RESERVED
+CVE-2018-17995
+       RESERVED
+CVE-2018-17994
+       RESERVED
+CVE-2018-17993
+       RESERVED
+CVE-2018-17992
+       RESERVED
+CVE-2018-17991
+       RESERVED
+CVE-2018-17990
+       RESERVED
+CVE-2018-17989
+       RESERVED
+CVE-2018-17988
+       RESERVED
+CVE-2018-17987
+       RESERVED
+CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the 
password ...)
+       TODO: check
+CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as 
...)
+       TODO: check
+CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig 
before 3.1.13 ...)
+       TODO: check
+CVE-2018-17982
+       RESERVED
+CVE-2018-17981
+       RESERVED
+CVE-2018-17980
+       RESERVED
+CVE-2015-9272 (The videowhisper-video-presentation plugin 3.31.17 for 
WordPress allows ...)
+       TODO: check
+CVE-2014-10076 (The wp-db-backup plugin 2.2.4 for WordPress relies on a 
five-character ...)
+       TODO: check
+CVE-2014-10075 (The karo gem 2.3.8 for Ruby allows Remote command injection 
via the ...)
+       TODO: check
+CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require ...)
+       TODO: check
+CVE-2018-17983 (cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds 
read ...)
        - mercurial 4.7.2-1
        [jessie] - mercurial <not-affected> (Vulnerable code not present)
        NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
@@ -187,8 +241,8 @@ CVE-2018-17893
        RESERVED
 CVE-2018-17892
        RESERVED
-CVE-2018-17891
-       RESERVED
+CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior 
running ...)
+       TODO: check
 CVE-2018-17890
        RESERVED
 CVE-2018-17889
@@ -266,7 +320,7 @@ CVE-2018-17856
        RESERVED
 CVE-2018-17855
        RESERVED
-CVE-2015-9271
+CVE-2015-9271 (The VideoWhisper videowhisper-video-conference-integration 
plugin ...)
        NOT-FOR-US: WordPress plugin videowhisper-video-conference-integration
 CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for 
...)
        NOT-FOR-US: the-holiday-calendar plugin for WordPress
@@ -282,8 +336,8 @@ CVE-2018-17851
        REJECTED
 CVE-2018-17850
        REJECTED
-CVE-2018-17849
-       RESERVED
+CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka 
File ...)
+       TODO: check
 CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go 
mishandles ...)
        TODO: check
 CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go 
mishandles ...)
@@ -3444,16 +3498,16 @@ CVE-2015-9266 (The web management interface of Ubiquiti 
airMAX, airFiber, airGat
        NOT-FOR-US: Ubiquiti
 CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...)
        NOT-FOR-US: baigo CMS
-CVE-2018-16457
-       RESERVED
-CVE-2018-16456
-       RESERVED
-CVE-2018-16455
-       RESERVED
+CVE-2018-16457 (PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows 
remote ...)
+       TODO: check
+CVE-2018-16456 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a 
keyword. ...)
+       TODO: check
+CVE-2018-16455 (PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a 
keyword. ...)
+       TODO: check
 CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote 
attackers to cause a denial of service (web-interface change) via an inverted 
comma. ...)
        NOT-FOR-US: PHP Scripts Mall Olx Clone
-CVE-2018-16453
-       RESERVED
+CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the 
search ...)
+       TODO: check
 CVE-2018-16452
        RESERVED
 CVE-2018-16451
@@ -3825,8 +3879,8 @@ CVE-2018-16328 (In ImageMagick before 7.0.8-8, a NULL 
pointer dereference exists
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/68e4f4d22abaf97b61019ea85f74e2f639d0e93e
 CVE-2018-16327 (There is Stored XSS in Subrion 4.2.1 via the admin panel URL 
...)
        NOT-FOR-US: Subrion CMS
-CVE-2018-16326
-       RESERVED
+CVE-2018-16326 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
+       TODO: check
 CVE-2018-16325 (There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php 
title ...)
        NOT-FOR-US: GetSimple CMS
 CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the 
/webmail/ ...)
@@ -11288,8 +11342,7 @@ CVE-2018-13259 (An issue was discovered in zsh before 
5.6. Shebang lines exceedi
        [jessie] - zsh <no-dsa> (Minor issue)
        NOTE: https://www.zsh.org/mla/zsh-announce/136
        NOTE: 
https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
-CVE-2018-13258 [mediawiki: Tarball was missing .htaccess files]
-       RESERVED
+CVE-2018-13258 (Mediawiki 1.31 before 1.31.1 misses .htaccess files in the 
provided ...)
        - mediawiki <not-affected> (Affected upstream tarball was never used)
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
        NOTE: https://phabricator.wikimedia.org/T199029
@@ -47959,20 +48012,17 @@ CVE-2018-0507 (Untrusted search path vulnerability in 
FLET'S VIRUS CLEAR Easy Se
        NOT-FOR-US: FLET'S VIRUS CLEAR
 CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute 
arbitrary ...)
        NOT-FOR-US: Nootka
-CVE-2018-0505 [mediawiki: BotPasswords can bypass CentralAuth's account lock]
-       RESERVED
+CVE-2018-0505 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 
contains a ...)
        {DSA-4301-1}
        - mediawiki 1:1.31.1-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
        NOTE: https://phabricator.wikimedia.org/T194605
-CVE-2018-0504 [mediawiki: Information disclosure in Special:Redirect/logid]
-       RESERVED
+CVE-2018-0504 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 
contains an ...)
        {DSA-4301-1}
        - mediawiki 1:1.31.1-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
        NOTE: https://phabricator.wikimedia.org/T187638
-CVE-2018-0503 [mediawiki: wgRateLimits entry for 'user' overrides 'newbie']
-       RESERVED
+CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 
contains a ...)
        {DSA-4301-1}
        - mediawiki 1:1.31.1-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a54e86e016eab448d1ca1c983765838c5e34a578

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a54e86e016eab448d1ca1c983765838c5e34a578
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to