Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bbf2a807 by security tracker role at 2018-11-05T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,47 @@
-CVE-2018-18943
+CVE-2018-18954
RESERVED
-CVE-2018-18942
+CVE-2018-18953
RESERVED
-CVE-2018-18941
- RESERVED
-CVE-2018-18940
+CVE-2018-18952 (JEECMS 9.3 has XSS via an index.do#/content/update?type=update
URI. ...)
+ TODO: check
+CVE-2018-18951
RESERVED
-CVE-2018-18939
+CVE-2018-18950 (KindEditor through 4.1.11 has a path traversal vulnerability
in ...)
+ TODO: check
+CVE-2018-18949 (Zoho ManageEngine OpManager 12.3 before 123222 has SQL
Injection via ...)
+ TODO: check
+CVE-2018-18948
RESERVED
-CVE-2018-18938
+CVE-2018-18947
RESERVED
-CVE-2018-18937
+CVE-2018-18946
RESERVED
-CVE-2018-18936
+CVE-2018-18945
RESERVED
-CVE-2018-18935
+CVE-2018-18944
RESERVED
-CVE-2018-18934
+CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the
Register New ...)
+ TODO: check
+CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php
allows remote ...)
+ TODO: check
+CVE-2018-18941
RESERVED
-CVE-2018-18933
+CVE-2018-18940
RESERVED
+CVE-2018-18939 (An issue was discovered in WUZHI CMS 4.1.0. There is stored
XSS in ...)
+ TODO: check
+CVE-2018-18938 (An issue was discovered in WUZHI CMS 4.1.0. There is stored
XSS in ...)
+ TODO: check
+CVE-2018-18937 (An issue has been found in libIEC61850 v1.3. It is a NULL
pointer ...)
+ TODO: check
+CVE-2018-18936 (An issue was discovered in PopojiCMS v2.0.1. admin_library.php
allows ...)
+ TODO: check
+CVE-2018-18935 (An issue was discovered in PopojiCMS v2.0.1. It has CSRF via
the ...)
+ TODO: check
+CVE-2018-18934 (An issue was discovered in PopojiCMS v2.0.1.
admin_component.php is ...)
+ TODO: check
+CVE-2018-18933 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
+ TODO: check
CVE-2018-18932
RESERVED
CVE-2018-18931
@@ -259,8 +281,7 @@ CVE-2018-18822 (Grapixel New Media v2.0 allows SQL
Injection via the pages.aspx
NOT-FOR-US: Grapixel New Media
CVE-2018-18821
RESERVED
-CVE-2018-18820 [buffer overflow in url-auth]
- RESERVED
+CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication
backend of ...)
{DSA-4333-1}
- icecast2 2.4.4-1 (bug #912611)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
@@ -489,6 +510,7 @@ CVE-2018-18720 (An XSS issue was discovered in
index.php/admin/system/basic in Y
CVE-2018-18719
RESERVED
CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a
double-free ...)
+ {DLA-1567-1}
- gthumb 3:3.6.2-2 (unimportant; bug #912290)
NOTE: https://gitlab.gnome.org/GNOME/gthumb/issues/18
NOTE: Crash in end user application, no security impact
@@ -24923,8 +24945,8 @@ CVE-2018-9210
RESERVED
CVE-2018-9209
RESERVED
-CVE-2018-9208
- RESERVED
+CVE-2018-9208 (Unauthenticated arbitrary file upload vulnerability in jQuery
Picture ...)
+ TODO: check
CVE-2018-9207
RESERVED
CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp
...)
@@ -42596,6 +42618,7 @@ CVE-2018-3283 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3282 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1566-1}
- mariadb-10.1 1:10.1.37-1 (bug #912848)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.24-1 (bug #911221)
@@ -42860,6 +42883,7 @@ CVE-2018-3176 (Vulnerability in the Hyperion Common
Events component of Oracle .
CVE-2018-3175 (Vulnerability in the Hyperion Common Events component of Oracle
...)
NOT-FOR-US: Oracle
CVE-2018-3174 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1566-1}
- mariadb-10.1 1:10.1.37-1 (bug #912848)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.24-1 (bug #911221)
@@ -42992,6 +43016,7 @@ CVE-2018-3135 (Vulnerability in the PeopleSoft
Enterprise PeopleTools component
CVE-2018-3134 (Vulnerability in the Oracle Agile Product Lifecycle Management
for ...)
NOT-FOR-US: Oracle
CVE-2018-3133 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1566-1}
- mysql-5.7 5.7.24-1 (bug #911221)
- mysql-5.5 <removed>
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
@@ -43105,7 +43130,7 @@ CVE-2018-3083
CVE-2018-3082 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOT-FOR-US: Oracle MySQL 8
CVE-2018-3081 (Vulnerability in the MySQL Client component of Oracle MySQL ...)
- {DLA-1407-1}
+ {DLA-1566-1 DLA-1407-1}
- mariadb-10.1 1:10.1.34-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -43132,6 +43157,7 @@ CVE-2018-3072 (Vulnerability in the PeopleSoft HRMS
component of Oracle PeopleSo
CVE-2018-3071 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3070 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1566-1}
- mysql-5.7 5.7.23-1 (bug #904121)
- mysql-5.5 <removed>
CVE-2018-3069 (Vulnerability in the Oracle Agile Product Lifecycle Management
for ...)
@@ -43141,7 +43167,7 @@ CVE-2018-3068 (Vulnerability in the PeopleSoft
Enterprise HCM Human Resources ..
CVE-2018-3067 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOT-FOR-US: Oracle MySQL 8
CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1488-1}
+ {DLA-1566-1 DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -43156,7 +43182,7 @@ CVE-2018-3064 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.7 5.7.23-1 (bug #904121)
NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
CVE-2018-3063 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1488-1}
+ {DLA-1566-1 DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.5 <removed>
@@ -43170,7 +43196,7 @@ CVE-2018-3060 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-3059 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
NOT-FOR-US: Oracle
CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1488-1}
+ {DLA-1566-1 DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -43934,7 +43960,7 @@ CVE-2018-2769 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1407-1}
+ {DLA-1566-1 DLA-1407-1}
- mariadb-10.2 <removed>
- mariadb-10.1 1:10.1.34-1
[stretch] - mariadb-10.1 <postponed> (Wait for next upstream
security/bugfix release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbf2a807ae0ddf9ca455bf6e609daa0b683de8ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbf2a807ae0ddf9ca455bf6e609daa0b683de8ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
