[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 18 21:10:25 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f0f6264 by security tracker role at 2018-07-18T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...)
+ TODO: check
+CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php ...)
+ TODO: check
+CVE-2018-14387 (An issue was discovered in WonderCMS before 2.5.2. An attacker can ...)
+ TODO: check
+CVE-2018-14386
+ RESERVED
+CVE-2018-14385
+ RESERVED
+CVE-2018-14384
+ RESERVED
+CVE-2018-14383
+ RESERVED
+CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
+ TODO: check
+CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect ...)
+ TODO: check
+CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead components, ...)
+ TODO: check
CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the ...)
- mp4v2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
@@ -23,8 +43,8 @@ CVE-2018-14373 (An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in ..
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2801
CVE-2018-14372
RESERVED
-CVE-2018-14371
- RESERVED
+CVE-2018-14371 (The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra ...)
+ TODO: check
CVE-2018-14370
RESERVED
CVE-2018-14369
@@ -37,8 +57,7 @@ CVE-2018-14366
RESERVED
CVE-2018-14365
RESERVED
-CVE-2018-14364 [Remote Code Execution Vulnerability in GitLab Projects Import]
- RESERVED
+CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before ...)
- gitlab <unfixed> (bug #904026)
NOTE: https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not ...)
@@ -661,8 +680,8 @@ CVE-2018-14084 (An issue was discovered in a smart contract implementation for M
NOT-FOR-US: smart contract implementation for MKCB
CVE-2018-14083
RESERVED
-CVE-2018-14082
- RESERVED
+CVE-2018-14082 (PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site ...)
+ TODO: check
CVE-2018-14081
RESERVED
CVE-2018-14080
@@ -4689,8 +4708,8 @@ CVE-2018-12431 (SeaCMS V6.61 has XSS via the site name parameter on an ...)
NOT-FOR-US: SeaCMS
CVE-2018-12430
REJECTED
-CVE-2018-12429
- RESERVED
+CVE-2018-12429 (JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish ...)
+ TODO: check
CVE-2018-12428
RESERVED
CVE-2018-12427
@@ -7188,6 +7207,7 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function
NOTE: https://github.com/liblouis/liblouis/issues/575
NOTE: https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in ...)
+ {DLA-1430-1}
- taglib <unfixed> (bug #903847)
[stretch] - taglib <no-dsa> (Minor issue)
NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
@@ -8693,8 +8713,7 @@ CVE-2018-10878
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199865
-CVE-2018-10877
- RESERVED
+CVE-2018-10877 (Linux kernel ext4 filesystem is vulnerable to an out-of-bound access ...)
{DLA-1423-1}
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
@@ -8720,8 +8739,7 @@ CVE-2018-10873
CVE-2018-10872 (A flaw was found in the way the Linux kernel handled exceptions ...)
- linux <not-affected> (Red Hat specific CVE-2018-8897 regression in RHEL 6.10)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596094
-CVE-2018-10871
- RESERVED
+CVE-2018-10871 (389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a ...)
- 389-ds-base <unfixed>
NOTE: https://pagure.io/389-ds-base/issue/49789
CVE-2018-10870
@@ -9394,8 +9412,8 @@ CVE-2018-10618
RESERVED
CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
-CVE-2018-10616
- RESERVED
+CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input validation ...)
+ TODO: check
CVE-2018-10615 (Directory traversal may lead to files being exfiltrated or deleted on ...)
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10614
@@ -10471,7 +10489,7 @@ CVE-2018-10199 (In versions of mruby up to and including 1.4.0, a use-after-free
[jessie] - mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/mruby/mruby/issues/4001
NOTE: https://github.com/mruby/mruby/commit/b51b21fc63c9805862322551387d9036f2b63433
-CVE-2018-10193 (LogMeIn LastPass through 4.9.1 allows remote attackers to cause a ...)
+CVE-2018-10193 (LogMeIn LastPass through 4.15.0 allows remote attackers to cause a ...)
NOT-FOR-US: LogMeIn LastPass
CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege escalation ...)
NOT-FOR-US: IPVanish for macOS
@@ -15756,8 +15774,7 @@ CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
NOTE: Negligable security impact, only enabled on armhf
-CVE-2018-8042
- RESERVED
+CVE-2018-8042 (Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential ...)
NOT-FOR-US: Apache Ambari
CVE-2018-8041
RESERVED
@@ -15851,8 +15868,7 @@ CVE-2018-8012 (No authentication/authorization is enforced when a server attempt
NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
NOTE: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
NOTE: https://issues.apache.org/jira/secure/attachment/12840904/ZOOKEEPER-1045-br-3-4.patch
-CVE-2018-8011
- RESERVED
+CVE-2018-8011 (By specially crafting HTTP requests, the mod_md challenge handler ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/2
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
@@ -17240,8 +17256,8 @@ CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer derefere
NOTE: no security impact
CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the ...)
NOT-FOR-US: lyadmin
-CVE-2018-7546
- RESERVED
+CVE-2018-7546 (wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 ...)
+ TODO: check
CVE-2018-7545
RESERVED
CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...)
@@ -20677,8 +20693,8 @@ CVE-2017-18105
RESERVED
CVE-2017-18104
RESERVED
-CVE-2017-18103
- RESERVED
+CVE-2017-18103 (The atlassian-http library, as used in various Atlassian products, ...)
+ TODO: check
CVE-2017-18102 (The wiki markup component of atlassian-renderer from version 8.0.0 ...)
NOT-FOR-US: wiki markup component of atlassian-renderer
CVE-2017-18101 (Various administrative external system import resources in Atlassian ...)
@@ -24574,8 +24590,8 @@ CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an over
NOTE: https://xenbits.xen.org/xsa/advisory-253.html
CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Grav CMS admin plugin
-CVE-2018-5232
- RESERVED
+CVE-2018-5232 (The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and ...)
+ TODO: check
CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before version ...)
NOT-FOR-US: Atlassian
CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from ...)
@@ -30531,441 +30547,410 @@ CVE-2018-3107
RESERVED
CVE-2018-3106
RESERVED
-CVE-2018-3105
- RESERVED
-CVE-2018-3104
- RESERVED
-CVE-2018-3103
- RESERVED
-CVE-2018-3102
- RESERVED
-CVE-2018-3101
- RESERVED
-CVE-2018-3100
- RESERVED
-CVE-2018-3099
- RESERVED
-CVE-2018-3098
- RESERVED
-CVE-2018-3097
- RESERVED
-CVE-2018-3096
- RESERVED
-CVE-2018-3095
- RESERVED
-CVE-2018-3094
- RESERVED
-CVE-2018-3093
- RESERVED
-CVE-2018-3092
- RESERVED
-CVE-2018-3091
- RESERVED
+CVE-2018-3105 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3104 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3103 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3102 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3101 (Vulnerability in the Oracle WebCenter Portal component of Oracle ...)
+ TODO: check
+CVE-2018-3100 (Vulnerability in the Oracle Business Process Management Suite ...)
+ TODO: check
+CVE-2018-3099 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3098 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3097 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3096 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3095 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3094 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3093 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3092 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3091 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3090
- RESERVED
+CVE-2018-3090 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3089
- RESERVED
+CVE-2018-3089 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3088
- RESERVED
+CVE-2018-3088 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3087
- RESERVED
+CVE-2018-3087 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3086
- RESERVED
+CVE-2018-3086 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3085
- RESERVED
+CVE-2018-3085 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3084
- RESERVED
+CVE-2018-3084 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
CVE-2018-3083
RESERVED
-CVE-2018-3082
- RESERVED
-CVE-2018-3081
- RESERVED
+CVE-2018-3082 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3081 (Vulnerability in the MySQL Client component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
-CVE-2018-3080
- RESERVED
-CVE-2018-3079
- RESERVED
-CVE-2018-3078
- RESERVED
-CVE-2018-3077
- RESERVED
+CVE-2018-3080 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3079 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3078 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3077 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3076
- RESERVED
-CVE-2018-3075
- RESERVED
-CVE-2018-3074
- RESERVED
-CVE-2018-3073
- RESERVED
-CVE-2018-3072
- RESERVED
-CVE-2018-3071
- RESERVED
+CVE-2018-3076 (Vulnerability in the PeopleSoft Enterprise CS Financial Aid component ...)
+ TODO: check
+CVE-2018-3075 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3074 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3073 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3072 (Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft ...)
+ TODO: check
+CVE-2018-3071 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3070
- RESERVED
+CVE-2018-3070 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
-CVE-2018-3069
- RESERVED
-CVE-2018-3068
- RESERVED
-CVE-2018-3067
- RESERVED
-CVE-2018-3066
- RESERVED
+CVE-2018-3069 (Vulnerability in the Oracle Agile Product Lifecycle Management for ...)
+ TODO: check
+CVE-2018-3068 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources ...)
+ TODO: check
+CVE-2018-3067 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
-CVE-2018-3065
- RESERVED
+CVE-2018-3065 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3064
- RESERVED
+CVE-2018-3064 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3063
- RESERVED
+CVE-2018-3063 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <removed>
-CVE-2018-3062
- RESERVED
+CVE-2018-3062 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3061
- RESERVED
+CVE-2018-3061 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3060
- RESERVED
+CVE-2018-3060 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
CVE-2018-3059
RESERVED
-CVE-2018-3058
- RESERVED
+CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
-CVE-2018-3057
- RESERVED
-CVE-2018-3056
- RESERVED
+CVE-2018-3057 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-3056 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3055
- RESERVED
+CVE-2018-3055 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3054
- RESERVED
+CVE-2018-3054 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
-CVE-2018-3053
- RESERVED
-CVE-2018-3052
- RESERVED
-CVE-2018-3051
- RESERVED
-CVE-2018-3050
- RESERVED
-CVE-2018-3049
- RESERVED
-CVE-2018-3048
- RESERVED
-CVE-2018-3047
- RESERVED
-CVE-2018-3046
- RESERVED
-CVE-2018-3045
- RESERVED
-CVE-2018-3044
- RESERVED
-CVE-2018-3043
- RESERVED
-CVE-2018-3042
- RESERVED
-CVE-2018-3041
- RESERVED
-CVE-2018-3040
- RESERVED
-CVE-2018-3039
- RESERVED
-CVE-2018-3038
- RESERVED
-CVE-2018-3037
- RESERVED
-CVE-2018-3036
- RESERVED
-CVE-2018-3035
- RESERVED
-CVE-2018-3034
- RESERVED
-CVE-2018-3033
- RESERVED
-CVE-2018-3032
- RESERVED
-CVE-2018-3031
- RESERVED
-CVE-2018-3030
- RESERVED
-CVE-2018-3029
- RESERVED
-CVE-2018-3028
- RESERVED
-CVE-2018-3027
- RESERVED
-CVE-2018-3026
- RESERVED
-CVE-2018-3025
- RESERVED
-CVE-2018-3024
- RESERVED
-CVE-2018-3023
- RESERVED
-CVE-2018-3022
- RESERVED
-CVE-2018-3021
- RESERVED
-CVE-2018-3020
- RESERVED
-CVE-2018-3019
- RESERVED
-CVE-2018-3018
- RESERVED
-CVE-2018-3017
- RESERVED
-CVE-2018-3016
- RESERVED
-CVE-2018-3015
- RESERVED
-CVE-2018-3014
- RESERVED
-CVE-2018-3013
- RESERVED
-CVE-2018-3012
- RESERVED
+CVE-2018-3053 (Vulnerability in the Oracle Retail Customer Management and ...)
+ TODO: check
+CVE-2018-3052 (Vulnerability in the MICROS Relate CRM Software component of Oracle ...)
+ TODO: check
+CVE-2018-3051 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3050 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3049 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3048 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3047 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3046 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3045 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3044 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3043 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3042 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3041 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3040 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3039 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3038 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3037 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-3036 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-3035 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3034 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3033 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3032 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3031 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3030 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3029 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3028 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-3027 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3026 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3025 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3024 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3023 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3022 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3021 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3020 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-3019 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-3018 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-3017 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
+ TODO: check
+CVE-2018-3016 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3015 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-3014 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2018-3013 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2018-3012 (Vulnerability in the Oracle Trade Management component of Oracle ...)
+ TODO: check
CVE-2018-3011
RESERVED
-CVE-2018-3010
- RESERVED
-CVE-2018-3009
- RESERVED
-CVE-2018-3008
- RESERVED
-CVE-2018-3007
- RESERVED
-CVE-2018-3006
- RESERVED
-CVE-2018-3005
- RESERVED
+CVE-2018-3010 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3009 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3008 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-3007 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3006 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-3005 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.2.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2018-3004
- RESERVED
-CVE-2018-3003
- RESERVED
-CVE-2018-3002
- RESERVED
-CVE-2018-3001
- RESERVED
-CVE-2018-3000
- RESERVED
-CVE-2018-2999
- RESERVED
-CVE-2018-2998
- RESERVED
-CVE-2018-2997
- RESERVED
-CVE-2018-2996
- RESERVED
-CVE-2018-2995
- RESERVED
-CVE-2018-2994
- RESERVED
-CVE-2018-2993
- RESERVED
-CVE-2018-2992
- RESERVED
-CVE-2018-2991
- RESERVED
-CVE-2018-2990
- RESERVED
-CVE-2018-2989
- RESERVED
-CVE-2018-2988
- RESERVED
-CVE-2018-2987
- RESERVED
-CVE-2018-2986
- RESERVED
-CVE-2018-2985
- RESERVED
-CVE-2018-2984
- RESERVED
+CVE-2018-3004 (Vulnerability in the Java VM component of Oracle Database Server. ...)
+ TODO: check
+CVE-2018-3003 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
+ TODO: check
+CVE-2018-3002 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
+ TODO: check
+CVE-2018-3001 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
+ TODO: check
+CVE-2018-3000 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
+ TODO: check
+CVE-2018-2999 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2998 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2997 (Vulnerability in the Oracle Scripting component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-2996 (Vulnerability in the Oracle Applications Manager component of Oracle ...)
+ TODO: check
+CVE-2018-2995 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-2994 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-2993 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
+ TODO: check
+CVE-2018-2992 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-2991 (Vulnerability in the Oracle Trade Management component of Oracle ...)
+ TODO: check
+CVE-2018-2990 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2989 (Vulnerability in the Oracle iLearning component of Oracle iLearning ...)
+ TODO: check
+CVE-2018-2988 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-2987 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2986 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2984 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
+ TODO: check
CVE-2018-2983
RESERVED
-CVE-2018-2982
- RESERVED
-CVE-2018-2981
- RESERVED
-CVE-2018-2980
- RESERVED
-CVE-2018-2979
- RESERVED
-CVE-2018-2978
- RESERVED
-CVE-2018-2977
- RESERVED
-CVE-2018-2976
- RESERVED
-CVE-2018-2975
- RESERVED
-CVE-2018-2974
- RESERVED
-CVE-2018-2973
- RESERVED
+CVE-2018-2982 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-2981 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-2980 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-2979 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-2978 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
+ TODO: check
+CVE-2018-2977 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2976 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
+ TODO: check
+CVE-2018-2975 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-2974 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-2973 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- openjdk-7 <removed>
- openjdk-8 <unfixed>
- openjdk-10 <unfixed>
-CVE-2018-2972
- RESERVED
+CVE-2018-2972 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-10 10.0.2+13-1
CVE-2018-2971
RESERVED
-CVE-2018-2970
- RESERVED
-CVE-2018-2969
- RESERVED
-CVE-2018-2968
- RESERVED
-CVE-2018-2967
- RESERVED
-CVE-2018-2966
- RESERVED
-CVE-2018-2965
- RESERVED
-CVE-2018-2964
- RESERVED
+CVE-2018-2970 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2969 (Vulnerability in the Primavera Unifier component of Oracle ...)
+ TODO: check
+CVE-2018-2968 (Vulnerability in the Primavera Unifier component of Oracle ...)
+ TODO: check
+CVE-2018-2967 (Vulnerability in the Primavera Unifier component of Oracle ...)
+ TODO: check
+CVE-2018-2966 (Vulnerability in the Primavera Unifier component of Oracle ...)
+ TODO: check
+CVE-2018-2965 (Vulnerability in the Primavera Unifier component of Oracle ...)
+ TODO: check
+CVE-2018-2964 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-10 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2018-2963
- RESERVED
-CVE-2018-2962
- RESERVED
-CVE-2018-2961
- RESERVED
-CVE-2018-2960
- RESERVED
-CVE-2018-2959
- RESERVED
-CVE-2018-2958
- RESERVED
-CVE-2018-2957
- RESERVED
-CVE-2018-2956
- RESERVED
-CVE-2018-2955
- RESERVED
-CVE-2018-2954
- RESERVED
-CVE-2018-2953
- RESERVED
-CVE-2018-2952
- RESERVED
+CVE-2018-2963 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2018-2962 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2018-2961 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2018-2960 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2018-2959 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
+ TODO: check
+CVE-2018-2958 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2957 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2018-2956 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2018-2955 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2018-2954 (Vulnerability in the Oracle Order Management component of Oracle ...)
+ TODO: check
+CVE-2018-2953 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
+CVE-2018-2952 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- openjdk-7 <removed>
- openjdk-8 <unfixed>
- openjdk-10 10.0.2+13-1
-CVE-2018-2951
- RESERVED
-CVE-2018-2950
- RESERVED
-CVE-2018-2949
- RESERVED
-CVE-2018-2948
- RESERVED
-CVE-2018-2947
- RESERVED
-CVE-2018-2946
- RESERVED
-CVE-2018-2945
- RESERVED
-CVE-2018-2944
- RESERVED
-CVE-2018-2943
- RESERVED
-CVE-2018-2942
- RESERVED
+CVE-2018-2951 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2950 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2949 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2948 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2947 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2946 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2945 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2944 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2018-2943 (Vulnerability in the Oracle Fusion Middleware MapViewer component of ...)
+ TODO: check
+CVE-2018-2942 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-7 <not-affected> (Windows-specific)
- openjdk-8 <not-affected> (Windows-specific)
-CVE-2018-2941
- RESERVED
+CVE-2018-2941 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjfx <unfixed>
-CVE-2018-2940
- RESERVED
+CVE-2018-2940 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- openjdk-7 <removed>
- openjdk-8 <unfixed>
- openjdk-10 <unfixed>
-CVE-2018-2939
- RESERVED
-CVE-2018-2938
- RESERVED
+CVE-2018-2939 (Vulnerability in the Core RDBMS component of Oracle Database Server. ...)
+ TODO: check
+CVE-2018-2938 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-7 <removed>
- openjdk-8 <unfixed>
-CVE-2018-2937
- RESERVED
-CVE-2018-2936
- RESERVED
-CVE-2018-2935
- RESERVED
-CVE-2018-2934
- RESERVED
+CVE-2018-2937 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2936 (Vulnerability in the Oracle Communications Messaging Server component ...)
+ TODO: check
+CVE-2018-2935 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2934 (Vulnerability in the Oracle Application Object Library component of ...)
+ TODO: check
CVE-2018-2933
RESERVED
-CVE-2018-2932
- RESERVED
+CVE-2018-2932 (Vulnerability in the Oracle SuperCluster Specific Software component ...)
+ TODO: check
CVE-2018-2931
RESERVED
-CVE-2018-2930
- RESERVED
-CVE-2018-2929
- RESERVED
-CVE-2018-2928
- RESERVED
-CVE-2018-2927
- RESERVED
-CVE-2018-2926
- RESERVED
-CVE-2018-2925
- RESERVED
-CVE-2018-2924
- RESERVED
-CVE-2018-2923
- RESERVED
+CVE-2018-2930 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...)
+ TODO: check
+CVE-2018-2929 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2928 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-2927 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2926 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-2925 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2924 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2923 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
CVE-2018-2922
RESERVED
-CVE-2018-2921
- RESERVED
-CVE-2018-2920
- RESERVED
-CVE-2018-2919
- RESERVED
-CVE-2018-2918
- RESERVED
-CVE-2018-2917
- RESERVED
-CVE-2018-2916
- RESERVED
-CVE-2018-2915
- RESERVED
+CVE-2018-2921 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2920 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2919 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-2918 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2917 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2916 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2915 (Vulnerability in the Hyperion Data Relationship Management component ...)
+ TODO: check
CVE-2018-2914
RESERVED
CVE-2018-2913
@@ -30978,48 +30963,48 @@ CVE-2018-2910
RESERVED
CVE-2018-2909
RESERVED
-CVE-2018-2908
- RESERVED
-CVE-2018-2907
- RESERVED
-CVE-2018-2906
- RESERVED
-CVE-2018-2905
- RESERVED
-CVE-2018-2904
- RESERVED
-CVE-2018-2903
- RESERVED
+CVE-2018-2908 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-2907 (Vulnerability in the Hyperion Financial Reporting component of Oracle ...)
+ TODO: check
+CVE-2018-2906 (Vulnerability in the Hardware Management Pack component of Oracle Sun ...)
+ TODO: check
+CVE-2018-2905 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
+ TODO: check
+CVE-2018-2904 (Vulnerability in the Oracle Communications EAGLE LNP Application ...)
+ TODO: check
+CVE-2018-2903 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
CVE-2018-2902
RESERVED
-CVE-2018-2901
- RESERVED
-CVE-2018-2900
- RESERVED
-CVE-2018-2899
- RESERVED
-CVE-2018-2898
- RESERVED
-CVE-2018-2897
- RESERVED
-CVE-2018-2896
- RESERVED
-CVE-2018-2895
- RESERVED
-CVE-2018-2894
- RESERVED
-CVE-2018-2893
- RESERVED
-CVE-2018-2892
- RESERVED
-CVE-2018-2891
- RESERVED
+CVE-2018-2901 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-2900 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2899 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2018-2898 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2018-2897 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2018-2896 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
+ TODO: check
+CVE-2018-2895 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
+ TODO: check
+CVE-2018-2894 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2893 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-2892 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-2891 (Vulnerability in the Oracle Retail Bulk Data Integration component of ...)
+ TODO: check
CVE-2018-2890
RESERVED
CVE-2018-2889
RESERVED
-CVE-2018-2888
- RESERVED
+CVE-2018-2888 (Vulnerability in the MICROS Retail-J component of Oracle Retail ...)
+ TODO: check
CVE-2018-2887
RESERVED
CVE-2018-2886
@@ -31030,10 +31015,10 @@ CVE-2018-2884
RESERVED
CVE-2018-2883
RESERVED
-CVE-2018-2882
- RESERVED
-CVE-2018-2881
- RESERVED
+CVE-2018-2882 (Vulnerability in the MICROS Retail-J component of Oracle Retail ...)
+ TODO: check
+CVE-2018-2881 (Vulnerability in the MICROS Retail-J component of Oracle Retail ...)
+ TODO: check
CVE-2018-2880
RESERVED
CVE-2018-2879 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
@@ -31421,8 +31406,7 @@ CVE-2018-2769 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
NOT-FOR-US: Oracle
-CVE-2018-2767 [Use of SSL/TLS not enforced in client library (Return of BACKRONYM)]
- RESERVED
+CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mariadb-10.2 <unfixed>
- mariadb-10.1 <unfixed>
[stretch] - mariadb-10.1 <postponed> (Wait for next upstream security/bugfix release)
@@ -31937,8 +31921,7 @@ CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2018-2598
- RESERVED
+CVE-2018-2598 (Vulnerability in the MySQL Workbench component of Oracle MySQL ...)
- mysql-workbench <unfixed>
CVE-2018-2597 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...)
NOT-FOR-US: Oracle
@@ -35211,8 +35194,7 @@ CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send careful
NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8
CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using ...)
NOT-FOR-US: Apache Spark
-CVE-2018-1333 [Apache HTTP Server HTTP/2 DoS]
- REJECTED
+CVE-2018-1333 (By specially crafting HTTP/2 requests, workers would be allocated 60 ...)
- apache2 <unfixed>
NOTE: Affects 2.4.18-2.4.33
NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f0f62649b67f032aecc91121c9453684e7e997f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f0f62649b67f032aecc91121c9453684e7e997f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180718/6976558d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list