[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 23 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f2288d17 by security tracker role at 2018-07-23T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,89 @@
-CVE-2018-14552
+CVE-2018-1999024 (MathJax version prior to version 2.7.4 contains a Cross Site Scripting ...)
+ TODO: check
+CVE-2018-1999022 (PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) ...)
+ TODO: check
+CVE-2018-1999021 (Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1999020 (Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier ...)
+ TODO: check
+CVE-2018-1999019 (Chamilo LMS version 11.x contains an Unserialization vulnerability in ...)
+ TODO: check
+CVE-2018-1999018 (Pydio version 8.2.1 and prior contains an Unvalidated user input ...)
+ TODO: check
+CVE-2018-1999017 (Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery ...)
+ TODO: check
+CVE-2018-1999016 (Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1999015 (FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains ...)
+ TODO: check
+CVE-2018-1999014 (FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains ...)
+ TODO: check
+CVE-2018-1999013 (FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ...)
+ TODO: check
+CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...)
+ TODO: check
+CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...)
+ TODO: check
+CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...)
+ TODO: check
+CVE-2018-1999009 (October CMS version prior to Build 437 contains a Local File Inclusion ...)
+ TODO: check
+CVE-2018-1999008 (October CMS version prior to build 437 contains a Cross Site Scripting ...)
+ TODO: check
+CVE-2018-14568
RESERVED
-CVE-2018-14551
+CVE-2018-14567
RESERVED
-CVE-2018-14550
+CVE-2018-14566
+ RESERVED
+CVE-2018-14565 (An issue was discovered in libthulac.so in THULAC through 2018-02-25. A ...)
+ TODO: check
+CVE-2018-14564 (An issue was discovered in libthulac.so in THULAC through 2018-02-25. A ...)
+ TODO: check
+CVE-2018-14563 (An issue was discovered in libthulac.so in THULAC through 2018-02-25. ...)
+ TODO: check
+CVE-2018-14562 (An issue was discovered in libthulac.so in THULAC through 2018-02-25. A ...)
+ TODO: check
+CVE-2018-14561
RESERVED
-CVE-2018-14549
+CVE-2018-14560
RESERVED
-CVE-2018-14548
+CVE-2018-14559
RESERVED
-CVE-2018-14547
+CVE-2018-14558
RESERVED
-CVE-2018-14546
+CVE-2018-14557
+ RESERVED
+CVE-2018-14556
RESERVED
-CVE-2018-14545
+CVE-2018-14555
RESERVED
-CVE-2018-14544
+CVE-2018-14554
RESERVED
-CVE-2018-14543
+CVE-2018-14553
RESERVED
+CVE-2016-10728
+ RESERVED
+CVE-2018-14552
+ RESERVED
+CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses ...)
+ TODO: check
+CVE-2018-14550
+ RESERVED
+CVE-2018-14549 (An issue has been found in libwav through 2017-04-20. It is a SEGV in ...)
+ TODO: check
+CVE-2018-14548
+ RESERVED
+CVE-2018-14547
+ RESERVED
+CVE-2018-14546
+ RESERVED
+CVE-2018-14545 (There exists one invalid memory read bug in ...)
+ TODO: check
+CVE-2018-14544 (There exists one invalid memory read bug in ...)
+ TODO: check
+CVE-2018-14543 (There exists one NULL pointer dereference vulnerability in ...)
+ TODO: check
CVE-2018-14542
RESERVED
CVE-2018-14541
@@ -38,48 +104,48 @@ CVE-2018-14534
RESERVED
CVE-2018-14533
RESERVED
-CVE-2018-14532
- RESERVED
-CVE-2018-14531
- RESERVED
+CVE-2018-14532 (An issue was discovered in Bento4 1.5.1-624. There is a heap-based ...)
+ TODO: check
+CVE-2018-14531 (An issue was discovered in Bento4 1.5.1-624. There is an unspecified ...)
+ TODO: check
CVE-2018-14530
RESERVED
CVE-2018-14529
RESERVED
CVE-2018-14528
RESERVED
-CVE-2018-14527
- RESERVED
+CVE-2018-14527 (Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection ...)
+ TODO: check
CVE-2018-14526
RESERVED
CVE-2018-14525
RESERVED
-CVE-2018-14524
- RESERVED
-CVE-2018-14523
- RESERVED
-CVE-2018-14522
- RESERVED
-CVE-2018-14521
- RESERVED
+CVE-2018-14524 (dwg_decode_eed in decode.c in GNU LibreDWG 0.5.1048 leads to a double ...)
+ TODO: check
+CVE-2018-14523 (An issue was discovered in aubio 0.4.6. A buffer over-read can occur in ...)
+ TODO: check
+CVE-2018-14522 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in ...)
+ TODO: check
+CVE-2018-14521 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in ...)
+ TODO: check
CVE-2018-14520
RESERVED
CVE-2018-14519
RESERVED
CVE-2018-14518
RESERVED
-CVE-2018-14517
- RESERVED
+CVE-2018-14517 (SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain ...)
+ TODO: check
CVE-2018-14516
RESERVED
-CVE-2018-14515
- RESERVED
-CVE-2018-14514
- RESERVED
-CVE-2018-14513
- RESERVED
-CVE-2018-14512
- RESERVED
+CVE-2018-14515 (A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote ...)
+ TODO: check
+CVE-2018-14514 (An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that ...)
+ TODO: check
+CVE-2018-14513 (An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is ...)
+ TODO: check
+CVE-2018-14512 (An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is ...)
+ TODO: check
CVE-2018-14511
RESERVED
CVE-2018-14510
@@ -102,7 +168,7 @@ CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, a
NOT-FOR-US: joyplus-cms
CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the ...)
NOT-FOR-US: joyplus-cms
-CVE-2018-1999023 [arbitrary code execution/sandbox escape]
+CVE-2018-1999023 (The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a ...)
- wesnoth-1.14 <unfixed>
- wesnoth-1.12 <removed>
- wesnoth-1.10 <removed>
@@ -380,19 +446,19 @@ CVE-2018-14391
RESERVED
CVE-2018-14390
RESERVED
-CVE-2018-1999001 [ jenkins SECURITY-897 ]
+CVE-2018-1999001 (A unauthorized modification of configuration vulnerability exists in ...)
NOT-FOR-US: Jenkins
-CVE-2018-1999002 [ jenkins SECURITY-914 ]
+CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132 and ...)
NOT-FOR-US: Jenkins
-CVE-2018-1999003 [ jenkins SECURITY-891 ]
+CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins 2.132 and ...)
NOT-FOR-US: Jenkins
-CVE-2018-1999004 [ jenkins SECURITY-892 ]
+CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins 2.132 and ...)
NOT-FOR-US: Jenkins
-CVE-2018-1999005 [ jenkins SECURITY-944 ]
+CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132 and ...)
NOT-FOR-US: Jenkins
-CVE-2018-1999006 [ jenkins SECURITY-925 ]
+CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins
-CVE-2018-1999007 [ jenkins SECURITY-390 ]
+CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132 and ...)
NOT-FOR-US: Jenkins
CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...)
NOT-FOR-US: joyplus-cms
@@ -6798,10 +6864,10 @@ CVE-2018-11759
RESERVED
CVE-2018-11758
RESERVED
-CVE-2018-11757
- RESERVED
-CVE-2018-11756
- RESERVED
+CVE-2018-11757 (In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action ...)
+ TODO: check
+CVE-2018-11756 (In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of ...)
+ TODO: check
CVE-2018-11755
RESERVED
CVE-2018-11754
@@ -20385,8 +20451,8 @@ CVE-2018-6685
RESERVED
CVE-2018-6684
RESERVED
-CVE-2018-6683
- RESERVED
+CVE-2018-6683 (Exploiting Incorrectly Configured Access Control Security Levels ...)
+ TODO: check
CVE-2018-6682
RESERVED
CVE-2018-6681 (Abuse of Functionality vulnerability in the web interface in McAfee ...)
@@ -20395,10 +20461,10 @@ CVE-2018-6680
RESERVED
CVE-2018-6679
RESERVED
-CVE-2018-6678
- RESERVED
-CVE-2018-6677
- RESERVED
+CVE-2018-6678 (Configuration/Environment manipulation vulnerability in the ...)
+ TODO: check
+CVE-2018-6677 (Directory Traversal vulnerability in the administrative user interface ...)
+ TODO: check
CVE-2018-6676
RESERVED
CVE-2018-6675
@@ -25806,7 +25872,7 @@ CVE-2018-5015 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.300
CVE-2018-5014 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
CVE-2018-5013
- RESERVED
+ REJECTED
CVE-2018-5012 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
NOT-FOR-US: Adobe
CVE-2018-5011 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
@@ -34672,8 +34738,8 @@ CVE-2018-1515 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2018-1514 (IBM Robotic Process Automation with Automation Anywhere 10.0 is ...)
NOT-FOR-US: IBM
-CVE-2018-1513
- RESERVED
+CVE-2018-1513 (IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is ...)
+ TODO: check
CVE-2018-1512
RESERVED
CVE-2018-1511
@@ -34692,8 +34758,8 @@ CVE-2018-1505
RESERVED
CVE-2018-1504
RESERVED
-CVE-2018-1503
- RESERVED
+CVE-2018-1503 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely ...)
+ TODO: check
CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 ...)
NOT-FOR-US: IBM
CVE-2018-1501
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2288d1745948107d8fc27048a4b7550bcdce864
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2288d1745948107d8fc27048a4b7550bcdce864
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180723/ceea723a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list