[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 29 21:11:49 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0911e695 by security tracker role at 2018-06-29T20:11:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,77 @@
+CVE-2018-13025 (protected/apps/admin/controller/photoController.php in YXcms 1.4.7 ...)
+ TODO: check
+CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a .php file, ...)
+ TODO: check
+CVE-2018-13023
+ RESERVED
+CVE-2018-13022
+ RESERVED
+CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script ...)
+ TODO: check
+CVE-2018-13020
+ RESERVED
+CVE-2018-13019
+ RESERVED
+CVE-2018-13018
+ RESERVED
+CVE-2018-13017
+ RESERVED
+CVE-2018-13016
+ RESERVED
+CVE-2018-13015
+ RESERVED
+CVE-2018-13014 (Storing password in recoverable format in safensec.com (SysWatch ...)
+ TODO: check
+CVE-2018-13013 (Improper check of unusual conditions when launching msiexec.exe in ...)
+ TODO: check
+CVE-2018-13012 (Download of code with improper integrity check in snsupd.exe and ...)
+ TODO: check
+CVE-2018-13011 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
+ TODO: check
+CVE-2018-13010 (WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit ...)
+ TODO: check
+CVE-2018-13009 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
+ TODO: check
+CVE-2018-13008 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
+ TODO: check
+CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
+ TODO: check
+CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based ...)
+ TODO: check
+CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read ...)
+ TODO: check
+CVE-2018-13004
+ RESERVED
+CVE-2018-13003 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ...)
+ TODO: check
+CVE-2018-13002 (An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core ...)
+ TODO: check
+CVE-2018-13001 (An XSS issue was discovered in Sandoba CP:Shop v2016.1. The ...)
+ TODO: check
+CVE-2018-13000 (An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A ...)
+ TODO: check
+CVE-2018-12999 (Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine ...)
+ TODO: check
+CVE-2018-12998 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ...)
+ TODO: check
+CVE-2018-12997 (Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine ...)
+ TODO: check
+CVE-2018-12996 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ...)
+ TODO: check
+CVE-2018-12995 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers ...)
+ TODO: check
+CVE-2018-12994 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers ...)
+ TODO: check
+CVE-2018-12993 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers ...)
+ TODO: check
+CVE-2018-12992 (An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in ...)
+ TODO: check
+CVE-2018-12991
+ RESERVED
+CVE-2018-12990
+ RESERVED
+CVE-2018-12989
+ RESERVED
CVE-2018-12988 (GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an ...)
NOT-FOR-US: GreenCMS
CVE-2018-12987
@@ -1379,10 +1453,10 @@ CVE-2018-12467
RESERVED
CVE-2018-12466
RESERVED
-CVE-2018-12465
- RESERVED
-CVE-2018-12464
- RESERVED
+CVE-2018-12465 (An OS command injection vulnerability in the web administration ...)
+ TODO: check
+CVE-2018-12464 (A SQL injection vulnerability in the web administration and quarantine ...)
+ TODO: check
CVE-2018-12463
RESERVED
CVE-2018-12462
@@ -1712,35 +1786,35 @@ CVE-2018-12367
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
CVE-2018-12366
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12366
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12366
CVE-2018-12365
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12365
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12365
CVE-2018-12364
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12364
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12364
CVE-2018-12363
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12363
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12363
CVE-2018-12362
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12362
@@ -1751,14 +1825,14 @@ CVE-2018-12361
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
CVE-2018-12360
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12360
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12360
CVE-2018-12359
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12359
@@ -5502,8 +5576,7 @@ CVE-2018-10862
- wildfly <itp> (bug #752018)
CVE-2018-10861
RESERVED
-CVE-2018-10860
- RESERVED
+CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...)
- libarchive-zip-perl <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860
CVE-2018-10859
@@ -10393,10 +10466,10 @@ CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604,
NOT-FOR-US: Windows Optimization Master
CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or Description ...)
NOT-FOR-US: Open-AudIT Professional
-CVE-2018-8902
- RESERVED
-CVE-2018-8901
- RESERVED
+CVE-2018-8902 (An issue was discovered in Ivanti Avalanche for all versions between ...)
+ TODO: check
+CVE-2018-8901 (An issue was discovered in Ivanti Avalanche for all versions between ...)
+ TODO: check
CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentinel ...)
NOT-FOR-US: HASP SRM
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...)
@@ -20558,11 +20631,11 @@ CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear eMerge
NOT-FOR-US: Nortek Linear eMerge E3 series
CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an insufficient ...)
NOT-FOR-US: Philips ISCV application
-CVE-2018-5437 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client ...)
+CVE-2018-5437 (The TIBCO Spotfire Client and TIBCO Spotfire Web ...)
NOT-FOR-US: TIBCO Spotfire
CVE-2018-5436 (The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: TIBCO Spotfire
-CVE-2018-5435 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client ...)
+CVE-2018-5435 (The TIBCO Spotfire Client and TIBCO Spotfire Web ...)
NOT-FOR-US: TIBCO Spotfire
CVE-2018-5434 (The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime ...)
NOT-FOR-US: TIBCO Runtime Agent
@@ -21308,6 +21381,7 @@ CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to ca
NOT-FOR-US: Jungo Windriver
CVE-2018-5188
RESERVED
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5188
@@ -21438,7 +21512,7 @@ CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allow
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156
RESERVED
- {DSA-4235-1}
+ {DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12359
@@ -27730,7 +27804,7 @@ CVE-2018-2821 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1355-1}
+ {DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27743,7 +27817,7 @@ CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1355-1}
+ {DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27771,7 +27845,7 @@ CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1355-1}
+ {DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27879,6 +27953,7 @@ CVE-2018-2789 (Vulnerability in the Siebel Core - Server Framework component of
CVE-2018-2788 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2787 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1407-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27892,6 +27967,7 @@ CVE-2018-2786 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2785 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2784 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1407-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27904,6 +27980,7 @@ CVE-2018-2783 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
- openjdk-6 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1407-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27911,7 +27988,7 @@ CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1355-1}
+ {DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27952,7 +28029,7 @@ CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1355-1}
+ {DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27982,6 +28059,7 @@ CVE-2018-2767 [Use of SSL/TLS not enforced in client library (Return of BACKRONY
NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
NOTE: Oracle products.
CVE-2018-2766 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1407-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -27999,7 +28077,7 @@ CVE-2018-2762 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1355-1}
+ {DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -28021,7 +28099,7 @@ CVE-2018-2757
CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service ...)
NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1355-1}
+ {DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 <unfixed> (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -28238,7 +28316,7 @@ CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability ...)
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1250-1}
+ {DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 <unfixed> (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -28252,7 +28330,7 @@ CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of ...)
NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1250-1}
+ {DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 <unfixed> (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -28329,7 +28407,7 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1250-1}
+ {DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 <unfixed> (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -28397,7 +28475,7 @@ CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1250-1}
+ {DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 <unfixed> (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -28429,6 +28507,7 @@ CVE-2018-2614 (Vulnerability in the Oracle FLEXCUBE Universal Banking component
CVE-2018-2613 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
NOT-FOR-US: Oracle
CVE-2018-2612 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1407-1}
- mariadb-10.1 <unfixed> (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -28587,7 +28666,7 @@ CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle
CVE-2018-2563 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Oracle
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1250-1}
+ {DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 <unfixed> (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1
@@ -56666,7 +56745,7 @@ CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <removed> (bug #878402)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4002-1 DLA-1141-1}
+ {DSA-4002-1 DLA-1407-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.1 10.1.29-1
[stretch] - mariadb-10.1 <postponed> (Minor issue)
@@ -57006,7 +57085,7 @@ CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component
CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4002-1 DLA-1141-1}
+ {DSA-4002-1 DLA-1407-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.1 10.1.29-1
[stretch] - mariadb-10.1 <postponed> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0911e695db7498d358739e05be8e58abdce7b8a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0911e695db7498d358739e05be8e58abdce7b8a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/171d99b8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list