[Git][security-tracker-team/security-tracker][master] automatic update

Mon Nov 5 20:10:36 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbf2a807 by security tracker role at 2018-11-05T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,47 @@
-CVE-2018-18943
+CVE-2018-18954
 	RESERVED
-CVE-2018-18942
+CVE-2018-18953
 	RESERVED
-CVE-2018-18941
-	RESERVED
-CVE-2018-18940
+CVE-2018-18952 (JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. ...)
+	TODO: check
+CVE-2018-18951
 	RESERVED
-CVE-2018-18939
+CVE-2018-18950 (KindEditor through 4.1.11 has a path traversal vulnerability in ...)
+	TODO: check
+CVE-2018-18949 (Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via ...)
+	TODO: check
+CVE-2018-18948
 	RESERVED
-CVE-2018-18938
+CVE-2018-18947
 	RESERVED
-CVE-2018-18937
+CVE-2018-18946
 	RESERVED
-CVE-2018-18936
+CVE-2018-18945
 	RESERVED
-CVE-2018-18935
+CVE-2018-18944
 	RESERVED
-CVE-2018-18934
+CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the Register New ...)
+	TODO: check
+CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote ...)
+	TODO: check
+CVE-2018-18941
 	RESERVED
-CVE-2018-18933
+CVE-2018-18940
 	RESERVED
+CVE-2018-18939 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ...)
+	TODO: check
+CVE-2018-18938 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ...)
+	TODO: check
+CVE-2018-18937 (An issue has been found in libIEC61850 v1.3. It is a NULL pointer ...)
+	TODO: check
+CVE-2018-18936 (An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows ...)
+	TODO: check
+CVE-2018-18935 (An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the ...)
+	TODO: check
+CVE-2018-18934 (An issue was discovered in PopojiCMS v2.0.1. admin_component.php is ...)
+	TODO: check
+CVE-2018-18933 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
+	TODO: check
 CVE-2018-18932
 	RESERVED
 CVE-2018-18931
@@ -259,8 +281,7 @@ CVE-2018-18822 (Grapixel New Media v2.0 allows SQL Injection via the pages.aspx
 	NOT-FOR-US: Grapixel New Media
 CVE-2018-18821
 	RESERVED
-CVE-2018-18820 [buffer overflow in url-auth]
-	RESERVED
+CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication backend of ...)
 	{DSA-4333-1}
 	- icecast2 2.4.4-1 (bug #912611)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
@@ -489,6 +510,7 @@ CVE-2018-18720 (An XSS issue was discovered in index.php/admin/system/basic in Y
 CVE-2018-18719
 	RESERVED
 CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a double-free ...)
+	{DLA-1567-1}
 	- gthumb 3:3.6.2-2 (unimportant; bug #912290)
 	NOTE: https://gitlab.gnome.org/GNOME/gthumb/issues/18
 	NOTE: Crash in end user application, no security impact
@@ -24923,8 +24945,8 @@ CVE-2018-9210
 	RESERVED
 CVE-2018-9209
 	RESERVED
-CVE-2018-9208
-	RESERVED
+CVE-2018-9208 (Unauthenticated arbitrary file upload vulnerability in jQuery Picture ...)
+	TODO: check
 CVE-2018-9207
 	RESERVED
 CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp ...)
@@ -42596,6 +42618,7 @@ CVE-2018-3283 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
 CVE-2018-3282 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1566-1}
 	- mariadb-10.1 1:10.1.37-1 (bug #912848)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.24-1 (bug #911221)
@@ -42860,6 +42883,7 @@ CVE-2018-3176 (Vulnerability in the Hyperion Common Events component of Oracle .
 CVE-2018-3175 (Vulnerability in the Hyperion Common Events component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3174 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1566-1}
 	- mariadb-10.1 1:10.1.37-1 (bug #912848)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.24-1 (bug #911221)
@@ -42992,6 +43016,7 @@ CVE-2018-3135 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
 CVE-2018-3134 (Vulnerability in the Oracle Agile Product Lifecycle Management for ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3133 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1566-1}
 	- mysql-5.7 5.7.24-1 (bug #911221)
 	- mysql-5.5 <removed>
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
@@ -43105,7 +43130,7 @@ CVE-2018-3083
 CVE-2018-3082 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	NOT-FOR-US: Oracle MySQL 8
 CVE-2018-3081 (Vulnerability in the MySQL Client component of Oracle MySQL ...)
-	{DLA-1407-1}
+	{DLA-1566-1 DLA-1407-1}
 	- mariadb-10.1 1:10.1.34-1
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.23-1 (bug #904121)
@@ -43132,6 +43157,7 @@ CVE-2018-3072 (Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSo
 CVE-2018-3071 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.7 5.7.23-1 (bug #904121)
 CVE-2018-3070 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1566-1}
 	- mysql-5.7 5.7.23-1 (bug #904121)
 	- mysql-5.5 <removed>
 CVE-2018-3069 (Vulnerability in the Oracle Agile Product Lifecycle Management for ...)
@@ -43141,7 +43167,7 @@ CVE-2018-3068 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources ..
 CVE-2018-3067 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	NOT-FOR-US: Oracle MySQL 8
 CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DLA-1488-1}
+	{DLA-1566-1 DLA-1488-1}
 	- mariadb-10.1 1:10.1.35-1
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.23-1 (bug #904121)
@@ -43156,7 +43182,7 @@ CVE-2018-3064 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.7 5.7.23-1 (bug #904121)
 	NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
 CVE-2018-3063 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DLA-1488-1}
+	{DLA-1566-1 DLA-1488-1}
 	- mariadb-10.1 1:10.1.35-1
 	- mariadb-10.0 <removed>
 	- mysql-5.5 <removed>
@@ -43170,7 +43196,7 @@ CVE-2018-3060 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 CVE-2018-3059 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DLA-1488-1}
+	{DLA-1566-1 DLA-1488-1}
 	- mariadb-10.1 1:10.1.35-1
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.23-1 (bug #904121)
@@ -43934,7 +43960,7 @@ CVE-2018-2769 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DLA-1407-1}
+	{DLA-1566-1 DLA-1407-1}
 	- mariadb-10.2 <removed>
 	- mariadb-10.1 1:10.1.34-1
 	[stretch] - mariadb-10.1 <postponed> (Wait for next upstream security/bugfix release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbf2a807ae0ddf9ca455bf6e609daa0b683de8ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbf2a807ae0ddf9ca455bf6e609daa0b683de8ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181105/6cfecdbf/attachment-0001.html>
