[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 15 20:10:27 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66758e59 by security tracker role at 2018-11-15T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-19297
+ RESERVED
+CVE-2018-19296
+ RESERVED
+CVE-2018-19295
+ RESERVED
CVE-2018-19294
RESERVED
CVE-2018-19293
@@ -7962,14 +7968,14 @@ CVE-2018-16165
RESERVED
CVE-2018-16164
RESERVED
-CVE-2018-16163
- RESERVED
-CVE-2018-16162
- RESERVED
-CVE-2018-16161
- RESERVED
-CVE-2018-16160
- RESERVED
+CVE-2018-16163 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass ...)
+ TODO: check
+CVE-2018-16162 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain ...)
+ TODO: check
+CVE-2018-16161 (OpenDolphin 2.7.0 and earlier allows authenticated users to gain ...)
+ TODO: check
+CVE-2018-16160 (SecureCore Standard Edition Version 2.x allows an attacker to bypass ...)
+ TODO: check
CVE-2018-16159 (The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL ...)
NOT-FOR-US: Gift Vouchers plugin for WordPress
CVE-2018-16048 (An issue was discovered in GitLab Community and Enterprise Edition ...)
@@ -17075,8 +17081,7 @@ CVE-2018-12545
RESERVED
CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML ...)
NOT-FOR-US: Eclipse Vert.x
-CVE-2018-12543 [DoS due to a reachable assertion in topic field]
- RESERVED
+CVE-2018-12543 (In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is ...)
- mosquitto <not-affected> (Vulnerable code introduced in 1.5)
NOTE: http://mosquitto.org/blog/2018/09/security-advisory-cve-2018-12543/
NOTE: https://mosquitto.org/files/cve/2018-12543/
@@ -17223,8 +17228,8 @@ CVE-2018-12482 (OCS Inventory 2.4.1 contains multiple SQL injections in the sear
NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-12481 (The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive ...)
NOT-FOR-US: Olive Tree Ftp Server application for Android
-CVE-2018-12480
- RESERVED
+CVE-2018-12480 (Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 ...)
+ TODO: check
CVE-2018-12479 (A Improper Input Validation vulnerability in Open Build Service allows ...)
- open-build-service <unfixed> (bug #911797)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108435
@@ -27857,8 +27862,8 @@ CVE-2018-8531 (A remote code execution vulnerability exists in the way that Azur
NOT-FOR-US: Microsoft
CVE-2018-8530 (A security feature bypass vulnerability exists when Microsoft Edge ...)
NOT-FOR-US: Microsoft
-CVE-2018-8529
- RESERVED
+CVE-2018-8529 (A remote code execution vulnerability exists when Team Foundation ...)
+ TODO: check
CVE-2018-8528
RESERVED
CVE-2018-8527 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
@@ -47631,8 +47636,8 @@ CVE-2018-1645
RESERVED
CVE-2018-1644 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
NOT-FOR-US: IBM
-CVE-2018-1643
- RESERVED
+CVE-2018-1643 (The Installation Verification Tool of IBM WebSphere Application Server ...)
+ TODO: check
CVE-2018-1642
RESERVED
CVE-2018-1641
@@ -51707,52 +51712,52 @@ CVE-2018-0703
RESERVED
CVE-2018-0702
RESERVED
-CVE-2018-0701
- RESERVED
-CVE-2018-0700
- RESERVED
-CVE-2018-0699
- RESERVED
+CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to ...)
+ TODO: check
+CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request ...)
+ TODO: check
+CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier ...)
+ TODO: check
CVE-2018-0698
RESERVED
-CVE-2018-0697
- RESERVED
+CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and ...)
+ TODO: check
CVE-2018-0696
RESERVED
-CVE-2018-0695
- RESERVED
-CVE-2018-0694
- RESERVED
-CVE-2018-0693
- RESERVED
-CVE-2018-0692
- RESERVED
-CVE-2018-0691
- RESERVED
-CVE-2018-0690
- RESERVED
+CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) Version ...)
+ TODO: check
+CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2018-0693 (Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows ...)
+ TODO: check
+CVE-2018-0692 (Untrusted search path vulnerability in Baidu Browser Version ...)
+ TODO: check
+CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior to ...)
+ TODO: check
+CVE-2018-0690 (An unvalidated software update vulnerability in Music Center for PC ...)
+ TODO: check
CVE-2018-0689
RESERVED
CVE-2018-0688
RESERVED
-CVE-2018-0687
- RESERVED
-CVE-2018-0686
- RESERVED
-CVE-2018-0685
- RESERVED
-CVE-2018-0684
- RESERVED
-CVE-2018-0683
- RESERVED
-CVE-2018-0682
- RESERVED
-CVE-2018-0681
- RESERVED
-CVE-2018-0680
- RESERVED
-CVE-2018-0679
- RESERVED
+CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun ...)
+ TODO: check
+CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, ...)
+ TODO: check
+CVE-2018-0685 (SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and ...)
+ TODO: check
+CVE-2018-0684 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P ...)
+ TODO: check
+CVE-2018-0683 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P ...)
+ TODO: check
+CVE-2018-0682 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, ...)
+ TODO: check
+CVE-2018-0681 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, ...)
+ TODO: check
+CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, ...)
+ TODO: check
+CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network ...)
+ TODO: check
CVE-2018-0678
RESERVED
CVE-2018-0677
@@ -51763,8 +51768,8 @@ CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script ..
NOT-FOR-US: AttacheCase
CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script ...)
NOT-FOR-US: AttacheCase
-CVE-2018-0673
- RESERVED
+CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 ...)
+ TODO: check
CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to ...)
- movabletype-opensource <removed>
CVE-2018-0671
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66758e592a692671fe75b9644c6762c94eea9292
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66758e592a692671fe75b9644c6762c94eea9292
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181115/7ef3ec5c/attachment.html>
More information about the debian-security-tracker-commits
mailing list