[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 5 09:10:41 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a54e86e0 by security tracker role at 2018-10-05T08:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,58 @@
-CVE-2018-17983 [manifest: fix out-of-bounds read of corrupted manifest entry]
+CVE-2018-18003
+ RESERVED
+CVE-2018-18002
+ RESERVED
+CVE-2018-18001
+ RESERVED
+CVE-2018-18000
+ RESERVED
+CVE-2018-17999
+ RESERVED
+CVE-2018-17998
+ RESERVED
+CVE-2018-17997
+ RESERVED
+CVE-2018-17996
+ RESERVED
+CVE-2018-17995
+ RESERVED
+CVE-2018-17994
+ RESERVED
+CVE-2018-17993
+ RESERVED
+CVE-2018-17992
+ RESERVED
+CVE-2018-17991
+ RESERVED
+CVE-2018-17990
+ RESERVED
+CVE-2018-17989
+ RESERVED
+CVE-2018-17988
+ RESERVED
+CVE-2018-17987
+ RESERVED
+CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
+ TODO: check
+CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...)
+ TODO: check
+CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 ...)
+ TODO: check
+CVE-2018-17982
+ RESERVED
+CVE-2018-17981
+ RESERVED
+CVE-2018-17980
+ RESERVED
+CVE-2015-9272 (The videowhisper-video-presentation plugin 3.31.17 for WordPress allows ...)
+ TODO: check
+CVE-2014-10076 (The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character ...)
+ TODO: check
+CVE-2014-10075 (The karo gem 2.3.8 for Ruby allows Remote command injection via the ...)
+ TODO: check
+CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require ...)
+ TODO: check
+CVE-2018-17983 (cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read ...)
- mercurial 4.7.2-1
[jessie] - mercurial <not-affected> (Vulnerable code not present)
NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
@@ -187,8 +241,8 @@ CVE-2018-17893
RESERVED
CVE-2018-17892
RESERVED
-CVE-2018-17891
- RESERVED
+CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running ...)
+ TODO: check
CVE-2018-17890
RESERVED
CVE-2018-17889
@@ -266,7 +320,7 @@ CVE-2018-17856
RESERVED
CVE-2018-17855
RESERVED
-CVE-2015-9271
+CVE-2015-9271 (The VideoWhisper videowhisper-video-conference-integration plugin ...)
NOT-FOR-US: WordPress plugin videowhisper-video-conference-integration
CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for ...)
NOT-FOR-US: the-holiday-calendar plugin for WordPress
@@ -282,8 +336,8 @@ CVE-2018-17851
REJECTED
CVE-2018-17850
REJECTED
-CVE-2018-17849
- RESERVED
+CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File ...)
+ TODO: check
CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
TODO: check
CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
@@ -3444,16 +3498,16 @@ CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, airGat
NOT-FOR-US: Ubiquiti
CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...)
NOT-FOR-US: baigo CMS
-CVE-2018-16457
- RESERVED
-CVE-2018-16456
- RESERVED
-CVE-2018-16455
- RESERVED
+CVE-2018-16457 (PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote ...)
+ TODO: check
+CVE-2018-16456 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. ...)
+ TODO: check
+CVE-2018-16455 (PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. ...)
+ TODO: check
CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. ...)
NOT-FOR-US: PHP Scripts Mall Olx Clone
-CVE-2018-16453
- RESERVED
+CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search ...)
+ TODO: check
CVE-2018-16452
RESERVED
CVE-2018-16451
@@ -3825,8 +3879,8 @@ CVE-2018-16328 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/68e4f4d22abaf97b61019ea85f74e2f639d0e93e
CVE-2018-16327 (There is Stored XSS in Subrion 4.2.1 via the admin panel URL ...)
NOT-FOR-US: Subrion CMS
-CVE-2018-16326
- RESERVED
+CVE-2018-16326 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
+ TODO: check
CVE-2018-16325 (There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title ...)
NOT-FOR-US: GetSimple CMS
CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ ...)
@@ -11288,8 +11342,7 @@ CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceedi
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
-CVE-2018-13258 [mediawiki: Tarball was missing .htaccess files]
- RESERVED
+CVE-2018-13258 (Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided ...)
- mediawiki <not-affected> (Affected upstream tarball was never used)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T199029
@@ -47959,20 +48012,17 @@ CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Se
NOT-FOR-US: FLET'S VIRUS CLEAR
CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Nootka
-CVE-2018-0505 [mediawiki: BotPasswords can bypass CentralAuth's account lock]
- RESERVED
+CVE-2018-0505 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a ...)
{DSA-4301-1}
- mediawiki 1:1.31.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T194605
-CVE-2018-0504 [mediawiki: Information disclosure in Special:Redirect/logid]
- RESERVED
+CVE-2018-0504 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an ...)
{DSA-4301-1}
- mediawiki 1:1.31.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T187638
-CVE-2018-0503 [mediawiki: wgRateLimits entry for 'user' overrides 'newbie']
- RESERVED
+CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a ...)
{DSA-4301-1}
- mediawiki 1:1.31.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a54e86e016eab448d1ca1c983765838c5e34a578
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a54e86e016eab448d1ca1c983765838c5e34a578
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181005/fa7d3d6f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list