[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 17 09:10:48 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a03c2bf2 by security tracker role at 2018-10-17T08:10:38Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2018-18438
+ RESERVED
+CVE-2018-18437
+ RESERVED
+CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
+ TODO: check
+CVE-2018-18435
+ RESERVED
+CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file download is ...)
+ TODO: check
+CVE-2018-18433 (An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has ...)
+ TODO: check
+CVE-2018-18432 (An issue was discovered in DESTOON B2B 7.0. CSRF exists via the ...)
+ TODO: check
+CVE-2018-18431 (An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text ...)
+ TODO: check
+CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has ...)
+ TODO: check
+CVE-2018-18429
+ RESERVED
+CVE-2018-18428
+ RESERVED
+CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter ...)
+ TODO: check
+CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP code by ...)
+ TODO: check
+CVE-2018-18425
+ RESERVED
+CVE-2018-18424
+ RESERVED
+CVE-2018-18423
+ RESERVED
+CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a user account via the ...)
+ TODO: check
+CVE-2018-18421
+ RESERVED
+CVE-2018-18420
+ RESERVED
+CVE-2018-18419
+ RESERVED
+CVE-2018-18418
+ RESERVED
+CVE-2018-18417
+ RESERVED
+CVE-2018-18416
+ RESERVED
+CVE-2018-18415
+ RESERVED
+CVE-2018-18414
+ RESERVED
+CVE-2018-18413
+ RESERVED
+CVE-2018-18412
+ RESERVED
+CVE-2018-18411
+ RESERVED
+CVE-2018-18410
+ RESERVED
+CVE-2018-18409 (A stack-based buffer over-read exists in setbit() at iptree.h of ...)
+ TODO: check
+CVE-2018-18408 (A use-after-free was discovered in the tcpbridge binary of Tcpreplay ...)
+ TODO: check
+CVE-2018-18407 (A heap-based buffer over-read was discovered in the tcpreplay-edit ...)
+ TODO: check
+CVE-2018-18406
+ RESERVED
+CVE-2018-18405
+ RESERVED
+CVE-2018-18404
+ RESERVED
+CVE-2018-18403
+ RESERVED
+CVE-2018-18402
+ RESERVED
+CVE-2018-18401
+ RESERVED
+CVE-2018-18400
+ RESERVED
CVE-2018-18399
RESERVED
CVE-2018-18398
@@ -195,10 +273,10 @@ CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) libr
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23770
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f
-CVE-2018-18308
- RESERVED
-CVE-2018-18307
- RESERVED
+CVE-2018-18308 (In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been ...)
+ TODO: check
+CVE-2018-18307 (A Stored XSS vulnerability has been discovered in version 4.1.0 of ...)
+ TODO: check
CVE-2018-18306
RESERVED
CVE-2018-18305
@@ -1286,8 +1364,8 @@ CVE-2018-17913
RESERVED
CVE-2018-17912
RESERVED
-CVE-2018-17911
- RESERVED
+CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...)
+ TODO: check
CVE-2018-17910
RESERVED
CVE-2018-17909
@@ -1306,24 +1384,24 @@ CVE-2018-17903
RESERVED
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
-CVE-2018-17901
- RESERVED
+CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing project ...)
+ TODO: check
CVE-2018-17900 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
-CVE-2018-17899
- RESERVED
+CVE-2018-17899 (LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal ...)
+ TODO: check
CVE-2018-17898 (Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
-CVE-2018-17897
- RESERVED
+CVE-2018-17897 (LAquis SCADA Versions 4.1.0.3870 and prior has several integer ...)
+ TODO: check
CVE-2018-17896 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
NOT-FOR-US: Yokogawa STARDOM Controllers
-CVE-2018-17895
- RESERVED
+CVE-2018-17895 (LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds ...)
+ TODO: check
CVE-2018-17894 (NUUO CMS all versions 3.1 and prior, The application creates default ...)
NOT-FOR-US: NUUO CMS
-CVE-2018-17893
- RESERVED
+CVE-2018-17893 (LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer ...)
+ TODO: check
CVE-2018-17892 (NUUO CMS all versions 3.1 and prior, The application implements a ...)
NOT-FOR-US: NUUO CMS
CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running ...)
@@ -2709,7 +2787,7 @@ CVE-2018-17407 (An issue was discovered in t1_check_unusual_charstring functions
NOTE: Fixed by: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
NOTE: Introduced in: https://github.com/TeX-Live/texlive-source/commit/59cbb8f96b0543c2912d6370ce8021181661e1cf
CVE-2018-17281 (There is a stack consumption vulnerability in the ...)
- {DLA-1523-1}
+ {DSA-4320-1 DLA-1523-1}
- asterisk 1:13.23.1~dfsg-1 (bug #909554)
NOTE: https://downloads.asterisk.org/pub/security/AST-2018-009.html
NOTE: :https://issues.asterisk.org/jira/browse/ASTERISK-28013
@@ -8724,8 +8802,8 @@ CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2
CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through ...)
- symfony 3.4.14+dfsg-1
NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
-CVE-2018-14772
- RESERVED
+CVE-2018-14772 (Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution ...)
+ TODO: check
CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
@@ -15416,6 +15494,7 @@ CVE-2018-12228 (An issue was discovered in Asterisk Open Source 15.x before 15.4
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-007.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27807
CVE-2018-12227 (An issue was discovered in Asterisk Open Source 13.x before 13.21.1, ...)
+ {DSA-4320-1}
- asterisk 1:13.22.0~dfsg-1 (bug #902954)
[jessie] - asterisk <not-affected> (vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-008.html
@@ -18568,20 +18647,20 @@ CVE-2018-11027 (A reflected XSS vulnerability on Ruckus ICX7450-48 devices allow
NOT-FOR-US: Ruckus
CVE-2018-11026
RESERVED
-CVE-2018-11025
- RESERVED
-CVE-2018-11024
- RESERVED
-CVE-2018-11023
- RESERVED
-CVE-2018-11022
- RESERVED
-CVE-2018-11021
- RESERVED
-CVE-2018-11020
- RESERVED
-CVE-2018-11019
- RESERVED
+CVE-2018-11025 (kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in ...)
+ TODO: check
+CVE-2018-11024 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
+ TODO: check
+CVE-2018-11023 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
+ TODO: check
+CVE-2018-11022 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
+ TODO: check
+CVE-2018-11021 (kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel ...)
+ TODO: check
+CVE-2018-11020 (kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in ...)
+ TODO: check
+CVE-2018-11019 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
+ TODO: check
CVE-2018-11018 (An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery ...)
NOT-FOR-US: PbootCMS
CVE-2018-11017 (The newVar_N function in decompile.c in libming through 0.4.8 ...)
@@ -23866,7 +23945,7 @@ CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2 allo
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...)
- {DLA-1456-1 DLA-1322-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.28-2 (bug #894396)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
@@ -26076,17 +26155,17 @@ CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML
CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit ...)
NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
- {DLA-1456-1 DLA-1322-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/
CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
- {DLA-1456-1 DLA-1322-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/
CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
- {DLA-1456-1 DLA-1322-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/
@@ -27224,14 +27303,14 @@ CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to sp
CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: SecurEnvoy SecurMail
CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...)
- {DLA-1456-1 DLA-1322-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.26-8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
NOTE: Issue is related to CVE-2017-11403 but not the same issue.
TODO: check, needs clarification, the issue is CloseBlob use-after-free
CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
- {DLA-1456-1 DLA-1322-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1322-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
@@ -28648,6 +28727,7 @@ CVE-2018-7287 (An issue was discovered in res_http_websocket.c in Asterisk 15.x
NOTE: downloads.digium.com/pub/security/AST-2018-006.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27658
CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through ...)
+ {DSA-4320-1}
- asterisk 1:13.20.0~dfsg-1 (bug #891228)
[jessie] - asterisk <not-affected> (Vulnerable code not present)
[wheezy] - asterisk <not-affected> (Vulnerable code not present)
@@ -28658,6 +28738,7 @@ CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x throu
- asterisk <not-affected> (Only affects Asterisk 15.x)
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-001.html
CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, ...)
+ {DSA-4320-1}
- asterisk 1:13.20.0~dfsg-1 (bug #891227)
[jessie] - asterisk <not-affected> (Vulnerable code not present)
[wheezy] - asterisk <not-affected> (Vulnerable code not present)
@@ -29620,8 +29701,8 @@ CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data .
NOT-FOR-US: VMware
CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data protection ...)
NOT-FOR-US: AirWatch Agent for iOS
-CVE-2018-6974
- RESERVED
+CVE-2018-6974 (VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ...)
+ TODO: check
CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before ...)
NOT-FOR-US: VMware
CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...)
@@ -30143,7 +30224,7 @@ CVE-2018-6801
CVE-2018-6800
RESERVED
CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
- {DLA-1456-1 DLA-1282-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1282-1}
- graphicsmagick 1.3.28-1
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/531/
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/532/
@@ -34074,7 +34155,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
NOTE: EOF.
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ...)
- {DLA-1456-1 DLA-1245-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1245-1}
- graphicsmagick 1.3.27-4 (bug #887158)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/
@@ -38393,12 +38474,12 @@ CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine of
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3956
RESERVED
-CVE-2018-3955
- RESERVED
-CVE-2018-3954
- RESERVED
-CVE-2018-3953
- RESERVED
+CVE-2018-3955 (An exploitable operating system command injection exists in the ...)
+ TODO: check
+CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
+ TODO: check
+CVE-2018-3953 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
+ TODO: check
CVE-2018-3952 (An exploitable code execution vulnerability exists in the connect ...)
NOT-FOR-US: NordVPN
CVE-2018-3951
@@ -39683,7 +39764,7 @@ CVE-2017-17916 (** DISPUTED ** SQL injection vulnerability in the 'find_by' meth
NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
@@ -39696,6 +39777,7 @@ CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the fu
NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.27-3
[jessie] - graphicsmagick <not-affected> (webp feature was not compiled in)
[wheezy] - graphicsmagick <not-affected> (webp feature has not been implemented)
@@ -39703,7 +39785,7 @@ CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-bas
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/536/
CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/533/
@@ -40211,13 +40293,14 @@ CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.
NOTE: https://github.com/ruby/ruby/pull/1777
NOTE: Fixed by: https://github.com/ruby/ruby/commit/e7464561b5151501beb356fc750d5dd1a88014f7
CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.27-2 (bug #884904)
[jessie] - graphicsmagick <no-dsa> (Minor issue)
[wheezy] - graphicsmagick <not-affected> (vulnerable code not present, unreproducible with ASAN)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/529/
CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-2 (bug #884905)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/530/
@@ -40992,467 +41075,434 @@ CVE-2018-3304
RESERVED
CVE-2018-3303
RESERVED
-CVE-2018-3302
- RESERVED
-CVE-2018-3301
- RESERVED
+CVE-2018-3302 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3301 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
CVE-2018-3300
RESERVED
-CVE-2018-3299
- RESERVED
-CVE-2018-3298
- RESERVED
-CVE-2018-3297
- RESERVED
-CVE-2018-3296
- RESERVED
-CVE-2018-3295
- RESERVED
-CVE-2018-3294
- RESERVED
-CVE-2018-3293
- RESERVED
-CVE-2018-3292
- RESERVED
-CVE-2018-3291
- RESERVED
-CVE-2018-3290
- RESERVED
-CVE-2018-3289
- RESERVED
-CVE-2018-3288
- RESERVED
-CVE-2018-3287
- RESERVED
-CVE-2018-3286
- RESERVED
+CVE-2018-3299 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
+ TODO: check
+CVE-2018-3298 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3297 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3296 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3295 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3294 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3293 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3292 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3291 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3289 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3288 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3287 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
+CVE-2018-3286 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3285
- RESERVED
+CVE-2018-3285 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3284
- RESERVED
+CVE-2018-3284 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3283
- RESERVED
+CVE-2018-3283 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3282
- RESERVED
+CVE-2018-3282 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3281
- RESERVED
-CVE-2018-3280
- RESERVED
+CVE-2018-3281 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2018-3280 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3279
- RESERVED
+CVE-2018-3279 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3278
- RESERVED
+CVE-2018-3278 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3277
- RESERVED
+CVE-2018-3277 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3276
- RESERVED
+CVE-2018-3276 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3275
- RESERVED
-CVE-2018-3274
- RESERVED
-CVE-2018-3273
- RESERVED
-CVE-2018-3272
- RESERVED
-CVE-2018-3271
- RESERVED
-CVE-2018-3270
- RESERVED
-CVE-2018-3269
- RESERVED
-CVE-2018-3268
- RESERVED
-CVE-2018-3267
- RESERVED
-CVE-2018-3266
- RESERVED
-CVE-2018-3265
- RESERVED
-CVE-2018-3264
- RESERVED
-CVE-2018-3263
- RESERVED
-CVE-2018-3262
- RESERVED
-CVE-2018-3261
- RESERVED
+CVE-2018-3275 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3274 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3273 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3272 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3271 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3270 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3269 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3268 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3267 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3266 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3265 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3264 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3263 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3262 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3261 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
CVE-2018-3260
RESERVED
-CVE-2018-3259
- RESERVED
-CVE-2018-3258
- RESERVED
-CVE-2018-3257
- RESERVED
-CVE-2018-3256
- RESERVED
-CVE-2018-3255
- RESERVED
-CVE-2018-3254
- RESERVED
-CVE-2018-3253
- RESERVED
-CVE-2018-3252
- RESERVED
-CVE-2018-3251
- RESERVED
+CVE-2018-3259 (Vulnerability in the Java VM component of Oracle Database Server. ...)
+ TODO: check
+CVE-2018-3258 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
+ TODO: check
+CVE-2018-3257 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3256 (Vulnerability in the Oracle Email Center component of Oracle ...)
+ TODO: check
+CVE-2018-3255 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3254 (Vulnerability in the Oracle WebCenter Portal component of Oracle ...)
+ TODO: check
+CVE-2018-3253 (Vulnerability in the Oracle Virtual Directory component of Oracle ...)
+ TODO: check
+CVE-2018-3252 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3251 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3250
- RESERVED
-CVE-2018-3249
- RESERVED
-CVE-2018-3248
- RESERVED
-CVE-2018-3247
- RESERVED
+CVE-2018-3250 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3249 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3247 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3246
- RESERVED
-CVE-2018-3245
- RESERVED
-CVE-2018-3244
- RESERVED
-CVE-2018-3243
- RESERVED
-CVE-2018-3242
- RESERVED
-CVE-2018-3241
- RESERVED
+CVE-2018-3246 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3245 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3244 (Vulnerability in the Oracle Application Object Library component of ...)
+ TODO: check
+CVE-2018-3243 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
+ TODO: check
+CVE-2018-3242 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-3241 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
CVE-2018-3240
RESERVED
-CVE-2018-3239
- RESERVED
-CVE-2018-3238
- RESERVED
-CVE-2018-3237
- RESERVED
-CVE-2018-3236
- RESERVED
-CVE-2018-3235
- RESERVED
-CVE-2018-3234
- RESERVED
-CVE-2018-3233
- RESERVED
-CVE-2018-3232
- RESERVED
-CVE-2018-3231
- RESERVED
-CVE-2018-3230
- RESERVED
-CVE-2018-3229
- RESERVED
-CVE-2018-3228
- RESERVED
-CVE-2018-3227
- RESERVED
-CVE-2018-3226
- RESERVED
-CVE-2018-3225
- RESERVED
-CVE-2018-3224
- RESERVED
-CVE-2018-3223
- RESERVED
-CVE-2018-3222
- RESERVED
-CVE-2018-3221
- RESERVED
-CVE-2018-3220
- RESERVED
-CVE-2018-3219
- RESERVED
-CVE-2018-3218
- RESERVED
-CVE-2018-3217
- RESERVED
+CVE-2018-3239 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3238 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3237 (Vulnerability in the Oracle Applications Manager component of Oracle ...)
+ TODO: check
+CVE-2018-3236 (Vulnerability in the Oracle User Management component of Oracle ...)
+ TODO: check
+CVE-2018-3235 (Vulnerability in the Oracle Applications Manager component of Oracle ...)
+ TODO: check
+CVE-2018-3234 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3233 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3232 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3231 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3230 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3229 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3228 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3227 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3226 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3225 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3224 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3223 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3222 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3221 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3220 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3219 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3218 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3217 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
CVE-2018-3216
RESERVED
-CVE-2018-3215
- RESERVED
-CVE-2018-3214
- RESERVED
-CVE-2018-3213
- RESERVED
-CVE-2018-3212
- RESERVED
+CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery Integrator ...)
+ TODO: check
+CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ TODO: check
+CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3212 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3211
- RESERVED
-CVE-2018-3210
- RESERVED
-CVE-2018-3209
- RESERVED
-CVE-2018-3208
- RESERVED
-CVE-2018-3207
- RESERVED
-CVE-2018-3206
- RESERVED
-CVE-2018-3205
- RESERVED
-CVE-2018-3204
- RESERVED
-CVE-2018-3203
- RESERVED
+CVE-2018-3211 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ TODO: check
+CVE-2018-3210 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
+ TODO: check
+CVE-2018-3209 (Vulnerability in the Java SE component of Oracle Java SE ...)
+ TODO: check
+CVE-2018-3208 (Vulnerability in the Hyperion Data Relationship Management component ...)
+ TODO: check
+CVE-2018-3207 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3206 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3205 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3204 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...)
+ TODO: check
+CVE-2018-3203 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3202
- RESERVED
-CVE-2018-3201
- RESERVED
-CVE-2018-3200
- RESERVED
+CVE-2018-3202 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3201 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3200 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3199
RESERVED
-CVE-2018-3198
- RESERVED
-CVE-2018-3197
- RESERVED
-CVE-2018-3196
- RESERVED
-CVE-2018-3195
- RESERVED
+CVE-2018-3198 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3197 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3196 (Vulnerability in the Oracle Partner Management component of Oracle ...)
+ TODO: check
+CVE-2018-3195 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3194
- RESERVED
-CVE-2018-3193
- RESERVED
-CVE-2018-3192
- RESERVED
-CVE-2018-3191
- RESERVED
-CVE-2018-3190
- RESERVED
-CVE-2018-3189
- RESERVED
-CVE-2018-3188
- RESERVED
-CVE-2018-3187
- RESERVED
+CVE-2018-3194 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3193 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3192 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3191 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2018-3190 (Vulnerability in the Oracle E-Business Intelligence component of ...)
+ TODO: check
+CVE-2018-3189 (Vulnerability in the Oracle Customer Interaction History component of ...)
+ TODO: check
+CVE-2018-3188 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
+ TODO: check
+CVE-2018-3187 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3186
- RESERVED
+CVE-2018-3186 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3185
- RESERVED
+CVE-2018-3185 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3184
- RESERVED
-CVE-2018-3183
- RESERVED
-CVE-2018-3182
- RESERVED
+CVE-2018-3184 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion ...)
+ TODO: check
+CVE-2018-3183 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ TODO: check
+CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3181
- RESERVED
-CVE-2018-3180
- RESERVED
-CVE-2018-3179
- RESERVED
-CVE-2018-3178
- RESERVED
-CVE-2018-3177
- RESERVED
-CVE-2018-3176
- RESERVED
-CVE-2018-3175
- RESERVED
-CVE-2018-3174
- RESERVED
+CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
+ TODO: check
+CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ TODO: check
+CVE-2018-3179 (Vulnerability in the Oracle Identity Manager component of Oracle ...)
+ TODO: check
+CVE-2018-3178 (Vulnerability in the Hyperion Common Events component of Oracle ...)
+ TODO: check
+CVE-2018-3177 (Vulnerability in the Hyperion Common Events component of Oracle ...)
+ TODO: check
+CVE-2018-3176 (Vulnerability in the Hyperion Common Events component of Oracle ...)
+ TODO: check
+CVE-2018-3175 (Vulnerability in the Hyperion Common Events component of Oracle ...)
+ TODO: check
+CVE-2018-3174 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3173
- RESERVED
+CVE-2018-3173 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3172
- RESERVED
-CVE-2018-3171
- RESERVED
+CVE-2018-3172 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2018-3171 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3170
- RESERVED
+CVE-2018-3170 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3169
- RESERVED
-CVE-2018-3168
- RESERVED
-CVE-2018-3167
- RESERVED
-CVE-2018-3166
- RESERVED
-CVE-2018-3165
- RESERVED
-CVE-2018-3164
- RESERVED
-CVE-2018-3163
- RESERVED
-CVE-2018-3162
- RESERVED
+CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ TODO: check
+CVE-2018-3168 (Vulnerability in the Oracle Identity Analytics component of Oracle ...)
+ TODO: check
+CVE-2018-3167 (Vulnerability in the Application Management Pack for Oracle E-Business ...)
+ TODO: check
+CVE-2018-3166 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
+ TODO: check
+CVE-2018-3165 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3164 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3163 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
+ TODO: check
+CVE-2018-3162 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3161
- RESERVED
+CVE-2018-3161 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3160
- RESERVED
-CVE-2018-3159
- RESERVED
-CVE-2018-3158
- RESERVED
-CVE-2018-3157
- RESERVED
-CVE-2018-3156
- RESERVED
+CVE-2018-3160 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
+ TODO: check
+CVE-2018-3159 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
+ TODO: check
+CVE-2018-3158 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
+ TODO: check
+CVE-2018-3157 (Vulnerability in the Java SE component of Oracle Java SE ...)
+ TODO: check
+CVE-2018-3156 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3155
- RESERVED
+CVE-2018-3155 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3154
- RESERVED
-CVE-2018-3153
- RESERVED
-CVE-2018-3152
- RESERVED
-CVE-2018-3151
- RESERVED
-CVE-2018-3150
- RESERVED
-CVE-2018-3149
- RESERVED
-CVE-2018-3148
- RESERVED
-CVE-2018-3147
- RESERVED
-CVE-2018-3146
- RESERVED
-CVE-2018-3145
- RESERVED
+CVE-2018-3154 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3153 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3152 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
+ TODO: check
+CVE-2018-3151 (Vulnerability in the Oracle iProcurement component of Oracle ...)
+ TODO: check
+CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE ...)
+ TODO: check
+CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ TODO: check
+CVE-2018-3148 (Vulnerability in the Primavera Unifier component of Oracle ...)
+ TODO: check
+CVE-2018-3147 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
+ TODO: check
+CVE-2018-3146 (Vulnerability in the Oracle iLearning component of Oracle iLearning ...)
+ TODO: check
+CVE-2018-3145 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3144
- RESERVED
+CVE-2018-3144 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3143
- RESERVED
+CVE-2018-3143 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3142
- RESERVED
-CVE-2018-3141
- RESERVED
-CVE-2018-3140
- RESERVED
-CVE-2018-3139
- RESERVED
-CVE-2018-3138
- RESERVED
-CVE-2018-3137
- RESERVED
+CVE-2018-3142 (Vulnerability in the Hyperion Essbase Administration Services ...)
+ TODO: check
+CVE-2018-3141 (Vulnerability in the Hyperion Essbase Administration Services ...)
+ TODO: check
+CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services ...)
+ TODO: check
+CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ TODO: check
+CVE-2018-3138 (Vulnerability in the Oracle Application Object Library component of ...)
+ TODO: check
+CVE-2018-3137 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3136
- RESERVED
-CVE-2018-3135
- RESERVED
-CVE-2018-3134
- RESERVED
-CVE-2018-3133
- RESERVED
+CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ TODO: check
+CVE-2018-3135 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3134 (Vulnerability in the Oracle Agile Product Lifecycle Management for ...)
+ TODO: check
+CVE-2018-3133 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
-CVE-2018-3132
- RESERVED
-CVE-2018-3131
- RESERVED
-CVE-2018-3130
- RESERVED
-CVE-2018-3129
- RESERVED
-CVE-2018-3128
- RESERVED
-CVE-2018-3127
- RESERVED
-CVE-2018-3126
- RESERVED
+CVE-2018-3132 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3131 (Vulnerability in the Oracle Hospitality Gift and Loyalty component of ...)
+ TODO: check
+CVE-2018-3130 (Vulnerability in the PeopleSoft Enterprise Interaction Hub component ...)
+ TODO: check
+CVE-2018-3129 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2018-3128 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
+ TODO: check
+CVE-2018-3127 (Vulnerability in the Oracle Demantra Demand Management component of ...)
+ TODO: check
+CVE-2018-3126 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
+ TODO: check
CVE-2018-3125
RESERVED
CVE-2018-3124
RESERVED
CVE-2018-3123
RESERVED
-CVE-2018-3122
- RESERVED
+CVE-2018-3122 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
+ TODO: check
CVE-2018-3121
RESERVED
CVE-2018-3120
@@ -41465,8 +41515,8 @@ CVE-2018-3117
RESERVED
CVE-2018-3116
RESERVED
-CVE-2018-3115
- RESERVED
+CVE-2018-3115 (Vulnerability in the Oracle Retail Sales Audit component of Oracle ...)
+ TODO: check
CVE-2018-3114
RESERVED
CVE-2018-3113
@@ -41603,8 +41653,8 @@ CVE-2018-3061 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3060 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.23-1 (bug #904121)
-CVE-2018-3059
- RESERVED
+CVE-2018-3059 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
+ TODO: check
CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
@@ -41705,8 +41755,8 @@ CVE-2018-3013 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services
NOT-FOR-US: Oracle
CVE-2018-3012 (Vulnerability in the Oracle Trade Management component of Oracle ...)
NOT-FOR-US: Oracle
-CVE-2018-3011
- RESERVED
+CVE-2018-3011 (Vulnerability in the Oracle Trade Management component of Oracle ...)
+ TODO: check
CVE-2018-3010 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-3009 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
@@ -41788,8 +41838,8 @@ CVE-2018-2973 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2972 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-10 10.0.2+13-1
-CVE-2018-2971
- RESERVED
+CVE-2018-2971 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
+ TODO: check
CVE-2018-2970 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2969 (Vulnerability in the Primavera Unifier component of Oracle ...)
@@ -41896,8 +41946,8 @@ CVE-2018-2924 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component
NOT-FOR-US: Oracle
CVE-2018-2923 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
-CVE-2018-2922
- RESERVED
+CVE-2018-2922 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
CVE-2018-2921 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2018-2920 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
@@ -41912,18 +41962,18 @@ CVE-2018-2916 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component
NOT-FOR-US: Oracle
CVE-2018-2915 (Vulnerability in the Hyperion Data Relationship Management component ...)
NOT-FOR-US: Oracle
-CVE-2018-2914
- RESERVED
-CVE-2018-2913
- RESERVED
-CVE-2018-2912
- RESERVED
-CVE-2018-2911
- RESERVED
+CVE-2018-2914 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate ...)
+ TODO: check
+CVE-2018-2913 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate ...)
+ TODO: check
+CVE-2018-2912 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate ...)
+ TODO: check
+CVE-2018-2911 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
+ TODO: check
CVE-2018-2910
RESERVED
-CVE-2018-2909
- RESERVED
+CVE-2018-2909 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
+ TODO: check
CVE-2018-2908 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Oracle
CVE-2018-2907 (Vulnerability in the Hyperion Financial Reporting component of Oracle ...)
@@ -41936,8 +41986,8 @@ CVE-2018-2904 (Vulnerability in the Oracle Communications EAGLE LNP Application
NOT-FOR-US: Oracle
CVE-2018-2903 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Oracle
-CVE-2018-2902
- RESERVED
+CVE-2018-2902 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
CVE-2018-2901 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Oracle
CVE-2018-2900 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
@@ -41962,12 +42012,12 @@ CVE-2018-2891 (Vulnerability in the Oracle Retail Bulk Data Integration componen
NOT-FOR-US: Oracle
CVE-2018-2890
RESERVED
-CVE-2018-2889
- RESERVED
+CVE-2018-2889 (Vulnerability in the MICROS Retail-J component of Oracle Retail ...)
+ TODO: check
CVE-2018-2888 (Vulnerability in the MICROS Retail-J component of Oracle Retail ...)
NOT-FOR-US: Oracle
-CVE-2018-2887
- RESERVED
+CVE-2018-2887 (Vulnerability in the MICROS Retail-J component of Oracle Retail ...)
+ TODO: check
CVE-2018-2886
RESERVED
CVE-2018-2885
@@ -46030,22 +46080,22 @@ CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/59c49559e302e06bfba46cb6feb4e39adbe675b6
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/fb89192c4ca1600741af79dd22166a7d91e76924
CVE-2017-17503 (ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/522/
CVE-2017-17502 (ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/521/
CVE-2017-17501 (WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/526/
CVE-2017-17500 (ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
@@ -46058,7 +46108,7 @@ CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1
CVE-2017-17498 (WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote ...)
- {DLA-1401-1 DLA-1231-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/525/
@@ -51740,7 +51790,7 @@ CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 1
CVE-2017-16670 (The project import functionality in SoapUI 5.3.0 allows remote ...)
NOT-FOR-US: SoapUI
CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause ...)
- {DLA-1401-1 DLA-1168-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1168-1}
- graphicsmagick 1.3.26-19 (bug #881391)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
@@ -52100,7 +52150,7 @@ CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does ...)
- {DLA-1456-1 DLA-1170-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1170-1}
- graphicsmagick 1.3.26-18
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
@@ -52112,6 +52162,7 @@ CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
NOTE: https://github.com/ImageMagick/ImageMagick/issues/851
CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.26-18
[jessie] - graphicsmagick 1.3.20-3+deb8u3
[wheezy] - graphicsmagick <no-dsa> (Not possible to trigger with presented test case)
@@ -52659,12 +52710,12 @@ CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10
CVE-2017-16354
RESERVED
CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...)
- {DLA-1401-1 DLA-1159-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1159-1}
- graphicsmagick 1.3.26-17
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8
NOTE: https://blogs.securiteam.com/index.php/archives/3494
CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow ...)
- {DLA-1456-1 DLA-1159-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1159-1}
- graphicsmagick 1.3.26-17
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185
NOTE: https://blogs.securiteam.com/index.php/archives/3494
@@ -54062,7 +54113,7 @@ CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading
NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
NOTE: https://github.com/radare/radare2/issues/8731
CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null ...)
- {DLA-1456-1 DLA-1154-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1154-1}
- graphicsmagick 1.3.26-16 (bug #879999)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
@@ -55842,7 +55893,7 @@ CVE-2017-15279 (Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7
CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...)
NOT-FOR-US: TeamPass
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
- {DSA-4040-1 DSA-4032-1 DLA-1456-1 DLA-1140-1 DLA-1139-1}
+ {DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1456-1 DLA-1140-1 DLA-1139-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #878578)
- graphicsmagick 1.3.26-14
NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
@@ -55960,6 +56011,7 @@ CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allo
CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to ...)
NOT-FOR-US: IrfanView
CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.26-14
[jessie] - graphicsmagick <not-affected> (Vulnerable code not present)
[wheezy] - graphicsmagick <not-affected> (Vulnerable code do not exist)
@@ -56891,7 +56943,7 @@ CVE-2017-14999
CVE-2017-14998
RESERVED
CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...)
- {DLA-1456-1 DLA-1130-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/
@@ -56900,7 +56952,7 @@ CVE-2017-14996
CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...)
NOT-FOR-US: WSO2 Application Server
CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote ...)
- {DLA-1456-1 DLA-1130-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
@@ -57664,7 +57716,7 @@ CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as ..
CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote ...)
NOT-FOR-US: libbpg
CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE ...)
- {DLA-1401-1 DLA-1130-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/458/
@@ -58359,7 +58411,7 @@ CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...)
- {DLA-1456-1 DLA-1130-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1130-1}
- graphicsmagick 1.3.26-11
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/
@@ -58947,7 +58999,7 @@ CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9
CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation ...)
NOT-FOR-US: Apple
CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in ...)
- {DLA-1401-1 DLA-1130-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1130-1}
- graphicsmagick 1.3.26-10
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/448/
@@ -60432,15 +60484,15 @@ CVE-2017-13779 (GSTN_offline_tool in India Goods and Services Tax Network (GSTN)
CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...)
NOT-FOR-US: Fiyo CMS
CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
- {DLA-1456-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-8 (low)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
- {DLA-1456-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-8 (low)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...)
- {DLA-1456-1}
+ {DSA-4321-1 DLA-1456-1}
- graphicsmagick 1.3.26-8 (low)
[wheezy] - graphicsmagick <not-affected> (Vulnerable code not present)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd
@@ -60640,7 +60692,7 @@ CVE-2017-13738 (There is an illegal address access in the _lou_getALine function
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297
NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...)
- {DLA-1456-1 DLA-1140-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1140-1}
- graphicsmagick 1.3.26-15 (low; bug #878511)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/
@@ -62037,7 +62089,7 @@ CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in l
NOTE: https://bitbucket.org/multicoreware/x265/issues/385/cve-2017-13135
NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw
CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...)
- {DSA-4040-1 DSA-4032-1 DLA-1401-1 DLA-1170-1 DLA-1081-1}
+ {DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1401-1 DLA-1170-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #873099)
- graphicsmagick 1.3.26-19 (bug #881524)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
@@ -62242,17 +62294,17 @@ CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the fun
- graphicsmagick <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/
CVE-2017-13065 (GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in ...)
- {DLA-1401-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1082-1}
- graphicsmagick 1.3.26-7 (bug #873119)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/435/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13064 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in ...)
- {DLA-1401-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1082-1}
- graphicsmagick 1.3.26-7 (bug #873129)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/436/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in ...)
- {DLA-1401-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1082-1}
- graphicsmagick 1.3.26-7 (bug #873130)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
@@ -62727,17 +62779,17 @@ CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a ...)
[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2
CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
- {DLA-1401-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872574)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
- {DLA-1456-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872575)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
- {DLA-1456-1 DLA-1082-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872576)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
@@ -66605,6 +66657,7 @@ CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMA
NOTE: https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f86268752ffc70e40b6e1afdebfc96dcc29452db
CVE-2017-11722 (The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.26-4 (bug #870158)
[jessie] - graphicsmagick <not-affected> (vulnerable code not present)
[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
@@ -66883,15 +66936,15 @@ CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/418f88dd18af34b6cb64f709567c81b89865d7bc
CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() ...)
- {DLA-1401-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870157)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71
CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
- {DLA-1456-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870156)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in ...)
- {DLA-1456-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870155)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
@@ -66907,15 +66960,15 @@ CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8ec8ca4c61b1199b727cf52e440f3db79a5b0d0a
CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the ...)
- {DLA-1456-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870154)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
- {DLA-1456-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870153)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257
CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() ...)
- {DLA-1401-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1401-1 DLA-1045-1}
- graphicsmagick 1.3.26-4 (bug #870149)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c
CVE-2017-11635 (An issue was discovered on Wireless IP Camera 360 devices. Attackers ...)
@@ -67728,7 +67781,7 @@ CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administr
CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...)
- {DLA-1456-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-3
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
@@ -68654,10 +68707,11 @@ CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6
NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 ...)
- {DLA-1456-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-3 (low)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.26-2 (low)
[jessie] - graphicsmagick <not-affected> (vulnerable code for CVE-2017-11102 not applied in Jessie)
[wheezy] - graphicsmagick <not-affected> (vulnerable code for CVE-2017-11102 not applied in Wheezy)
@@ -68796,7 +68850,7 @@ CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate servic
NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html
NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894
CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
- {DLA-1456-1 DLA-1045-1}
+ {DSA-4321-1 DLA-1456-1 DLA-1045-1}
- graphicsmagick 1.3.26-2 (bug #867746)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1
@@ -69572,6 +69626,7 @@ CVE-2017-10802
CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...)
NOT-FOR-US: phpSocial
CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.26-1 (bug #867060)
[jessie] - graphicsmagick <no-dsa> (Minor issue)
[wheezy] - graphicsmagick <no-dsa> (Minor issue)
@@ -69581,7 +69636,7 @@ CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/ma
NOTE: the rlated changesets to mat.c since the one referenced should be
NOTE: picked up.
CVE-2017-10799 (When GraphicsMagick 1.3.25 processes a DPX image (with metadata ...)
- {DLA-1045-1}
+ {DSA-4321-1 DLA-1045-1}
- graphicsmagick 1.3.26-1 (bug #867077)
[jessie] - graphicsmagick <no-dsa> (Minor issue)
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62
@@ -69594,6 +69649,7 @@ CVE-2017-10796 (On TP-Link NC250 devices with firmware through 1.2.1 build 17051
CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows ...)
NOT-FOR-US: Subrion CMS
CVE-2017-10794 (When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata ...)
+ {DSA-4321-1}
- graphicsmagick 1.3.26-1 (bug #867085)
[jessie] - graphicsmagick <not-affected> (vulnerable code not present)
[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a03c2bf24ce74f1c4e0bcc3761cb6e68444c5375
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a03c2bf24ce74f1c4e0bcc3761cb6e68444c5375
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181017/6cf2a909/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list