[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 17 09:10:22 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85008a49 by security tracker role at 2018-09-17T08:10:14Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,109 @@
-CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER]
- - ghostscript 9.25~dfsg-1
- [stretch] - ghostscript 9.20~dfsg-3.2+deb9u5
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
-CVE-2018-17095
+CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...)
+ TODO: check
+CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...)
+ TODO: check
+CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS ...)
+ TODO: check
+CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 ...)
+ TODO: check
+CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via ...)
+ TODO: check
+CVE-2018-17135
RESERVED
-CVE-2018-17094
+CVE-2018-17134 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
+ TODO: check
+CVE-2018-17133 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
+ TODO: check
+CVE-2018-17132 (admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute ...)
+ TODO: check
+CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
+ TODO: check
+CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...)
+ TODO: check
+CVE-2018-17129 (MetInfo 6.1.0 has XSS in doexport() in ...)
+ TODO: check
+CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB ...)
+ TODO: check
+CVE-2018-17127 (blocking_request.cgi on ASUS GT-AC5300 devices through ...)
+ TODO: check
+CVE-2018-17126 (CScms 4.1 allows remote code execution, as demonstrated by ...)
+ TODO: check
+CVE-2018-17125 (CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring ...)
+ TODO: check
+CVE-2018-17124
+ RESERVED
+CVE-2018-17123
+ RESERVED
+CVE-2018-17122
+ RESERVED
+CVE-2018-17121
RESERVED
-CVE-2018-17093
+CVE-2018-17120
RESERVED
-CVE-2018-17092
+CVE-2018-17119
RESERVED
-CVE-2018-17091
+CVE-2018-17118
RESERVED
-CVE-2018-17090
+CVE-2018-17117
RESERVED
+CVE-2018-17116
+ RESERVED
+CVE-2018-17115
+ RESERVED
+CVE-2018-17114
+ RESERVED
+CVE-2018-17113 (App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf ...)
+ TODO: check
+CVE-2018-17112
+ RESERVED
+CVE-2018-17111
+ RESERVED
+CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a products/get_products/ ...)
+ TODO: check
+CVE-2018-17109
+ RESERVED
+CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
+ TODO: check
+CVE-2018-17107
+ RESERVED
+CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
+ TODO: check
+CVE-2018-17105
+ RESERVED
+CVE-2018-17104 (An issue was discovered in Microweber 1.0.7. There is a CSRF attack ...)
+ TODO: check
+CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There ...)
+ TODO: check
+CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...)
+ TODO: check
+CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...)
+ TODO: check
+CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
+ TODO: check
+CVE-2018-17099
+ RESERVED
+CVE-2018-17098 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
+ TODO: check
+CVE-2018-17097 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
+ TODO: check
+CVE-2018-17096 (The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli ...)
+ TODO: check
+CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER]
+ - ghostscript 9.25~dfsg-1
+ [stretch] - ghostscript 9.20~dfsg-3.2+deb9u5
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
+CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka ...)
+ TODO: check
+CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...)
+ TODO: check
+CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...)
+ TODO: check
+CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in ...)
+ TODO: check
+CVE-2018-17091 (An issue was discovered in DonLinkage 6.6.8. It allows remote attackers ...)
+ TODO: check
+CVE-2018-17090 (An issue was discovered in DonLinkage 6.6.8. The modules ...)
+ TODO: check
CVE-2018-17089
RESERVED
CVE-2018-17087
@@ -664,7 +754,7 @@ CVE-2018-16794
CVE-2018-16793
RESERVED
CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...)
- {DLA-1504-1}
+ {DSA-4294-1 DLA-1504-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
@@ -1851,7 +1941,7 @@ CVE-2018-16311
CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause a denial ...)
NOT-FOR-US: Technicolor
CVE-2018-16309
- RESERVED
+ REJECTED
CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi ...)
@@ -2915,7 +3005,7 @@ CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Inco
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671
CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...)
- {DLA-1504-1}
+ {DSA-4294-1 DLA-1504-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1 (bug #907332; bug #907703)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
@@ -11646,6 +11736,7 @@ CVE-2018-12372
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
CVE-2018-12371
RESERVED
+ {DSA-4295-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
@@ -11668,6 +11759,7 @@ CVE-2018-12368
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368
CVE-2018-12367
RESERVED
+ {DSA-4295-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
@@ -11719,6 +11811,7 @@ CVE-2018-12362
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362
CVE-2018-12361
RESERVED
+ {DSA-4295-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
@@ -32010,6 +32103,7 @@ CVE-2018-5188
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188
CVE-2018-5187
RESERVED
+ {DSA-4295-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
@@ -32136,7 +32230,7 @@ CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allow
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4295-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:60.0-1
@@ -35987,7 +36081,7 @@ CVE-2018-3642
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
NOT-FOR-US: Intel
CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that ...)
- {DSA-4273-1 DLA-1446-1}
+ {DSA-4273-2 DSA-4273-1 DLA-1446-1}
- intel-microcode 3.20180703.1
NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
NOTE: No software mitigations planned to be implemented in src:linux
@@ -35995,7 +36089,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and
NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1}
+ {DSA-4273-2 DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1}
- intel-microcode 3.20180703.1
- linux 4.16.12-1
[stretch] - linux 4.9.107-1
@@ -45832,10 +45926,12 @@ CVE-2018-0499 (A cross-site scripting vulnerability in ...)
[jessie] - xapian-core <not-affected> (vulnerable code not present)
NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
+ {DSA-4296-1}
- mbedtls 2.12.0-1 (bug #904821)
- polarssl <removed>
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
+ {DSA-4296-1}
- mbedtls 2.12.0-1 (bug #904821)
- polarssl <removed>
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85008a49ff6c87b842a84cbfec6b906c1155e576
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85008a49ff6c87b842a84cbfec6b906c1155e576
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180917/d15c36b3/attachment.html>
More information about the debian-security-tracker-commits
mailing list