[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Nov 8 20:10:35 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b397860 by security tracker role at 2018-11-08T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,25 @@
-CVE-2018-19108
+CVE-2018-19114 (An issue was discovered in MinDoc through v1.0.2. It allows attackers ...)
+	TODO: check
+CVE-2018-19113
 	RESERVED
-CVE-2018-19107
+CVE-2018-19112
 	RESERVED
+CVE-2018-19111 (The Google Cardboard application 1.8 for Android and 1.2 for iOS sends ...)
+	TODO: check
+CVE-2018-19110 (The skin-management feature in tianti 2.3 allows remote authenticated ...)
+	TODO: check
+CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended ...)
+	TODO: check
+CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD ...)
+	TODO: check
+CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from ...)
+	TODO: check
 CVE-2018-19106
 	RESERVED
-CVE-2018-19105
-	RESERVED
-CVE-2018-19104
-	RESERVED
+CVE-2018-19105 (LibreCAD 2.1.3 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2018-19104 (In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be ...)
+	TODO: check
 CVE-2018-19103
 	RESERVED
 CVE-2018-19102
@@ -5453,6 +5465,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express
 CVE-2018-16846
 	RESERVED
 CVE-2018-16845 (nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ...)
+	{DLA-1572-1}
 	- nginx 1.14.1-1 (bug #913090)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
 	NOTE: https://nginx.org/download/patch.2018.mp4.txt
@@ -9069,32 +9082,32 @@ CVE-2018-15451
 	RESERVED
 CVE-2018-15450
 	RESERVED
-CVE-2018-15449
-	RESERVED
-CVE-2018-15448
-	RESERVED
-CVE-2018-15447
-	RESERVED
-CVE-2018-15446
-	RESERVED
-CVE-2018-15445
-	RESERVED
-CVE-2018-15444
-	RESERVED
-CVE-2018-15443
-	RESERVED
+CVE-2018-15449 (A vulnerability in the web-based management interface of Cisco Video ...)
+	TODO: check
+CVE-2018-15448 (A vulnerability in the user management functions of Cisco Registered ...)
+	TODO: check
+CVE-2018-15447 (A vulnerability in the web framework code of Cisco Integrated ...)
+	TODO: check
+CVE-2018-15446 (A vulnerability in Cisco Meeting Server could allow an ...)
+	TODO: check
+CVE-2018-15445 (A vulnerability in the web-based management interface of Cisco Energy ...)
+	TODO: check
+CVE-2018-15444 (A vulnerability in the web-based user interface of Cisco Energy ...)
+	TODO: check
+CVE-2018-15443 (A vulnerability in the detection engine of Cisco Firepower System ...)
+	TODO: check
 CVE-2018-15442 (A vulnerability in the update service of Cisco Webex Meetings Desktop ...)
 	NOT-FOR-US: Cisco
 CVE-2018-15441
 	RESERVED
 CVE-2018-15440
 	RESERVED
-CVE-2018-15439
-	RESERVED
+CVE-2018-15439 (A vulnerability in the Cisco Small Business Switches software could ...)
+	TODO: check
 CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco Prime ...)
 	NOT-FOR-US: Cisco
-CVE-2018-15437
-	RESERVED
+CVE-2018-15437 (A vulnerability in the system scanning component of Cisco Immunet and ...)
+	TODO: check
 CVE-2018-15436 (A vulnerability in the web-based management interface of Cisco Webex ...)
 	NOT-FOR-US: Cisco
 CVE-2018-15435 (A vulnerability in the web-based management interface of Cisco ...)
@@ -9179,10 +9192,10 @@ CVE-2018-15396 (A vulnerability in the Bulk Administration Tool (BAT) for Cisco
 	NOT-FOR-US: Cisco
 CVE-2018-15395 (A vulnerability in the authentication and authorization checking ...)
 	NOT-FOR-US: Cisco
-CVE-2018-15394
-	RESERVED
-CVE-2018-15393
-	RESERVED
+CVE-2018-15394 (A vulnerability in the Stealthwatch Management Console (SMC) of Cisco ...)
+	TODO: check
+CVE-2018-15393 (A vulnerability in the web-based management interface of Cisco Content ...)
+	TODO: check
 CVE-2018-15392 (A vulnerability in the DHCP service of Cisco Industrial Network ...)
 	NOT-FOR-US: Cisco
 CVE-2018-15391 (A vulnerability in certain IPv4 fragment-processing functions of Cisco ...)
@@ -9205,8 +9218,8 @@ CVE-2018-15383 (A vulnerability in the cryptographic hardware accelerator driver
 	NOT-FOR-US: Cisco
 CVE-2018-15382 (A vulnerability in Cisco HyperFlex Software could allow an ...)
 	NOT-FOR-US: Cisco
-CVE-2018-15381
-	RESERVED
+CVE-2018-15381 (A Java deserialization vulnerability in Cisco Unity Express (CUE) ...)
+	TODO: check
 CVE-2018-15380
 	RESERVED
 CVE-2018-15379 (A vulnerability in which the HTTP web server for Cisco Prime ...)
@@ -18438,8 +18451,8 @@ CVE-2018-11779
 	RESERVED
 CVE-2018-11778 (UnixAuthenticationService in Apache Ranger 1.2.0 was updated to ...)
 	NOT-FOR-US: Apache Ranger
-CVE-2018-11777
-	RESERVED
+CVE-2018-11777 (In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on ...)
+	TODO: check
 CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from ...)
 	- libstruts1.2-java <not-affected> (Specific to 2.x)
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
@@ -33335,26 +33348,26 @@ CVE-2018-6444
 	RESERVED
 CVE-2018-6443
 	RESERVED
-CVE-2018-6442
-	RESERVED
-CVE-2018-6441
-	RESERVED
+CVE-2018-6442 (A vulnerability in the Brocade Webtools firmware update section of ...)
+	TODO: check
+CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade Fabric OS ...)
+	TODO: check
 CVE-2018-6440
 	RESERVED
 CVE-2018-6439
 	RESERVED
-CVE-2018-6438
-	RESERVED
-CVE-2018-6437
-	RESERVED
-CVE-2018-6436
-	RESERVED
-CVE-2018-6435
-	RESERVED
-CVE-2018-6434
-	RESERVED
-CVE-2018-6433
-	RESERVED
+CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS ...)
+	TODO: check
+CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS command line ...)
+	TODO: check
+CVE-2018-6436 (A Vulnerability in the firmwaredownload command of Brocade Fabric OS ...)
+	TODO: check
+CVE-2018-6435 (A Vulnerability in the secryptocfg command of Brocade Fabric OS ...)
+	TODO: check
+CVE-2018-6434 (A vulnerability in the web management interface of Brocade Fabric OS ...)
+	TODO: check
+CVE-2018-6433 (A vulnerability in the secryptocfg export command of Brocade Fabric OS ...)
+	TODO: check
 CVE-2018-6432
 	RESERVED
 CVE-2018-6431
@@ -48230,8 +48243,8 @@ CVE-2018-1316 (The ODE process deployment web service was sensible to deployment
 	NOT-FOR-US: Apache ODE
 CVE-2018-1315 (In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run ...)
 	NOT-FOR-US: Apache Hive
-CVE-2018-1314
-	RESERVED
+CVE-2018-1314 (In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does ...)
+	TODO: check
 CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network ...)
 	- derby 10.14.2.0-1
 	[jessie] - derby <no-dsa> (Minor issue)
@@ -51987,8 +52000,8 @@ CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software
 	NOT-FOR-US: Cisco
 CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog ...)
 	NOT-FOR-US: Cisco
-CVE-2018-0284
-	RESERVED
+CVE-2018-0284 (A vulnerability in the local status page functionality of the Cisco ...)
+	TODO: check
 CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0282



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b3978601ecb64470aeac39a6a326127cb6bea0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b3978601ecb64470aeac39a6a326127cb6bea0b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181108/76c25f2a/attachment.html>

More information about the debian-security-tracker-commits mailing list