[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 15 21:11:08 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d5db6ea by security tracker role at 2018-10-15T20:10:57Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2018-18371
+ RESERVED
+CVE-2018-18370
+ RESERVED
+CVE-2018-18369
+ RESERVED
+CVE-2018-18368
+ RESERVED
+CVE-2018-18367
+ RESERVED
+CVE-2018-18366
+ RESERVED
+CVE-2018-18365
+ RESERVED
+CVE-2018-18364
+ RESERVED
+CVE-2018-18363
+ RESERVED
+CVE-2018-18362
+ RESERVED
+CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. ...)
+ TODO: check
+CVE-2018-18360
+ RESERVED
+CVE-2018-18359
+ RESERVED
+CVE-2018-18358
+ RESERVED
+CVE-2018-18357
+ RESERVED
+CVE-2018-18356
+ RESERVED
+CVE-2018-18355
+ RESERVED
+CVE-2018-18354
+ RESERVED
+CVE-2018-18353
+ RESERVED
+CVE-2018-18352
+ RESERVED
+CVE-2018-18351
+ RESERVED
+CVE-2018-18350
+ RESERVED
+CVE-2018-18349
+ RESERVED
+CVE-2018-18348
+ RESERVED
+CVE-2018-18347
+ RESERVED
+CVE-2018-18346
+ RESERVED
+CVE-2018-18345
+ RESERVED
+CVE-2018-18344
+ RESERVED
+CVE-2018-18343
+ RESERVED
+CVE-2018-18342
+ RESERVED
+CVE-2018-18341
+ RESERVED
+CVE-2018-18340
+ RESERVED
+CVE-2018-18339
+ RESERVED
+CVE-2018-18338
+ RESERVED
+CVE-2018-18337
+ RESERVED
+CVE-2018-18336
+ RESERVED
+CVE-2018-18335
+ RESERVED
+CVE-2018-18334
+ RESERVED
+CVE-2018-18333
+ RESERVED
+CVE-2018-18332
+ RESERVED
+CVE-2018-18331
+ RESERVED
+CVE-2018-18330
+ RESERVED
+CVE-2018-18329
+ RESERVED
+CVE-2018-18328
+ RESERVED
+CVE-2018-18327
+ RESERVED
CVE-2018-18326
RESERVED
CVE-2018-18325
@@ -76,7 +166,7 @@ CVE-2018-18292
RESERVED
CVE-2018-18291 (A cross site scripting (XSS) vulnerability on ASUS RT-AC58U ...)
NOT-FOR-US: ASUS RT-AC58U devices
-CVE-2018-18290 (An issue was discovered in nc-cms through 2017-03-10. ...)
+CVE-2018-18290 (** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. ...)
NOT-FOR-US: nc-cms
CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows ...)
NOT-FOR-US: Zabbix Plugin for Confluence
@@ -136,10 +226,10 @@ CVE-2018-18262
RESERVED
CVE-2018-18261
RESERVED
-CVE-2018-18260
- RESERVED
-CVE-2018-18259
- RESERVED
+CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. ...)
+ TODO: check
+CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA CMS ...)
+ TODO: check
CVE-2018-18258 (An issue was discovered in BageCMS 3.1.3. The attacker can execute ...)
NOT-FOR-US: BageCMS
CVE-2018-18257 (An issue was discovered in BageCMS 3.1.3. An attacker can delete any ...)
@@ -705,8 +795,7 @@ CVE-2018-18074 (The Requests package through 2.19.1 before 2018-09-14 for Python
NOTE: https://github.com/requests/requests/issues/4716
NOTE: https://github.com/requests/requests/pull/4718
NOTE: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
-CVE-2018-18073 [saved execution stacks can leak operator arrays]
- RESERVED
+CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protection ...)
- ghostscript <unfixed> (bug #910758)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
@@ -952,8 +1041,8 @@ CVE-2018-17982
RESERVED
CVE-2018-17981
RESERVED
-CVE-2018-17980
- RESERVED
+CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain ...)
+ TODO: check
CVE-2015-9273 (The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for ...)
NOT-FOR-US: WordPress plugin wp-slimstat
CVE-2015-9272 (The videowhisper-video-presentation plugin 3.31.17 for WordPress allows ...)
@@ -1016,8 +1105,7 @@ CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c be
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
-CVE-2018-17961 [ghostscript: bypassing executeonly to escape -dSAFER sandbox]
- RESERVED
+CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
- ghostscript <unfixed> (bug #910678)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
@@ -1944,12 +2032,12 @@ CVE-2018-17536 [Persistent XSS merge request project import]
NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17535
RESERVED
-CVE-2018-17534
- RESERVED
-CVE-2018-17533
- RESERVED
-CVE-2018-17532
- RESERVED
+CVE-2018-17534 (Teltonika RUT9XX routers with firmware before 00.04.233 provide a root ...)
+ TODO: check
+CVE-2018-17533 (Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to ...)
+ TODO: check
+CVE-2018-17532 (Teltonika RUT9XX routers with firmware before 00.04.233 are prone to ...)
+ TODO: check
CVE-2018-17531
RESERVED
CVE-2018-17530
@@ -6680,14 +6768,14 @@ CVE-2018-1000212
REJECTED
CVE-2018-15595
RESERVED
-CVE-2018-15593
- RESERVED
-CVE-2018-15592
- RESERVED
-CVE-2018-15591
- RESERVED
-CVE-2018-15590
- RESERVED
+CVE-2018-15593 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 ...)
+ TODO: check
+CVE-2018-15592 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 ...)
+ TODO: check
+CVE-2018-15591 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 ...)
+ TODO: check
+CVE-2018-15590 (An issue was discovered in Ivanti Workspace Control before 10.3.0.0 ...)
+ TODO: check
CVE-2018-15589
RESERVED
CVE-2018-15588
@@ -6867,12 +6955,12 @@ CVE-2018-15542 (** DISPUTED ** An issue was discovered in the org.telegram.messe
NOT-FOR-US: org.telegram.messenger for Android
CVE-2018-15541
RESERVED
-CVE-2018-15540
- RESERVED
-CVE-2018-15539
- RESERVED
-CVE-2018-15538
- RESERVED
+CVE-2018-15540 (Agentejo Cockpit performs actions on files without appropriate ...)
+ TODO: check
+CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an ...)
+ TODO: check
+CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. ...)
+ TODO: check
CVE-2018-15537
RESERVED
CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)
@@ -7190,8 +7278,7 @@ CVE-2018-15380
RESERVED
CVE-2018-15379 (A vulnerability in which the HTTP web server for Cisco Prime ...)
NOT-FOR-US: Cisco
-CVE-2018-15378 [denial-of-service in MEW unpacking feature]
- RESERVED
+CVE-2018-15378 (A vulnerability in ClamAV versions prior to 0.100.2 could allow an ...)
- clamav 0.100.2+dfsg-1 (bug #910430)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html
@@ -15369,8 +15456,8 @@ CVE-2018-12156
RESERVED
CVE-2018-12155
RESERVED
-CVE-2018-12154
- RESERVED
+CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
+ TODO: check
CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
NOT-FOR-US: Intel
CVE-2018-12152 (Pointer corruption in Unified Shader Compiler in Intel Graphics ...)
@@ -16284,7 +16371,7 @@ CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in K
CVE-2018-11785
RESERVED
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...)
- {DLA-1544-1}
+ {DLA-1545-1 DLA-1544-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.34-1
- tomcat8.0 <removed> (unimportant)
@@ -18904,7 +18991,7 @@ CVE-2018-10874 (In ansible it was found that inventory variables are loaded from
NOTE: https://github.com/ansible/ansible/pull/42067
NOTE: https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1 where ...)
- {DLA-1489-1 DLA-1486-1}
+ {DSA-4319-1 DLA-1489-1 DLA-1486-1}
- spice 0.14.0-1.1 (bug #906315)
- spice-gtk 0.35-1 (bug #906316)
NOTE: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
@@ -44372,14 +44459,14 @@ CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplet
NOT-FOR-US: IBM
CVE-2018-1748
RESERVED
-CVE-2018-1747
- RESERVED
+CVE-2018-1747 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is ...)
+ TODO: check
CVE-2018-1746
RESERVED
CVE-2018-1745 (IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an ...)
NOT-FOR-US: IBM
-CVE-2018-1744
- RESERVED
+CVE-2018-1744 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow ...)
+ TODO: check
CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive ...)
NOT-FOR-US: IBM
CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded ...)
@@ -84419,8 +84506,8 @@ CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in ...
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
CVE-2017-5935
RESERVED
-CVE-2017-5934 [XSS in GUI editor related code]
- RESERVED
+CVE-2017-5934 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI ...)
+ {DSA-4318-1 DLA-1546-1}
- moin <unfixed> (bug #910776)
NOTE: https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
CVE-2017-5933 (Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, ...)
@@ -168918,7 +169005,7 @@ CVE-2014-5004 (lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the dat
NOT-FOR-US: Ruby Gem brbackup
CVE-2014-5003 (chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in ...)
NOT-FOR-US: Ruby Gem ciborg
-CVE-2014-5002 (** DISPUTED ** The lynx gem 0.2.0 for Ruby places the configured ...)
+CVE-2014-5002 (The lynx gem before 1.0.0 for Ruby places the configured password on ...)
NOT-FOR-US: Ruby Gem lynx
CVE-2014-5001 (lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database ...)
NOT-FOR-US: Ruby Gem kcapifony
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d5db6eaf64b191d743e0b90aaebb60a0b8cfb1e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d5db6eaf64b191d743e0b90aaebb60a0b8cfb1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181015/b2741b27/attachment.html>
More information about the debian-security-tracker-commits
mailing list