[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 18 09:10:31 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
691fe92f by security tracker role at 2018-10-18T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2018-18461 (The Arigato Autoresponder and Newsletter (aka bft-autoresponder) ...)
+ TODO: check
+CVE-2018-18460 (XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via ...)
+ TODO: check
+CVE-2018-18459 (The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows ...)
+ TODO: check
+CVE-2018-18458 (The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows ...)
+ TODO: check
+CVE-2018-18457 (The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows ...)
+ TODO: check
+CVE-2018-18456 (The function Object::isName() in Object.h (called from ...)
+ TODO: check
+CVE-2018-18455 (The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote ...)
+ TODO: check
+CVE-2018-18454 (CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote ...)
+ TODO: check
+CVE-2018-18453
+ RESERVED
+CVE-2018-18452
+ RESERVED
+CVE-2018-18451
+ RESERVED
+CVE-2018-18450 (apps\admin\controller\content\SingleController.php in PbootCMS ...)
+ TODO: check
+CVE-2018-18449
+ RESERVED
+CVE-2018-18448
+ RESERVED
+CVE-2018-18447
+ RESERVED
+CVE-2018-18446
+ RESERVED
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds ...)
TODO: check
CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
@@ -125,8 +157,8 @@ CVE-2018-18388
RESERVED
CVE-2018-18387
RESERVED
-CVE-2018-18386
- RESERVED
+CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local ...)
+ TODO: check
CVE-2018-18385 (Asciidoctor v1.5.7.1 allows remote attackers to cause a denial of ...)
- asciidoctor <unfixed>
NOTE: https://github.com/asciidoctor/asciidoctor/issues/2888
@@ -7368,14 +7400,14 @@ CVE-2018-15440
RESERVED
CVE-2018-15439
RESERVED
-CVE-2018-15438
- RESERVED
+CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco Prime ...)
+ TODO: check
CVE-2018-15437
RESERVED
CVE-2018-15436 (A vulnerability in the web-based management interface of Cisco Webex ...)
NOT-FOR-US: Cisco
-CVE-2018-15435
- RESERVED
+CVE-2018-15435 (A vulnerability in the web-based management interface of Cisco ...)
+ TODO: check
CVE-2018-15434 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2018-15433 (A vulnerability in the server backup function of Cisco Prime ...)
@@ -7440,8 +7472,8 @@ CVE-2018-15404 (A vulnerability in the web interface of Cisco Integrated Managem
NOT-FOR-US: Cisco
CVE-2018-15403 (A vulnerability in the web interface of Cisco Emergency Responder, ...)
NOT-FOR-US: Cisco
-CVE-2018-15402
- RESERVED
+CVE-2018-15402 (A vulnerability in Cisco Enterprise NFV Infrastructure Software ...)
+ TODO: check
CVE-2018-15401 (A vulnerability in the web-based management interface of Cisco Hosted ...)
NOT-FOR-US: Cisco
CVE-2018-15400 (A vulnerability in the web-based management interface of Cisco Cloud ...)
@@ -7454,8 +7486,8 @@ CVE-2018-15397 (A vulnerability in the implementation of Traffic Flow Confidenti
NOT-FOR-US: Cisco
CVE-2018-15396 (A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity ...)
NOT-FOR-US: Cisco
-CVE-2018-15395
- RESERVED
+CVE-2018-15395 (A vulnerability in the authentication and authorization checking ...)
+ TODO: check
CVE-2018-15394
RESERVED
CVE-2018-15393
@@ -9365,8 +9397,8 @@ CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-tim
[stretch] - linux 4.9.82-1+deb9u1
[jessie] - linux 3.16.56-1
NOTE: Fixed by: https://git.kernel.org/linus/cef31d9af908243421258f1df35a4a644604efbe
-CVE-2018-14597
- RESERVED
+CVE-2018-14597 (CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA ...)
+ TODO: check
CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, ...)
- mono <unfixed>
[stretch] - mono <no-dsa> (Minor issue)
@@ -18777,7 +18809,7 @@ CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate str
[jessie] - lilypond <not-affected> (Incomplete fix not applied)
[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
- {DSA-4201-1 DLA-1383-1}
+ {DSA-4201-1 DLA-1549-1 DLA-1383-1}
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
NOTE: https://xenbits.xen.org/xsa/advisory-261.html
CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
@@ -18922,7 +18954,7 @@ CVE-2018-10934
RESERVED
- wildfly <itp> (bug #752018)
CVE-2018-10933 (A vulnerability was found in libssh's server-side state machine before ...)
- {DSA-4322-1}
+ {DSA-4322-1 DLA-1548-1}
- libssh 0.8.4-1 (bug #911149)
NOTE: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
NOTE: https://bugs.libssh.org/T101
@@ -20396,7 +20428,7 @@ CVE-2018-10433
CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allowed ...)
NOT-FOR-US: Blackboard Learn
CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
- {DSA-4201-1}
+ {DSA-4201-1 DLA-1549-1}
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
[wheezy] - xen <not-affected> (Regression for XSA-254 which was not applied in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-259.html
@@ -45840,19 +45872,19 @@ CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.1
CVE-2017-17559
RESERVED
CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
- {DSA-4112-1 DLA-1230-1}
+ {DSA-4112-1 DLA-1549-1 DLA-1230-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
NOTE: https://xenbits.xen.org/xsa/advisory-251.html
CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
- {DSA-4112-1 DLA-1230-1}
+ {DSA-4112-1 DLA-1549-1 DLA-1230-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
NOTE: https://xenbits.xen.org/xsa/advisory-250.html
CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
- {DSA-4112-1 DLA-1230-1}
+ {DSA-4112-1 DLA-1549-1 DLA-1230-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
NOTE: https://xenbits.xen.org/xsa/advisory-249.html
CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
- {DSA-4112-1 DLA-1230-1}
+ {DSA-4112-1 DLA-1549-1 DLA-1230-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
@@ -49034,7 +49066,7 @@ CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-246.html
CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform ...)
- {DSA-4050-1}
+ {DSA-4050-1 DLA-1549-1}
- xen 4.8.2+xsa245-0+deb9u1
[wheezy] - xen <not-affected> (arm not supported)
NOTE: https://xenbits.xen.org/xsa/advisory-245.html
@@ -49727,8 +49759,8 @@ CVE-2018-0458 (A vulnerability in the web-based management interface of Cisco Pr
NOT-FOR-US: Cisco
CVE-2018-0457 (A vulnerability in the Cisco Webex Player for Webex Recording Format ...)
NOT-FOR-US: Cisco
-CVE-2018-0456
- RESERVED
+CVE-2018-0456 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
+ TODO: check
CVE-2018-0455 (A vulnerability in the Server Message Block Version 2 (SMBv2) and ...)
NOT-FOR-US: Cisco
CVE-2018-0454 (A vulnerability in the web-based management interface of Cisco Cloud ...)
@@ -49753,12 +49785,12 @@ CVE-2018-0445 (A vulnerability in the web-based management interface of Cisco ..
NOT-FOR-US: Cisco
CVE-2018-0444 (A vulnerability in the web-based management interface of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2018-0443
- RESERVED
-CVE-2018-0442
- RESERVED
-CVE-2018-0441
- RESERVED
+CVE-2018-0443 (A vulnerability in the Control and Provisioning of Wireless Access ...)
+ TODO: check
+CVE-2018-0442 (A vulnerability in the Control and Provisioning of Wireless Access ...)
+ TODO: check
+CVE-2018-0441 (A vulnerability in the 802.11r Fast Transition feature set of Cisco ...)
+ TODO: check
CVE-2018-0440 (A vulnerability in the web interface of Cisco Data Center Network ...)
NOT-FOR-US: Cisco
CVE-2018-0439 (A vulnerability in the web-based management interface of Cisco Meeting ...)
@@ -49799,14 +49831,14 @@ CVE-2018-0422 (A vulnerability in the folder permissions of Cisco Webex Meetings
NOT-FOR-US: Cisco
CVE-2018-0421 (A vulnerability in TCP connection management in Cisco Prime Access ...)
NOT-FOR-US: Cisco
-CVE-2018-0420
- RESERVED
+CVE-2018-0420 (A vulnerability in the web-based interface of Cisco Wireless LAN ...)
+ TODO: check
CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of Cisco ...)
NOT-FOR-US: Cisco
CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) feature ...)
NOT-FOR-US: Cisco
-CVE-2018-0417
- RESERVED
+CVE-2018-0417 (A vulnerability in TACACS authentication with Cisco Wireless LAN ...)
+ TODO: check
CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless LAN ...)
TODO: check
CVE-2018-0415 (A vulnerability in the implementation of Extensible Authentication ...)
@@ -49849,8 +49881,8 @@ CVE-2018-0397 (A vulnerability in Cisco AMP for Endpoints Mac Connector Software
NOT-FOR-US: Cisco
CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2018-0395
- RESERVED
+CVE-2018-0395 (A vulnerability in the Link Layer Discovery Protocol (LLDP) ...)
+ TODO: check
CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services ...)
NOT-FOR-US: Cisco
CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder ...)
@@ -49877,14 +49909,14 @@ CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT System
NOT-FOR-US: Cisco
CVE-2018-0382
RESERVED
-CVE-2018-0381
- RESERVED
+CVE-2018-0381 (A vulnerability in the Cisco Aironet Series Access Points (APs) ...)
+ TODO: check
CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
NOT-FOR-US: Cisco
CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
NOT-FOR-US: Cisco
-CVE-2018-0378
- RESERVED
+CVE-2018-0378 (A vulnerability in the Precision Time Protocol (PTP) feature of Cisco ...)
+ TODO: check
CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interface ...)
NOT-FOR-US: Cisco
CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite ...)
@@ -55003,7 +55035,7 @@ CVE-2017-15599
CVE-2017-15598
RESERVED
CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made ...)
- {DSA-4050-1}
+ {DSA-4050-1 DLA-1549-1}
- xen 4.8.2+xsa245-0+deb9u1
[wheezy] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-236.html
@@ -55875,7 +55907,7 @@ CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV gue
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-242.html
CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
- {DSA-4050-1 DLA-1181-1}
+ {DSA-4050-1 DLA-1549-1 DLA-1181-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-241.html
CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
@@ -55883,7 +55915,7 @@ CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV gue
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-240.html
CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
- {DSA-4050-1 DLA-1181-1}
+ {DSA-4050-1 DLA-1549-1 DLA-1181-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-239.html
CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...)
@@ -55893,7 +55925,7 @@ CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing atta
[wheezy] - xen <not-affected> (Only affects 4.5 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-238.html
CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS ...)
- {DSA-4050-1}
+ {DSA-4050-1 DLA-1549-1}
- xen 4.8.2+xsa245-0+deb9u1
[wheezy] - xen <no-dsa> (Patches too intrusive to backport)
NOTE: https://xenbits.xen.org/xsa/advisory-237.html
@@ -59030,7 +59062,7 @@ CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to ...)
NOT-FOR-US: Mirasvit Helpdesk MX
CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When ...)
- {DSA-4050-1 DLA-1132-1}
+ {DSA-4050-1 DLA-1549-1 DLA-1132-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-234.html
CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function ...)
@@ -59040,11 +59072,11 @@ CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function
NOTE: https://xenbits.xen.org/xsa/advisory-232.html
NOTE: Wheezy will be affected with the upcoming grant table backport
CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka ...)
- {DSA-4050-1 DLA-1132-1}
+ {DSA-4050-1 DLA-1549-1 DLA-1132-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-233.html
CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. The ...)
- {DSA-4050-1 DLA-1132-1}
+ {DSA-4050-1 DLA-1549-1 DLA-1132-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-231.html
CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/691fe92f8595443c29f24419019fbe70ee522c69
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/691fe92f8595443c29f24419019fbe70ee522c69
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181018/9f7c663c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list