[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 15 Oct 2018 13:11:30 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3d5db6ea by security tracker role at 2018-10-15T20:10:57Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2018-18371
+       RESERVED
+CVE-2018-18370
+       RESERVED
+CVE-2018-18369
+       RESERVED
+CVE-2018-18368
+       RESERVED
+CVE-2018-18367
+       RESERVED
+CVE-2018-18366
+       RESERVED
+CVE-2018-18365
+       RESERVED
+CVE-2018-18364
+       RESERVED
+CVE-2018-18363
+       RESERVED
+CVE-2018-18362
+       RESERVED
+CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. ...)
+       TODO: check
+CVE-2018-18360
+       RESERVED
+CVE-2018-18359
+       RESERVED
+CVE-2018-18358
+       RESERVED
+CVE-2018-18357
+       RESERVED
+CVE-2018-18356
+       RESERVED
+CVE-2018-18355
+       RESERVED
+CVE-2018-18354
+       RESERVED
+CVE-2018-18353
+       RESERVED
+CVE-2018-18352
+       RESERVED
+CVE-2018-18351
+       RESERVED
+CVE-2018-18350
+       RESERVED
+CVE-2018-18349
+       RESERVED
+CVE-2018-18348
+       RESERVED
+CVE-2018-18347
+       RESERVED
+CVE-2018-18346
+       RESERVED
+CVE-2018-18345
+       RESERVED
+CVE-2018-18344
+       RESERVED
+CVE-2018-18343
+       RESERVED
+CVE-2018-18342
+       RESERVED
+CVE-2018-18341
+       RESERVED
+CVE-2018-18340
+       RESERVED
+CVE-2018-18339
+       RESERVED
+CVE-2018-18338
+       RESERVED
+CVE-2018-18337
+       RESERVED
+CVE-2018-18336
+       RESERVED
+CVE-2018-18335
+       RESERVED
+CVE-2018-18334
+       RESERVED
+CVE-2018-18333
+       RESERVED
+CVE-2018-18332
+       RESERVED
+CVE-2018-18331
+       RESERVED
+CVE-2018-18330
+       RESERVED
+CVE-2018-18329
+       RESERVED
+CVE-2018-18328
+       RESERVED
+CVE-2018-18327
+       RESERVED
 CVE-2018-18326
        RESERVED
 CVE-2018-18325
@@ -76,7 +166,7 @@ CVE-2018-18292
        RESERVED
 CVE-2018-18291 (A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 
...)
        NOT-FOR-US: ASUS RT-AC58U devices
-CVE-2018-18290 (An issue was discovered in nc-cms through 2017-03-10. ...)
+CVE-2018-18290 (** DISPUTED ** An issue was discovered in nc-cms through 
2017-03-10. ...)
        NOT-FOR-US: nc-cms
 CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian 
Confluence allows ...)
        NOT-FOR-US: Zabbix Plugin for Confluence
@@ -136,10 +226,10 @@ CVE-2018-18262
        RESERVED
 CVE-2018-18261
        RESERVED
-CVE-2018-18260
-       RESERVED
-CVE-2018-18259
-       RESERVED
+CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been 
discovered. ...)
+       TODO: check
+CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA 
CMS ...)
+       TODO: check
 CVE-2018-18258 (An issue was discovered in BageCMS 3.1.3. The attacker can 
execute ...)
        NOT-FOR-US: BageCMS
 CVE-2018-18257 (An issue was discovered in BageCMS 3.1.3. An attacker can 
delete any ...)
@@ -705,8 +795,7 @@ CVE-2018-18074 (The Requests package through 2.19.1 before 
2018-09-14 for Python
        NOTE: https://github.com/requests/requests/issues/4716
        NOTE: https://github.com/requests/requests/pull/4718
        NOTE: 
https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
-CVE-2018-18073 [saved execution stacks can leak operator arrays]
-       RESERVED
+CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox 
protection ...)
        - ghostscript <unfixed> (bug #910758)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
@@ -952,8 +1041,8 @@ CVE-2018-17982
        RESERVED
 CVE-2018-17981
        RESERVED
-CVE-2018-17980
-       RESERVED
+CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers 
to gain ...)
+       TODO: check
 CVE-2015-9273 (The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 
for ...)
        NOT-FOR-US: WordPress plugin wp-slimstat
 CVE-2015-9272 (The videowhisper-video-presentation plugin 3.31.17 for 
WordPress allows ...)
@@ -1016,8 +1105,7 @@ CVE-2018-17962 (Qemu has a Buffer Overflow in 
pcnet_receive in hw/net/pcnet.c be
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
-CVE-2018-17961 [ghostscript: bypassing executeonly to escape -dSAFER sandbox]
-       RESERVED
+CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to 
bypass a ...)
        - ghostscript <unfixed> (bug #910678)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
@@ -1944,12 +2032,12 @@ CVE-2018-17536 [Persistent XSS merge request project 
import]
        NOTE: 
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17535
        RESERVED
-CVE-2018-17534
-       RESERVED
-CVE-2018-17533
-       RESERVED
-CVE-2018-17532
-       RESERVED
+CVE-2018-17534 (Teltonika RUT9XX routers with firmware before 00.04.233 
provide a root ...)
+       TODO: check
+CVE-2018-17533 (Teltonika RUT9XX routers with firmware before 00.05.01.1 are 
prone to ...)
+       TODO: check
+CVE-2018-17532 (Teltonika RUT9XX routers with firmware before 00.04.233 are 
prone to ...)
+       TODO: check
 CVE-2018-17531
        RESERVED
 CVE-2018-17530
@@ -6680,14 +6768,14 @@ CVE-2018-1000212
        REJECTED
 CVE-2018-15595
        RESERVED
-CVE-2018-15593
-       RESERVED
-CVE-2018-15592
-       RESERVED
-CVE-2018-15591
-       RESERVED
-CVE-2018-15590
-       RESERVED
+CVE-2018-15593 (An issue was discovered in Ivanti Workspace Control before 
10.3.10.0 ...)
+       TODO: check
+CVE-2018-15592 (An issue was discovered in Ivanti Workspace Control before 
10.3.10.0 ...)
+       TODO: check
+CVE-2018-15591 (An issue was discovered in Ivanti Workspace Control before 
10.3.10.0 ...)
+       TODO: check
+CVE-2018-15590 (An issue was discovered in Ivanti Workspace Control before 
10.3.0.0 ...)
+       TODO: check
 CVE-2018-15589
        RESERVED
 CVE-2018-15588
@@ -6867,12 +6955,12 @@ CVE-2018-15542 (** DISPUTED ** An issue was discovered 
in the org.telegram.messe
        NOT-FOR-US:  org.telegram.messenger for Android
 CVE-2018-15541
        RESERVED
-CVE-2018-15540
-       RESERVED
-CVE-2018-15539
-       RESERVED
-CVE-2018-15538
-       RESERVED
+CVE-2018-15540 (Agentejo Cockpit performs actions on files without appropriate 
...)
+       TODO: check
+CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. 
Thus, an ...)
+       TODO: check
+CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting 
vulnerabilities. ...)
+       TODO: check
 CVE-2018-15537
        RESERVED
 CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager 
before ...)
@@ -7190,8 +7278,7 @@ CVE-2018-15380
        RESERVED
 CVE-2018-15379 (A vulnerability in which the HTTP web server for Cisco Prime 
...)
        NOT-FOR-US: Cisco
-CVE-2018-15378 [denial-of-service in MEW unpacking feature]
-       RESERVED
+CVE-2018-15378 (A vulnerability in ClamAV versions prior to 0.100.2 could 
allow an ...)
        - clamav 0.100.2+dfsg-1 (bug #910430)
        [stretch] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: 
https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html
@@ -15369,8 +15456,8 @@ CVE-2018-12156
        RESERVED
 CVE-2018-12155
        RESERVED
-CVE-2018-12154
-       RESERVED
+CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics 
Drivers ...)
+       TODO: check
 CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics 
Drivers ...)
        NOT-FOR-US: Intel
 CVE-2018-12152 (Pointer corruption in Unified Shader Compiler in Intel 
Graphics ...)
@@ -16284,7 +16371,7 @@ CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, 
if the sshd service in K
 CVE-2018-11785
        RESERVED
 CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 
9.0.11, ...)
-       {DLA-1544-1}
+       {DLA-1545-1 DLA-1544-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.34-1
        - tomcat8.0 <removed> (unimportant)
@@ -18904,7 +18991,7 @@ CVE-2018-10874 (In ansible it was found that inventory 
variables are loaded from
        NOTE: https://github.com/ansible/ansible/pull/42067
        NOTE: 
https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
 CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1 
where ...)
-       {DLA-1489-1 DLA-1486-1}
+       {DSA-4319-1 DLA-1489-1 DLA-1486-1}
        - spice 0.14.0-1.1 (bug #906315)
        - spice-gtk 0.35-1 (bug #906316)
        NOTE: 
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
@@ -44372,14 +44459,14 @@ CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 
2.7, and 3.0 uses incomplet
        NOT-FOR-US: IBM
 CVE-2018-1748
        RESERVED
-CVE-2018-1747
-       RESERVED
+CVE-2018-1747 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is 
...)
+       TODO: check
 CVE-2018-1746
        RESERVED
 CVE-2018-1745 (IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an 
...)
        NOT-FOR-US: IBM
-CVE-2018-1744
-       RESERVED
+CVE-2018-1744 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could 
allow ...)
+       TODO: check
 CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses 
sensitive ...)
        NOT-FOR-US: IBM
 CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains 
hard-coded ...)
@@ -84419,8 +84506,8 @@ CVE-2016-10214 (Memory leak in the 
virgl_resource_attach_backing function in ...
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
 CVE-2017-5935
        RESERVED
-CVE-2017-5934 [XSS in GUI editor related code]
-       RESERVED
+CVE-2017-5934 (Cross-site scripting (XSS) vulnerability in the link dialogue 
in GUI ...)
+       {DSA-4318-1 DLA-1546-1}
        - moin <unfixed> (bug #910776)
        NOTE: 
https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
 CVE-2017-5933 (Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 
65.11, ...)
@@ -168918,7 +169005,7 @@ CVE-2014-5004 (lib/brbackup.rb in the brbackup gem 
0.1.1 for Ruby places the dat
        NOT-FOR-US: Ruby Gem brbackup
 CVE-2014-5003 
(chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in ...)
        NOT-FOR-US: Ruby Gem ciborg
-CVE-2014-5002 (** DISPUTED ** The lynx gem 0.2.0 for Ruby places the 
configured ...)
+CVE-2014-5002 (The lynx gem before 1.0.0 for Ruby places the configured 
password on ...)
        NOT-FOR-US: Ruby Gem lynx
 CVE-2014-5001 (lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places 
database ...)
        NOT-FOR-US: Ruby Gem kcapifony



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d5db6eaf64b191d743e0b90aaebb60a0b8cfb1e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d5db6eaf64b191d743e0b90aaebb60a0b8cfb1e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to