[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 18 Oct 2018 01:11:29 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
691fe92f by security tracker role at 2018-10-18T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2018-18461 (The Arigato Autoresponder and Newsletter (aka 
bft-autoresponder) ...)
+       TODO: check
+CVE-2018-18460 (XSS exists in the wp-live-chat-support v8.0.15 plugin for 
WordPress via ...)
+       TODO: check
+CVE-2018-18459 (The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 
allows ...)
+       TODO: check
+CVE-2018-18458 (The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 
allows ...)
+       TODO: check
+CVE-2018-18457 (The function DCTStream::readScan in Stream.cc in Xpdf 4.00 
allows ...)
+       TODO: check
+CVE-2018-18456 (The function Object::isName() in Object.h (called from ...)
+       TODO: check
+CVE-2018-18455 (The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows 
remote ...)
+       TODO: check
+CVE-2018-18454 (CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows 
remote ...)
+       TODO: check
+CVE-2018-18453
+       RESERVED
+CVE-2018-18452
+       RESERVED
+CVE-2018-18451
+       RESERVED
+CVE-2018-18450 (apps\admin\controller\content\SingleController.php in PbootCMS 
...)
+       TODO: check
+CVE-2018-18449
+       RESERVED
+CVE-2018-18448
+       RESERVED
+CVE-2018-18447
+       RESERVED
+CVE-2018-18446
+       RESERVED
 CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an 
out-of-bounds ...)
        TODO: check
 CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
@@ -125,8 +157,8 @@ CVE-2018-18388
        RESERVED
 CVE-2018-18387
        RESERVED
-CVE-2018-18386
-       RESERVED
+CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows 
local ...)
+       TODO: check
 CVE-2018-18385 (Asciidoctor v1.5.7.1 allows remote attackers to cause a denial 
of ...)
        - asciidoctor <unfixed>
        NOTE: https://github.com/asciidoctor/asciidoctor/issues/2888
@@ -7368,14 +7400,14 @@ CVE-2018-15440
        RESERVED
 CVE-2018-15439
        RESERVED
-CVE-2018-15438
-       RESERVED
+CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco 
Prime ...)
+       TODO: check
 CVE-2018-15437
        RESERVED
 CVE-2018-15436 (A vulnerability in the web-based management interface of Cisco 
Webex ...)
        NOT-FOR-US: Cisco
-CVE-2018-15435
-       RESERVED
+CVE-2018-15435 (A vulnerability in the web-based management interface of Cisco 
...)
+       TODO: check
 CVE-2018-15434 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
        NOT-FOR-US: Cisco
 CVE-2018-15433 (A vulnerability in the server backup function of Cisco Prime 
...)
@@ -7440,8 +7472,8 @@ CVE-2018-15404 (A vulnerability in the web interface of 
Cisco Integrated Managem
        NOT-FOR-US: Cisco
 CVE-2018-15403 (A vulnerability in the web interface of Cisco Emergency 
Responder, ...)
        NOT-FOR-US: Cisco
-CVE-2018-15402
-       RESERVED
+CVE-2018-15402 (A vulnerability in Cisco Enterprise NFV Infrastructure 
Software ...)
+       TODO: check
 CVE-2018-15401 (A vulnerability in the web-based management interface of Cisco 
Hosted ...)
        NOT-FOR-US: Cisco
 CVE-2018-15400 (A vulnerability in the web-based management interface of Cisco 
Cloud ...)
@@ -7454,8 +7486,8 @@ CVE-2018-15397 (A vulnerability in the implementation of 
Traffic Flow Confidenti
        NOT-FOR-US: Cisco
 CVE-2018-15396 (A vulnerability in the Bulk Administration Tool (BAT) for 
Cisco Unity ...)
        NOT-FOR-US: Cisco
-CVE-2018-15395
-       RESERVED
+CVE-2018-15395 (A vulnerability in the authentication and authorization 
checking ...)
+       TODO: check
 CVE-2018-15394
        RESERVED
 CVE-2018-15393
@@ -9365,8 +9397,8 @@ CVE-2017-18344 (The timer_create syscall implementation 
in kernel/time/posix-tim
        [stretch] - linux 4.9.82-1+deb9u1
        [jessie] - linux 3.16.56-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/cef31d9af908243421258f1df35a4a644604efbe
-CVE-2018-14597
-       RESERVED
+CVE-2018-14597 (CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 
and CA ...)
+       TODO: check
 CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory 
traversal, ...)
        - mono <unfixed>
        [stretch] - mono <no-dsa> (Minor issue)
@@ -18777,7 +18809,7 @@ CVE-2018-10992 (lilypond-invoke-editor in LilyPond 
2.19.80 does not validate str
        [jessie] - lilypond <not-affected> (Incomplete fix not applied)
        [wheezy] - lilypond <not-affected> (Incomplete fix not applied)
 CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM 
guest OS ...)
-       {DSA-4201-1 DLA-1383-1}
+       {DSA-4201-1 DLA-1549-1 DLA-1383-1}
        - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
        NOTE: https://xenbits.xen.org/xsa/advisory-261.html
 CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM 
guest OS ...)
@@ -18922,7 +18954,7 @@ CVE-2018-10934
        RESERVED
        - wildfly <itp> (bug #752018)
 CVE-2018-10933 (A vulnerability was found in libssh's server-side state 
machine before ...)
-       {DSA-4322-1}
+       {DSA-4322-1 DLA-1548-1}
        - libssh 0.8.4-1 (bug #911149)
        NOTE: 
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
        NOTE: https://bugs.libssh.org/T101
@@ -20396,7 +20428,7 @@ CVE-2018-10433
 CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has 
allowed ...)
        NOT-FOR-US: Blackboard Learn
 CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV 
guest OS ...)
-       {DSA-4201-1}
+       {DSA-4201-1 DLA-1549-1}
        - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
        [wheezy] - xen <not-affected> (Regression for XSA-254 which was not 
applied in wheezy)
        NOTE: https://xenbits.xen.org/xsa/advisory-259.html
@@ -45840,19 +45872,19 @@ CVE-2017-17560 (An issue was discovered on Western 
Digital MyCloud PR4100 2.30.1
 CVE-2017-17559
        RESERVED
 CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest 
OS users ...)
-       {DSA-4112-1 DLA-1230-1}
+       {DSA-4112-1 DLA-1549-1 DLA-1230-1}
        - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
        NOTE: https://xenbits.xen.org/xsa/advisory-251.html
 CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS 
users to ...)
-       {DSA-4112-1 DLA-1230-1}
+       {DSA-4112-1 DLA-1549-1 DLA-1230-1}
        - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
        NOTE: https://xenbits.xen.org/xsa/advisory-250.html
 CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS 
users to ...)
-       {DSA-4112-1 DLA-1230-1}
+       {DSA-4112-1 DLA-1549-1 DLA-1230-1}
        - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
        NOTE: https://xenbits.xen.org/xsa/advisory-249.html
 CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest 
OS users ...)
-       {DSA-4112-1 DLA-1230-1}
+       {DSA-4112-1 DLA-1549-1 DLA-1230-1}
        - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
        NOTE: https://xenbits.xen.org/xsa/advisory-248.html
 CVE-2017-17558 (The usb_destroy_configuration function in 
drivers/usb/core/config.c in ...)
@@ -49034,7 +49066,7 @@ CVE-2017-17044 (An issue was discovered in Xen through 
4.9.x allowing HVM guest
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-246.html
 CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM 
platform ...)
-       {DSA-4050-1}
+       {DSA-4050-1 DLA-1549-1}
        - xen 4.8.2+xsa245-0+deb9u1
        [wheezy] - xen <not-affected> (arm not supported)
        NOTE: https://xenbits.xen.org/xsa/advisory-245.html
@@ -49727,8 +49759,8 @@ CVE-2018-0458 (A vulnerability in the web-based 
management interface of Cisco Pr
        NOT-FOR-US: Cisco
 CVE-2018-0457 (A vulnerability in the Cisco Webex Player for Webex Recording 
Format ...)
        NOT-FOR-US: Cisco
-CVE-2018-0456
-       RESERVED
+CVE-2018-0456 (A vulnerability in the Simple Network Management Protocol 
(SNMP) input ...)
+       TODO: check
 CVE-2018-0455 (A vulnerability in the Server Message Block Version 2 (SMBv2) 
and ...)
        NOT-FOR-US: Cisco
 CVE-2018-0454 (A vulnerability in the web-based management interface of Cisco 
Cloud ...)
@@ -49753,12 +49785,12 @@ CVE-2018-0445 (A vulnerability in the web-based 
management interface of Cisco ..
        NOT-FOR-US: Cisco
 CVE-2018-0444 (A vulnerability in the web-based management interface of Cisco 
...)
        NOT-FOR-US: Cisco
-CVE-2018-0443
-       RESERVED
-CVE-2018-0442
-       RESERVED
-CVE-2018-0441
-       RESERVED
+CVE-2018-0443 (A vulnerability in the Control and Provisioning of Wireless 
Access ...)
+       TODO: check
+CVE-2018-0442 (A vulnerability in the Control and Provisioning of Wireless 
Access ...)
+       TODO: check
+CVE-2018-0441 (A vulnerability in the 802.11r Fast Transition feature set of 
Cisco ...)
+       TODO: check
 CVE-2018-0440 (A vulnerability in the web interface of Cisco Data Center 
Network ...)
        NOT-FOR-US: Cisco
 CVE-2018-0439 (A vulnerability in the web-based management interface of Cisco 
Meeting ...)
@@ -49799,14 +49831,14 @@ CVE-2018-0422 (A vulnerability in the folder 
permissions of Cisco Webex Meetings
        NOT-FOR-US: Cisco
 CVE-2018-0421 (A vulnerability in TCP connection management in Cisco Prime 
Access ...)
        NOT-FOR-US: Cisco
-CVE-2018-0420
-       RESERVED
+CVE-2018-0420 (A vulnerability in the web-based interface of Cisco Wireless 
LAN ...)
+       TODO: check
 CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of 
Cisco ...)
        NOT-FOR-US: Cisco
 CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) 
feature ...)
        NOT-FOR-US: Cisco
-CVE-2018-0417
-       RESERVED
+CVE-2018-0417 (A vulnerability in TACACS authentication with Cisco Wireless 
LAN ...)
+       TODO: check
 CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless 
LAN ...)
        TODO: check
 CVE-2018-0415 (A vulnerability in the implementation of Extensible 
Authentication ...)
@@ -49849,8 +49881,8 @@ CVE-2018-0397 (A vulnerability in Cisco AMP for 
Endpoints Mac Connector Software
        NOT-FOR-US: Cisco
 CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified ...)
        NOT-FOR-US: Cisco
-CVE-2018-0395
-       RESERVED
+CVE-2018-0395 (A vulnerability in the Link Layer Discovery Protocol (LLDP) ...)
+       TODO: check
 CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud 
Services ...)
        NOT-FOR-US: Cisco
 CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy 
Builder ...)
@@ -49877,14 +49909,14 @@ CVE-2018-0383 (A vulnerability in the detection 
engine of Cisco FireSIGHT System
        NOT-FOR-US: Cisco
 CVE-2018-0382
        RESERVED
-CVE-2018-0381
-       RESERVED
+CVE-2018-0381 (A vulnerability in the Cisco Aironet Series Access Points (APs) 
...)
+       TODO: check
 CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network 
Recording ...)
        NOT-FOR-US: Cisco
 CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network 
Recording ...)
        NOT-FOR-US: Cisco
-CVE-2018-0378
-       RESERVED
+CVE-2018-0378 (A vulnerability in the Precision Time Protocol (PTP) feature of 
Cisco ...)
+       TODO: check
 CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) 
interface ...)
        NOT-FOR-US: Cisco
 CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy 
Suite ...)
@@ -55003,7 +55035,7 @@ CVE-2017-15599
 CVE-2017-15598
        RESERVED
 CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying 
code made ...)
-       {DSA-4050-1}
+       {DSA-4050-1 DLA-1549-1}
        - xen 4.8.2+xsa245-0+deb9u1
        [wheezy] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-236.html
@@ -55875,7 +55907,7 @@ CVE-2017-15593 (An issue was discovered in Xen through 
4.9.x allowing x86 PV gue
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-242.html
 CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
-       {DSA-4050-1 DLA-1181-1}
+       {DSA-4050-1 DLA-1549-1 DLA-1181-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-241.html
 CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
@@ -55883,7 +55915,7 @@ CVE-2017-15595 (An issue was discovered in Xen through 
4.9.x allowing x86 PV gue
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-240.html
 CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
-       {DSA-4050-1 DLA-1181-1}
+       {DSA-4050-1 DLA-1549-1 DLA-1181-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-239.html
 CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing 
attackers ...)
@@ -55893,7 +55925,7 @@ CVE-2017-15591 (An issue was discovered in Xen 4.5.x 
through 4.9.x allowing atta
        [wheezy] - xen <not-affected> (Only affects 4.5 and later)
        NOTE: https://xenbits.xen.org/xsa/advisory-238.html
 CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 
guest OS ...)
-       {DSA-4050-1}
+       {DSA-4050-1 DLA-1549-1}
        - xen 4.8.2+xsa245-0+deb9u1
        [wheezy] - xen <no-dsa> (Patches too intrusive to backport)
        NOTE: https://xenbits.xen.org/xsa/advisory-237.html
@@ -59030,7 +59062,7 @@ CVE-2017-14321 (Multiple cross-site scripting (XSS) 
vulnerabilities in the ...)
 CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers 
to ...)
        NOT-FOR-US: Mirasvit Helpdesk MX
 CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. 
When ...)
-       {DSA-4050-1 DLA-1132-1}
+       {DSA-4050-1 DLA-1549-1 DLA-1132-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-234.html
 CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The 
function ...)
@@ -59040,11 +59072,11 @@ CVE-2017-14318 (An issue was discovered in Xen 4.5.x 
through 4.9.x. The function
        NOTE: https://xenbits.xen.org/xsa/advisory-232.html
        NOTE: Wheezy will be affected with the upcoming grant table backport
 CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon 
(aka ...)
-       {DSA-4050-1 DLA-1132-1}
+       {DSA-4050-1 DLA-1549-1 DLA-1132-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-233.html
 CVE-2017-14316 (A parameter verification issue was discovered in Xen through 
4.9.x. The ...)
-       {DSA-4050-1 DLA-1132-1}
+       {DSA-4050-1 DLA-1549-1 DLA-1132-1}
        - xen 4.8.2+xsa245-0+deb9u1
        NOTE: https://xenbits.xen.org/xsa/advisory-231.html
 CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the 
implementation ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/691fe92f8595443c29f24419019fbe70ee522c69

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/691fe92f8595443c29f24419019fbe70ee522c69
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to