Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3112d01 by security tracker role at 2018-05-29T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
+ TODO: check
+CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and
Access ...)
+ TODO: check
+CVE-2018-11534
+ RESERVED
+CVE-2018-11533
+ RESERVED
+CVE-2018-11532 (An issue was discovered in the ChangUonDyU Advanced Statistics
plugin ...)
+ TODO: check
+CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in
preview.cpp. ...)
+ TODO: check
+CVE-2018-11530
+ RESERVED
+CVE-2018-11529
+ RESERVED
+CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an
api/sms_check.php?param= URI. ...)
+ TODO: check
+CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request
forgery ...)
+ TODO: check
+CVE-2018-11526
+ RESERVED
+CVE-2018-11525
+ RESERVED
+CVE-2018-11524
+ RESERVED
+CVE-2018-11523 (upload.php on NUUO NVRmini 2 devices allows Arbitrary File
Upload, such ...)
+ TODO: check
+CVE-2018-11522
+ RESERVED
+CVE-2018-11521
+ RESERVED
+CVE-2018-11520
+ RESERVED
+CVE-2018-11519
+ RESERVED
+CVE-2018-11518
+ RESERVED
CVE-2018-11517 (mySCADA myPRO 7 allows remote attackers to discover all
ProjectIDs in a ...)
NOT-FOR-US: mySCADA myPRO
CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c
in ...)
@@ -76,8 +114,8 @@ CVE-2018-11489 (The DGifDecompressLine function in
dgif_lib.c in GIFLIB (possibl
NOTE: https://github.com/pts/sam2p/issues/37
NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from
giflib.
TODO: check
-CVE-2018-11488
- RESERVED
+CVE-2018-11488 (A stack exhaustion vulnerability in the search function of
dtSearch ...)
+ TODO: check
CVE-2018-11487 (PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php,
or the ...)
NOT-FOR-US: PHPMyWind
CVE-2018-11486
@@ -394,6 +432,7 @@ CVE-2018-11364 (sav_parse_machine_integer_info_record in
spss/readstat_sav_read.
CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a
heap-based ...)
NOT-FOR-US: PDFGen
CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
LDSS ...)
+ {DLA-1388-1}
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
@@ -421,6 +460,7 @@ CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and
2.2.0 to 2.2.14, the RRC
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-33.html
CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
Q.931 ...)
+ {DLA-1388-1}
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
@@ -5423,6 +5463,7 @@ CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c
has a ...)
+ {DLA-1388-1}
- wireshark 2.4.6-1 (low)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5430,6 +5471,7 @@ CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, epan/oids.c has
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0fbc50f9b9219be54d6db47f04b65af19696a7c7
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ {DLA-1388-1}
- wireshark 2.4.6-1 (low)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5437,6 +5479,7 @@ CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ {DLA-1388-1}
- wireshark 2.4.6-1 (low)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5475,6 +5518,7 @@ CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, the ADB dissecto
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0290a62be0fca8da9bb190f59dc1fe26c1d65024
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-16.html
CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos
dissector ...)
+ {DLA-1388-1}
- wireshark 2.4.6-1 (low)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5490,11 +5534,13 @@ CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, the VLAN dissect
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f05c3b91f9571210b86576ee6284e71a3306109d
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-19.html
CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP
dissector ...)
+ {DLA-1388-1}
- wireshark 2.4.6-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66bc372716e04d6a8afdf6712583c9b5d11fee55
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-18.html
CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE
802.15.4 ...)
+ {DLA-1388-1}
- wireshark 2.4.6-1 (low)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5510,6 +5556,7 @@ CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, the MP4 dissecto
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2113179835b37549f245ac7c05ff2b96276893e4
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-15.html
CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash.
This was ...)
+ {DLA-1388-1}
- wireshark 2.4.6-1 (low)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3112d0140968c725dcebafb02b0670ca225a7cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3112d0140968c725dcebafb02b0670ca225a7cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
