Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cfd36119 by security tracker role at 2018-09-08T20:10:31Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,45 @@ +CVE-2018-16735 + RESERVED +CVE-2018-16734 + RESERVED +CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in ...) + TODO: check +CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via ...) + TODO: check +CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...) + TODO: check +CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. ...) + TODO: check +CVE-2018-16729 + RESERVED +CVE-2018-16728 + RESERVED +CVE-2018-16727 + RESERVED +CVE-2018-16726 + RESERVED +CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...) + TODO: check +CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...) + TODO: check +CVE-2018-16723 + RESERVED +CVE-2018-16722 + RESERVED +CVE-2018-16721 + RESERVED +CVE-2018-16720 + RESERVED +CVE-2018-16719 + RESERVED +CVE-2018-16718 + RESERVED +CVE-2018-16717 + RESERVED +CVE-2018-16716 + RESERVED +CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows Agent through ...) + TODO: check CVE-2018-16714 RESERVED CVE-2018-16713 @@ -4996,7 +5038,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1 CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the ...) - {DSA-4286-1} + {DSA-4286-1 DLA-1498-1} - curl <unfixed> (bug #908327) NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html NOTE: https://github.com/curl/curl/issues/2756 @@ -10307,6 +10349,7 @@ CVE-2018-12497 CVE-2018-12496 RESERVED CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT ...) + {DLA-1499-1} - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501 NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974 @@ -13008,11 +13051,13 @@ CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attackers to ...) NOT-FOR-US: Werewolf Online application for Android CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a ...) + {DLA-1499-1} - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974 CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT ...) + {DLA-1499-1} - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase @@ -13106,6 +13151,7 @@ CVE-2018-11469 (Incorrect caching of responses to requests including an Authoriz [jessie] - haproxy <not-affected> (Issue introduced in 1.8.0) NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06 CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT ...) + {DLA-1499-1} - discount 2.2.4-1 (bug #901912) NOTE: https://github.com/Orc/discount/issues/189 NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits