Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 38df7b00 by security tracker role at 2018-04-09T20:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,119 @@ +CVE-2018-9915 + RESERVED +CVE-2018-9914 + RESERVED +CVE-2018-9913 + RESERVED +CVE-2018-9912 + RESERVED +CVE-2018-9911 + RESERVED +CVE-2018-9910 + RESERVED +CVE-2018-9909 + RESERVED +CVE-2018-9908 + RESERVED +CVE-2018-9907 + RESERVED +CVE-2018-9906 + RESERVED +CVE-2018-9905 + RESERVED +CVE-2018-9904 + RESERVED +CVE-2018-9903 + RESERVED +CVE-2018-9902 + RESERVED +CVE-2018-9901 + RESERVED +CVE-2018-9900 + RESERVED +CVE-2018-9899 + RESERVED +CVE-2018-9898 + RESERVED +CVE-2018-9897 + RESERVED +CVE-2018-9896 + RESERVED +CVE-2018-9895 + RESERVED +CVE-2018-9894 + RESERVED +CVE-2018-9893 + RESERVED +CVE-2018-9892 + RESERVED +CVE-2018-9891 + RESERVED +CVE-2018-9890 + RESERVED +CVE-2018-9889 + RESERVED +CVE-2018-9888 + RESERVED +CVE-2018-9887 + RESERVED +CVE-2018-9886 + RESERVED +CVE-2018-9885 + RESERVED +CVE-2018-9884 + RESERVED +CVE-2018-9883 + RESERVED +CVE-2018-9882 + RESERVED +CVE-2018-9881 + RESERVED +CVE-2018-9880 + RESERVED +CVE-2018-9879 + RESERVED +CVE-2018-9878 + RESERVED +CVE-2018-9877 + RESERVED +CVE-2018-9876 + RESERVED +CVE-2018-9875 + RESERVED +CVE-2018-9874 + RESERVED +CVE-2018-9873 + RESERVED +CVE-2018-9872 + RESERVED +CVE-2018-9871 + RESERVED +CVE-2018-9870 + RESERVED +CVE-2018-9869 + RESERVED +CVE-2018-9868 + RESERVED +CVE-2018-9867 + RESERVED +CVE-2018-9866 + RESERVED +CVE-2018-9865 + RESERVED +CVE-2018-9864 (The WP Live Chat Support plugin before 8.0.06 for WordPress has stored ...) + TODO: check +CVE-2018-9863 + RESERVED +CVE-2018-9862 (util.c in runV 1.0.0 for Docker mishandles a numeric username, which ...) + TODO: check +CVE-2018-9861 + RESERVED +CVE-2018-9860 + RESERVED +CVE-2018-9859 + RESERVED +CVE-2018-1000168 + RESERVED CVE-2018-9858 RESERVED CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field ...) @@ -1561,6 +1677,7 @@ CVE-2018-9167 CVE-2018-9166 RESERVED CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8 does ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/121 CVE-2018-9164 @@ -4624,6 +4741,7 @@ CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in - ming <removed> NOTE: https://github.com/libming/libming/issues/109 CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/112 CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in ...) @@ -4633,21 +4751,26 @@ CVE-2018-7873 (There is a heap-based buffer overflow in the getString function o - ming <removed> NOTE: https://github.com/libming/libming/issues/111 CVE-2018-7872 (An invalid memory address dereference was discovered in the function ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/114 CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/120 CVE-2018-7870 (An invalid memory address dereference was discovered in getString in ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/117 CVE-2018-7869 (There is a memory leak triggered in the function dcinit of ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/119 CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/113 CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/116 CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...) @@ -9348,6 +9471,7 @@ CVE-2018-6359 (The decompileIF function (util/decompile.c) in libming through 0. - ming <removed> NOTE: https://github.com/libming/libming/issues/105 CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 ...) + {DLA-1343-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/104 CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the ...) @@ -22705,8 +22829,7 @@ CVE-2018-1310 RESERVED CVE-2018-1309 RESERVED -CVE-2018-1308 [XXE attack through Apache Solr's DIH's dataConfig request parameter] - RESERVED +CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 ...) - lucene-solr <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3 NOTE: https://issues.apache.org/jira/browse/SOLR-11971 @@ -23492,6 +23615,7 @@ CVE-2018-1087 RESERVED CVE-2018-1086 [Debug parameter removal bypass, allowing information disclosure] RESERVED + {DSA-4169-1} - pcs <unfixed> (bug #895313) NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2 CVE-2018-1085 @@ -25516,14 +25640,14 @@ CVE-2018-0558 RESERVED CVE-2018-0557 RESERVED -CVE-2018-0556 - RESERVED -CVE-2018-0555 - RESERVED -CVE-2018-0554 - RESERVED -CVE-2018-0553 - RESERVED +CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to ...) + TODO: check +CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an ...) + TODO: check +CVE-2018-0554 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass ...) + TODO: check +CVE-2018-0553 (The iRemoconWiFi App for Android version 4.1.7 and earlier does not ...) + TODO: check CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall ...) NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition for Windows) CVE-2018-0551 @@ -25538,8 +25662,8 @@ CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin prior NOT-FOR-US: WP All Import plugin for WordPress CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin prior to ...) NOT-FOR-US: WP All Import plugin for WordPress -CVE-2018-0545 - RESERVED +CVE-2018-0545 (LXR version 1.0.0 to 2.3.0 allows remote attackers to execute ...) + TODO: check CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier ...) NOT-FOR-US: WinShot CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/38df7b0047b632208396601d45ea9575430a3846 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/38df7b0047b632208396601d45ea9575430a3846 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits