[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 8 21:10:40 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cfd36119 by security tracker role at 2018-09-08T20:10:31Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2018-16735
+ RESERVED
+CVE-2018-16734
+ RESERVED
+CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in ...)
+ TODO: check
+CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via ...)
+ TODO: check
+CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...)
+ TODO: check
+CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. ...)
+ TODO: check
+CVE-2018-16729
+ RESERVED
+CVE-2018-16728
+ RESERVED
+CVE-2018-16727
+ RESERVED
+CVE-2018-16726
+ RESERVED
+CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
+ TODO: check
+CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
+ TODO: check
+CVE-2018-16723
+ RESERVED
+CVE-2018-16722
+ RESERVED
+CVE-2018-16721
+ RESERVED
+CVE-2018-16720
+ RESERVED
+CVE-2018-16719
+ RESERVED
+CVE-2018-16718
+ RESERVED
+CVE-2018-16717
+ RESERVED
+CVE-2018-16716
+ RESERVED
+CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows Agent through ...)
+ TODO: check
CVE-2018-16714
RESERVED
CVE-2018-16713
@@ -4996,7 +5038,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef
NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the ...)
- {DSA-4286-1}
+ {DSA-4286-1 DLA-1498-1}
- curl <unfixed> (bug #908327)
NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
NOTE: https://github.com/curl/curl/issues/2756
@@ -10307,6 +10349,7 @@ CVE-2018-12497
CVE-2018-12496
RESERVED
CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT ...)
+ {DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
@@ -13008,11 +13051,13 @@ CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux
CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attackers to ...)
NOT-FOR-US: Werewolf Online application for Android
CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a ...)
+ {DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT ...)
+ {DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
@@ -13106,6 +13151,7 @@ CVE-2018-11469 (Incorrect caching of responses to requests including an Authoriz
[jessie] - haproxy <not-affected> (Issue introduced in 1.8.0)
NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT ...)
+ {DLA-1499-1}
- discount 2.2.4-1 (bug #901912)
NOTE: https://github.com/Orc/discount/issues/189
NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180908/c9410866/attachment.html>
More information about the debian-security-tracker-commits
mailing list