[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-16301/libpcap
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 3 22:02:22 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
465e4109 by Salvatore Bonaccorso at 2019-10-03T21:00:10Z
Add CVE-2018-16301/libpcap
- - - - -
104224ff by Salvatore Bonaccorso at 2019-10-03T21:01:31Z
More issues in tcpdump
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56998,9 +56998,11 @@ CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote a
CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search b ...)
NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778
CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print- ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. ...)
NOT-FOR-US: CraftedWeb
CVE-2018-16449 (OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Cha ...)
@@ -57437,9 +57439,11 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
NOT-FOR-US: MediaComm Zip-n-Go
CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer ov ...)
- TODO: check
+ - libpcap <unfixed>
+ TODO: check for fixing commit, is adressed in libpcap 1.9.1
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory Travers ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php ...)
@@ -57581,13 +57585,17 @@ CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFir
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows r ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office 400 ...)
NOT-FOR-US: Mitel
CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network ...)
@@ -60838,13 +60846,17 @@ CVE-2018-14883 (An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a buffer ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key content]
- xml-security-c 2.0.2-2 (bug #913136)
[stretch] - xml-security-c <no-dsa> (Minor issue; can be fixed via point release)
@@ -62156,25 +62168,35 @@ CVE-2018-14472 (An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file
CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0 ...)
- libredwg <itp> (bug #595191)
CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print- ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- hdf5 <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
@@ -73992,11 +74014,13 @@ CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWA
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
NOT-FOR-US: D-Link
CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2 ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: "Fixed" by disabling SMB printing
CVE-2018-10104
RESERVED
CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2 ...)
- TODO: check
+ - tcpdump <unfixed>
+ NOTE: "Fixed" by disabling SMB printing
CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) ...)
NOT-FOR-US: Google Monorail
CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.14 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e34c2ccbebd42041f701b03d4e97cc1b8fc1a139...104224ff52902ccf10ab3453dc32d93f4263dda2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e34c2ccbebd42041f701b03d4e97cc1b8fc1a139...104224ff52902ccf10ab3453dc32d93f4263dda2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191003/dd857d76/attachment.html>
More information about the debian-security-tracker-commits
mailing list