[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Apr 22 21:10:42 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
409b4170 by security tracker role at 2018-04-22T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-10299
+ RESERVED
+CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
+ TODO: check
+CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...)
+ TODO: check
+CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. ...)
+ TODO: check
+CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...)
+ TODO: check
+CVE-2018-10294
+ RESERVED
CVE-2018-10293
RESERVED
CVE-2018-10292
@@ -16,10 +28,10 @@ CVE-2018-10288
RESERVED
CVE-2018-10287
RESERVED
-CVE-2018-10286
- RESERVED
-CVE-2018-10285
- RESERVED
+CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive ...)
+ TODO: check
+CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access ...)
+ TODO: check
CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the ...)
NOT-FOR-US: Adaltech G-Ticket v70 EME104
CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php ...)
@@ -1078,6 +1090,7 @@ CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physical
CVE-2018-9839
RESERVED
CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...)
+ {DLA-1357-1}
- gunicorn 19.5.0-1 (bug #896548)
NOTE: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
NOTE: https://github.com/benoitc/gunicorn/issues/1227
@@ -2444,8 +2457,8 @@ CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php
NOT-FOR-US: Gxlcms QY
CVE-2018-9246
RESERVED
-CVE-2018-9245
- RESERVED
+CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection ...)
+ TODO: check
CVE-2018-9242
RESERVED
CVE-2018-9241
@@ -17866,8 +17879,8 @@ CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ o
NOT-FOR-US: FS Lynda Clone
CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by ...)
NOT-FOR-US: FS Lynda Clone
-CVE-2017-17902
- RESERVED
+CVE-2017-17902 (SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a ...)
+ TODO: check
CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...)
NOT-FOR-US: ZyXEL
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
@@ -17901,8 +17914,8 @@ CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.ph
NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17890
RESERVED
-CVE-2017-17889
- RESERVED
+CVE-2017-17889 (Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, ...)
+ TODO: check
CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...)
NOT-FOR-US: Anti-Web
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/409b4170745ef357207b1adae6afe4088bed921d
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/409b4170745ef357207b1adae6afe4088bed921d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180422/420d7374/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list