[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Aug 26 09:10:25 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e2f9df8 by security tracker role at 2018-08-26T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2018-15877 (The Plainview Activity Monitor plugin 4.7.11 for WordPress is ...)
+	TODO: check
+CVE-2018-15876 (An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for ...)
+	TODO: check
 CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers ...)
 	NOT-FOR-US: D-Link
 CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers ...)
@@ -24,52 +28,52 @@ CVE-2018-15866
 	RESERVED
 CVE-2018-15865
 	RESERVED
-CVE-2018-15864
-	RESERVED
-CVE-2018-15863
-	RESERVED
-CVE-2018-15862
-	RESERVED
-CVE-2018-15861
-	RESERVED
+CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in ...)
+	TODO: check
+CVE-2018-15863 (Unchecked NULL pointer usage in ResolveStateAndPredicate in ...)
+	TODO: check
+CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in ...)
+	TODO: check
+CVE-2018-15861 (Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in ...)
+	TODO: check
 CVE-2018-15860
 	RESERVED
-CVE-2018-15859
-	RESERVED
-CVE-2018-15858
-	RESERVED
-CVE-2018-15857
-	RESERVED
-CVE-2018-15856
-	RESERVED
-CVE-2018-15855
-	RESERVED
-CVE-2018-15854
-	RESERVED
-CVE-2018-15853
-	RESERVED
-CVE-2018-15852
-	RESERVED
-CVE-2018-15851
-	RESERVED
-CVE-2018-15850
-	RESERVED
-CVE-2018-15849
-	RESERVED
-CVE-2018-15848
-	RESERVED
-CVE-2018-15847
-	RESERVED
-CVE-2018-15846
-	RESERVED
-CVE-2018-15845
-	RESERVED
-CVE-2018-15844
-	RESERVED
-CVE-2018-15843
-	RESERVED
-CVE-2018-15842
-	RESERVED
+CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in ...)
+	TODO: check
+CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in ...)
+	TODO: check
+CVE-2018-15857 (An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in ...)
+	TODO: check
+CVE-2018-15856 (An infinite loop when reaching EOL unexpectedly in compose/parser.c ...)
+	TODO: check
+CVE-2018-15855 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by ...)
+	TODO: check
+CVE-2018-15854 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by ...)
+	TODO: check
+CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and ...)
+	TODO: check
+CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause a denial ...)
+	TODO: check
+CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF ...)
+	TODO: check
+CVE-2018-15850 (An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF ...)
+	TODO: check
+CVE-2018-15849 (An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update ...)
+	TODO: check
+CVE-2018-15848 (An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create ...)
+	TODO: check
+CVE-2018-15847 (An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability ...)
+	TODO: check
+CVE-2018-15846 (An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF ...)
+	TODO: check
+CVE-2018-15845 (There is a CSRF vulnerability that can add an administrator account in ...)
+	TODO: check
+CVE-2018-15844 (An issue was discovered in DamiCMS 6.0.0. There is an CSRF ...)
+	TODO: check
+CVE-2018-15843 (GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" ...)
+	TODO: check
+CVE-2018-15842 (WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. ...)
+	TODO: check
 CVE-2018-15841
 	RESERVED
 CVE-2018-15840
@@ -895,6 +899,7 @@ CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks correct
 CVE-2018-15502
 	RESERVED
 CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x ...)
+	{DLA-1477-1}
 	- libgit2 0.27.4+dfsg.1-0.1 (low)
 	[stretch] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
@@ -12454,9 +12459,11 @@ CVE-2018-10890 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7,
 CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No ...)
 	- moodle <removed>
 CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing check in ...)
+	{DLA-1477-1}
 	- libgit2 0.27.4+dfsg.1-0.1 (bug #903508)
 	NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
 CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been ...)
+	{DLA-1477-1}
 	- libgit2 0.27.4+dfsg.1-0.1 (bug #903509)
 	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
 	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e2f9df8a9857f7862dc189e4e557dcc3077f537

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e2f9df8a9857f7862dc189e4e557dcc3077f537
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180826/9e913f2c/attachment.html>

More information about the debian-security-tracker-commits mailing list