[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Jul 15 09:10:25 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
803c5f0b by security tracker role at 2018-07-15T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,18 @@
-CVE-2018-14055 [privilege escalation to admin permissions / allows injection of rogue values in znc.conf]
+CVE-2018-14061
+	RESERVED
+CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin/luci ...)
+	TODO: check
+CVE-2018-14059
+	RESERVED
+CVE-2018-14058
+	RESERVED
+CVE-2018-14057
+	RESERVED
+CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming ...)
 	- znc <unfixed> (bug #903787)
 	NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
 	NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
-CVE-2018-14056 [path traversal flaw]
+CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web ...)
 	- znc <unfixed> (bug #903788)
 	NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
 CVE-2018-14053
@@ -155,8 +165,8 @@ CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the 
 	NOT-FOR-US: WolfSight CMS
 CVE-2018-14011
 	RESERVED
-CVE-2018-14010
-	RESERVED
+CVE-2018-14010 (OS command injection in the guest Wi-Fi settings feature in ...)
+	TODO: check
 CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different ...)
 	NOT-FOR-US: Codiad
 CVE-2018-14008



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/803c5f0bd991536c0b5874975b5ad410de995b71

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/803c5f0bd991536c0b5874975b5ad410de995b71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180715/27ee8b60/attachment.html>

More information about the debian-security-tracker-commits mailing list