[Git][security-tracker-team/security-tracker][master] automatic update

Fri Jun 29 09:11:33 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3f9b7b0 by security tracker role at 2018-06-29T08:11:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,106 @@
-CVE-2018-12938
+CVE-2018-12988 (GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an ...)
+	TODO: check
+CVE-2018-12987
+	RESERVED
+CVE-2018-12986
+	RESERVED
+CVE-2018-12985
+	RESERVED
+CVE-2018-12984 (Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" ...)
+	TODO: check
+CVE-2018-12983 (A stack-based buffer over-read in the ...)
+	TODO: check
+CVE-2018-12982 (Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function ...)
+	TODO: check
+CVE-2018-12981
+	RESERVED
+CVE-2018-12980
+	RESERVED
+CVE-2018-12979
+	RESERVED
+CVE-2018-12978
+	RESERVED
+CVE-2018-12977
+	RESERVED
+CVE-2018-12976
+	RESERVED
+CVE-2018-12975
+	RESERVED
+CVE-2018-12974
+	RESERVED
+CVE-2018-12973 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ...)
+	TODO: check
+CVE-2018-12972 (An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q ...)
+	TODO: check
+CVE-2018-12971 (EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to ...)
+	TODO: check
+CVE-2018-12970
+	RESERVED
+CVE-2018-12969
+	RESERVED
+CVE-2018-12968
+	RESERVED
+CVE-2018-12967
+	RESERVED
+CVE-2018-12966
+	RESERVED
+CVE-2018-12965
+	RESERVED
+CVE-2018-12964
+	RESERVED
+CVE-2018-12963
+	RESERVED
+CVE-2018-12962
+	RESERVED
+CVE-2018-12961
+	RESERVED
+CVE-2018-12960
+	RESERVED
+CVE-2018-12959
+	RESERVED
+CVE-2018-12958
+	RESERVED
+CVE-2018-12957
+	RESERVED
+CVE-2018-12956
+	RESERVED
+CVE-2018-12955
+	RESERVED
+CVE-2018-12954
+	RESERVED
+CVE-2018-12953
+	RESERVED
+CVE-2018-12952
+	RESERVED
+CVE-2018-12951
+	RESERVED
+CVE-2018-12950
+	RESERVED
+CVE-2018-12949
+	RESERVED
+CVE-2018-12948
+	RESERVED
+CVE-2018-12947
+	RESERVED
+CVE-2018-12946
+	RESERVED
+CVE-2018-12945
+	RESERVED
+CVE-2018-12944
+	RESERVED
+CVE-2018-12943
+	RESERVED
+CVE-2018-12942
+	RESERVED
+CVE-2018-12941
+	RESERVED
+CVE-2018-12940
+	RESERVED
+CVE-2018-12939
+	RESERVED
+CVE-2018-12937
+	RESERVED
+CVE-2018-12938 (slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial ...)
 	- openslp-dfsg <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-12938
 CVE-2018-12936
@@ -34772,7 +34874,7 @@ CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DF
 	NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
 	NOTE: https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998
 CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache ...)
-	{DSA-4231-1}
+	{DSA-4231-1 DLA-1405-1}
 	- libgcrypt20 1.8.3-1
 	NOTE: https://dev.gnupg.org/T4011
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3f9b7b0efbbed3626611c3e11d8460554b4c8ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3f9b7b0efbbed3626611c3e11d8460554b4c8ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/7df6bf03/attachment.html>
