[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ed19821 by security tracker role at 2018-10-15T08:11:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,83 @@
-CVE-2018-18289
-    NOT-FOR-US: Zabbix Plugin for Confluence
-CVE-2018-18288
+CVE-2018-18326
+	RESERVED
+CVE-2018-18325
+	RESERVED
+CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via ...)
+	TODO: check
+CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File ...)
+	TODO: check
+CVE-2018-18322 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command ...)
+	TODO: check
+CVE-2018-18321
+	RESERVED
+CVE-2018-18320 (** DISPUTED ** An issue was discovered in the Merlin.PHP component ...)
+	TODO: check
+CVE-2018-18319 (** DISPUTED ** An issue was discovered in the Merlin.PHP component ...)
+	TODO: check
+CVE-2018-18318 (The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 ...)
+	TODO: check
+CVE-2018-18317 (DESHANG DSCMS 1.1 has CSRF via the ...)
+	TODO: check
+CVE-2018-18316 (emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. ...)
+	TODO: check
+CVE-2018-18315 (com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to ...)
+	TODO: check
+CVE-2018-18314
+	RESERVED
+CVE-2018-18313
+	RESERVED
+CVE-2018-18312
+	RESERVED
+CVE-2018-18311
+	RESERVED
+CVE-2018-18310 (An invalid memory address dereference was discovered in ...)
+	TODO: check
+CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+	TODO: check
+CVE-2018-18308
+	RESERVED
+CVE-2018-18307
 	RESERVED
-CVE-2018-18287
+CVE-2018-18306
 	RESERVED
+CVE-2018-18305
+	RESERVED
+CVE-2018-18304
+	RESERVED
+CVE-2018-18303
+	RESERVED
+CVE-2018-18302
+	RESERVED
+CVE-2018-18301
+	RESERVED
+CVE-2018-18300
+	RESERVED
+CVE-2018-18299
+	RESERVED
+CVE-2018-18298
+	RESERVED
+CVE-2018-18297
+	RESERVED
+CVE-2018-18296 (MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an ...)
+	TODO: check
+CVE-2018-18295
+	RESERVED
+CVE-2018-18294
+	RESERVED
+CVE-2018-18293
+	RESERVED
+CVE-2018-18292
+	RESERVED
+CVE-2018-18291 (A cross site scripting (XSS) vulnerability on ASUS RT-AC58U ...)
+	TODO: check
+CVE-2018-18290 (An issue was discovered in nc-cms through 2017-03-10. ...)
+	TODO: check
+CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows ...)
+	NOT-FOR-US: Zabbix Plugin for Confluence
+CVE-2018-18288
+	RESERVED
+CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can ...)
+	TODO: check
 CVE-2018-18286
 	RESERVED
 CVE-2018-18285
@@ -2804,7 +2878,7 @@ CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to exec
 	NOT-FOR-US: PHPMyWind
 CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...)
 	NOT-FOR-US: PHPMyWind
-CVE-2018-17129 (MetInfo 6.1.0 has XSS in doexport() in ...)
+CVE-2018-17129 (MetInfo 6.1.0 has SQL injection in doexport() in ...)
 	NOT-FOR-US: MetInfo
 CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB ...)
 	NOT-FOR-US: MyBB



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ed1982118fdc82da81c740e901d002f0d0288bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ed1982118fdc82da81c740e901d002f0d0288bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181015/dda7032e/attachment.html>