[Git][security-tracker-team/security-tracker][master] automatic update

Mon Oct 29 08:10:27 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d6cf553 by security tracker role at 2018-10-29T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2018-18806
+	RESERVED
+CVE-2018-18805
+	RESERVED
+CVE-2018-18804
+	RESERVED
+CVE-2018-18803
+	RESERVED
+CVE-2018-18802
+	RESERVED
+CVE-2018-18801
+	RESERVED
+CVE-2018-18800
+	RESERVED
+CVE-2018-18799
+	RESERVED
+CVE-2018-18798
+	RESERVED
+CVE-2018-18797
+	RESERVED
+CVE-2018-18796
+	RESERVED
+CVE-2018-18795
+	RESERVED
+CVE-2018-18794
+	RESERVED
+CVE-2018-18793
+	RESERVED
+CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18790 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18789 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18788 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18787 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php ...)
+	TODO: check
+CVE-2018-18786 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18785 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18784 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-18783 (XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok ...)
+	TODO: check
+CVE-2018-18782 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ...)
+	TODO: check
+CVE-2018-18781 (DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or ...)
+	TODO: check
+CVE-2018-18780
+	RESERVED
+CVE-2018-18779
+	RESERVED
+CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...)
+	TODO: check
+CVE-2018-18777
+	RESERVED
+CVE-2018-18776
+	RESERVED
+CVE-2018-18775
+	RESERVED
+CVE-2018-18774
+	RESERVED
+CVE-2018-18773
+	RESERVED
+CVE-2018-18772
+	RESERVED
+CVE-2018-18771 (An issue was discovered in LuLu CMS through 2015-05-14. ...)
+	TODO: check
+CVE-2018-18770
+	RESERVED
+CVE-2018-18769
+	RESERVED
+CVE-2018-18768
+	RESERVED
+CVE-2018-18767
+	RESERVED
+CVE-2018-18766
+	RESERVED
 CVE-2018-18765 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
 	TODO: check
 CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
@@ -5783,6 +5865,7 @@ CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a "
 	- limesurvey <itp> (bug #472802)
 CVE-2018-16396 [Tainted flags are not propagated in Array#pack and String#unpack with some directives]
 	RESERVED
+	{DLA-1558-1}
 	- ruby2.5 <unfixed> (bug #911920)
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -5790,6 +5873,7 @@ CVE-2018-16396 [Tainted flags are not propagated in Array#pack and String#unpack
 	NOTE: https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429
 CVE-2018-16395 [OpenSSL::X509::Name equality check does not work correctly]
 	RESERVED
+	{DLA-1558-1}
 	- ruby-openssl <unfixed> (bug #911918)
 	- ruby2.5 <unfixed> (bug #911919)
 	- ruby2.3 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d6cf5534ab4122a67907afdd0b286aaf2c3734f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d6cf5534ab4122a67907afdd0b286aaf2c3734f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181029/8196a3b9/attachment.html>
