[Git][security-tracker-team/security-tracker][master] automatic update

Wed Oct 31 08:10:26 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef01e8af by security tracker role at 2018-10-31T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2018-18870
+	RESERVED
+CVE-2018-18869 (EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary ...)
+	TODO: check
+CVE-2018-18868 (No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name ...)
+	TODO: check
+CVE-2018-18867 (An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 ...)
+	TODO: check
+CVE-2018-18866
+	RESERVED
+CVE-2018-18865
+	RESERVED
+CVE-2018-18864
+	RESERVED
+CVE-2018-18863
+	RESERVED
+CVE-2018-18862
+	RESERVED
+CVE-2018-18861
+	RESERVED
+CVE-2018-18860
+	RESERVED
+CVE-2018-18859
+	RESERVED
+CVE-2018-18858
+	RESERVED
+CVE-2018-18857
+	RESERVED
+CVE-2018-18856
+	RESERVED
+CVE-2018-18855
+	RESERVED
+CVE-2018-18854 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ...)
+	TODO: check
+CVE-2018-18853 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ...)
+	TODO: check
+CVE-2018-18852
+	RESERVED
+CVE-2018-18851
+	RESERVED
+CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an ...)
+	TODO: check
+CVE-2018-18849
+	RESERVED
 CVE-2018-18848
 	RESERVED
 CVE-2018-18847
@@ -2354,12 +2398,12 @@ CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 00.0A
 	NOT-FOR-US: Telecrane
 CVE-2018-17934
 	RESERVED
-CVE-2018-17933
-	RESERVED
+CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may ...)
+	TODO: check
 CVE-2018-17932
 	RESERVED
-CVE-2018-17931
-	RESERVED
+CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions ...)
+	TODO: check
 CVE-2018-17930
 	RESERVED
 CVE-2018-17929 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and ...)
@@ -5777,26 +5821,25 @@ CVE-2018-16471
 	RESERVED
 CVE-2018-16470
 	RESERVED
-CVE-2018-16469
-	RESERVED
-CVE-2018-16468 [Loofah XSS Vulnerability]
-	RESERVED
+CVE-2018-16469 (The merge.recursive function in the merge package v <1.2 can be ...)
+	TODO: check
+CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ...)
 	- ruby-loofah <unfixed> (bug #912398)
 	NOTE: https://github.com/flavorjones/loofah/issues/154
-CVE-2018-16467
-	RESERVED
-CVE-2018-16466
-	RESERVED
-CVE-2018-16465
-	RESERVED
-CVE-2018-16464
-	RESERVED
-CVE-2018-16463
-	RESERVED
-CVE-2018-16462
-	RESERVED
-CVE-2018-16461
-	RESERVED
+CVE-2018-16467 (A missing check in Nextcloud Server prior to 14.0.0 could give ...)
+	TODO: check
+CVE-2018-16466 (Improper revalidation of permissions in Nextcloud Server prior to ...)
+	TODO: check
+CVE-2018-16465 (Missing state in Nextcloud Server prior to 14.0.0 would not enforce ...)
+	TODO: check
+CVE-2018-16464 (A missing access check in Nextcloud Server prior to 14.0.0 could lead ...)
+	TODO: check
+CVE-2018-16463 (A bug causing session fixation in Nextcloud Server prior to 14.0.0, ...)
+	TODO: check
+CVE-2018-16462 (A command injection vulnerability in the apex-publish-static-files npm ...)
+	TODO: check
+CVE-2018-16461 (A command injection vulnerability in libnmapp package for versions ...)
+	TODO: check
 CVE-2018-16460 (A command Injection in ps package versions <1.0.0 for Node.js allowed ...)
 	NOT-FOR-US: ps node module
 CVE-2018-16459 (An unescaped payload in exceljs <v1.6 allows a possible XSS via cell ...)
@@ -25501,8 +25544,8 @@ CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may
 	NOT-FOR-US: Vecna VGo Robot
 CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
 	NOT-FOR-US: Echelon
-CVE-2018-8858
-	RESERVED
+CVE-2018-8858 (If an attacker has access to the firmware from the VGo Robot (Versions ...)
+	TODO: check
 CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
 	NOT-FOR-US: Philips Brilliance
 CVE-2018-8856 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef01e8af351122f9748737ee6b2e972a744e2295

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef01e8af351122f9748737ee6b2e972a744e2295
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181031/8a9c709a/attachment.html>
