[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Sep 3 09:10:30 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4026092b by security tracker role at 2018-09-03T08:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2018-16390
+	RESERVED
+CVE-2018-16389
+	RESERVED
+CVE-2018-16388
+	RESERVED
+CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF ...)
+	TODO: check
+CVE-2018-16386
+	RESERVED
+CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the ...)
+	TODO: check
+CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity ...)
+	TODO: check
+CVE-2018-16383
+	RESERVED
+CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in ...)
+	TODO: check
+CVE-2018-16381
+	RESERVED
+CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF ...)
+	TODO: check
+CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the ...)
+	TODO: check
+CVE-2018-16378
+	RESERVED
+CVE-2018-16377
+	RESERVED
+CVE-2018-16376 (An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow ...)
+	TODO: check
+CVE-2018-16375 (An issue was discovered in OpenJPEG 2.3.0. Missing checks for ...)
+	TODO: check
+CVE-2018-16374 (Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. ...)
+	TODO: check
+CVE-2018-16373 (Frog CMS 0.9.5 has an Upload vulnerability that can create files via ...)
+	TODO: check
+CVE-2018-16372 (The issue was discovered in IdeaCMS through 2016-04-30. There is ...)
+	TODO: check
+CVE-2018-16371 (PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: ...)
+	TODO: check
+CVE-2018-16370 (In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP ...)
+	TODO: check
+CVE-2018-16369 (XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2018-16368 (SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ...)
+	TODO: check
+CVE-2018-16367 (In OnlineJudge 2.0, the sandbox has an incorrect access control ...)
+	TODO: check
+CVE-2018-16366 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+	TODO: check
+CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+	TODO: check
+CVE-2018-16364
+	RESERVED
+CVE-2018-16363
+	RESERVED
+CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...)
+	TODO: check
+CVE-2018-16361
+	RESERVED
+CVE-2018-16360
+	RESERVED
+CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, permits ...)
+	TODO: check
+CVE-2018-16358 (A cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2018-16357
+	RESERVED
+CVE-2018-16356
+	RESERVED
+CVE-2018-16355
+	RESERVED
+CVE-2018-16354 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL ...)
+	TODO: check
+CVE-2018-16353 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL ...)
+	TODO: check
+CVE-2018-16352 (There is a PHP code upload vulnerablity in WeaselCMS 0.3.6 via ...)
+	TODO: check
 CVE-2018-16351
 	RESERVED
 CVE-2018-16350 (WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic ...)
@@ -2020,6 +2098,7 @@ CVE-2018-15496
 CVE-2018-15495 (/filemanager/upload.php in Responsive FileManager before 9.13.3 allows ...)
 	NOT-FOR-US: Responsive FileManager
 CVE-2018-15494 (In Dojo Toolkit before 1.14, there is unescaped string injection in ...)
+	{DLA-1492-1}
 	- dojo <unfixed> (bug #906540)
 	NOTE: https://github.com/dojo/dojox/pull/283
 CVE-2018-15493
@@ -20818,7 +20897,7 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefu
 CVE-2018-8035
 	RESERVED
 CVE-2018-8034 (The host name verification when using TLS with the WebSocket client ...)
-	{DSA-4281-1 DLA-1453-1}
+	{DSA-4281-1 DLA-1491-1 DLA-1453-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.32-1
 	- tomcat8.0 <unfixed> (unimportant)
@@ -40544,7 +40623,7 @@ CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop
 CVE-2018-1337 (In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was ...)
 	NOT-FOR-US: Apache LDAP API
 CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with ...)
-	{DSA-4281-1}
+	{DSA-4281-1 DLA-1491-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.31-1
 	- tomcat8.0 <unfixed> (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4026092b97766bf9e0d6c6d5e8c32fce6d19896e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4026092b97766bf9e0d6c6d5e8c32fce6d19896e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180903/abb1260c/attachment.html>

More information about the debian-security-tracker-commits mailing list