[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9be70af5 by security tracker role at 2018-09-14T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS via ...)
+	TODO: check
+CVE-2018-17050
+	RESERVED
+CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback ...)
+	TODO: check
+CVE-2018-17048
+	RESERVED
+CVE-2018-17047
+	RESERVED
+CVE-2018-17046 (translate man before 2018-08-21 has XSS via ...)
+	TODO: check
+CVE-2018-17045 (An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF ...)
+	TODO: check
+CVE-2018-17044 (In YzmCMS 5.1, stored XSS exists via the ...)
+	TODO: check
+CVE-2018-17043 (An issue has been found in doc2txt through 2014-03-19. It is a ...)
+	TODO: check
+CVE-2018-17042 (An issue has been found in dbf2txt through 2012-07-19. It is a infinite ...)
+	TODO: check
+CVE-2018-17041
+	RESERVED
+CVE-2018-17040
+	RESERVED
+CVE-2018-17039 (MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted ...)
+	TODO: check
+CVE-2018-17038
+	RESERVED
+CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows ...)
+	TODO: check
+CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection ...)
+	TODO: check
+CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the ...)
+	TODO: check
+CVE-2018-17034 (UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. ...)
+	TODO: check
+CVE-2018-17033
+	RESERVED
+CVE-2018-17032
+	RESERVED
+CVE-2018-17031 (In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger ...)
+	TODO: check
+CVE-2018-17030 (BigTree CMS 4.2.23 allows remote authenticated users, if possessing ...)
+	TODO: check
+CVE-2018-17029
+	RESERVED
+CVE-2018-17028
+	RESERVED
+CVE-2018-17027
+	RESERVED
+CVE-2018-17026 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title ...)
+	TODO: check
+CVE-2018-17025 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title ...)
+	TODO: check
+CVE-2018-17024 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title ...)
+	TODO: check
 CVE-2018-17023 (Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 ...)
 	NOT-FOR-US: ASUS GT-AC5300 routers
 CVE-2018-17022 (Stack-based buffer overflow on the ASUS GT-AC5300 router through ...)
@@ -16203,8 +16259,8 @@ CVE-2018-10639
 	RESERVED
 CVE-2018-10638
 	RESERVED
-CVE-2018-10637
-	RESERVED
+CVE-2018-10637 (A maliciously crafted project file may cause a buffer overflow, which ...)
+	TODO: check
 CVE-2018-10636 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 ...)
 	NOT-FOR-US: CNCSoft
 CVE-2018-10635 (In Universal Robots Robot Controllers Version CB 3.1, SW Version ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9be70af50f4ec7006262372e8bbecabcd32c3996

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9be70af50f4ec7006262372e8bbecabcd32c3996
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180914/5a647a60/attachment-0001.html>