Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
409b4170 by security tracker role at 2018-04-22T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-10299
+ RESERVED
+CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
+ TODO: check
+CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...)
+ TODO: check
+CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title
parameter. ...)
+ TODO: check
+CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using
public/admin/user/addpost.html to add ...)
+ TODO: check
+CVE-2018-10294
+ RESERVED
CVE-2018-10293
RESERVED
CVE-2018-10292
@@ -16,10 +28,10 @@ CVE-2018-10288
RESERVED
CVE-2018-10287
RESERVED
-CVE-2018-10286
- RESERVED
-CVE-2018-10285
- RESERVED
+CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses
sensitive ...)
+ TODO: check
+CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect
access ...)
+ TODO: check
CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the ...)
NOT-FOR-US: Adaltech G-Ticket v70 EME104
CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the
patch/remote.php ...)
@@ -1078,6 +1090,7 @@ CVE-2018-9840 (The Open Whisper Signal app before 2.23.2
for iOS allows physical
CVE-2018-9839
RESERVED
CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper
Neutralization of ...)
+ {DLA-1357-1}
- gunicorn 19.5.0-1 (bug #896548)
NOTE:
https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
NOTE: https://github.com/benoitc/gunicorn/issues/1227
@@ -2444,8 +2457,8 @@ CVE-2018-9247 (The upsql function in
\Lib\Lib\Action\Admin\DataAction.class.php
NOT-FOR-US: Gxlcms QY
CVE-2018-9246
RESERVED
-CVE-2018-9245
- RESERVED
+CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL
injection ...)
+ TODO: check
CVE-2018-9242
RESERVED
CVE-2018-9241
@@ -17866,8 +17879,8 @@ CVE-2017-17904 (FS Lynda Clone has XSS via the keywords
parameter to tutorial/ o
NOT-FOR-US: FS Lynda Clone
CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated
by ...)
NOT-FOR-US: FS Lynda Clone
-CVE-2017-17902
- RESERVED
+CVE-2017-17902 (SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey
parameter of a ...)
+ TODO: check
CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a
denial of ...)
NOT-FOR-US: ZyXEL
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr
ERP/CRM ...)
@@ -17901,8 +17914,8 @@ CVE-2017-17891 (Readymade Video Sharing Script has CSRF
via user-profile-edit.ph
NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17890
RESERVED
-CVE-2017-17889
- RESERVED
+CVE-2017-17889 (Kliqqi CMS 3.5.2 has XSS via a crafted group name in
pligg/groups.php, ...)
+ TODO: check
CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on
NetBiter / HMS, ...)
NOT-FOR-US: Anti-Web
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was
found in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/409b4170745ef357207b1adae6afe4088bed921d
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/409b4170745ef357207b1adae6afe4088bed921d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
