Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 409b4170 by security tracker role at 2018-04-22T20:10:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,15 @@ +CVE-2018-10299 + RESERVED +CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...) + TODO: check +CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...) + TODO: check +CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. ...) + TODO: check +CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...) + TODO: check +CVE-2018-10294 + RESERVED CVE-2018-10293 RESERVED CVE-2018-10292 @@ -16,10 +28,10 @@ CVE-2018-10288 RESERVED CVE-2018-10287 RESERVED -CVE-2018-10286 - RESERVED -CVE-2018-10285 - RESERVED +CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive ...) + TODO: check +CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access ...) + TODO: check CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the ...) NOT-FOR-US: Adaltech G-Ticket v70 EME104 CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php ...) @@ -1078,6 +1090,7 @@ CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physical CVE-2018-9839 RESERVED CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...) + {DLA-1357-1} - gunicorn 19.5.0-1 (bug #896548) NOTE: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5 NOTE: https://github.com/benoitc/gunicorn/issues/1227 @@ -2444,8 +2457,8 @@ CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php NOT-FOR-US: Gxlcms QY CVE-2018-9246 RESERVED -CVE-2018-9245 - RESERVED +CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection ...) + TODO: check CVE-2018-9242 RESERVED CVE-2018-9241 @@ -17866,8 +17879,8 @@ CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ o NOT-FOR-US: FS Lynda Clone CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by ...) NOT-FOR-US: FS Lynda Clone -CVE-2017-17902 - RESERVED +CVE-2017-17902 (SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a ...) + TODO: check CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...) NOT-FOR-US: ZyXEL CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...) @@ -17901,8 +17914,8 @@ CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.ph NOT-FOR-US: Readymade Video Sharing Script CVE-2017-17890 RESERVED -CVE-2017-17889 - RESERVED +CVE-2017-17889 (Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, ...) + TODO: check CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...) NOT-FOR-US: Anti-Web CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/409b4170745ef357207b1adae6afe4088bed921d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/409b4170745ef357207b1adae6afe4088bed921d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits