[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 15 Jul 2018 01:10:32 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
803c5f0b by security tracker role at 2018-07-15T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,18 @@
-CVE-2018-14055 [privilege escalation to admin permissions / allows injection 
of rogue values in znc.conf]
+CVE-2018-14061
+       RESERVED
+CVE-2018-14060 (OS command injection in the AP mode settings feature in 
/cgi-bin/luci ...)
+       TODO: check
+CVE-2018-14059
+       RESERVED
+CVE-2018-14058
+       RESERVED
+CVE-2018-14057
+       RESERVED
+CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted 
lines coming ...)
        - znc <unfixed> (bug #903787)
        NOTE: 
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
        NOTE: 
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
-CVE-2018-14056 [path traversal flaw]
+CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ 
in a web ...)
        - znc <unfixed> (bug #903788)
        NOTE: 
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
 CVE-2018-14053
@@ -155,8 +165,8 @@ CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via 
the PATH_INFO to the 
        NOT-FOR-US: WolfSight CMS
 CVE-2018-14011
        RESERVED
-CVE-2018-14010
-       RESERVED
+CVE-2018-14010 (OS command injection in the guest Wi-Fi settings feature in 
...)
+       TODO: check
 CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different 
...)
        NOT-FOR-US: Codiad
 CVE-2018-14008



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/803c5f0bd991536c0b5874975b5ad410de995b71

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/803c5f0bd991536c0b5874975b5ad410de995b71
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to