Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3058b0c2 by security tracker role at 2018-08-08T08:10:14Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,153 @@
+CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF
4.0.9 allows ...)
+ TODO: check
+CVE-2018-15208
+ RESERVED
+CVE-2018-15207
+ RESERVED
+CVE-2018-15206
+ RESERVED
+CVE-2018-15205
+ RESERVED
+CVE-2018-15204
+ RESERVED
+CVE-2018-15203 (An issue was discovered in Ignited CMS through 2017-02-19. ...)
+ TODO: check
+CVE-2018-15202 (An issue was discovered in Juunan06 eCommerce through
2018-08-05. There ...)
+ TODO: check
+CVE-2018-15201
+ RESERVED
+CVE-2018-15200
+ RESERVED
+CVE-2018-15199 (AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook
action. ...)
+ TODO: check
+CVE-2018-15198 (An issue was discovered in OneThink v1.1. There is a CSRF
vulnerability ...)
+ TODO: check
+CVE-2018-15197 (An issue was discovered in OneThink v1.1. There is a CSRF
vulnerability ...)
+ TODO: check
+CVE-2018-15196
+ RESERVED
+CVE-2018-15195
+ RESERVED
+CVE-2018-15194
+ RESERVED
+CVE-2018-15193 (A CSRF vulnerability in the admin panel in Gogs through
0.11.53 allows ...)
+ TODO: check
+CVE-2018-15192 (An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2
and Gogs ...)
+ TODO: check
+CVE-2018-15191
+ RESERVED
+CVE-2018-15190
+ RESERVED
+CVE-2018-15189
+ RESERVED
+CVE-2018-15188
+ RESERVED
+CVE-2018-15187
+ RESERVED
+CVE-2018-15186
+ RESERVED
+CVE-2018-15185
+ RESERVED
+CVE-2018-15184
+ RESERVED
+CVE-2018-15183
+ RESERVED
+CVE-2018-15182
+ RESERVED
+CVE-2018-15181
+ RESERVED
+CVE-2018-15180
+ RESERVED
+CVE-2018-15179
+ RESERVED
+CVE-2018-15178 (Open redirect vulnerability in Gogs before 0.12 allows remote
attackers ...)
+ TODO: check
+CVE-2018-15177 (In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF
attack can ...)
+ TODO: check
+CVE-2018-15176 (XnView 2.45 allows remote attackers to cause a denial of
service (User ...)
+ TODO: check
+CVE-2018-15175 (XnView 2.45 allows remote attackers to cause a denial of
service (User ...)
+ TODO: check
+CVE-2018-15174 (XnView 2.45 allows remote attackers to cause a denial of
service (Read ...)
+ TODO: check
+CVE-2018-15173 (Nmap through 7.70, when the -sV option is used, allows remote
attackers ...)
+ TODO: check
+CVE-2018-15172
+ RESERVED
+CVE-2018-15171
+ RESERVED
+CVE-2018-15170
+ RESERVED
+CVE-2018-15169 (A reflected Cross-site scripting (XSS) vulnerability in Zoho
...)
+ TODO: check
+CVE-2018-15168 (A SQL Injection vulnerability exists in the Zoho ManageEngine
...)
+ TODO: check
+CVE-2018-15167
+ RESERVED
+CVE-2018-15166
+ RESERVED
+CVE-2018-15165
+ RESERVED
+CVE-2018-15164
+ RESERVED
+CVE-2018-15163
+ RESERVED
+CVE-2018-15162
+ RESERVED
+CVE-2018-15161
+ RESERVED
+CVE-2018-15160
+ RESERVED
+CVE-2018-15159
+ RESERVED
+CVE-2018-15158
+ RESERVED
+CVE-2018-15157
+ RESERVED
+CVE-2018-15156
+ RESERVED
+CVE-2018-15155
+ RESERVED
+CVE-2018-15154
+ RESERVED
+CVE-2018-15153
+ RESERVED
+CVE-2018-15152
+ RESERVED
+CVE-2018-15151
+ RESERVED
+CVE-2018-15150
+ RESERVED
+CVE-2018-15149
+ RESERVED
+CVE-2018-15148
+ RESERVED
+CVE-2018-15147
+ RESERVED
+CVE-2018-15146
+ RESERVED
+CVE-2018-15145
+ RESERVED
+CVE-2018-15144
+ RESERVED
+CVE-2018-15143
+ RESERVED
+CVE-2018-15142
+ RESERVED
+CVE-2018-15141
+ RESERVED
+CVE-2018-15140
+ RESERVED
+CVE-2018-15139
+ RESERVED
+CVE-2018-15138
+ RESERVED
+CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload
any file ...)
+ TODO: check
+CVE-2018-15136
+ RESERVED
+CVE-2018-15135
+ RESERVED
CVE-2018-15134
RESERVED
CVE-2018-15133
@@ -8,8 +158,8 @@ CVE-2018-15131
RESERVED
CVE-2018-15130 (ThinkSAAS through 2018-07-25 has XSS via the ...)
NOT-FOR-US: ThinkSAAS
-CVE-2013-7464
- RESERVED
+CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is
not ...)
+ TODO: check
CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the ...)
NOT-FOR-US: ThinkSAAS
CVE-2018-15128
@@ -26291,8 +26441,7 @@ CVE-2018-5385 (Navarino Infinity is prone to session
fixation attacks. The serve
NOT-FOR-US: Navarino Infinity
CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an
...)
NOT-FOR-US: Navarino Infinity
-CVE-2018-5383
- RESERVED
+CVE-2018-5383 (Bluetooth firmware or operating system software drivers in
macOS ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC
that ...)
- bouncycastle 1.48+dfsg-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3058b0c2222e51c926c3b9df754dd8270a9db023
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3058b0c2222e51c926c3b9df754dd8270a9db023
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
