[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 03 Sep 2018 01:10:54 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4026092b by security tracker role at 2018-09-03T08:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2018-16390
+       RESERVED
+CVE-2018-16389
+       RESERVED
+CVE-2018-16388
+       RESERVED
+CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is 
a CSRF ...)
+       TODO: check
+CVE-2018-16386
+       RESERVED
+CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the ...)
+       TODO: check
+CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP 
ModSecurity ...)
+       TODO: check
+CVE-2018-16383
+       RESERVED
+CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in 
...)
+       TODO: check
+CVE-2018-16381
+       RESERVED
+CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF 
...)
+       TODO: check
+CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the &quot;Footer Text 
footer&quot; field on the ...)
+       TODO: check
+CVE-2018-16378
+       RESERVED
+CVE-2018-16377
+       RESERVED
+CVE-2018-16376 (An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer 
overflow ...)
+       TODO: check
+CVE-2018-16375 (An issue was discovered in OpenJPEG 2.3.0. Missing checks for 
...)
+       TODO: check
+CVE-2018-16374 (Frog CMS 0.9.5 has stored XSS via 
/admin/?/plugin/comment/settings. ...)
+       TODO: check
+CVE-2018-16373 (Frog CMS 0.9.5 has an Upload vulnerability that can create 
files via ...)
+       TODO: check
+CVE-2018-16372 (The issue was discovered in IdeaCMS through 2016-04-30. There 
is ...)
+       TODO: check
+CVE-2018-16371 (PESCMS Team 2.2.1 has multiple reflected XSS via the keyword 
parameter: ...)
+       TODO: check
+CVE-2018-16370 (In PESCMS Team 2.2.1, attackers may upload and execute 
arbitrary PHP ...)
+       TODO: check
+CVE-2018-16369 (XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to 
cause a ...)
+       TODO: check
+CVE-2018-16368 (SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 
4.00 allows ...)
+       TODO: check
+CVE-2018-16367 (In OnlineJudge 2.0, the sandbox has an incorrect access 
control ...)
+       TODO: check
+CVE-2018-16366 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+       TODO: check
+CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
+       TODO: check
+CVE-2018-16364
+       RESERVED
+CVE-2018-16363
+       RESERVED
+CVE-2018-16362 (An issue was discovered in the Source Integration plugin 
before 1.5.9 ...)
+       TODO: check
+CVE-2018-16361
+       RESERVED
+CVE-2018-16360
+       RESERVED
+CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, 
permits ...)
+       TODO: check
+CVE-2018-16358 (A cross-site scripting (XSS) vulnerability in ...)
+       TODO: check
+CVE-2018-16357
+       RESERVED
+CVE-2018-16356
+       RESERVED
+CVE-2018-16355
+       RESERVED
+CVE-2018-16354 (An issue was discovered in FHCRM through 2018-02-11. There is 
a SQL ...)
+       TODO: check
+CVE-2018-16353 (An issue was discovered in FHCRM through 2018-02-11. There is 
a SQL ...)
+       TODO: check
+CVE-2018-16352 (There is a PHP code upload vulnerablity in WeaselCMS 0.3.6 via 
...)
+       TODO: check
 CVE-2018-16351
        RESERVED
 CVE-2018-16350 (WUZHI CMS 4.1.0 has XSS via the 
index.php?m=core&amp;f=set&amp;v=basic ...)
@@ -2020,6 +2098,7 @@ CVE-2018-15496
 CVE-2018-15495 (/filemanager/upload.php in Responsive FileManager before 
9.13.3 allows ...)
        NOT-FOR-US: Responsive FileManager
 CVE-2018-15494 (In Dojo Toolkit before 1.14, there is unescaped string 
injection in ...)
+       {DLA-1492-1}
        - dojo <unfixed> (bug #906540)
        NOTE: https://github.com/dojo/dojox/pull/283
 CVE-2018-15493
@@ -20818,7 +20897,7 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 
2.0.0RC1 to 2.0.10, a carefu
 CVE-2018-8035
        RESERVED
 CVE-2018-8034 (The host name verification when using TLS with the WebSocket 
client ...)
-       {DSA-4281-1 DLA-1453-1}
+       {DSA-4281-1 DLA-1491-1 DLA-1453-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.32-1
        - tomcat8.0 <unfixed> (unimportant)
@@ -40544,7 +40623,7 @@ CVE-2018-1338 (A carefully crafted (or fuzzed) file can 
trigger an infinite loop
 CVE-2018-1337 (In Apache LDAP API before 1.0.2, a bug in the way the SSL 
Filter was ...)
        NOT-FOR-US: Apache LDAP API
 CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with ...)
-       {DSA-4281-1}
+       {DSA-4281-1 DLA-1491-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.31-1
        - tomcat8.0 <unfixed> (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4026092b97766bf9e0d6c6d5e8c32fce6d19896e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4026092b97766bf9e0d6c6d5e8c32fce6d19896e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to