Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 187ca63b by Moritz Muehlenhoff at 2018-09-17T09:59:46Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,35 +1,35 @@ CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...) - TODO: check + NOT-FOR-US: UltimatePOS CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 ...) - TODO: check + NOT-FOR-US: Prezi Next CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via ...) - TODO: check + NOT-FOR-US: zzcms CVE-2018-17135 RESERVED CVE-2018-17134 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...) - TODO: check + NOT-FOR-US: PHPMyWind CVE-2018-17133 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...) - TODO: check + NOT-FOR-US: PHPMyWind CVE-2018-17132 (admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute ...) - TODO: check + NOT-FOR-US: PHPMyWind CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...) - TODO: check + NOT-FOR-US: PHPMyWind CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...) - TODO: check + NOT-FOR-US: PHPMyWind CVE-2018-17129 (MetInfo 6.1.0 has XSS in doexport() in ...) - TODO: check + NOT-FOR-US: MetInfo CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB ...) - TODO: check + NOT-FOR-US: MyBB CVE-2018-17127 (blocking_request.cgi on ASUS GT-AC5300 devices through ...) - TODO: check + NOT-FOR-US: ASUS CVE-2018-17126 (CScms 4.1 allows remote code execution, as demonstrated by ...) - TODO: check + NOT-FOR-US: CScms CVE-2018-17125 (CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring ...) - TODO: check + NOT-FOR-US: CScms CVE-2018-17124 RESERVED CVE-2018-17123 @@ -53,29 +53,29 @@ CVE-2018-17115 CVE-2018-17114 RESERVED CVE-2018-17113 (App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf ...) - TODO: check + NOT-FOR-US: EasyCMS CVE-2018-17112 RESERVED CVE-2018-17111 RESERVED CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a products/get_products/ ...) - TODO: check + NOT-FOR-US: Simple POS CVE-2018-17109 RESERVED CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...) - TODO: check + NOT-FOR-US: SBIbuddy CVE-2018-17107 RESERVED CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...) - TODO: check + NOT-FOR-US: Tinyftpd CVE-2018-17105 RESERVED CVE-2018-17104 (An issue was discovered in Microweber 1.0.7. There is a CSRF attack ...) - TODO: check + NOT-FOR-US: Microweber CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There ...) - TODO: check + NOT-FOR-US: GetSimple CMS CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...) - TODO: check + NOT-FOR-US: QuickAppsCMS CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...) - tiff <unfixed> - tiff3 <removed> @@ -101,23 +101,23 @@ CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER] CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka ...) TODO: check CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...) - TODO: check + - xar <removed> CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...) - TODO: check + - xar <removed> CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in ...) - TODO: check + NOT-FOR-US: DonLinkage CVE-2018-17091 (An issue was discovered in DonLinkage 6.6.8. It allows remote attackers ...) - TODO: check + NOT-FOR-US: DonLinkage CVE-2018-17090 (An issue was discovered in DonLinkage 6.6.8. The modules ...) - TODO: check + NOT-FOR-US: DonLinkage CVE-2018-17089 RESERVED CVE-2018-17087 RESERVED CVE-2018-17086 (An issue was discovered in OTCMS 3.61. XSS exists in ...) - TODO: check + NOT-FOR-US: OTCMS CVE-2018-17085 (An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php ...) - TODO: check + NOT-FOR-US: OTCMS CVE-2018-17084 RESERVED CVE-2018-17083 @@ -173,7 +173,7 @@ CVE-2018-17064 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A CVE-2018-17063 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...) NOT-FOR-US: D-Link CVE-2018-17062 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2018-17061 (BullGuard Safe Browsing 18.1.355 allows XSS on Google, Bing, and Yahoo! ...) NOT-FOR-US: BullGuard Safe Browsing CVE-2018-17060 @@ -330,7 +330,7 @@ CVE-2018-16989 CVE-2018-16988 RESERVED CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...) - TODO: check + NOT-FOR-US: Squash TM CVE-2018-16986 RESERVED CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/187ca63bed4bf48abfb0c4b14f52175d4fc55f87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/187ca63bed4bf48abfb0c4b14f52175d4fc55f87 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits