[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 31 Oct 2018 01:10:45 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ef01e8af by security tracker role at 2018-10-31T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2018-18870
+       RESERVED
+CVE-2018-18869 (EmpireCMS V7.5 allows remote attackers to upload and execute 
arbitrary ...)
+       TODO: check
+CVE-2018-18868 (No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name 
...)
+       TODO: check
+CVE-2018-18867 (An SSRF issue was discovered in tecrail Responsive FileManager 
9.13.4 ...)
+       TODO: check
+CVE-2018-18866
+       RESERVED
+CVE-2018-18865
+       RESERVED
+CVE-2018-18864
+       RESERVED
+CVE-2018-18863
+       RESERVED
+CVE-2018-18862
+       RESERVED
+CVE-2018-18861
+       RESERVED
+CVE-2018-18860
+       RESERVED
+CVE-2018-18859
+       RESERVED
+CVE-2018-18858
+       RESERVED
+CVE-2018-18857
+       RESERVED
+CVE-2018-18856
+       RESERVED
+CVE-2018-18855
+       RESERVED
+CVE-2018-18854 (Lightbend Spray spray-json through 1.3.4 allows remote 
attackers to ...)
+       TODO: check
+CVE-2018-18853 (Lightbend Spray spray-json through 1.3.4 allows remote 
attackers to ...)
+       TODO: check
+CVE-2018-18852
+       RESERVED
+CVE-2018-18851
+       RESERVED
+CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, 
an ...)
+       TODO: check
+CVE-2018-18849
+       RESERVED
 CVE-2018-18848
        RESERVED
 CVE-2018-18847
@@ -2354,12 +2398,12 @@ CVE-2018-17935 (All versions of Telecrane F25 Series 
Radio Controls before 00.0A
        NOT-FOR-US: Telecrane
 CVE-2018-17934
        RESERVED
-CVE-2018-17933
-       RESERVED
+CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior 
versions may ...)
+       TODO: check
 CVE-2018-17932
        RESERVED
-CVE-2018-17931
-       RESERVED
+CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions 
...)
+       TODO: check
 CVE-2018-17930
        RESERVED
 CVE-2018-17929 (In Delta Industrial Automation TPEditor, TPEditor Versions 
1.90 and ...)
@@ -5777,26 +5821,25 @@ CVE-2018-16471
        RESERVED
 CVE-2018-16470
        RESERVED
-CVE-2018-16469
-       RESERVED
-CVE-2018-16468 [Loofah XSS Vulnerability]
-       RESERVED
+CVE-2018-16469 (The merge.recursive function in the merge package v &lt;1.2 
can be ...)
+       TODO: check
+CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized 
JavaScript may ...)
        - ruby-loofah <unfixed> (bug #912398)
        NOTE: https://github.com/flavorjones/loofah/issues/154
-CVE-2018-16467
-       RESERVED
-CVE-2018-16466
-       RESERVED
-CVE-2018-16465
-       RESERVED
-CVE-2018-16464
-       RESERVED
-CVE-2018-16463
-       RESERVED
-CVE-2018-16462
-       RESERVED
-CVE-2018-16461
-       RESERVED
+CVE-2018-16467 (A missing check in Nextcloud Server prior to 14.0.0 could give 
...)
+       TODO: check
+CVE-2018-16466 (Improper revalidation of permissions in Nextcloud Server prior 
to ...)
+       TODO: check
+CVE-2018-16465 (Missing state in Nextcloud Server prior to 14.0.0 would not 
enforce ...)
+       TODO: check
+CVE-2018-16464 (A missing access check in Nextcloud Server prior to 14.0.0 
could lead ...)
+       TODO: check
+CVE-2018-16463 (A bug causing session fixation in Nextcloud Server prior to 
14.0.0, ...)
+       TODO: check
+CVE-2018-16462 (A command injection vulnerability in the 
apex-publish-static-files npm ...)
+       TODO: check
+CVE-2018-16461 (A command injection vulnerability in libnmapp package for 
versions ...)
+       TODO: check
 CVE-2018-16460 (A command Injection in ps package versions &lt;1.0.0 for 
Node.js allowed ...)
        NOT-FOR-US: ps node module
 CVE-2018-16459 (An unescaped payload in exceljs &lt;v1.6 allows a possible XSS 
via cell ...)
@@ -25501,8 +25544,8 @@ CVE-2018-8860 (In Vecna VGo Robot versions prior to 
3.0.3.52164, an attacker may
        NOT-FOR-US: Vecna VGo Robot
 CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions 
prior ...)
        NOT-FOR-US: Echelon
-CVE-2018-8858
-       RESERVED
+CVE-2018-8858 (If an attacker has access to the firmware from the VGo Robot 
(Versions ...)
+       TODO: check
 CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and 
prior, ...)
        NOT-FOR-US: Philips Brilliance
 CVE-2018-8856 (Philips e-Alert Unit (non-medical device), Version R2.1 and 
prior. The ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef01e8af351122f9748737ee6b2e972a744e2295

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef01e8af351122f9748737ee6b2e972a744e2295
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to